-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please Test GeoServer 2.25-RC Release Candidate #4204
Comments
thanks @jodygarnett , that notice is much appreciated. iirc an update to 2.24 was in the works & #4076 tracked it, so we will at least make sure to update to 2.24.2 that has the security fixes. Is there an ETA for the 2.25 release ? btw, i've noted the post mentions |
Yeah this is about sharing risk, so testing with 2.25-RC for any regressions before release is made next Wednesday. I am trying to call for greater participation (and funding) as our community does not have the practice of release-early-release-often feedback to share risk. |
hi @jodygarnett, in #4211 i'm testing 2.25 branch as of today (eg https://github.com/georchestra/geoserver/commits/2.25.x-georchestra/ is the tip of 2.25 and our commits on top), and i'm hitting an exception coming probably from geoserver/geoserver#7444, as setting trying to validate an SLD is enough to trigger i suppose that PR has been sufficiently tested, will dig further to try to understand what could cause it. That's with building & running with java 17 and tomcat 9. |
that's with the default (probably outdated) |
ok, found the issue. For some reason (will try to figure out if that comes from the integration within georchestra, from the extensions we enable/bundle...) the resulting war contains
if i remove |
This fixes "entity resolution disallowed for null" when XML entity resolution is restricted: georchestra/georchestra#4204 (comment)
One place |
…d for null" (#651) Remove printing plugin, to remove xercesImpl. This fixes "entity resolution disallowed for null" when XML entity resolution is restricted: georchestra/georchestra#4204 (comment)
We recently forked the mapfish-print-v2 - it does have an explicit dependency on xerces (not sure why). Have you tried excluding the transitive dependency? |
Hello georchestra team, can I ask for your testing and feedback on GeoServer 2.25-RC https://geoserver.org/announcements/2024/03/04/geoserver-2-25-RC-released.html
You can read above on some configuration changes that you may make use of when running. If you have team members on geoserver-security list they are already aware of the CVEs that will be disclosed alongside the 2.25.0 release (when they will start to show up in automatic scans).
We look forward to hearing from you and thank you for enjoying GeoServer.
The text was updated successfully, but these errors were encountered: