I notice that commons-beanutils-1.7.0.jar is present. This JAR was removed
from GeoServer and replaced with the customised
commons-beanutils-1.9.2-noclassprop.jar because it enabled a remote code
execution vulnerability.

Also, gt-complex-16-beta-tests.jar is still present.

Both these issues were noticed during the 16-M0 release and have not been
fixed since.

While not a blocker for the beta, we should at least fix the beanutils jar
before the 16-RC1 (release candidate)

Since these issues have been forgotten since the last release, I will
create JIRA tickets for them.


On Mon, Sep 19, 2016 at 12:48 PM, Devon Tucker <devonrtuc...@gmail.com>

> Hi all,
> GeoTools 16-beta artifacts are built:
> http://ares.boundlessgeo.com/geotools/release/16-beta/
> Please test out as you see fit. I'm installing them now.
> Cheers,
> Devon
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> GeoTools-Devel mailing list
> geotools-de...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geotools-devel
Geoserver-devel mailing list

Reply via email to