Improve validation when publishing classpath resources

Description

None

Environment

None

Activity

Jody Garnett
October 24, 2022 at 3:33 PM

Okay; so we could of added this to the security vulnerabilities section of the release announcements.

Steve Ikeoka
October 24, 2022 at 3:31 PM

Yes, this is a security issue. The classpath publisher is intended to publish specific resources from GeoServer’s JAR files (e.g, OGC schemas, OpenLayers files) but could allow access to any classpath resource in certain environments.

Jody Garnett
October 22, 2022 at 3:22 AM
(edited)

I got no idea what this is about from the title; having to look at the PR. Is it a security issue? What is this used for …

Steve Ikeoka
August 31, 2022 at 8:01 PM

Pull Request:

Resize issue view side panel

Fixed

Details

Assignee

Steve Ikeoka

Reporter

Steve Ikeoka

Fix versions

2.20.6

2.21.2

2.22-RC

Affects versions

2.20.5

2.21.1

Priority

Medium

Created August 31, 2022 at 5:31 PM

Updated October 24, 2022 at 3:33 PM

Resolved September 6, 2022 at 3:11 PM