[GeoNode-users] Geonode security vulnerability

Simone Dalmasso simone.dalmasso at gmail.com
Sun Feb 12 22:15:04 PST 2017 

Hi Jonathan,

the change is not yet published in the packages but the 2.6 will definitely
contain it.

Best

2017-02-13 0:28 GMT+01:00 Jonathan Doig <j.doig at unsw.edu.au>:

> I’ve tested upload at my end after the change: no impact. Also it was
> advised (and merged to the doco) by Geonode dev Simone Dalmasso.
>
>
>
> Regards
>
> Jonathan
>
>
>
> *From:* Daniel Victoria [mailto:daniel.victoria at gmail.com]
> *Sent:* Friday, 10 February 2017 11:22 PM
> *To:* Jonathan Doig
> *Cc:* geonode-users at lists.osgeo.org
> *Subject:* Re: [GeoNode-users] Geonode security vulnerability
>
>
>
> Hi Jonathan,
>
> Thanks for the heads up. Just to be sure, by changing the geonode.conf I
> wont break any other GeoNode funcionality?
>
> Cheers
>
> Daniel
>
>
>
> On Thu, Feb 9, 2017 at 10:10 PM, Jonathan Doig <j.doig at unsw.edu.au> wrote:
>
> Dear all
>
>
>
> I found this issue on my own site and am passing it on as it also affects
> a number of sites I’ve found online.
>
>
>
> The data on your Geonode site may be publicly downloadable, regardless of
> permissions, at:
>
> http://<your_geonode_host>/uploaded/layers/
>
>
>
> You need to edit /etc/apache2/sites-available/geonode.conf and remove the
> block which tells Apache to serve uploaded/layers/. It will look something
> like this:
>
>
>
>     <Directory "/home/geonode/geonode/geonode/uploaded/layers/">
>
>         Order allow,deny
>
>         Options Indexes FollowSymLinks
>
>         Allow from all
>
>         Require all granted
>
>         IndexOptions FancyIndexing
>
>     </Directory>
>
>
>
> Then restart Apache:
>
>
>
>     sudo service apache2 restart
>
>
>
> I’ve issued a pull request <https://github.com/GeoNode/geonode/pull/2899>
> to update the install doco
> <http://docs.geonode.org/en/master/tutorials/install_and_admin/geonode_install/setup_configure_httpd.html#apache-configuration>.
> As a courtesy, I’ve also contacted the admins of sites I found through a
> “Powered by Geonode” Google search.
>
>
>
> Regards
>
> *Jonathan Doig*
>
> *Software Engineer – Spatial Systems*
>
> *City Futures Research Centre*
>
> *UNSW Built Environment *
>
> Level 3, Red Centre West Wing
>
>
>
> UNSW Sydney
>
> NSW 2052 AUSTRALIA
>
> T:+ 61 (2) 9385 5319 <+61%202%209385%205319> M: 0409 049185
>
> cityfutures.net.au <http://cityfutures.be.unsw.edu.au/>
>
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>


-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170213/52ad2b66/attachment-0001.html>

More information about the geonode-users mailing list