Hi Aijun,
Now, I have few questions for you/GeoServer development team as below:
> 1. Is there a core GeoServer development team that we can contact to
> provide more details about this vulnerability for further
> discussion/solutions? We don't want to send our vulnerability scan report
> to the whole GeoServer community.
>
There was a discussion about this recently here on the list - see:
http://osgeo-org.1560.x6.nabble.com/Handling-of-a-detected-security-flaw-td5139395.html
- there isn't a definitive way of doing it.
The rest of the issues I'd suggest would be better aimed at the GeoServer
dev list.
Cheers,
Jonathan
--
This transmission is intended for the named addressee(s) only and may
contain confidential, sensitive or personal information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this transmission in error please notify
the sender immediately. All email traffic sent to or from us, including
without limitation all GCSX traffic, may be subject to recording and/or
monitoring in accordance with relevant legislation.
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
