[Geoserver-users] Big raster table issue

[Andreas Klos]

Hello Ladies and Gentlemen,

I setup a geoserver in my k8s cluster. I try to configure a wms for 
raster tiles stored in a postgresql database. This works good, as long 
as the table contains only a small amount of data. But I would like to 
create a wms for a big raster table (>150 GB). When I try doing so, I 
receive after a long waiting time the following message in my browser 
client. About this, I already read to increase the stack size of the 
jvm. I did that, but it did not resolve my issue and resulted in the 
same error message. Are there any suggestions how I can solve this? Did 
someone already come accross this issue and found a good solution?


Best regards
Andreas

org.apache.wicket.WicketRuntimeException: Method onRequest of interface 
org.apache.wicket.behavior.IBehaviorListener targeted at 
org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink$1@1086785d on 
component [AjaxSubmitLink [Component id = save]] threw an exception at 
org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:268) 
at 
org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241) 
at 
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:248) 
at 
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:234) 
at 
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895) 
at 
org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) 
at 
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265) 
at 
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222) 
at 
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) 
at 
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261) 
at 
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) 
at 
org.apache.wicket.protocol.http.WicketServlet.doPost(WicketServlet.java:159) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at 
org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:166) 
at 
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:177) 
at 
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:52) 
at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) 
at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) 
at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) 
at 
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at 
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at 
org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1452) 
at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) 
at 
org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) 
at 
org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28) 
at 
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) 
at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) 
at 
org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:73) 
at 
org.geoserver.ows.HTTPHeadersCollector.doFilter(HTTPHeadersCollector.java:48) 
at 
org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70) 
at 
org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:43) 
at 
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) 
at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) 
at 
org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:39) 
at 
org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) 
at 
org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) 
at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) 
at 
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71) 
at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) 
at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) 
at 
org.geoserver.security.filter.G

Re: [Geoserver-users] Notifications about vulnerabilities

[Watermeyer, Andreas]

Hi Jody,

we will continue to watch for the “security considerations”. I just wanted to 
make sure I am not missing something essential.

The category vulnerability is also very helpful. Good idea.

Have a nice day and thank you all,
Andreas

Von: Jody Garnett 
Gesendet: Dienstag, 1. März 2022 09:45
An: Watermeyer, Andreas 
Cc: geoserver-users@lists.sourceforge.net
Betreff: Re: [Geoserver-users] Notifications about vulnerabilities

Actually I have an idea, searching for all announcements that have a "security 
considerations" heading, and adding the vulnerability category gives me this:
- https://github.com/geoserver/geoserver.github.io/pull/121

Vulnerability:
GeoServer 2.19.4 Released
GeoServer 2.16.1 released
GeoServer 2.14.0 Released
GeoServer 2.14-RC released
GeoServer 2.12.5 released
GeoServer 2.13.2 released
GeoServer 2.12.4 Release
GeoServer 2.12.3 Released
GeoServer 2.10.4 Released
GeoServer 2.11.1 Released

Not the best as we do not have a landing page for vulnerabilities; but it is at 
least interesting.
--
Jody Garnett


On Tue, 1 Mar 2022 at 00:41, Jody Garnett 
mailto:jody.garn...@gmail.com>> wrote:
To add to Ian's answer:

As an operator of geoserver take note of the release announcements:
- We include a "Security Considerations" heading in each release where there is 
a security fix
- When all active branches have the security fix the security considerations 
section may contain additional details (such as a ticket number).

If we as a community had capacity (budget or volunteers) there is some 
infrastructure support available in 
github
 for managing communication around CVE reports.

The PSC maintains a list of known security issues for those volunteering to 
work on security issues. If you have capacity you may wish to take part. Many 
of the GeoServer service providers participate on behalf of their customers.
--
Jody Garnett


On Mon, 28 Feb 2022 at 07:59, Watermeyer, Andreas 
mailto:andreas.waterme...@its-digital.de>> 
wrote:
Dear GeoServer community,

I have security related questions:

* Is there a procedure by which operators of GeoServer installations can learn 
of security vulnerabilities that require updating GeoServer?
* Is there a list of security-related bug fixes made with a release?

