Security issue demoRequest (web interface)
------------------------------------------
Key: GEOS-1792
URL: http://jira.codehaus.org/browse/GEOS-1792
Project: GeoServer
Issue Type: Bug
Affects Versions: 1.6.1, 1.6.0, 1.6.0-RC3, 1.6.0-RC2, 1.6.0-RC1, 1.6.0-beta4, 1.6.0-beta3, 1.6.0-beta2, 1.6.0-beta1, 1.6.0-alpha2, 1.5.x, 1.5.4, 1.5.3, 1.5.2, 1.5.1, 1.5.0, 1.5.0-RC4, 1.5.0-RC3, 1.5.0-RC2, 1.5.0-RC1, 1.5.0-beta2, 1.5.0-beta1, 1.4.1, 1.4.0, 1.4.0-RC5, 1.4.0-RC4, 1.4.0-RC3, 1.4.0-RC2, 1.4.0-RC1, 1.4.0-M2, 1.4.0-M1, 1.4.0-M0
Reporter: Arne Kepp
Assignee: Arne Kepp
Priority: Blocker
Fix For: 1.6.2
A bug has been found in GeoServer that exposes the parts of the filesystem that are accessible to the servlet container (Tomcat, Jetty, etc.).
All users are strongly encouraged to upgrade to GeoServer 1.6.2a:
http://sourceforge.net/project/showfiles.php?group_id=25086&package_id=129885
(Ignore any version mismatches, as long as the WAR , .bin or .exe you are downloading is named 1.6.2a)
If you cannot upgrade immediately you should disable the demo system. Instructions can be found here:
http://geoserver.org/display/GEOS/Security+issue+-+Disable+demoRequest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira