Millions of people touch Mapbox every month. That's why we are committed to creating the most secure and privacy-minded mapping and location platform in the world.
Get notified immediately whenever new security update is released.
Mapbox appreciates the effort of software security researchers who work to make the Internet more secure.
security@mapbox.com
Summary:
In six short lived events from February 26, 2021 through March 1, 2021, a small number of requests on the Raster Tiles API incorrectly served raster tiles from another tileset. As a result individual tiles from a customer’s tileset would have been incorrectly sent to another user. During each of these events less than two out of a million requests would have been sent incorrect data.
Affected:
Summary:
Mapbox Android SDK v4.0.0 through v4.2.0 use Broadcast Receiver for location services requests instead of the Local Broadcast Manager. The Local Broadcast Manager offers more granular control of broadcast permissions, as well as performance enhancements.
Affected:
Summary:
When the share control of a mapbox.js map is clicked, arbitrary script content will execute if a malicious user has injected script content into the name property of TileJSON data.
Affected: