date:20220216

Re: [Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

2022-02-16 Thread Jody Garnett

>
>
>>- 2022-02-18 GeoServer 2.19.5 Release (yes this friday)
>>
>> I can take that one.
>

Excellent, thank you Ian :)

I would like to ask to make a 2.20.x release collecting recent fixes for a
>> customer, even just to maven would be fine:
>>
>>- 2022-02-XX GeoServer 2.20.2-1 or 2.20.3
>>
>> Sounds fine to me too +1
>

Any preference between 2.20.2-1 (patch of prior release) or 2.20.3 (a
normal maintenance release)?

Jody
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

2022-02-16 Thread Ian Turton

On Wed, 16 Feb 2022 at 16:58, Jody Garnett  wrote:

> We are heading into a busy time, and can really use some volunteers for
> the release schedule
> .
>
>- 2022-02-18 GeoServer 2.19.5 Release (yes this friday)
>
> I can take that one.


>
>-
>- 2022-03-04 GeoServer 2.21-RC Release Candidate (expect delay for
>GSIP-167)
>- 2022-03-18 GeoServer 2.21.0 Release
>
> Bonus:
>
> I would like to ask to make a 2.20.x release collecting recent fixes for a
> customer, even just to maven would be fine:
>
>- 2022-02-XX GeoServer 2.20.2-1 or 2.20.3
>
>
Sounds fine to me too +1

Ian
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] [JIRA] (GEOS-10392) Sending the contents of a tiff file to an "external.geotiff" endpoint in the REST API will crash GeoServer

2022-02-16 Thread Ian Turton (JIRA)

Ian Turton ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A8d264a2b-8be0-40de-8b94-9442d49c4f6f
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10392?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 ) GEOS-10392 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10392?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 ) Sending the contents of a tiff file to an "external.geotiff" endpoint in the 
REST API will crash GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS-10392?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.20.2 Assignee: Unassigned Components: REST 
Created: 16/Feb/22 6:11 PM Priority: Medium Reporter: Ian Turton ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A8d264a2b-8be0-40de-8b94-9442d49c4f6f
 )

If while creating a coverage store via REST using a remote file location (and 
you happen to be on the same machine) if you leave the @ sign in your CURL 
commandline, GeoServer receives the content of the tif as the URL location of 
the file and attempts to use it with out any checking. This causes what looks 
like a buffer overflow and kills the server. A very carefully constructed tif 
file could cause a security problem (in theory) and it does DOS the machine 
even if unintentionally.

It would be good if we carried out some basic checks before blindly changing it 
into a URL.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10392#add-comment?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10392#add-comment?atlOrigin=eyJpIjoiODFkMWQ1N2VlZGQ0NDA5Y2E0YzVmNjM4NjYxMjQxNzciLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100191- 
sha1:831671b )___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

2022-02-16 Thread Jody Garnett

We are heading into a busy time, and can really use some volunteers
for the release
schedule .

   - 2022-02-18 GeoServer 2.19.5 Release (yes this friday)
   - 2022-03-04 GeoServer 2.21-RC Release Candidate (expect delay for
   GSIP-167)
   - 2022-03-18 GeoServer 2.21.0 Release

Bonus:

I would like to ask to make a 2.20.x release collecting recent fixes for a
customer, even just to maven would be fine:

   - 2022-02-XX GeoServer 2.20.2-1 or 2.20.3

--
Jody Garnett
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] [JIRA] (GEOS-10391) Add option to limit directories that processes can write to

2022-02-16 Thread Steve Ikeoka (JIRA)

Steve Ikeoka ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ac68be705-e740-4b23-b796-c04c7a01eaf3
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10391?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 ) GEOS-10391 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10391?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 ) Add option to limit directories that processes can write to ( 
https://osgeo-org.atlassian.net/browse/GEOS-10391?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 )

Issue Type: Bug Assignee: Steve Ikeoka ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ac68be705-e740-4b23-b796-c04c7a01eaf3
 ) Components: WPS Created: 16/Feb/22 5:37 PM Priority: Medium Reporter: Steve 
Ikeoka ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ac68be705-e740-4b23-b796-c04c7a01eaf3
 )

Some WPS processes have parameters that allow users to specify where on the 
file system the process will write its output to rather than using the normal 
WPS resource storage mechanism. This ticket will add the ability for GeoServer 
administrators to limit processes to only write within a specific directory or 
to disable that functionality completely.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10391#add-comment?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10391#add-comment?atlOrigin=eyJpIjoiMmNhYjI3OTQ0MzAyNGQwZmEyNThjMWNiNTM1NjFhY2IiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100191- 
sha1:831671b )___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] [JIRA] (GEOS-10390) Concurrency issues with SecuredResourceNameChangeListener when renaming layers simultaneously

2022-02-16 Thread Niels Charlier (JIRA)

Niels Charlier ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A1d2c4019-de4e-4624-8b27-2486941601cf
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10390?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 ) GEOS-10390 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10390?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 ) Concurrency issues with SecuredResourceNameChangeListener when renaming 
layers simultaneously ( 
https://osgeo-org.atlassian.net/browse/GEOS-10390?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 )

Issue Type: Bug Assignee: Niels Charlier ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A1d2c4019-de4e-4624-8b27-2486941601cf
 ) Created: 16/Feb/22 10:06 AM Environment:

Admittedly somewhat of an obscure problem. We have a set-up where layers are 
nightly being republished automatically (using task-manager). This involves 
renaming resources, in which also security rules need to be updated. However, 
since SecuredResourceNameChangeListener is not thread-safe, it regularly 
happens that some security rules are not updating because of several tasks 
happening simultaneously.

Priority: Medium Reporter: Niels Charlier ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A1d2c4019-de4e-4624-8b27-2486941601cf
 )

( 
https://osgeo-org.atlassian.net/browse/GEOS-10390#add-comment?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10390#add-comment?atlOrigin=eyJpIjoiZjM5MTE4NWFiMGQ2NGVmZTg1ODdkOTg5YjYyY2JlZDciLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100191- 
sha1:831671b )___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] GSIP-167 Log4j Update

2022-02-16 Thread Alessio Fabiani

+1 here too... sorry for having missing this one and for the delay... been
super busy the last weeks!

On Wed, Feb 16, 2022 at 8:22 AM Jody Garnett  wrote:

> Just to confirm the proposal has been accepted and I have availability to
> work on this next week. The release candidate may be delayed, but it will
> be great to have this done!
>
> Thanks to everyone for the votes, financial support, and many encouraging
> emails sent.
>
> Jody
>
> On Tue, Feb 15, 2022 at 9:50 AM Jody Garnett 
> wrote:
>
>> Follow up from today's meeting:
>> https://github.com/geoserver/geoserver/wiki/GSIP-167 quote has been
>> updated to start later, which will delay the 2.21-RC release:
>>
>>- initial: *75% of funds raised to a maximum of €5000 Feb 11, to
>>allow time to complete upgrade for 2.21-RC*
>>- updated: *75% of funds raised to a maximum of €5000 Feb 18, may
>>delay 2.21-RC*
>>
>> --
>> Jody Garnett
>>
>>
>> On Tue, 11 Jan 2022 at 13:42, Jody Garnett 
>> wrote:
>>
>>> I double checked what was needed for log4j update, and updated the
>>> proposal to reflect log4 2 ability to load log4 1 configuration files:
>>> https://github.com/geoserver/geoserver/wiki/GSIP-167
>>>
>>> While I am not sure I have capacity I hope the research is useful.
>>> --
>>> Jody Garnett
>>>
>> --
> --
> Jody Garnett
> ___
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>

-- 

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  333 8128928

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

Re: [Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

[Geoserver-devel] [JIRA] (GEOS-10392) Sending the contents of a tiff file to an "external.geotiff" endpoint in the REST API will crash GeoServer

[Geoserver-devel] Release managers needed for 2.19.5, 2.21-RC and 2.21.0.

[Geoserver-devel] [JIRA] (GEOS-10391) Add option to limit directories that processes can write to

[Geoserver-devel] [JIRA] (GEOS-10390) Concurrency issues with SecuredResourceNameChangeListener when renaming layers simultaneously

Re: [Geoserver-devel] GSIP-167 Log4j Update

7 matches

Site Navigation

Mail list logo

Footer information