[OSGeoLive] #2420: update Geoserver
OSGeoLive
trac_osgeolive at osgeo.org
Mon Apr 17 12:46:28 PDT 2023
#2420: update Geoserver
-----------------------+---------------------------
Reporter: darkblueb | Owner: osgeolive@…
Type: defect | Status: new
Priority: critical | Milestone: OSGeoLive16.0
Component: OSGeoLive | Keywords: geoserver
-----------------------+---------------------------
there has been a recent security path for geoserver
{{{
juanluisrpJuanLu:
I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
The vulnerability applies to any database backend;
also any other software using GeoTools (depending on how they use it) can
be vulnerable.
I think the fixes were backported to some previous versions
able to run on Java 8; 2.22.2 has the patch
}}}
https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
https://github.com/geoserver/geoserver/releases/tag/2.22.2
--
Ticket URL: <https://trac.osgeo.org/osgeolive/ticket/2420>
OSGeoLive <https://live.osgeo.org/>
self-contained bootable DVD, USB thumb drive or Virtual Machine based on Lubuntu, that allows you to try a wide variety of open source geospatial software without installing anything.
More information about the osgeolive
mailing list