If nothing exists:

* Would it be possible to introduce something like a security-announcement 
mailing list?
* Would it be possible to list fixed security vulnerabilities per release. For 
example, Tomcat has a corresponding list, which I find very helpful: 
https://tomcat.apache.org/security-9.html

Thank for providing this great tool!

Best regards,
Andreas

___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Enable TLS for geoserver.org

[Ian Turton]

Our DNS record may not be set correctly, as it has recently changed
ownership.

Ian

On Tue, 1 Mar 2022 at 13:38, Jürrens, Eike Hinderk 
wrote:

> Dear Ian,
>
> as far as I understood github's documentation, using custom domains is
> supported:
>
>  > All GitHub Pages sites, including sites that are correctly configured
> with a custom domain, support HTTPS and HTTPS enforcement.
>
> https://docs.github.com/en/articles/about-custom-domains-and-github-pages
>
> Maybe, you are hitting this well known error:
>
>
> https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https#troubleshooting-certificate-provisioning-certificate-not-yet-created-error
>
> Kind regards,
> Eike
>
> On 01.03.22 14:29, Ian Turton wrote:
> > Currently we don't have a certificate for geoserver.org (Unavailable for
> > your site because a certificate has not yet been issued for your domain (
> > geoserver.org))
> >
> > As it has no secure or important info that someone might fake it isn't a
> > high priority to fix currently but we'll get to it sometime
> >
> > Ian
> >
> > On Tue, 1 Mar 2022 at 09:40, Jürrens, Eike Hinderk <
> e.h.juerr...@52north.org>
> > wrote:
> >
> >> Dear Community,
> >>
> >> as I am not able to create an issue in the website repo [0] and I don't
> >> want to create an account for this one issue in Jira, I am posting it
> here.
> >>
> >> Please enable TLS for the website goeserver.org. It's only one click
> >> following githubs according documentation [1].
> >>
> >> Kind regards,
> >> Eike
> >>
> >> Links
> >> [0] https://github.com/geoserver/geoserver.github.io
> >> [1]
> >>
>


-- 
Ian Turton
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Enable TLS for geoserver.org

[Andrea Aime]

Jurrens,
we don't have control over our DNS records, Planet holds them.
So no, we just cannot do it. We asked them to donate the records to OSGeo
months ago,
when they do, then we'll also be able to follow said procedure.

Cheers
Andrea


On Tue, Mar 1, 2022 at 2:40 PM Jürrens, Eike Hinderk <
e.h.juerr...@52north.org> wrote:

> Dear Ian,
>
> as far as I understood github's documentation, using custom domains is
> supported:
>
>  > All GitHub Pages sites, including sites that are correctly configured
> with a custom domain, support HTTPS and HTTPS enforcement.
>
> https://docs.github.com/en/articles/about-custom-domains-and-github-pages
>
> Maybe, you are hitting this well known error:
>
>
> https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https#troubleshooting-certificate-provisioning-certificate-not-yet-created-error
>
> Kind regards,
> Eike
>
> On 01.03.22 14:29, Ian Turton wrote:
> > Currently we don't have a certificate for geoserver.org (Unavailable for
> > your site because a certificate has not yet been issued for your domain (
> > geoserver.org))
> >
> > As it has no secure or important info that someone might fake it isn't a
> > high priority to fix currently but we'll get to it sometime
> >
> > Ian
> >
> > On Tue, 1 Mar 2022 at 09:40, Jürrens, Eike Hinderk <
> e.h.juerr...@52north.org>
> > wrote:
> >
> >> Dear Community,
> >>
> >> as I am not able to create an issue in the website repo [0] and I don't
> >> want to create an account for this one issue in Jira, I am posting it
> here.
> >>
> >> Please enable TLS for the website goeserver.org. It's only one click
> >> following githubs according documentation [1].
> >>
> >> Kind regards,
> >> Eike
> >>
> >> Links
> >> [0] https://github.com/geoserver/geoserver.github.io
> >> [1]
> >>
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  333 8128928

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Enable TLS for geoserver.org

[Jürrens , Eike Hinderk]

Dear Ian,

as far as I understood github's documentation, using custom domains is 
supported:


> All GitHub Pages sites, including sites that are correctly configured 
with a custom domain, support HTTPS and HTTPS enforcement.


https://docs.github.com/en/articles/about-custom-domains-and-github-pages

Maybe, you are hitting this well known error:

https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https#troubleshooting-certificate-provisioning-certificate-not-yet-created-error

Kind regards,
Eike

On 01.03.22 14:29, Ian Turton wrote:

Currently we don't have a certificate for geoserver.org (Unavailable for
your site because a certificate has not yet been issued for your domain (
geoserver.org))

As it has no secure or important info that someone might fake it isn't a
high priority to fix currently but we'll get to it sometime

Ian

On Tue, 1 Mar 2022 at 09:40, Jürrens, Eike Hinderk 
wrote:


Dear Community,

as I am not able to create an issue in the website repo [0] and I don't
want to create an account for this one issue in Jira, I am posting it here.

Please enable TLS for the website goeserver.org. It's only one click
following githubs according documentation [1].

Kind regards,
Eike

Links
[0] https://github.com/geoserver/geoserver.github.io
[1]



OpenPGP_signature
Description: OpenPGP digital signature
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Enabled TLS for geoserver.org

[Ian Turton]

Currently we don't have a certificate for geoserver.org (Unavailable for
your site because a certificate has not yet been issued for your domain (
geoserver.org))

As it has no secure or important info that someone might fake it isn't a
high priority to fix currently but we'll get to it sometime

Ian

On Tue, 1 Mar 2022 at 09:40, Jürrens, Eike Hinderk 
wrote:

> Dear Community,
>
> as I am not able to create an issue in the website repo [0] and I don't
> want to create an account for this one issue in Jira, I am posting it here.
>
> Please enable TLS for the website goeserver.org. It's only one click
> following githubs according documentation [1].
>
> Kind regards,
> Eike
>
> Links
> [0] https://github.com/geoserver/geoserver.github.io
> [1]
>
> https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https
> --
> Jürrens, Eike Hinderk
> 52°North Spatial Information Research GmbH
> Martin-Luther-King-Weg 24
> 48155 Münster, Germany
> Fon: +49-(0)-251–396371-33
> Fax: +49-(0)-251–396371-11
> https://52north.org/
> Twitter: @FiveTwoN
> Managing Directors:
> Dr. Benedikt Gräler, Dr. Simon Jirka, Matthes Rieke
> Local Court Muenster HRB 10849
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 
Ian Turton
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Enabled TLS for geoserver.org

[Jürrens , Eike Hinderk]

Dear Community,

as I am not able to create an issue in the website repo [0] and I don't 
want to create an account for this one issue in Jira, I am posting it here.


Please enable TLS for the website goeserver.org. It's only one click 
following githubs according documentation [1].


