diff --git a/conf.py b/conf.py index 685e39ae8af..838b90ee425 100644 --- a/conf.py +++ b/conf.py @@ -94,7 +94,7 @@ def __getattr__(cls, name): # The short X.Y version. version = '8.6' # The full version, including alpha/beta/rc tags. -release = '8.6.2' +release = '8.6.3' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. #language = None diff --git a/en/MIGRATION_GUIDE.txt b/en/MIGRATION_GUIDE.txt index 1235989f67c..5b129593047 100644 --- a/en/MIGRATION_GUIDE.txt +++ b/en/MIGRATION_GUIDE.txt @@ -6,7 +6,7 @@ MapServer Migration Guide ***************************************************************************** -:Last Updated: 2026-05-01 +:Last Updated: 2026-05-07 .. contents:: Table of Contents :depth: 2 @@ -22,10 +22,29 @@ MapServer Migration Guide MapServer 8.4 to 8.6 Migration ============================== -- The 8.6.2 release includes a fix for a security flaw in the OpenLayers viewer +- The 8.6.3 release includes a fix for a vulnerability in the SLD parser + (see MapServer's `Security Advisory `__) + + Reminder: you can also disable external SLD access for your WMS services + by setting the following in your mapfile: + + .. code-block:: mapfile + + MAP + ... + WEB + METADATA + "wms_sld_enabled" "false" + ... + END #metadata + END #web + ... + + +- The 8.6.2 release includes a fix for a vulnerability in the OpenLayers viewer (see MapServer's `Security Advisory `__) -- The 8.6.1 release includes a fix for a security flaw in the SLD parser +- The 8.6.1 release includes a fix for a vulnerability in the SLD parser (see CVE record: `CVE-2026-33721 `__, or see MapServer's `Security Advisory `__) @@ -151,7 +170,7 @@ MapServer 8.4 to 8.6 Migration MapServer 8.2 to 8.4 Migration ============================== -- The 8.4.1 release includes a fix for a security flaw for WFS filter requests to +- The 8.4.1 release includes a fix for a vulnerability for WFS filter requests to an OGR backend connection (see CVE record: `CVE-2025-59431 `__, or MapServer's `Security Advisory `__) diff --git a/en/announcements/announcements_archive.txt b/en/announcements/announcements_archive.txt index b7f78c077ae..91d1b9ea6a9 100644 --- a/en/announcements/announcements_archive.txt +++ b/en/announcements/announcements_archive.txt @@ -4,6 +4,22 @@ MapServer Announcement Archives ***************************************************************************** +**2026-05-07 - MapServer 8.6.3 is released** + +.. important:: + Security release available + +The security release of MapServer 8.6.3 has been issued in order to fix +a vulnerability in the SLD parser. See the :ref:`changelog ` +for the list of changes. +You may also review this `Security Advisory `__, +as well as MapServer's `Security Policy `__. +As security for the 7.6 branch has ended, and branches 8.4, 8.2 & 8.0 are not supported, +all users are strongly encouraged to upgrade to the MapServer 8.6.3 release (see the +:ref:`Migration Guide `). + +Head to :ref:`download` to obtain a copy. + **2026-04-20 - MapCache 1.16.0 is released** The major version MapCache 1.16.0 has been released. @@ -17,8 +33,8 @@ Head to :ref:`download` to obtain a copy. .. important:: Security release available -The maintenance release of MapServer 8.6.2 has been issued in order to fix -a security flaw in the OpenLayers viewer (with WMS 1.3.0 requests). +The security release of MapServer 8.6.2 has been issued in order to fix +a vulnerability in the OpenLayers viewer (with WMS 1.3.0 requests). See the :ref:`changelog ` for the list of changes. You may also review this `Security Advisory `__, as well as MapServer's `Security Policy `__. @@ -33,8 +49,8 @@ Head to :ref:`download` to obtain a copy. .. important:: Security release available -The maintenance release of MapServer 8.6.1 has been issued in order to fix -a security flaw in the SLD parser. +The security release of MapServer 8.6.1 has been issued in order to fix +a vulnerability in the SLD parser. See the :ref:`changelog ` for the list of changes. You may also review this `Security Advisory `__, the CVE record: `CVE-2026-33721 `__, @@ -73,8 +89,11 @@ for the full list of changes and head to :ref:`download` to obtain a copy. **2025-09-19 - MapServer 8.4.1 is released** -The maintenance release of MapServer 8.4.1 has been issued in order to fix -a security flaw for WFS filters through OGR. +.. important:: + Security release available + +The security release of MapServer 8.4.1 has been issued in order to fix +a vulnerability for WFS filters through OGR. See the :ref:`changelog ` for the list of changes. You may also review MapServer's `Security Policy `__, the CVE record: `CVE-2025-59431 `__, diff --git a/en/development/changelog/changelog-8-6.txt b/en/development/changelog/changelog-8-6.txt index 1bfb917d42c..74db82380a5 100644 --- a/en/development/changelog/changelog-8-6.txt +++ b/en/development/changelog/changelog-8-6.txt @@ -7,6 +7,16 @@ The summary of major changes for this release can be found in the `HISTORY.md `__ file from the source directory. +.. _changelog-8-6-3: + +Changes from 8.6.2 to 8.6.3 +=========================== + +* SLD parser: fix out of bounds access on SLD with only a Rule with a ElseFilter but without a symbolizer ( `#7497 `__ ) (Even Rouault) : `0f05c57 `__ +* Oracle: revert change regarding case insensitive ogc filters ( `#7493 `__ ) (Pierre-Étienne Lord) : `ce02b66 `__ +* update CMake install README ( `#7488 `__ ) (Jeff McKenna) : `dcdfcda `__ +* Oracle: revert change regarding adding subquery to apply sortBy before rownum paging ( `#7491 `__ ) (Jeff McKenna) : `448c69f `__ + .. _changelog-8-6-2: Changes from 8.6.1 to 8.6.2 diff --git a/en/download.txt b/en/download.txt index 2d8ca01608c..3c3cf8185ad 100644 --- a/en/download.txt +++ b/en/download.txt @@ -18,7 +18,7 @@ Current Release(s) * MapServer - * **2026-04-19** MapServer-8.6.2 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` + * **2026-05-07** MapServer-8.6.3 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` * **2025-09-19** MapServer-8.4.1 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` * **2024-09-02** MapServer-8.2.2 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` * **2024-06-11** MapServer-8.0.2 `tar.gz `__ | :ref:`Changelog ` diff --git a/en/download_archives.txt b/en/download_archives.txt index dac607ef3cf..edd1ac14280 100644 --- a/en/download_archives.txt +++ b/en/download_archives.txt @@ -15,6 +15,8 @@ Past Releases .............................................................................. +* **2026-05-07** MapServer-8.6.3 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` + * **2026-04-20** MapCache-1.16.0 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` * **2026-04-19** MapServer-8.6.2 `tar.gz `__ | `.zip `__ | :ref:`Changelog ` diff --git a/en/include/announcements.inc b/en/include/announcements.inc index 05927fedd88..d6741220ab7 100644 --- a/en/include/announcements.inc +++ b/en/include/announcements.inc @@ -1,3 +1,19 @@ +**2026-05-07 - MapServer 8.6.3 is released** + +.. important:: + Security release available + +The security release of MapServer 8.6.3 has been issued in order to fix +a vulnerability in the SLD parser. See the :ref:`changelog ` +for the list of changes. +You may also review this `Security Advisory `__, +as well as MapServer's `Security Policy `__. +As security for the 7.6 branch has ended, and branches 8.4, 8.2 & 8.0 are not supported, +all users are strongly encouraged to upgrade to the MapServer 8.6.3 release (see the +:ref:`Migration Guide `). + +Head to :ref:`download` to obtain a copy. + **2026-04-20 - MapCache 1.16.0 is released** The major version MapCache 1.16.0 has been released. @@ -11,8 +27,8 @@ Head to :ref:`download` to obtain a copy. .. important:: Security release available -The maintenance release of MapServer 8.6.2 has been issued in order to fix -a security flaw in the OpenLayers viewer (with WMS 1.3.0 requests). +The security release of MapServer 8.6.2 has been issued in order to fix +a vulnerability in the OpenLayers viewer (with WMS 1.3.0 requests). See the :ref:`changelog ` for the list of changes. You may also review this `Security Advisory `__, as well as MapServer's `Security Policy `__. @@ -27,8 +43,8 @@ Head to :ref:`download` to obtain a copy. .. important:: Security release available -The maintenance release of MapServer 8.6.1 has been issued in order to fix -a security flaw in the SLD parser. +The security release of MapServer 8.6.1 has been issued in order to fix +a vulnerability in the SLD parser. See the :ref:`changelog ` for the list of changes. You may also review this `Security Advisory `__, the CVE record: `CVE-2026-33721 `__, @@ -51,8 +67,8 @@ for the full list of changes and head to :ref:`download` to obtain a copy. .. important:: Security release available -The maintenance release of MapServer 8.4.1 has been issued in order to fix -a security flaw for WFS filters through OGR. +The security release of MapServer 8.4.1 has been issued in order to fix +a vulnerability for WFS filters through OGR. See the :ref:`changelog ` for the list of changes. You may also review MapServer's `Security Policy `__, the CVE record: `CVE-2025-59431 `__, diff --git a/en/mapscript/index.txt b/en/mapscript/index.txt index 69ddd4a58d9..bbd0da14d48 100644 --- a/en/mapscript/index.txt +++ b/en/mapscript/index.txt @@ -10,7 +10,7 @@ Since the MapServer 8.0.0 release PHP support is only available through MapServer's :ref:`SWIG API `. Supported versions are PHP 8.5 and - PHP 8.4 with MapServer 8.6.1 + PHP 8.4 with MapServer 8.6.3 .. toctree:: :maxdepth: 2 diff --git a/en/mapscript/mapscript-api/index.rst b/en/mapscript/mapscript-api/index.rst index 2f8db486b07..4916dd607e9 100644 --- a/en/mapscript/mapscript-api/index.rst +++ b/en/mapscript/mapscript-api/index.rst @@ -47,7 +47,7 @@ meaningless, and even dangerous attributes might be exposed by objects. Since the MapServer 8.0.0 release PHP support is only available through MapServer's :ref:`SWIG API `. Supported versions are PHP 8.5 and - PHP 8.4 with MapServer 8.6.1 + PHP 8.4 with MapServer 8.6.3 ============================================================================= Appendices