The security releases of MapServer 7.4.4 and 6.4.6 are now available for
download: http://mapserver.org/download.html
These releases fix 2 vulnerabilities in PHPMapScript error handling (the
SWIG MapScript PHP7 support is not affected). CVE ID's have been
requested but are not yet available, and when they are available the
MapServer website's changelog will be updated. For now you can see the
related ticket: https://github.com/mapserver/mapserver/issues/6014
If you have not already upgraded to the maintained SWIG PHPMapScript
support, from the old PHPMapScript, this is a good opportunity to do so.
A special thank you to Aviv Yahav (https://github.com/0xbigshaq) for
reporting the vulnerabilities.
--
The MapServer Team
_______________________________________________
mapserver-users mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
