GeoTools / GeoServer Meeting 2015-07-07 =======================================
Attending --------- Ben Caradoc-Davies Jukka Rahkonen Kevin Smith Torben Barsballe Agenda ------ - Security - Pull requests - ESRI WMS cascading problem Actions ------- AA: Create Jira components Security (Authentication) and Security (Authorization) to replace Security Actions from last meeting ------------------------- AA: Create Security (Authentication) and Security (Authorization) to replace Security [NOT DONE] BCD: email user list: "SECURITY: Remote file disclosure vulnerability [GEOS-7032]" [DONE] BCD: add Vulnerability component to GeoServer Jira [DONE] Security -------- - Discussion about our improved response to vulnerability reports - Thanks to Torben for the fix for GEOS-7095! Pull requests ------------- Reviewed and merged: refresh psc list (GSIP 129) https://github.com/geoserver/geoserver/pull/1133 responsible disclosure (GSIP-129) https://github.com/geoserver/geoserver/pull/1134 Clarification on our expectations for submitting fixes (GSIP 129) https://github.com/geoserver/geoserver/pull/1135 Moved WCS 1.1 schema to GeoTools https://github.com/geoserver/geoserver/pull/1129 [GEOS-7095] Fix for exploitable bypass for XXE fix https://github.com/geoserver/geoserver/pull/1130 [GEOS-7102] Importer support for non-JDBC databases https://github.com/geoserver/geoserver/pull/1136 developers guide tutorial review and cleanup (GSIP-129) https://github.com/geoserver/geoserver/pull/1131 ESRI WMS cascading problem -------------------------- - Jukka, from the mapserver users list: ESRI has decided not to follow the standard and has closed the bug, NIM104744, we submitted about not decoding a plus symbol ‘+’ to a space. Their solution is for everyone else to encode all spaces as %20 and to ignore http://tools.ietf.org/html/rfc3986. They have closed the bug and listed it as a known limit. http://support.esri.com/en/bugs/nimbus/TklNMTA0NzQ0 So, in order for Mapserver to consume ESRI WMS services, with spaces in the name, the spaces have to be encoded as %20. - Jukka noted that this can cause problems with cascading WMS - Ben suggested adding a note to the user guide -- Ben Caradoc-Davies <b...@transient.nz> Director Transient Software Limited <http://transient.nz/> New Zealand ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ GeoTools-GT2-Users mailing list GeoTools-GT2-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
