[OSGeoLive] #2420: update Geoserver
OSGeoLive
trac_osgeolive at osgeo.org
Mon Apr 17 12:47:10 PDT 2023
#2420: update Geoserver
-----------------------+----------------------------
Reporter: darkblueb | Owner: osgeolive@…
Type: defect | Status: new
Priority: critical | Milestone: OSGeoLive16.0
Component: OSGeoLive | Resolution:
Keywords: geoserver |
-----------------------+----------------------------
Description changed by darkblueb:
Old description:
> there has been a recent security path for geoserver
>
> {{{
> juanluisrpJuanLu:
> I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
> The vulnerability applies to any database backend;
> also any other software using GeoTools (depending on how they use it) can
> be vulnerable.
>
> I think the fixes were backported to some previous versions
> able to run on Java 8; 2.22.2 has the patch
> }}}
>
> https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
>
> https://github.com/geoserver/geoserver/releases/tag/2.22.2
New description:
there has been a recent security patch for geoserver
{{{
juanluisrpJuanLu:
I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities.
The vulnerability applies to any database backend;
also any other software using GeoTools (depending on how they use it) can
be vulnerable.
I think the fixes were backported to some previous versions
able to run on Java 8; 2.22.2 has the patch
}}}
https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
https://github.com/geoserver/geoserver/releases/tag/2.22.2
--
--
Ticket URL: <https://trac.osgeo.org/osgeolive/ticket/2420#comment:1>
OSGeoLive <https://live.osgeo.org/>
self-contained bootable DVD, USB thumb drive or Virtual Machine based on Lubuntu, that allows you to try a wide variety of open source geospatial software without installing anything.
More information about the osgeolive
mailing list