Hi, Andrea (et al),
Thanks for putting out these changes so quickly!
I heard that this issue could be affecting WFS, WPS, and GWC - do you have
any information on this?
I see some changes in the PRs in WPS and WFS (but nothing in GWC).
Or do these two PRs fix everything?
Also, does this issue
On Wed, Sep 21, 2016 at 10:56 AM, Andrea Aime
wrote:
> Turns out I got some time myself, I'm going to have a look at passing the
> hints from the constructor
>
Pull requests available for review and merge:
Master:
- https://github.com/geotools/geotools/pull/1318
-
On Wed, Sep 21, 2016 at 10:10 AM, Andrea Aime
wrote:
> On Wed, Sep 21, 2016 at 10:00 AM, Jody Garnett
> wrote:
>
>> Thanks Andrea your words confirm my own research.
>>
>> Out of the alternatives I prefer the constructor hint. Once inside
Thanks Andrea your words confirm my own research.
Out of the alternatives I prefer the constructor hint. Once inside the
WebMapService object it is easier to pass the hints to where they are
needed.
For the system hint approach, if you like that more, was focused on setting
a an entity resolver.
Hi,
sad news, the blocker from yesterday was solved, but I found a new one
(cannot update stores, GeoServer complains the store
already exists) and realszed that the XEE vulnerability reported on WMS
cascading has not yet been solved.
Until both are fixed we won't be able to release 2.9.2.
I have
Hi Jody,
yep, I've just confirmed that as-is, the code is pretty much useless and a
XEE attack can be performed.
The hints do not have a path to be passed down, as they originate here, and
are hard-coded: