Opened 18 months ago
Closed 18 months ago
#2420 closed defect (fixed)
update Geoserver
Reported by: | darkblueb | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | OSGeoLive16.0 |
Component: | OSGeoLive | Keywords: | geoserver |
Cc: | osgeolive@… |
Description (last modified by )
there has been a recent security patch for geoserver
juanluisrpJuanLu: I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities. The vulnerability applies to any database backend; also any other software using GeoTools (depending on how they use it) can be vulnerable. I think the fixes were backported to some previous versions able to run on Java 8; 2.22.2 has the patch
https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html
Change History (3)
comment:1 by , 18 months ago
Description: | modified (diff) |
---|
comment:2 by , 18 months ago
Cc: | added |
---|
comment:3 by , 18 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
https://github.com/OSGeo/OSGeoLive/commit/2d09caebbc56eb027726bc539830197a4bed1343