[OSGeoLive] #2420: update Geoserver

OSGeoLive trac_osgeolive at osgeo.org
Mon Apr 17 12:46:28 PDT 2023

#2420: update Geoserver
 Reporter:  darkblueb  |      Owner:  osgeolive@…
     Type:  defect     |     Status:  new
 Priority:  critical   |  Milestone:  OSGeoLive16.0
Component:  OSGeoLive  |   Keywords:  geoserver
 there has been a recent security path for geoserver

 I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
 The vulnerability applies to any database backend;
 also any other software using GeoTools (depending on how they use it) can
 be vulnerable.

 I think the fixes were backported to some previous versions
 able to run on Java 8;  2.22.2 has the patch


Ticket URL: <https://trac.osgeo.org/osgeolive/ticket/2420>
OSGeoLive <https://live.osgeo.org/>
self-contained bootable DVD, USB thumb drive or Virtual Machine based on Lubuntu, that allows you to try a wide variety of open source geospatial software without installing anything.

More information about the osgeolive mailing list