[MapServer-users] security release available: MapServer 8.6.3
Jeff McKenna
jmckenna at gatewaygeomatics.com
Thu May 7 07:30:29 PDT 2026
The MapServer team announces the immediate availability of security
release of 8.6.3
This release contains a fix for a vulnerability in the SLD parser. See
the changelog for the list of changes (
https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6-3
). You may also review this specific Security Advisory (
https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m
) as well as MapServer’s Security Policy (
https://github.com/MapServer/MapServer/blob/main/SECURITY.md ). Please
note: as security support for the 7.6 branch has ended, and branches
8.4, 8.2 & 8.0 are not supported, all users are strongly encouraged to
upgrade to the MapServer 8.6.3 release.
Here is the direct download for today's release:
- tar.gz: https://download.osgeo.org/mapserver/mapserver-8.6.3.tar.gz
- zip: https://download.osgeo.org/mapserver/mapserver-8.6.3.zip
(all services on demo.mapserver.org have been upgraded as well)
tip: you can find an example of how to disable external SLD access to
your services in the Migration Guide:
https://mapserver.org/MIGRATION_GUIDE.html
Thanks,
--
The MapServer Team
More information about the MapServer-users
mailing list