[OSGeoLive] #2420: update Geoserver

OSGeoLive trac_osgeolive at osgeo.org
Mon Apr 17 12:47:10 PDT 2023


#2420: update Geoserver
-----------------------+----------------------------
 Reporter:  darkblueb  |       Owner:  osgeolive@…
     Type:  defect     |      Status:  new
 Priority:  critical   |   Milestone:  OSGeoLive16.0
Component:  OSGeoLive  |  Resolution:
 Keywords:  geoserver  |
-----------------------+----------------------------
Description changed by darkblueb:

Old description:

> there has been a recent security path for geoserver
>
> {{{
> juanluisrpJuanLu:
> I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
> The vulnerability applies to any database backend;
> also any other software using GeoTools (depending on how they use it) can
> be vulnerable.
>
> I think the fixes were backported to some previous versions
> able to run on Java 8;  2.22.2 has the patch
> }}}
>

> https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
>
> https://github.com/geoserver/geoserver/releases/tag/2.22.2

New description:

 there has been a recent security patch for geoserver

 {{{
 juanluisrpJuanLu:
 I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
 The vulnerability applies to any database backend;
 also any other software using GeoTools (depending on how they use it) can
 be vulnerable.

 I think the fixes were backported to some previous versions
 able to run on Java 8;  2.22.2 has the patch
 }}}


 https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html

 https://github.com/geoserver/geoserver/releases/tag/2.22.2

--
-- 
Ticket URL: <https://trac.osgeo.org/osgeolive/ticket/2420#comment:1>
OSGeoLive <https://live.osgeo.org/>
self-contained bootable DVD, USB thumb drive or Virtual Machine based on Lubuntu, that allows you to try a wide variety of open source geospatial software without installing anything.


More information about the osgeolive mailing list