From 77dde59a661385ff8aefd0dad8b47c5a1c46021c Mon Sep 17 00:00:00 2001 From: Jeff McKenna Date: Tue, 24 Mar 2026 10:03:47 -0300 Subject: [PATCH 1/2] mention security policy & vulnerabilities --- en/MIGRATION_GUIDE.txt | 10 +++++++++- en/development/bugs.txt | 9 +++++++-- en/documentation.txt | 7 ++++++- en/mapscript/index.txt | 2 +- en/mapscript/mapscript-api/index.rst | 2 +- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/en/MIGRATION_GUIDE.txt b/en/MIGRATION_GUIDE.txt index 58e1c9f0f2c..ee52ee9d5db 100644 --- a/en/MIGRATION_GUIDE.txt +++ b/en/MIGRATION_GUIDE.txt @@ -6,17 +6,25 @@ MapServer Migration Guide ***************************************************************************** -:Last Updated: 2025-11-19 +:Last Updated: 2026-03-24 .. contents:: Table of Contents :depth: 2 :backlinks: top +.. tip:: + + Review MapServer's `Security Policy `__, + and also review any recent published `vulnerabilities `__. + .. _migration-8-6: MapServer 8.4 to 8.6 Migration ============================== +- The 8.6.1 release includes a fix for a security flaw in the SLD parser + (see MapServer's `Security Advisory `__) + - You can now enable an automatically generated index page, that lists all of your OGC services and endpoints, for each mapfile that you defined in your CONFIG file. To enable the index, add `MS_INDEX_TEMPLATE_DIRECTORY` diff --git a/en/development/bugs.txt b/en/development/bugs.txt index e1df4eac753..184f4db2905 100644 --- a/en/development/bugs.txt +++ b/en/development/bugs.txt @@ -16,6 +16,11 @@ Please keep the following issues in mind when submitting a bug/issue: Security/vulnerability reports should not be submitted through GitHub, but instead please send your report to the email address: `mapserver-security nospam @ osgeo.org` (remove the blanks and 'nospam'). + +.. tip:: + + Review MapServer's `Security Policy `__, + and also review any recent published `vulnerabilities `__. 1. Set a meaningful yet reasonably brief title of your ticket. @@ -36,7 +41,7 @@ Please keep the following issues in mind when submitting a bug/issue: The most important thing when reporting a bug is to boil down a minimum example that is needed to reproduce the bug. That means a minimal mapfile + -any data files it depends on. Remove everything from the map file that isn't +any data files it depends on. Remove everything from the mapfile that isn't needed to reproduce the bug. The developers often dislike having to spend the first 30 minutes working on a @@ -44,7 +49,7 @@ bug, having to fix paths, remove unnecessary layers, removing references to external symbols or fonts that were not included or even needed and otherwise doctoring your test case to get it to a point when they can actually use it. -If the bug is easily demonstrated with ":ref:`map2img`", without the need to +If the bug is easily demonstrated with :ref:`map2img`, without the need to setup a proper web service and test it through http, then please show it that way. If a standalone :ref:`mapscript` script can demonstrate a problem without it having to be a web service, likewise submit it that way. If your problem diff --git a/en/documentation.txt b/en/documentation.txt index 3ef249a67a2..8ce701f9419 100644 --- a/en/documentation.txt +++ b/en/documentation.txt @@ -19,7 +19,12 @@ :height: 15 :width: 15 :alt: PDF icon - :target: https://download.osgeo.org/mapserver/docs/MapServer.pdf + :target: https://download.osgeo.org/mapserver/docs/MapServer.pdf + +.. tip:: + + Review MapServer's `Security Policy `__, + and also review any recent published `vulnerabilities `__. Introduction ....................................................... diff --git a/en/mapscript/index.txt b/en/mapscript/index.txt index 0abd9e193be..69ddd4a58d9 100644 --- a/en/mapscript/index.txt +++ b/en/mapscript/index.txt @@ -10,7 +10,7 @@ Since the MapServer 8.0.0 release PHP support is only available through MapServer's :ref:`SWIG API `. Supported versions are PHP 8.5 and - PHP 8.4 with MapServer 8.6.0 + PHP 8.4 with MapServer 8.6.1 .. toctree:: :maxdepth: 2 diff --git a/en/mapscript/mapscript-api/index.rst b/en/mapscript/mapscript-api/index.rst index 0bdd728cff7..2f8db486b07 100644 --- a/en/mapscript/mapscript-api/index.rst +++ b/en/mapscript/mapscript-api/index.rst @@ -47,7 +47,7 @@ meaningless, and even dangerous attributes might be exposed by objects. Since the MapServer 8.0.0 release PHP support is only available through MapServer's :ref:`SWIG API `. Supported versions are PHP 8.5 and - PHP 8.4 with MapServer 8.6.0 + PHP 8.4 with MapServer 8.6.1 ============================================================================= Appendices From cc80af29c231004f90cf2ba32b9a09f235a24396 Mon Sep 17 00:00:00 2001 From: Jeff McKenna Date: Tue, 24 Mar 2026 10:13:55 -0300 Subject: [PATCH 2/2] minor --- en/ogc/wms_client.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/en/ogc/wms_client.txt b/en/ogc/wms_client.txt index da27e9f4079..6625b92d597 100755 --- a/en/ogc/wms_client.txt +++ b/en/ogc/wms_client.txt @@ -9,7 +9,7 @@ :Author: Jeff McKenna :Contact: jmckenna at gatewaygeomatics.com -:Last Updated: 2024-07-08 +:Last Updated: 2026-03-24 .. contents:: Table of Contents :depth: 4 @@ -313,7 +313,7 @@ Optional Layer Parameters and Metadata - basic - digest - ntlm - - any (the underlying http library picks the best among the opotions supported by the remote server) + - any (the underlying http library picks the best among the options supported by the remote server) - anysafe (the underlying http library picks only safe methods among the options supported by the remote server) .. code-block:: mapfile