Those requiring a CVE record, see: CVE-2026-33721
https://www.cve.org/CVERecord?id=CVE-2026-33721
-jeff
On 2026-03-23 4:36 p.m., Jeff McKenna via MapServer-users wrote:
The MapServer team announces the immediate availability of security
release of 8.6.1
This release contains a fix for a security flaw in the SLD parser. See
the changelog for the list of changes ( https://mapserver.org/
development/changelog/changelog-8-6.html#changelog-8-6-1 ). You may also
review this specific Security Advisory ( https://github.com/MapServer/
MapServer/security/advisories/GHSA-cv4m-mr84-fgjp ) as well as
MapServer’s Security Policy ( https://github.com/MapServer/MapServer/
blob/main/SECURITY.md ). Please note: as security support for the 7.6
branch has ended, and branches 8.4, 8.2 & 8.0 are not supported, all
users are strongly encouraged to upgrade to the MapServer 8.6.1 release.
Here is the direct download for today's release:
- tar.gz: https://download.osgeo.org/mapserver/mapserver-8.6.1.tar.gz
- zip: https://download.osgeo.org/mapserver/mapserver-8.6.1.zip
(all services on demo.mapserver.org have been upgraded as well)
Thanks,
--
Jeff McKenna
GatewayGeo: Developers of MS4W, & offering MapServer Consulting/Dev
co-founder of FOSS4G
http://gatewaygeo.com/
_______________________________________________
MapServer-users mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
