This is a security release to mitigate an information disclosure issue with libxml2 (versions older than 2.9, c.f. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339 ) which can reveal any file accessible on the host system by passing a specially crafted XML file. Although this is not an issue with MapServer itself, the proposed update makes sure this vector of attack cannot be used when mapserver is using a version of libxml2 older than 2.9. You are strongly recommended to update if your mapserver has libxml2 support and is using an unpatched version of libxml2 older than 2.8.
We are concurrently releasing the second beta for MapServer 7.0.0 that contains this security fix along with a number of issues that were discovered since the release of beta1. As always, we rely on you the community to test these beta versions and provide us with feedback as to the issues you may encounter. You can find the download links and changelogs at the usual location: http://mapserver.org/download.html best regards, The MapServer Team _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
