Hi,
In the announcements of version 2.28.1 are two security vulnerabilities published.
If I check the two URLs (Unauthenticated XML External Entities (XXE) via WMS GetMap operation · Advisory · geoserver/geoserver · GitHub and Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format · Advisory · geoserver/geoserver · GitHub ) these two issues are solved in GeoServer 2.26.x versions.
Are the versions 2.26.4 and 2.27.3 not vulnerable for these two issues?
With best regards,
Rob Egelmeer
GeoNovation