#2420 closed defect (fixed)

update Geoserver

Reported by: darkblueb Owned by: osgeolive@…
Priority: critical Milestone: OSGeoLive16.0
Component: OSGeoLive Keywords: geoserver
Cc: osgeolive@…

Description (last modified by darkblueb)

there has been a recent security patch for geoserver

I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities. 
The vulnerability applies to any database backend; 
also any other software using GeoTools (depending on how they use it) can be vulnerable.

I think the fixes were backported to some previous versions 
able to run on Java 8;  2.22.2 has the patch



Change history (3)

comment:1 by darkblueb, 14 months ago

Description: modified (diff)

comment:2 by kalxas, 14 months ago

Cc: osgeolive@… added
Note: See TracTickets for help on using tickets.