Re: [Geoserver-devel] Fwd: [OSGeo-Discuss] Requirements for an OSGeo Git service

Adoption of an OSGeo alternative would dilute the social network provided by GitHub. On 28/04/16 12:54, Jody Garnett wrote: > OSGeo is considering providing an alternative to github, if we are > interested. -- Ben Caradoc-Davies Director Transient Software Limited New Ze

[Geoserver-devel] GeoTools-15-RC1 / GeoServer 2.9-RC1 Release

GeoTools 15-RC1 / GeoServer 2.9-RC1 will be released Monday, May 2. This will become the new stable release in place of GeoTools 14.x / GeoServer 2.8.x, which will move to maintenance status. GeoTools 13.x / GeoServer 2.7.x will move to unsupported status, and will no longer be included in ares bu

Re: [Geoserver-devel] GSIP 145 - Back-up and Restore Extension for GeoServer Configuration

Looks interesting.  I notice you mention "Configuration on DBMS"  Does that mean the JDBCConfig module? If so, it sounds like being able to switch back from JDBCConfig to pure file system config might be another use for this as at the moment that's not practical to do.  It's admittedly rare that

Re: [Geoserver-devel] Hazelcast/JDBConfig clustering issues caused by HTTP 302 response and unique wicket resource IDs

OWASP also suggests that checking the Origin header is a reasonably effective solution: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#CSRF_Prevention_without_a_Synchronizer_Token Seems like forms (doing POST requests) need CSRF protection, I’m not sure wh

Re: [Geoserver-devel] Hazelcast/JDBConfig clustering issues caused by HTTP 302 response and unique wicket resource IDs

Checking the wiki (and spreadsheet ) I could not quickly find the specific configuration change that is intended to

Re: [Geoserver-devel] 2.9-RC1 release?

Hello Kevin and I will be doing the release. As it stands, we will probably end up publishing the final artifacts Monday rather than tommorow. I believe there are also a few very minor pull requests that could be safely merged in prior to the release: https://github.com/geotools/geotools/pull/114

Re: [Geoserver-devel] 2.9-RC1 release?

I am at foss4gna next week, but have spoke with Torben and Kevin about getting the release out. The key work this time is setting up the new branch, new jobs on ares, disabling 2.7.x jobs etc... The beta2 allowed us to verify the installers are being generated correctly, the one bug I am concerned

[Geoserver-devel] Build failed in Jenkins: GeoServer-2.8-OpenJDK7 #103

See -- [...truncated 3906 lines...] [INFO] Reactor Summary: [INFO] [INFO] GeoServer . SUCCESS [15.972s] [INFO] Core Platform Module .

[Geoserver-devel] [JIRA] (GEOS-7524) Adding a readonly rule in GeoFence will provoke a NullPointer exception

Title: Message Title Nuno Oliveira created

Re: [Geoserver-devel] Hazelcast/JDBConfig clustering issues caused by HTTP 302 response and unique wicket resource IDs

Hi Jody, Could you go into more detail about what security risk(s) does unique wicket URLs mitigate? Frankly it's difficult to see how this adds much to security - as soon as you know how this behaves it would be trivial to deal with a 302 and a unique wicket URL from an attack standpoint. The th

[Geoserver-devel] 2.9-RC1 release?

Hi, the roadmap states RC1 is to be relased tomorrow: https://github.com/geoserver/geoserver/wiki/Release-Schedule Anyone has the pulse of the situation there? Bugs that might be blocking it, who's gonna be the release manager, and so on? Cheers Andrea -- == GeoServer Professional Services from

[Geoserver-devel] [JIRA] (GEOS-7523) Stacktrace with unsupported option in GWC Memory Blobstore

Title: Message Title Simone Giannecchini c