#2420 closed defect (fixed)

update Geoserver

Reported by: darkblueb Owned by: osgeolive@…
Priority: critical Milestone: OSGeoLive16.0
Component: OSGeoLive Keywords: geoserver
Cc: osgeolive@…

Description (last modified by darkblueb)

there has been a recent security patch for geoserver

juanluisrpJuanLu: 
I think it was CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities. 
The vulnerability applies to any database backend; 
also any other software using GeoTools (depending on how they use it) can be vulnerable.

I think the fixes were backported to some previous versions 
able to run on Java 8;  2.22.2 has the patch

https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html

https://github.com/geoserver/geoserver/releases/tag/2.22.2

Change History (3)

comment:1 by darkblueb, 18 months ago

Description: modified (diff)

comment:2 by kalxas, 18 months ago

Cc: osgeolive@… added
Note: See TracTickets for help on using tickets.