[mapserver-users] versions 7.4.4 and 6.4.6 released
Jeff McKenna
jmckenna at gatewaygeomatics.com
Sat Mar 21 10:16:42 PDT 2020
The security releases of MapServer 7.4.4 and 6.4.6 are now available for
download: http://mapserver.org/download.html
These releases fix 2 vulnerabilities in PHPMapScript error handling (the
SWIG MapScript PHP7 support is not affected). CVE ID's have been
requested but are not yet available, and when they are available the
MapServer website's changelog will be updated. For now you can see the
related ticket: https://github.com/mapserver/mapserver/issues/6014
If you have not already upgraded to the maintained SWIG PHPMapScript
support, from the old PHPMapScript, this is a good opportunity to do so.
A special thank you to Aviv Yahav (https://github.com/0xbigshaq) for
reporting the vulnerabilities.
--
The MapServer Team
More information about the MapServer-users
mailing list