Dirk Oberhaus ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5a1c7da858003528600c68ee ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10781?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) GEOS-10781 ( https://osgeo-org.atlassian.net/browse/GEOS-10781?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) High findings in used Batik lib CVE-2022-42890 and CVE-2022-41704 ( https://osgeo-org.atlassian.net/browse/GEOS-10781?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) Issue Type: Bug Affects Versions: 2.21.2, 2.22.0 Assignee: Unassigned Created: 12/Dec/22 4:18 PM Priority: Medium Reporter: Dirk Oberhaus ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5a1c7da858003528600c68ee ) Hi can you check, if the geoserver is affected by this vulnerabilities? A fix ist included in version 1.16 of the batik lib Kind regards ( https://osgeo-org.atlassian.net/browse/GEOS-10781#add-comment?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10781#add-comment?atlOrigin=eyJpIjoiM2ZmNmJhNmQ3NDIzNDhiNWJkZmEzNWQ4ZGY0MzA3YjciLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100212- sha1:99773b8 )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
