Stay Connected with the Boundless Blog

OpenGeo Suite 4.6.1 Now Available

Boundless is announcing the general availability of OpenGeo Suite 4.6.1 for all customers and OpenGeo Suite users. This is a patch release primarily intended to address an identified security vulnerability in GeoServer:

  • GEOS-7032: Reports the ability to request sensitive files using a careful crafted WFS GetFeature request when running GeoServer as root (which is not recommended for production systems). Please note OpenGeo Suite installs GeoServer using the “tomcat” user, limiting the scope of this vulnerability for our customers. While this reduces the risk, we still encourage all users to update their systems.

Boundless Customers
At this moment this security update is available via Boundless as part of OpenGeo Suite 4.6.1, which includes the latest GeoServer 2.7.

Boundless is committed to the security and success of our customers, and will continue to provide early access to important updates and fixes.

GeoServer Community
GeoServer will include this fix in the GeoServer 2.6.4 maintenance release scheduled for availability later today. Those making use of GeoServer 2.7 are encouraged to update to 2.7.2 when it is released later this month.

For more information on availability please see the community release schedule.

UPDATE 06/29/15 – See project blog on GeoServer XEE vulnerability for patched 2.5.x, 2.6.x and 2.7.x releases.

Jody Garnett

Jody Garnett

Community Lead

Jody looks after our open source projects as a community lead here at Boundless. As a member of the engineering team he provides technical leadership and develops Boundless’ training program. He is a member of the Project Steering Committee for GeoServer and GeoTools. Jody is a board member of the Open Source Geospatial Foundation, and on the steering committee for LocationTech.