GeoServer

• Type: Bug
• Status: Closed
• Priority: Blocker
• Resolution: Fixed
• Affects Version/s: 1.4.0-M0, 1.4.0-M1, 1.4.0-M2, 1.4.0-RC1, 1.4.0-RC2, 1.4.0-RC3, 1.4.0-RC4, 1.4.0-RC5, 1.4.0, 1.4.1, 1.5.0-beta1, 1.5.0-beta2, 1.5.0-RC1, 1.5.0-RC2, 1.5.0-RC3, 1.5.0-RC4, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.x, 1.6.0-alpha2, 1.6.0-beta1, 1.6.0-beta2, 1.6.0-beta3, 1.6.0-beta4, 1.6.0-RC1, 1.6.0-RC2, 1.6.0-RC3, 1.6.0, 1.6.1
• Fix Version/s: 1.6.2
• Component/s: None
• Labels:

  None

A bug has been found in GeoServer that exposes the parts of the filesystem that are accessible to the servlet container (Tomcat, Jetty, etc.).

All users are strongly encouraged to upgrade to GeoServer 1.6.2a:
http://sourceforge.net/project/showfiles.php?group_id=25086&package_id=129885

(Ignore any version mismatches, as long as the WAR , .bin or .exe you are downloading is named 1.6.2a)

If you cannot upgrade immediately you should disable the demo system. Instructions can be found here:
http://geoserver.org/display/GEOS/Security+issue+-+Disable+demoRequest

• Assignee:

  Arne Kepp

  Reporter:

  Arne Kepp

• Created:

  07/Mar/08 2:11 PM

  Updated:

  07/Mar/08 2:12 PM

  Resolved:

  07/Mar/08 2:12 PM