On Fri, Feb 28, 2014 at 2:16 PM, Plummer, Thomas <thomas.plum...@lmco.com>wrote:
> I'm currently using an older version of GeoServer (2.2). We ran security
> scanning software and it came up with a vulnerability against Jetty. The
> vulnerability # is CVE-2009-1523, which is "Jetty is prone to a cross-site
> scripting vulnerability and an information-disclosure vulnerability." I was
> inquiring if this has been fixed in a later version of GeoServer. Our
> implementation of GeoServer is stable so I'd only like to upgrade at this
> time if it fixes this vulnerability. Any insight is appreciated. Thanks.
>
No, it has not been fixed. The windows installer/bin packages are meant for
easy testing,
for production usage you should install Tomcat and deploy the war in it
instead
Cheers
Andrea
--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
