Security patch for MapGuide Open Source 2.1

The following security patch addresses cross site scripting vulnerabilities in the basic viewer.

The patch can be downloaded from here.
MD5: F59AA45C92D3A329F56554BEB3BF4635

Update instructions:

  1. Shut down the MapGuide Open Source Web Server (IIS or Apache)
  2. Make a backup copy of the AJAX Viewer files found in the ../www/mapviewerXXX (net/java/php) folder
  3. Copy and replace the files in the mapviewerXXX folder with those from the matching subfolder in the zip
    • For an ASP.NET install you may need to give "machinename\Users" access to the files that you added. To do this, for example, in Windows Explorer, bring up the properties on the mapviewernet folder, click the security tab, click the advanced button, then check the "Replace permission entries on all child objects with entries shown here that apply to child objects".
  4. Restart the MapGuide Open Source Web Server
  5. Preview a basic web layout and ensure things are working as expected.