[mapserver-dev] MapServer 6.4.2, 7.0.0-beta2 and TinyOWS 1.1.1 releases
thomas bonfort
thomas.bonfort at gmail.com
Tue Jul 7 05:06:13 PDT 2015
This is a security release to mitigate an information disclosure issue
with libxml2 (versions older than 2.9, c.f.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339 ) which
can reveal any file accessible on the host system by passing a
specially crafted XML file. Although this is not an issue with
MapServer itself, the proposed update makes sure this vector of attack
cannot be used when mapserver is using a version of libxml2 older than
2.9.
You are strongly recommended to update if your mapserver has libxml2
support and is using an unpatched version of libxml2 older than 2.8.
We are concurrently releasing the second beta for MapServer 7.0.0 that
contains this security fix along with a number of issues that were
discovered since the release of beta1. As always, we rely on you the
community to test these beta versions and provide us with feedback as
to the issues you may encounter.
You can find the download links and changelogs at the usual location:
http://mapserver.org/download.html
best regards,
The MapServer Team
More information about the mapserver-dev
mailing list