Kind regards,
Eike

Links
[0] https://github.com/geoserver/geoserver.github.io
[1] 
https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https

--
Jürrens, Eike Hinderk
52°North Spatial Information Research GmbH
Martin-Luther-King-Weg 24
48155 Münster, Germany
Fon: +49-(0)-251–396371-33
Fax: +49-(0)-251–396371-11
https://52north.org/
Twitter: @FiveTwoN
Managing Directors:
Dr. Benedikt Gräler, Dr. Simon Jirka, Matthes Rieke
Local Court Muenster HRB 10849


OpenPGP_signature
Description: OpenPGP digital signature
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Notifications about vulnerabilities

[Jody Garnett]

Actually I have an idea, searching for all announcements that have a
"security considerations" heading, and adding the vulnerability category
gives me this:
- https://github.com/geoserver/geoserver.github.io/pull/121

Vulnerability:
GeoServer 2.19.4 Released
GeoServer 2.16.1 released
GeoServer 2.14.0 Released
GeoServer 2.14-RC released
GeoServer 2.12.5 released
GeoServer 2.13.2 released
GeoServer 2.12.4 Release
GeoServer 2.12.3 Released
GeoServer 2.10.4 Released
GeoServer 2.11.1 Released

Not the best as we do not have a landing page for vulnerabilities; but it
is at least interesting.
--
Jody Garnett


On Tue, 1 Mar 2022 at 00:41, Jody Garnett  wrote:

> To add to Ian's answer:
>
> As an operator of geoserver take note of the release announcements:
> - We include a "Security Considerations" heading in each release where
> there is a security fix
> - When all active branches have the security fix the security
> considerations section may contain additional details (such as a ticket
> number).
>
> If we as a community had capacity (budget or volunteers) there is some 
> infrastructure
> support available in github
> 
>  for
> managing communication around CVE reports.
>
> The PSC maintains a list of known security issues for those volunteering
> to work on security issues. If you have capacity you may wish to take part.
> Many of the GeoServer service providers participate on behalf of their
> customers.
> --
> Jody Garnett
>
>
> On Mon, 28 Feb 2022 at 07:59, Watermeyer, Andreas <
> andreas.waterme...@its-digital.de> wrote:
>
>> Dear GeoServer community,
>>
>>
>>
>> I have security related questions:
>>
>>
>>
>> * Is there a procedure by which operators of GeoServer installations can
>> learn of security vulnerabilities that require updating GeoServer?
>>
>> * Is there a list of security-related bug fixes made with a release?
>>
>>
>>
>> If nothing exists:
>>
>>
>>
>> * Would it be possible to introduce something like a
>> security-announcement mailing list?
>>
>> * Would it be possible to list fixed security vulnerabilities per
>> release. For example, Tomcat has a corresponding list, which I find very
>> helpful: https://tomcat.apache.org/security-9.html
>>
>>
>>
>> Thank for providing this great tool!
>>
>>
>>
>> Best regards,
>>
>> Andreas
>>
>>
>> ___
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting to
>> this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Notifications about vulnerabilities

[Jody Garnett]

To add to Ian's answer:

As an operator of geoserver take note of the release announcements:
- We include a "Security Considerations" heading in each release where
there is a security fix
- When all active branches have the security fix the security
considerations section may contain additional details (such as a ticket
number).

If we as a community had capacity (budget or volunteers) there is some
infrastructure
support available in github

for
managing communication around CVE reports.

The PSC maintains a list of known security issues for those volunteering to
work on security issues. If you have capacity you may wish to take part.
Many of the GeoServer service providers participate on behalf of their
customers.
--
Jody Garnett


On Mon, 28 Feb 2022 at 07:59, Watermeyer, Andreas <
andreas.waterme...@its-digital.de> wrote:

> Dear GeoServer community,
>
>
>
> I have security related questions:
>
>
>
> * Is there a procedure by which operators of GeoServer installations can
> learn of security vulnerabilities that require updating GeoServer?
>
> * Is there a list of security-related bug fixes made with a release?
>
>
>
> If nothing exists:
>
>
>
> * Would it be possible to introduce something like a security-announcement
> mailing list?
>
> * Would it be possible to list fixed security vulnerabilities per release.
> For example, Tomcat has a corresponding list, which I find very helpful:
> https://tomcat.apache.org/security-9.html
>
>
>
> Thank for providing this great tool!
>
>
>
> Best regards,
>
> Andreas
>
>
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users