1 | | This ticket is to track fixes to prevent sql injections through filter encoding (WFS and WMS) |
| 1 | This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support. |
| 2 | |
| 3 | Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR. |
| 4 | |
| 5 | All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are ** strongly encouraged ** to upgrade to one of the latest releases with the fixes. |