[GeoNetwork-devel] CFV / End of life for GeoNetwork 3

Hi

At the last PSC meeting on September 28 2023, we discussed proposing a vote for the end the life of GeoNetwork 3 at the end of March 2024.

The last stable version for GeoNetwork 3, GeoNetwork 3.12, has been maintained since 2021. Users are encouraged to upgrade to versions 4.2 or 4.4.

Until March 2024, only bug/security fixes will be merged, there will be no new features.

We look forward to your vote.

+1 for me.

Regards,

Jose García

Thanks Jose

+1 as well for me, we need to move forward =)

+1 from me.

Thanks Jose!

---- On Wed, 04 Oct 2023 16:01:30 +0200 Jose Garcia via GeoNetwork-devel geonetwork-devel@anonymised.com.net wrote —

Hi

At the last PSC meeting on September 28 2023, we discussed proposing a vote for the end the life of GeoNetwork 3 at the end of March 2024.

The last stable version for GeoNetwork 3, GeoNetwork 3.12, has been maintained since 2021. Users are encouraged to upgrade to versions 4.2 or 4.4.

Until March 2024, only bug/security fixes will be merged, there will be no new features.

We look forward to your vote.

+1 for me.

Regards,

Jose García

Jose Garcia E-mail: jose.garcia@anonymised.com https://www.geocat.net

Veenderweg 13 6721 WD Bennekom The Netherlands Tel: +31318416664

---

GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
geonetwork-devel List Signup and Options
GeoNetwork OpenSource is maintained at GeoNetwork - Geographic Metadata Catalog download | SourceForge.net

Hi All,

+1 for me. I worry a little that some people might think the tiniest little issue is a bug that needs fixing though!

Jo

+1 for me.

Le mer. 4 oct. 2023 à 16:03, Jose Garcia via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net> a écrit :

Hi

At the last PSC meeting on September 28 2023, we discussed proposing a vote for the end the life of GeoNetwork 3 at the end of March 2024.

The last stable version for GeoNetwork 3, GeoNetwork 3.12, has been maintained since 2021. Users are encouraged to upgrade to versions 4.2 or 4.4.

Until March 2024, only bug/security fixes will be merged, there will be no new features.

We look forward to your vote.

+1 for me.

Regards,

Jose García

Jose Garcia E-mail: jose.garcia@anonymised.com https://www.geocat.net

Veenderweg 13 6721 WD Bennekom The Netherlands Tel: +31318416664

---

GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Hi All,

I’m not in the PSC, however as an org we’d have hesitation moving to 4 purely based on the number of critical vulnerabilities (https://hub.docker.com/_/geonetwork/tags), we’re already challenged and have to justify using v3 for our Cyber Security Plus Certification (https://www.ncsc.gov.uk/cyberessentials/overview), and v4 “on paper” is more vulnerable.

V3 has ~ 18 C 84 H

V4 has ~ 23C 94H

We did want to send someone to the last sprint to get more familiar with the codebase and allow us to contribute more but unfortunately it didn’t work out that time.

Regards,

Edd

British Geological Survey

Hi Edd

DockerHub reports quite a few vulnerabilities for Jackson databind 2.9.6, but GeoNetwork 4.2.x uses version 2.10.4 (as of 2020), which has far fewer vulnerabilities. We have inspected the docker image and there are no traces of Jackson databind 2.9.6.

We have submitted feedback to DockerHub to report this issue; As soon as we have additional information, we will let you know.

Regards,

Jose García

---- On Thu, 05 Oct 2023 12:15:43 +0200 Edd Lewis - BGS via GeoNetwork-devel geonetwork-devel@lists.sourceforge.net wrote —

Hi All,

I’m not in the PSC, however as an org we’d have hesitation moving to 4 purely based on the number of critical vulnerabilities (https://hub.docker.com/_/geonetwork/tags), we’re already challenged and have to justify using v3 for our Cyber Security Plus Certification (https://www.ncsc.gov.uk/cyberessentials/overview), and v4 “on paper” is more vulnerable.

