Opened 12 months ago
Closed 12 months ago
#2420 closed defect (fixed)
update Geoserver
| Reported by: | darkblueb | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | OSGeoLive16.0 |
| Component: | OSGeoLive | Keywords: | geoserver |
| Cc: | osgeolive@… |
Description (last modified by )
there has been a recent security patch for geoserver
juanluisrpJuanLu: I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities. The vulnerability applies to any database backend; also any other software using GeoTools (depending on how they use it) can be vulnerable. I think the fixes were backported to some previous versions able to run on Java 8; 2.22.2 has the patch
https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
Change history (3)
comment:1 by , 12 months ago
| Description: | modified (diff) |
|---|
comment:2 by , 12 months ago
| Cc: | added |
|---|
comment:3 by , 12 months ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
https://github.com/OSGeo/OSGeoLive/commit/2d09caebbc56eb027726bc539830197a4bed1343