In keeping with coordinate vulnerability disclosure policy, the following vulnerability is being disclosed some time after both latest and stable versions have been patched:
- CVE-2024-32037 Search end-point information disclosure in response headers
A reminder that it is important to update your geonetwork instances to a supported version. For more information please see project security policy.
Thanks to Ministry of Economic Affairs and Climate Policy (The Netherlands) for addressing this issue.