History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: GEOS-1792
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Arne Kepp
Reporter: Arne Kepp
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
GeoServer

Security issue demoRequest (web interface)

Created: 07/Mar/08 02:11 PM   Updated: 07/Mar/08 02:12 PM
Component/s: None
Affects Version/s: 1.4.0-M0, 1.5.x, 1.4.0-RC1, 1.4.0-M1, 1.4.0, 1.4.1, 1.5.0-beta1, 1.6.0, 1.4.0-M2, 1.4.0-RC2, 1.5.0-beta2, 1.5.0-RC2, 1.5.0, 1.4.0-RC3, 1.4.0-RC4, 1.4.0-RC5, 1.5.0-RC3, 1.5.0-RC4, 1.5.0-RC1, 1.6.0-alpha2, 1.6.0-beta1, 1.5.1, 1.5.2, 1.6.0-beta2, 1.5.4, 1.6.0-beta4, 1.6.0-RC1, 1.5.3, 1.6.0-beta3, 1.6.0-RC2, 1.6.0-RC3, 1.6.1
Fix Version/s: 1.6.2

Time Tracking:
Not Specified


 Description  « Hide
A bug has been found in GeoServer that exposes the parts of the filesystem that are accessible to the servlet container (Tomcat, Jetty, etc.).

All users are strongly encouraged to upgrade to GeoServer 1.6.2a:
http://sourceforge.net/project/showfiles.php?group_id=25086&package_id=129885

(Ignore any version mismatches, as long as the WAR , .bin or .exe you are downloading is named 1.6.2a)

If you cannot upgrade immediately you should disable the demo system. Instructions can be found here:
http://geoserver.org/display/GEOS/Security+issue+-+Disable+demoRequest

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators