The GeoServer team has released a statement: OGC Filter Injection Vulnerability Statement <https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html>
A vulnerability has been located in the GeoTools Library that allows SQL Injection using OGC Filter and Function expressions. - CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities <https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf> (GeoServer) - CVE-2023-25158 OGC Filter SQL Injection Vulnerabilities <https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m> (GeoTools) Patched releases: - GeoServer 2.22.2 <https://geoserver.org/announcements/2023/02/20/geoserver-2-22-2-released.html> stable release - GeoServer 2.21.4 <https://geoserver.org/announcements/2023/02/20/geoserver-2-21-4-released.html> maintenance - GeoServer 2.20.7 <https://geoserver.org/announcements/2023/02/20/geoserver-2-20-7-released.html> - GeoServer 2.19.7 <https://geoserver.org/announcements/2023/02/20/geoserver-2-19-7-released.html> - GeoServer 2.18.7 <https://geoserver.org/announcements/2023/02/20/geoserver-2-18-7-released.html> -- GeoServer Project Steering Committee
_______________________________________________ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss