[mapserver-dev] Motion: Adopt RFC-56 and release MapServer 4.10.4
and 5.2.2
Daniel Morissette
dmorissette at mapgears.com
Thu Mar 26 14:20:01 EDT 2009
Some security vulnerabilities have been found and reported to us
following an audit of MapServer's mapserv CGI. We have worked on this
off-list with other PSC members to come up with a solution before making
anything public.
The outcome of this is five tickets (#2939, #2941, #2942, #2943, #2944)
and corresponding fixes:
http://trac.osgeo.org/mapserver/ticket/2939
http://trac.osgeo.org/mapserver/ticket/2941
http://trac.osgeo.org/mapserver/ticket/2942
http://trac.osgeo.org/mapserver/ticket/2943
http://trac.osgeo.org/mapserver/ticket/2944
as well as a new RFC-56 about tightening up control of access to
mapfiles and templates:
http://mapserver.org/development/rfc/ms-rfc-56.html
Motion:
I hereby motion that we release MapServer 5.2.2 and 4.10.4 ASAP with
fixes for tickets (#2939, #2941, #2942, #2943, #2944) and the
implementation of RFC-56. MapServer 5.4.0 beta4 should also follow
within a few days with the same fixes.
I start with my +1
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list