This release includes a *fix* for a security vulnerability, I think. ;-) Kind regards, Ben.
On 16/10/16 11:14, Jody Garnett wrote: > As noted this release includes a security vulnerability, the user guide > link is > http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#xml > > > New hints are available for use with DocumentFactory > <http://docs.geotools.org/latest/javadocs/org/geotools/xml/DocumentFactory.html> > and the WebMapServer > <http://docs.geotools.org/latest/javadocs/org/geotools/data/wms/WebMapServer.html#WebMapServer-java.net.URL-org.geotools.data.ows.HTTPClient-java.util.Map-> > client. > The key point is the use of a PreventLocalEntityResolver *by default* - > this represents a change in functionality that may affect your application. > > If you need to restore "the way things were" use: > > *Hints.putSystemDefault(Hints.ENTITY_RESOLVER, > NullEntityResolver.INSTANCE);* > > > The documentation on Hints > <http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#hints> > has > also been updated with an example of system property bindings for this > setting (-Dorg.xml.sax.EntityResolver=org.geotools.xml.NullEntityResolver) > to be used if you are working in an environment where you do not control > application startup and initialization. > > -- > Jody Garnett > > On 15 October 2016 at 16:55, Jody Garnett <jody.garn...@gmail.com> wrote: > >> The GeoTools team is pleased to announce GeoTools 15.2. >> >> - geotools-15.2-bin.zip >> >> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-bin.zip/download> >> - geotools-15.2-doc.zip >> >> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-doc.zip/download> >> - geotools-15.2-userguide.zip >> >> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-userguide.zip/download> >> - geotools-15.2-project.zip >> >> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-project.zip/download> >> >> This release is also available from our Maven repository >> <http://download.osgeo.org/webdav/geotools/>. This release is made in >> conjunction with GeoWebCache 1.9.2 and GeoServer 2.9.2. We would like to >> thank those who have contributed fixes and features to this release. >> >> GeoTools 15.2 is the latest stable release of the 15.x series and is >> recommended for all new projects. >> >> Security considerations: >> >> - The library now defaults to using PreventLocalEntityResolver for >> improved security. For more details (and how to disable this behavior) >> please see the GeoTools user guide >> >> <http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#xml> >> . >> >> Features and Improvements: >> >> - Styling improvements include support for SE 1.1 external marks (with >> mark index) >> - Parsing hints can now be provided for WMS and WFS clients (entity >> resolver hint and and DTD disabling hint provided). >> - Overview policy parameter now available for ImageMosaic. >> - Support for integrated water column climatological time in NetCDF >> files >> - ImagePyramid support for multiple coverages >> >> >> >> >> >> Bug Fixes: >> >> - SLD graphics now correctly handle mix of mark and external graphic >> choosing the first one supported. >> - External marks with mark index fixes for both copying and SE 1.1 >> parsing. >> >> For more information please see the release notes (15.2 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?projectId=10001&version=13600> >> | 15.1 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=13000&styleName=Text&projectId=10001> >> | 15.0 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=13002&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C60a562a29d3c23854fbe594a81086dd4338711c1%7Clout> >> | RC1 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12900&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout> >> | Beta 2 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12601&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout> >> | Beta 1 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12101&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout> >> | M0 >> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=11402&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout> >> ). >> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > > > _______________________________________________ > GeoTools-GT2-Users mailing list > GeoTools-GT2-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users > -- Ben Caradoc-Davies <b...@transient.nz> Director Transient Software Limited <http://transient.nz/> New Zealand ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ GeoTools-GT2-Users mailing list GeoTools-GT2-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
