[Geoserver-devel] [jira] Created: (GEOS-1792) Security issue demoRequest (web interface)

Security issue demoRequest (web interface)
------------------------------------------

                 Key: GEOS-1792
                 URL: http://jira.codehaus.org/browse/GEOS-1792
             Project: GeoServer
          Issue Type: Bug
    Affects Versions: 1.6.1, 1.6.0, 1.6.0-RC3, 1.6.0-RC2, 1.6.0-RC1, 1.6.0-beta4, 1.6.0-beta3, 1.6.0-beta2, 1.6.0-beta1, 1.6.0-alpha2, 1.5.x, 1.5.4, 1.5.3, 1.5.2, 1.5.1, 1.5.0, 1.5.0-RC4, 1.5.0-RC3, 1.5.0-RC2, 1.5.0-RC1, 1.5.0-beta2, 1.5.0-beta1, 1.4.1, 1.4.0, 1.4.0-RC5, 1.4.0-RC4, 1.4.0-RC3, 1.4.0-RC2, 1.4.0-RC1, 1.4.0-M2, 1.4.0-M1, 1.4.0-M0
            Reporter: Arne Kepp
            Assignee: Arne Kepp
            Priority: Blocker
             Fix For: 1.6.2

A bug has been found in GeoServer that exposes the parts of the filesystem that are accessible to the servlet container (Tomcat, Jetty, etc.).

All users are strongly encouraged to upgrade to GeoServer 1.6.2a:
http://sourceforge.net/project/showfiles.php?group_id=25086&package_id=129885

(Ignore any version mismatches, as long as the WAR , .bin or .exe you are downloading is named 1.6.2a)

If you cannot upgrade immediately you should disable the demo system. Instructions can be found here:
http://geoserver.org/display/GEOS/Security+issue+-+Disable+demoRequest

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira