+1 Can we consider being a bit more forthright “on by default” with security things; as it is too easy for folks with long running implementation to not keep up with best practice.
Backport with the improvement added and a clear security consideration section calling out the new functionality. I know our policy is to make stable l, and especially maintenance releases, preserve existing workflow. In this case I think the safety improvement is worth asking admins to pay attention. Security is special :) Aside: it is probably time to enabled the entity resolution allow list by default. Jody On Fri, May 5, 2023 at 3:19 AM Andrea Aime < andrea.a...@geosolutionsgroup.com> wrote: > Hi all, > so the GSIP work has been merged on main. Which will be released in > September. > As a breaking change, backport as-is may not be an option (with > checkers enabled by default). > But we might backport, with checks disabled, and suggest users to enable > them and configure accordingly. > > What do you think? > > Cheers > Andrea > > == > GeoServer Professional Services from the experts! > > Visit http://bit.ly/gs-services-us for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions Group > phone: +39 0584 962313 > > fax: +39 0584 1660272 > > mob: +39 339 8844549 > > https://www.geosolutionsgroup.com/ > > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > > Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE > 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si > precisa che ogni circostanza inerente alla presente email (il suo > contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è > riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il > messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra > operazione è illecita. Le sarei comunque grato se potesse darmene notizia. > > This email is intended only for the person or entity to which it is > addressed and may contain information that is privileged, confidential or > otherwise protected from disclosure. We remind that - as provided by > European Regulation 2016/679 “GDPR” - copying, dissemination or use of this > e-mail or the information herein by anyone other than the intended > recipient is prohibited. If you have received this email by mistake, please > notify us immediately by telephone or e-mail > _______________________________________________ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- -- Jody Garnett
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
