+1 for backport with disabled by default. While security is important, we don't want people not upgrading at all because we've broken their configs. This path still gets the security patch in for those who need it, but doesn't break any existing systems.
Cheers, Torben On Thu, May 11, 2023 at 10:16 AM Andrea Aime < andrea.a...@geosolutionsgroup.com> wrote: > On Wed, May 10, 2023 at 2:06 AM Jody Garnett <jody.garn...@gmail.com> > wrote: > >> +1 >> >> I know our policy is to make stable l, and especially maintenance >> releases, preserve existing workflow. In this case I think the safety >> improvement is worth asking admins to pay attention. Security is special >> :) >> > > Hmm... nope, if the direction was to have it enabled by default, I'd > consider waiting for September instead. > Let's backport with disabled as default, mark the release blog for > security consideration, and tell people to enable and configure instead? > > Cheers > Andrea > > == > GeoServer Professional Services from the experts! > > Visit http://bit.ly/gs-services-us for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions Group > phone: +39 0584 962313 > > fax: +39 0584 1660272 > > mob: +39 339 8844549 > > https://www.geosolutionsgroup.com/ > > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > > Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE > 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si > precisa che ogni circostanza inerente alla presente email (il suo > contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è > riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il > messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra > operazione è illecita. Le sarei comunque grato se potesse darmene notizia. > > This email is intended only for the person or entity to which it is > addressed and may contain information that is privileged, confidential or > otherwise protected from disclosure. We remind that - as provided by > European Regulation 2016/679 “GDPR” - copying, dissemination or use of this > e-mail or the information herein by anyone other than the intended > recipient is prohibited. If you have received this email by mistake, please > notify us immediately by telephone or e-mail > _______________________________________________ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
