New blog post up: Remote Execution Vulnerability <http://blog.geoserver.org/2015/10/20/remote-execution-vulnerability/>
GeoServer has encountered an remote execution vulnerability in the REST API > (used for remote administration). > This vulnerability GEOS-7124 > <https://osgeo-org.atlassian.net/browse/GEOS-7124> is addressed in the > following scheduled > <https://github.com/geoserver/geoserver/wiki/Release-Schedule> releases: > > - GeoServer 2.8.0 > <http://blog.geoserver.org/2015/09/30/geoserver-2-8-0-released/> – > stable > > > - GeoServer 2.7.3 > <http://blog.geoserver.org/2015/10/20/geoserver-2-7-3-released/> – > maintenance > > > - GeoServer 2.6.5 <http://geoserver.org/release/2.6.5/> – archived > > Thanks to Andrea Aime (GeoSolutions) and Kevin Smith (Boundless) for both > fixing this issue and back porting to the stable and maintenance series. > Users are encouraged to upgrade, keeping in mind exposure to this issue is > *limited > to scripts using administrator credentials* to access the REST API. > Accounts making use of making use of gsconfig > <http://github.com/boundlessgeo/gsconfig> (Python Library) also make use > of these facilities. For more information check the blog post, and we would be happy to answer questions. -- Jody Garnett
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
