Hi devs, There has been quite a bit of talk about the WEBP vulnerability, and I noticed Tamas has updated the GISInternals buildkit [1] and Even patched the GDAL builds [2].
As I understand it the vulnerability exploits user supplied images. Am I correct in thinking that this will only be an issue for MapServer if Mapfiles are setup to read images that could be created externally and then read by MapServer in a RATER layer? Or could a layer using a WMS connection (cascaded WMS) be affected? I guess in that case the external service would have to have been compromised. Serving WEBP as an OUTPUTFORMAT I don't think should be affected? Seth [1] https://github.com/gisinternals/buildsystem/issues/216 [2] https://github.com/OSGeo/gdal/issues/8501 -- web:https://geographika.net & https://mapserverstudio.net twitter: @geographika _______________________________________________ MapServer-dev mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/mapserver-dev
