On Fri, Feb 28, 2014 at 2:16 PM, Plummer, Thomas thomas.plum...@lmco.comwrote:
I'm currently using an older version of GeoServer (2.2). We ran security
scanning software and it came up with a vulnerability against Jetty. The
vulnerability # is CVE-2009-1523, which is Jetty is prone to a cross-site
scripting vulnerability and an information-disclosure vulnerability. I was
inquiring if this has been fixed in a later version of GeoServer. Our
implementation of GeoServer is stable so I'd only like to upgrade at this
time if it fixes this vulnerability. Any insight is appreciated. Thanks.
No, it has not been fixed. The windows installer/bin packages are meant for
easy testing,
for production usage you should install Tomcat and deploy the war in it
instead
Cheers
Andrea
--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
---
--
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk___
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
