[Ubuntu] [Fwd: Motion: Adopt RFC-56 and release MapServer 4.10.4 and 5.2.2]

Daniel Morissette dmorissette at mapgears.com
Thu Mar 26 18:18:59 EDT 2009


See attached message, this is a heads up that a MapServer release with 
security fixes will be available very shortly. The announcement will be 
made later tonight or first thing tomorrow morning and new source 
packages for 5.2.2 and 4.10.4 are already available on the download server:

http://download.osgeo.org/mapserver/mapserver-5.2.2.tar.gz
http://download.osgeo.org/mapserver/mapserver-4.10.4.tar.gz

BTW, is there a formal process for notifications of security fixes to 
your projects?

Daniel


-------- Original Message --------
Subject: Motion: Adopt RFC-56 and release MapServer 4.10.4 and 5.2.2
Date: Thu, 26 Mar 2009 14:20:01 -0400
From: Daniel Morissette <dmorissette at mapgears.com>
To: 'MapServer Dev Mailing List' <mapserver-dev at lists.osgeo.org>

Some security vulnerabilities have been found and reported to us
following an audit of MapServer's mapserv CGI. We have worked on this
off-list with other PSC members to come up with a solution before making
anything public.

The outcome of this is five tickets (#2939, #2941, #2942, #2943, #2944)
and corresponding fixes:
   http://trac.osgeo.org/mapserver/ticket/2939
   http://trac.osgeo.org/mapserver/ticket/2941
   http://trac.osgeo.org/mapserver/ticket/2942
   http://trac.osgeo.org/mapserver/ticket/2943
   http://trac.osgeo.org/mapserver/ticket/2944

as well as a new RFC-56 about tightening up control of access to
mapfiles and templates:
   http://mapserver.org/development/rfc/ms-rfc-56.html


Motion:

I hereby motion that we release MapServer 5.2.2 and 4.10.4 ASAP with
fixes for tickets (#2939, #2941, #2942, #2943, #2944) and the
implementation of RFC-56. MapServer 5.4.0 beta4 should also follow
within a few days with the same fixes.

I start with my +1

Daniel
-- 
Daniel Morissette
http://www.mapgears.com/


More information about the Ubuntu mailing list