<div dir="ltr">Harald,<div><br></div><div>The CVE is still present but ineffective for a standard GeoNode deployment because, as I said, the vulnerability is blocked by Geofence.</div><div>Anyway, you can upgrade to Geoserver 2.27.4 on GeoNode 4.4.x. It's not officially supported, but it's proven to work fine.</div><div><br></div><div>Giovanni</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Jan 27, 2026 at 9:31 AM Harald von Waldow <<a href="mailto:harald.vonwaldow@thuenen.de">harald.vonwaldow@thuenen.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Giovanni,<br>
<br>
Geoserver instances running 2.24.4-v2 (GeoNode Docker image) were<br>
flagged by BSI as vulnerable ("Software verwundbar für CVE-2025-58360.<br>
Nachweis erfolgte mittels Proof-of-Concept."). Not sure what to make of<br>
that.<br>
<br>
Best<br>
Harald<br>
<br>
On Mon, 2026-01-26 at 17:02 +0100, Giovanni Allegri via geonode-devel<br>
wrote:<br>
> Sorry for the very late reply Henning. <br>
> Geoserver for GeoNode is safe thanks to Geofence, which doesn't allow<br>
> those requests. <br>
> <br>
> The block is at the source code level, so it's ssfe whatever the<br>
> Geofence configuration. <br>
> <br>
> Giovanni <br>
> <br>
> ==<br>
> GeoServer Professional Services from the experts!<br>
> Visit <a href="http://bit.ly/gs-services-us" rel="noreferrer" target="_blank">http://bit.ly/gs-services-us</a> for more information.<br>
> ==<br>
> <br>
> Dott. Giovanni Allegri<br>
> Technical Lead / Project Manager<br>
> <br>
> GeoSolutions Group<br>
> phone: +39 0584 962313<br>
> cell: +39 345 2815774<br>
> fax: +39 0584 1660272<br>
> <br>
> <a href="https://www.geosolutionsgroup.com/" rel="noreferrer" target="_blank">https://www.geosolutionsgroup.com/</a> <br>
> <a href="http://twitter.com/geosolutions_it" rel="noreferrer" target="_blank">http://twitter.com/geosolutions_it</a> <br>
> -------------------------------------------------------<br>
> <br>
> Con riferimento alla normativa sul trattamento dei dati personali<br>
> (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati<br>
> “GDPR”), si precisa che ogni circostanza inerente alla presente email<br>
> (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui<br>
> conoscenza è riservata al/i solo/i destinatario/i indicati dallo<br>
> scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a<br>
> cancellarlo, ogni altra operazione è illecita. Le sarei comunque<br>
> grato se potesse darmene notizia.<br>
> <br>
> This email is intended only for the person or entity to which it is<br>
> addressed and may contain information that is privileged,<br>
> confidential or otherwise protected from disclosure. We remind that -<br>
> as provided by European Regulation 2016/679 “GDPR” - copying,<br>
> dissemination or use of this e-mail or the information herein by<br>
> anyone other than the intended recipient is prohibited. If you have<br>
> received this email by mistake, please notify us immediately by<br>
> telephone or e-mail.<br>
> <br>
> Il ven 19 dic 2025, 17:19 Bredel, Henning via geonode-devel<br>
> <<a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a>> ha scritto:<br>
> > <br>
> > <br>
> > Hey,<br>
> > <br>
> > <br>
> > GeoServer [disclosed a<br>
> > CVE](<a href="https://github.com/geoserver/geoserver/security" rel="noreferrer" target="_blank">https://github.com/geoserver/geoserver/security</a>) some weeks<br>
> > ago:<br>
> > <br>
> > <br>
> > - [CVE-2025-<br>
> > 58360](<a href="https://github.com/geoserver/geoserver/security/advisories/G" rel="noreferrer" target="_blank">https://github.com/geoserver/geoserver/security/advisories/G</a><br>
> > HSA-fjf5-xgmq-5525)<br>
> > <br>
> > <br>
> > Is it safe to use 2.24.4 referenced by the geonode-project [0]. I<br>
> > am not aware of any fixes/patches in geonode-docker or elsewhere.<br>
> > Did I miss something?<br>
> > <br>
> > <br>
> > Best<br>
> > <br>
> > <br>
> > Henning<br>
> > <br>
> > <br>
> > <br>
> > <br>
> > [0]<br>
> > <a href="https://github.com/GeoNode/geonode-project/blob/f5824531e3cb23d7899d6446bac3530bbfb69b58/.env.sample#L13" rel="noreferrer" target="_blank">https://github.com/GeoNode/geonode-project/blob/f5824531e3cb23d7899d6446bac3530bbfb69b58/.env.sample#L13</a><br>
> > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > -- <br>
> > <br>
> > Henning Bredel<br>
> > adesso SE<br>
> > <br>
> > Klaus-Bungert-Straße 5<br>
> > 40468 Düsseldorf<br>
> > <br>
> > <br>
> > T +49 211 740759-00<br>
> > M +49 151 56463626<br>
> > E <a href="mailto:henning.bredel@adesso.de" target="_blank">henning.bredel@adesso.de</a><br>
> > <br>
> > <a href="http://www.adesso.de" rel="noreferrer" target="_blank">www.adesso.de</a><br>
> > <br>
> > <a href="http://blog.adesso.de" rel="noreferrer" target="_blank">blog.adesso.de</a><br>
> > -------------------------------------------------------<br>
> > >>> business. people. technology. <<<<br>
> > -------------------------------------------------------<br>
> > <br>
> > adesso SE mit Sitz in Dortmund<br>
> > Vorstand: Mark Lohweber (Vors.), Benedikt Bonnmann, Kristina<br>
> > Gerwert, Michael Knopp,<br>
> > Andreas Prenneis<br>
> > Vorsitzender des Aufsichtsrates: Prof. Dr. Volker Gruhn<br>
> > Amtsgericht Dortmund HRB 20663<br>
> > _______________________________________________<br>
> > geonode-devel mailing list<br>
> > <a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a><br>
> > <a href="https://lists.osgeo.org/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-devel</a><br>
> _______________________________________________<br>
> geonode-devel mailing list<br>
> <a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a><br>
> <a href="https://lists.osgeo.org/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-devel</a><br>
<br>
-- <br>
Dr. Harald von Waldow<br>
Senior Research Data Specialist<br>
Thünen Institute<br>
Centre for Information Management<br>
Bundesallee 44<br>
38116 Braunschweig, Germany<br>
Web: <a href="https://thuenen.de" rel="noreferrer" target="_blank">https://thuenen.de</a><br>
<br>
The Johann Heinrich von Thünen Institute, Federal Research Institute<br>
for Rural Areas, Forestry and Fisheries – Thünen Institute in brief -<br>
consists of 15 specialized institutes with socioeconomic, ecological<br>
and technological expertise. The Thünen Institute conducts research and<br>
policy advice related to rural areas, agriculture, forests and<br>
fisheries.<br>
<br>
<br>
</blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(34,34,34);font-family:Arial;font-size:11pt;white-space:pre-wrap">==</span><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">GeoServer Professional Services from the experts!</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Visit </span><a href="http://bit.ly/gs-services-us" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">http://bit.ly/gs-services-us</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> for more information.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">==</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Dott. Giovanni Allegri</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">Technical Lead / Project Manager</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">GeoSolutions Group</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">phone: +39 0584 962313</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">cell: +39 345 2815774</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><span><span style="font-size:11pt;vertical-align:baseline">fax: +39 0584 1660272</span></span><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><a href="https://www.geosolutionsgroup.com/" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">https://www.geosolutionsgroup.com/</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><a href="http://twitter.com/geosolutions_it" target="_blank"><span style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">http://twitter.com/geosolutions_it</span></a><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap">-------------------------------------------------------</span></p><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap">This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-style:italic;vertical-align:baseline;white-space:pre-wrap"><br></span></span></div></div>