Fair correction ben, but we do instructions for turning the security
vulnerability back on :)
--
Jody Garnett
On 15 October 2016 at 17:23, Ben Caradoc-Davies <b...@transient.nz> wrote:
> This release includes a *fix* for a security vulnerability, I think. ;-)
>
> Kind regards,
> Ben.
>
> On 16/10/16 11:14, Jody Garnett wrote:
>
>> As noted this release includes a security vulnerability, the user guide
>> link is
>> http://docs.geotools.org/latest/userguide/library/metadata/
>> geotools.html#xml
>>
>>
>> New hints are available for use with DocumentFactory
>> <http://docs.geotools.org/latest/javadocs/org/geotools/xml/
>> DocumentFactory.html>
>> and the WebMapServer
>> <http://docs.geotools.org/latest/javadocs/org/geotools/data/
>> wms/WebMapServer.html#WebMapServer-java.net.URL-org.geotools
>> .data.ows.HTTPClient-java.util.Map->
>> client.
>> The key point is the use of a PreventLocalEntityResolver *by default* -
>> this represents a change in functionality that may affect your
>> application.
>>
>> If you need to restore "the way things were" use:
>>
>> *Hints.putSystemDefault(Hints.ENTITY_RESOLVER,
>> NullEntityResolver.INSTANCE);*
>>
>>
>> The documentation on Hints
>> <http://docs.geotools.org/latest/userguide/library/metadata/
>> geotools.html#hints>
>> has
>> also been updated with an example of system property bindings for this
>> setting (-Dorg.xml.sax.EntityResolver=org.geotools.xml.NullEntityRes
>> olver)
>> to be used if you are working in an environment where you do not control
>> application startup and initialization.
>>
>> --
>> Jody Garnett
>>
>> On 15 October 2016 at 16:55, Jody Garnett <jody.garn...@gmail.com> wrote:
>>
>> The GeoTools team is pleased to announce GeoTools 15.2.
>>>
>>> - geotools-15.2-bin.zip
>>> <https://sourceforge.net/projects/geotools/files/GeoTools%
>>> 2015%20Releases/15.2/geotools-15.2-bin.zip/download>
>>> - geotools-15.2-doc.zip
>>> <https://sourceforge.net/projects/geotools/files/GeoTools%
>>> 2015%20Releases/15.2/geotools-15.2-doc.zip/download>
>>> - geotools-15.2-userguide.zip
>>> <https://sourceforge.net/projects/geotools/files/GeoTools%
>>> 2015%20Releases/15.2/geotools-15.2-userguide.zip/download>
>>> - geotools-15.2-project.zip
>>> <https://sourceforge.net/projects/geotools/files/GeoTools%
>>> 2015%20Releases/15.2/geotools-15.2-project.zip/download>
>>>
>>> This release is also available from our Maven repository
>>> <http://download.osgeo.org/webdav/geotools/>. This release is made in
>>> conjunction with GeoWebCache 1.9.2 and GeoServer 2.9.2. We would like to
>>> thank those who have contributed fixes and features to this release.
>>>
>>> GeoTools 15.2 is the latest stable release of the 15.x series and is
>>> recommended for all new projects.
>>>
>>> Security considerations:
>>>
>>> - The library now defaults to using PreventLocalEntityResolver for
>>> improved security. For more details (and how to disable this behavior)
>>> please see the GeoTools user guide
>>> <http://docs.geotools.org/latest/userguide/library/metadata
>>> /geotools.html#xml>
>>> .
>>>
>>> Features and Improvements:
>>>
>>> - Styling improvements include support for SE 1.1 external marks (with
>>> mark index)
>>> - Parsing hints can now be provided for WMS and WFS clients (entity
>>> resolver hint and and DTD disabling hint provided).
>>> - Overview policy parameter now available for ImageMosaic.
>>> - Support for integrated water column climatological time in NetCDF
>>> files
>>> - ImagePyramid support for multiple coverages
>>>
>>>
>>>
>>>
>>>
>>> Bug Fixes:
>>>
>>> - SLD graphics now correctly handle mix of mark and external graphic
>>> choosing the first one supported.
>>> - External marks with mark index fixes for both copying and SE 1.1
>>> parsing.
>>>
>>> For more information please see the release notes (15.2
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?pro
>>> jectId=10001&version=13600>
>>> | 15.1
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=13000&styleName=Text&projectId=10001>
>>> | 15.0
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=13002&styleName=&projectId=10001&Create=Create&atl_
>>> token=BMGO-EVM2-SZYH-VJUH%7C60a562a29d3c23854fbe594a81086dd4
>>> 338711c1%7Clout>
>>> | RC1
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=12900&styleName=&projectId=10001&Create=Create&atl_
>>> token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c9
>>> 5ac1efc3%7Clout>
>>> | Beta 2
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=12601&styleName=&projectId=10001&Create=Create&atl_
>>> token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c9
>>> 5ac1efc3%7Clout>
>>> | Beta 1
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=12101&styleName=&projectId=10001&Create=Create&atl_
>>> token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c9
>>> 5ac1efc3%7Clout>
>>> | M0
>>> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?ver
>>> sion=11402&styleName=&projectId=10001&Create=Create&atl_
>>> token=BMGO-EVM2-SZYH-VJUH%7C3d37bc9c7749ef20bde1d4b83ac230c9
>>> 5ac1efc3%7Clout>
>>> ).
>>>
>>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> GeoTools-GT2-Users mailing list
>> GeoTools-GT2-Users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
>>
>>
> --
> Ben Caradoc-Davies <b...@transient.nz>
> Director
> Transient Software Limited <http://transient.nz/>
> New Zealand
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
GeoTools-GT2-Users mailing list
GeoTools-GT2-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
