[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mapserver-dev
Subject:    Re: [mapserver-dev] Motion: Adopt RFC-56 and release MapServer 4.10.4
From:       Tamas Szekeres <szekerest () gmail ! com>
Date:       2009-03-26 19:36:03
Message-ID: f3b73b7d0903261236n4b28d7fme4d44c08059b19f3 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


+1

Tamas



2009/3/26 Daniel Morissette <dmorissette@mapgears.com>

> Some security vulnerabilities have been found and reported to us following
> an audit of MapServer's mapserv CGI. We have worked on this off-list with
> other PSC members to come up with a solution before making anything public.
>
> The outcome of this is five tickets (#2939, #2941, #2942, #2943, #2944) and
> corresponding fixes:
>  http://trac.osgeo.org/mapserver/ticket/2939
>  http://trac.osgeo.org/mapserver/ticket/2941
>  http://trac.osgeo.org/mapserver/ticket/2942
>  http://trac.osgeo.org/mapserver/ticket/2943
>  http://trac.osgeo.org/mapserver/ticket/2944
>
> as well as a new RFC-56 about tightening up control of access to mapfiles
> and templates:
>  http://mapserver.org/development/rfc/ms-rfc-56.html
>
>
> Motion:
>
> I hereby motion that we release MapServer 5.2.2 and 4.10.4 ASAP with fixes
> for tickets (#2939, #2941, #2942, #2943, #2944) and the implementation of
> RFC-56. MapServer 5.4.0 beta4 should also follow within a few days with the
> same fixes.
>
> I start with my +1
>
> Daniel
> --
> Daniel Morissette
> http://www.mapgears.com/
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-dev
>

[Attachment #5 (text/html)]

+1<br><br>Tamas<br><br><br><br><div class="gmail_quote">2009/3/26 Daniel Morissette \
<span dir="ltr">&lt;<a \
href="mailto:dmorissette@mapgears.com">dmorissette@mapgears.com</a>&gt;</span><br><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;"> Some security vulnerabilities have been found and \
reported to us following an audit of MapServer&#39;s mapserv CGI. We have worked on \
this off-list with other PSC members to come up with a solution before making \
anything public.<br>

<br>
The outcome of this is five tickets (#2939, #2941, #2942, #2943, #2944) and \
corresponding fixes:<br>  <a href="http://trac.osgeo.org/mapserver/ticket/2939" \
target="_blank">http://trac.osgeo.org/mapserver/ticket/2939</a><br>  <a \
href="http://trac.osgeo.org/mapserver/ticket/2941" \
target="_blank">http://trac.osgeo.org/mapserver/ticket/2941</a><br>  <a \
href="http://trac.osgeo.org/mapserver/ticket/2942" \
target="_blank">http://trac.osgeo.org/mapserver/ticket/2942</a><br>  <a \
href="http://trac.osgeo.org/mapserver/ticket/2943" \
target="_blank">http://trac.osgeo.org/mapserver/ticket/2943</a><br>  <a \
href="http://trac.osgeo.org/mapserver/ticket/2944" \
target="_blank">http://trac.osgeo.org/mapserver/ticket/2944</a><br> <br>
as well as a new RFC-56 about tightening up control of access to mapfiles and \
templates:<br>  <a href="http://mapserver.org/development/rfc/ms-rfc-56.html" \
target="_blank">http://mapserver.org/development/rfc/ms-rfc-56.html</a><br> <br>
<br>
Motion:<br>
<br>
I hereby motion that we release MapServer 5.2.2 and 4.10.4 ASAP with fixes for \
tickets (#2939, #2941, #2942, #2943, #2944) and the implementation of RFC-56. \
MapServer 5.4.0 beta4 should also follow within a few days with the same fixes.<br>

<br>
I start with my +1<br>
<br>
Daniel<br><font color="#888888">
-- <br>
Daniel Morissette<br>
<a href="http://www.mapgears.com/" target="_blank">http://www.mapgears.com/</a><br>
_______________________________________________<br>
mapserver-dev mailing list<br>
<a href="mailto:mapserver-dev@lists.osgeo.org" \
target="_blank">mapserver-dev@lists.osgeo.org</a><br> <a \
href="http://lists.osgeo.org/mailman/listinfo/mapserver-dev" \
target="_blank">http://lists.osgeo.org/mailman/listinfo/mapserver-dev</a><br> \
</font></blockquote></div><br>



_______________________________________________
mapserver-dev mailing list
mapserver-dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-dev


[prev in list] [next in list] [prev in thread] [next in thread]