[postgis-users] 2.1.7 / 2.0.7 Bug Fix Release
pramsey at cleverelephant.ca
Mon Apr 6 15:56:28 PDT 2015
Due to a critical bug in GeoJSON ingestion we have made an early release of versions 2.0.7 and 2.1.7. If you are running an earlier version on a public site and accepting incoming GeoJSON, we recommend you update as soon as possible.
The resolved issue would cause the back-end to crash when certain malformed GeoJSON is fed to it. This could be used to effectively run a denial-of-service attack on a public-facing web service.
Sorry to release a new patch soon soon after 2.1.6, but the nature of issue warranted it.
More information about the postgis-users