From jmckenna at gatewaygeomatics.com  Thu May  7 07:30:29 2026
From: jmckenna at gatewaygeomatics.com (Jeff McKenna)
Date: Thu, 7 May 2026 11:30:29 -0300
Subject: [MapServer-users] security release available: MapServer 8.6.3
Message-ID: <9bd23dea-7ae8-4767-a6dc-6d3b0cd7752f@gatewaygeomatics.com>

The MapServer team announces the immediate availability of security 
release of 8.6.3

This release contains a fix for a vulnerability in the SLD parser. See 
the changelog for the list of changes ( 
https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6-3 
). You may also review this specific Security Advisory ( 
https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m 
) as well as MapServer?s Security Policy ( 
https://github.com/MapServer/MapServer/blob/main/SECURITY.md ). Please 
note: as security support for the 7.6 branch has ended, and branches 
8.4, 8.2 & 8.0 are not supported, all users are strongly encouraged to 
upgrade to the MapServer 8.6.3 release.

Here is the direct download for today's release:

  - tar.gz: https://download.osgeo.org/mapserver/mapserver-8.6.3.tar.gz
  - zip: https://download.osgeo.org/mapserver/mapserver-8.6.3.zip

(all services on demo.mapserver.org have been upgraded as well)

tip: you can find an example of how to disable external SLD access to 
your services in the Migration Guide: 
https://mapserver.org/MIGRATION_GUIDE.html

Thanks,

-- 
The MapServer Team