0

I received a request from security personnel to disable my GeoServer's WCS services due to a security flaw being discovered. Could you tell me where I can find the latest GeoServer vulnerabilities and what vulnerabilities may have been discovered in WCS recently?

Edit: Is this the best place?

https://github.com/geotools/geotools/security

https://github.com/geoserver/geoserver/security

Improve this question
6
  • I think the problem was patched with v2.26. Am I correct? github.com/geoserver/geoserver/security/advisories/… Commented Oct 17 at 16:21
  • 1
    That advisory does mention word "coverage" but it that context it does not mean the Web Coverage Service. See github.com/geoserver/geoserver/security/policy and send mail to the geoserver-security mailing list and ask. It would be good to ask more details from the security personnel before sending the mail. Commented Oct 17 at 16:36
  • Many thanks. May I left this question open? I feel a little lost when a comment is the answer. Commented Oct 17 at 21:04
  • It was not really an answer because we do not know what was the question without more details from your security people. The GeoServer team does not publish vulnerabilities before they have a fix for them. Did your security people read about WCS vulnerability somewhere? It they have found a new issue themselves they should report it directly to the GeoServer team as adviced github.com/geoserver/geoserver/security/policy Commented Oct 18 at 9:05
  • 1
    Those would be the best places to look. But if you are running the latest version you will have all the available patches Commented Oct 19 at 16:27

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.