Jira is fine, I think we have a website or blog category. There was some deleted text from the last anouncement that provided some more context on GEOS-10949. It is actually a new feature allowing us greater control of how open web services access external resources. The security aspect, ability to mitigate SSRF, is secondary.
https://github.com/geoserver/geoserver.github.io/commit/f0a6422d722d7f6756552e2b2c37aea90df27de7 This text also highlights the new feature with a screen snap. Jody On Mon, Jul 24, 2023 at 1:38 AM Ian Turton <ijtur...@gmail.com> wrote: > Sorry about that, the links should be fixed now > > Jody: Where should I add bugs for the announce script? > > Ian > > On Mon, 24 Jul 2023 at 09:23, Jürrens, Eike Hinderk < > e.h.juerr...@52north.org> wrote: > >> >> Good morning Ian and all other people on this list, >> >> thank you very much for your work and time. >> >> The latest GeoServer release contains two security related fixes: >> >> > Security Considerations >> > This release addresses security vulnerabilities and is considered an >> essential upgrade for production systems. >> > >> > GEOS-10949 Control remote resources accessed by GeoServer >> > GEOS-11008 Update sqlite-jdbc from 3.34.0 to 3.41.2.2 >> > >> > See project security policy for more information on how security >> vulnerabilities are managed. >> >> >> The links for both fixes result in a 404 resource not found error! That >> is a bit confusing and should be fixed. >> >> The currently used links are: >> >> - https://geoserver.org/browse/GEOS-10949 >> - https://geoserver.org/browse/GEOS-11008 >> >> A working link for "issue" 10949 is: >> >> https://osgeo-org.atlassian.net/browse/GEOS-10949 >> >> The same schema works for 11008: >> >> https://osgeo-org.atlassian.net/browse/GEOS-11008 >> >> If the working links are the correct ones, someone could fix the links on >> the release page >> >> >> https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html >> >> Kind regards and have a nice day! >> >> Eike >> >> On 24.07.23 09:00, Ian Turton wrote: >> > GeoTools 29.2 has been released as the new stable release of the >> library - >> > more details at the blog >> > <https://geotoolsnews.blogspot.com/2023/07/geotools-292-released.html>, >> > GeoWebCache 1.23.1 and GeoServer 2.23.2 are also released based on this >> > release. Full details of the GeoServer release including two security >> > related issues are available at the GeoServer blog >> > < >> https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html >> > >> > . >> > >> > We encourage all users to upgrade as soon as possible. >> > >> > >> > >> > _______________________________________________ >> > Geoserver-users mailing list >> > >> > Please make sure you read the following two resources before posting to >> this list: >> > - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> > - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> > >> > If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> > >> > >> > Geoserver-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/geoserver-users >> >> -- >> Jürrens, Eike Hinderk >> >> 52°North Spatial Information Research GmbH >> Martin-Luther-King-Weg 24 >> <https://www.google.com/maps/search/Martin-Luther-King-Weg+24+%0D%0A48155+M%C3%BCnster,+Germany?entry=gmail&source=g> >> 48155 Münster, Germany >> <https://www.google.com/maps/search/Martin-Luther-King-Weg+24+%0D%0A48155+M%C3%BCnster,+Germany?entry=gmail&source=g> >> >> E-Mail: e.h.juerr...@52north.org >> Fon: +49-(0)-251–396371-33 >> Fax: +49-(0)-251–396371-11 >> >> https://52north.org/ >> Twitter: @FiveTwoN >> >> Managing Directors: >> Dr. Benedikt Gräler, Dr. Simon Jirka, Matthes Rieke >> Local Court Muenster HRB 10849 >> >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> Geoserver-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > > > -- > Ian Turton > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > -- -- Jody Garnett
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
