[MapServer-users] security release available: MapServer 8.6.1
Seth G
sethg at geographika.co.uk
Tue Mar 24 00:50:06 PDT 2026
Just to add, if you don't require it, you can disable external SLD access in your Mapfiles by adding the following:
MAP
WEB
METADATA
"ows_sld_enabled" "false"
...
Seth
On Mon, Mar 23, 2026, at 8:36 PM, Jeff McKenna via MapServer-users wrote:
> The MapServer team announces the immediate availability of security
> release of 8.6.1
>
> This release contains a fix for a security flaw in the SLD parser. See
> the changelog for the list of changes (
> https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6-1
> ). You may also review this specific Security Advisory (
> https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp
> ) as well as MapServer’s Security Policy (
> https://github.com/MapServer/MapServer/blob/main/SECURITY.md ). Please
> note: as security support for the 7.6 branch has ended, and branches
> 8.4, 8.2 & 8.0 are not supported, all users are strongly encouraged to
> upgrade to the MapServer 8.6.1 release.
>
> Here is the direct download for today's release:
>
> - tar.gz: https://download.osgeo.org/mapserver/mapserver-8.6.1.tar.gz
> - zip: https://download.osgeo.org/mapserver/mapserver-8.6.1.zip
>
> (all services on demo.mapserver.org have been upgraded as well)
>
> Thanks,
>
> --
> The MapServer Team
>
>
>
>
>
>
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users
More information about the MapServer-users
mailing list