"Fossies" - the Fresh Open Source Software Archive

Member "geoserver-2.23.1/SECURITY.md" (22 May 2023, 1661 Bytes) of package /linux/www/geoserver-2.23.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.

Security Policy

Supported Versions

Each GeoServer release is supported with bug fixes for a year, with releases made approximately every two months.

Version	Supported	Available
stable	✅	six months
maintenance	✅	twelve months
archived	❌

This approach provides ample time for upgrading ensuring you are always working with a supported GeoServer release.

If your organisation is making use of a GeoServer version that is no longer in use by the community all is not lost. You can volunteer on the developer list to make additional releases, or engage with one of our Commercial Support providers.

Reporting a Vulnerability

If you encounter a security vulnerability in GeoServer please take care to report in a responsible fashion:

Keep exploit details out of mailing list and issue tracker (send details to geoserver-security@lists.osgeo.org)
Be prepared to work with Project Steering Committee (PSC) members on a solution
Keep in mind PSC members are volunteers and an extensive fix may require fundraising / resources

Please send a mail directly to geoserver-security@lists.osgeo.org (moderated list with no possibility to subscribe, please just send directly to the address, the mail will be evaluated and eventually posted) and provide information about the security issue you might have found there.

For more information see Community Support.