On 08-07-2024 13:04, Alexandre Gacon wrote:
A SNAPSHOT version is built on the latest available code base for the branch 2.24.X. As such it should contain the fix for the CVE.
This, in general, is wrong for any -SNAPSHOT versions of GeoServer as it can be anything after the ".0" tag of a stable branch has been pushed; it depends on the moment the build is done and the moment the code is checked out.
To be certain you will need to check the Git Revision shown on the About page of GeoServer after logging in and compare that to Github, looking at the Build Date is second best.
For the docker images you could look at the image sha1 hash and compare to those listed in https://repo.osgeo.org/#browse/browse:docker:v2%2Fgeoserver%2Ftags
eg. https://repo.osgeo.org/#browse/browse:docker:v2%2Fgeoserver%2Ftags%2F2.24.x
Mark _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
