GeoServer 1.6.2 upgrade: security release
GeoServer 1.6.2 is now available for download here. This is a Security Release, which means it contains fixes for two Security Vulnerabilities. We highly recommend that you upgrade to this version. We found out about both these vulnerabilities in the past couple days, and made an effort to fix them and get this release out as quickly as possible. One of the issues also affects older versions of GeoServer. We are not doing a security release for it at this time for all the older versions, but have clear instructions on how to update one file to disable the page where the exploit is possible. We highly recommend that any production instances of GeoServer follow this, it should be easier to do than a full upgrade.
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release