This release includes a *fix* for a security vulnerability, I think.  ;-)

Kind regards,
Ben.

On 16/10/16 11:14, Jody Garnett wrote:
> As noted this release includes a security vulnerability, the user guide
> link is
> http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#xml
>
>
> New hints are available for use with DocumentFactory
> <http://docs.geotools.org/latest/javadocs/org/geotools/xml/DocumentFactory.html>
>  and the WebMapServer
> <http://docs.geotools.org/latest/javadocs/org/geotools/data/wms/WebMapServer.html#WebMapServer-java.net.URL-org.geotools.data.ows.HTTPClient-java.util.Map->
> client.
> The key point is the use of a PreventLocalEntityResolver *by default* -
> this represents a change in functionality that may affect your application.
>
> If you need to restore "the way things were" use:
>
> *Hints.putSystemDefault(Hints.ENTITY_RESOLVER,
> NullEntityResolver.INSTANCE);*
>
>
> The documentation on Hints
> <http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#hints>
> has
> also been updated with an example of system property bindings for this
> setting (-Dorg.xml.sax.EntityResolver=org.geotools.xml.NullEntityResolver)
> to be used if you are working in an environment where you do not control
> application startup and initialization.
>
> --
> Jody Garnett
>
> On 15 October 2016 at 16:55, Jody Garnett <jody.garn...@gmail.com> wrote:
>
>> The GeoTools team is pleased to announce GeoTools 15.2.
>>
>>    - geotools-15.2-bin.zip
>>    
>> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-bin.zip/download>
>>    - geotools-15.2-doc.zip
>>    
>> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-doc.zip/download>
>>    - geotools-15.2-userguide.zip
>>    
>> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-userguide.zip/download>
>>    - geotools-15.2-project.zip
>>    
>> <https://sourceforge.net/projects/geotools/files/GeoTools%2015%20Releases/15.2/geotools-15.2-project.zip/download>
>>
>> This release is also available from our Maven repository
>> <http://download.osgeo.org/webdav/geotools/>. This release is made in
>> conjunction with GeoWebCache 1.9.2 and GeoServer 2.9.2. We would like to
>> thank those who have contributed fixes and features to this release.
>>
>> GeoTools 15.2 is the latest stable release of the 15.x series and is
>> recommended for all new projects.
>>
>> Security considerations:
>>
>>    - The library now defaults to using PreventLocalEntityResolver for
>>    improved security. For more details (and how to disable this behavior)
>>    please see the GeoTools user guide
>>    
>> <http://docs.geotools.org/latest/userguide/library/metadata/geotools.html#xml>
>>    .
>>
>> Features and Improvements:
>>
>>    - Styling improvements include support for SE 1.1 external marks (with
>>    mark index)
>>    - Parsing hints can now be provided for WMS and WFS clients (entity
>>    resolver hint and and DTD disabling hint provided).
>>    - Overview policy parameter now available for ImageMosaic.
>>    - Support for integrated water column climatological time in NetCDF
>>    files
>>    - ImagePyramid support for multiple coverages
>>
>>
>>
>>
>>
>> Bug Fixes:
>>
>>    - SLD graphics now correctly handle mix of mark and external graphic
>>    choosing the first one supported.
>>    - External marks with mark index fixes for both copying and SE 1.1
>>    parsing.
>>
>> For more information please see the release notes (15.2
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?projectId=10001&version=13600>
>>  | 15.1
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=13000&styleName=Text&projectId=10001>
>>  | 15.0
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=13002&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C60a562a29d3c23854fbe594a81086dd4338711c1%7Clout>
>>  | RC1
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12900&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout>
>>  | Beta 2
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12601&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout>
>>  | Beta 1
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=12101&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout>
>>  | M0
>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?version=11402&styleName=&projectId=10001&Create=Create&atl_token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c95ac1efc3%7Clout>
>>  ).
>>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> GeoTools-GT2-Users mailing list
> GeoTools-GT2-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
>

-- 
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
GeoTools-GT2-Users mailing list
GeoTools-GT2-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users

Reply via email to