V3 has ~ 18 C 84 H

V4 has ~ 23C 94H

We did want to send someone to the last sprint to get more familiar with the codebase and allow us to contribute more but unfortunately it didn’t work out that time.

Regards,

Edd

British Geological Survey

From: Jo Cook via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net>
Sent: Wednesday, October 4, 2023 4:04 PM
To: Florent Gravin <florent.gravin@anonymised.com>
Cc: Geonetwork Devel <geonetwork-devel@lists.sourceforge.net>
Subject: Re: [GeoNetwork-devel] CFV / End of life for GeoNetwork 3

Hi All,

+1 for me. I worry a little that some people might think the tiniest little issue is a bug that needs fixing though!

Jo

On Wed, Oct 4, 2023 at 3:57 PM Florent Gravin via GeoNetwork-devel <geonetwork-devel@anonymised.comeforge.net> wrote:

Thanks Jose

+1 as well for me, we need to move forward =)

On Wed, Oct 4, 2023 at 4:02 PM Jose Garcia via GeoNetwork-devel <geonetwork-devel@anonymised.comt> wrote:

Hi

At the last PSC meeting on September 28 2023, we discussed proposing a vote for the end the life of GeoNetwork 3 at the end of March 2024.

The last stable version for GeoNetwork 3, GeoNetwork 3.12, has been maintained since 2021. Users are encouraged to upgrade to versions 4.2 or 4.4.

Until March 2024, only bug/security fixes will be merged, there will be no new features.

We look forward to your vote.

+1 for me.

Regards,

Jose García

Jose Garcia E-mail: jose.garcia@anonymised.com https://www.geocat.net

Veenderweg 13 6721 WD Bennekom The Netherlands Tel: +31318416664

---

GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

–

---

GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

–

Jo Cook

Data Discovery Lead, Astun Technology
t:+44 7930 524 155 | twitter:@archaeogeek | mastodon:@archaeogeek@anonymised.com

Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009

–

• Book a call with one of us

• Sign up to our mailing list for any updates

iShare - enterprise geographic intelligence platform

GeoServer, PostGIS and QGIS training
Open Source Support

Astun Technology Ltd t:+44 1372 744 009 contact us online

web: astuntechnology.com twitter:@astuntech

^{Company registration no. 5410695. Registered in England and Wales. Registered office: Penrose House, 67 Hightown Road, Banbury, OX16 9BE VAT no. 864201149.}

This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses.

---

GeoNetwork-devel mailing list

GeoNetwork-devel@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/geonetwork-devel

GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Hi Edd

DockerHub reports quite a few vulnerabilities for Jackson databind 2.9.6, but GeoNetwork 4.2.x uses version 2.10.4 (as of 2020), which has far fewer vulnerabilities. We have inspected the docker image and there are no traces of Jackson databind 2.9.6.

We have submitted feedback to DockerHub to report this issue; As soon as we have additional information, we will let you know.

Regards,

Jose García

---- On Thu, 05 Oct 2023 14:34:55 +0200 Jose Garcia jose.garcia@anonymised.com wrote —

Hi Edd

DockerHub reports quite a few vulnerabilities for Jackson databind 2.9.6, but GeoNetwork 4.2.x uses version 2.10.4 (as of 2020), which has far fewer vulnerabilities. We have inspected the docker image and there are no traces of Jackson databind 2.9.6.

We have submitted feedback to DockerHub to report this issue; As soon as we have additional information, we will let you know.

Regards,

Jose García

Jose Garcia E-mail: jose.garcia@anonymised.com https://www.geocat.net

Veenderweg 13 6721 WD Bennekom The Netherlands Tel: +31318416664

---- On Thu, 05 Oct 2023 12:15:43 +0200 Edd Lewis - BGS via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net> wrote —

Hi All,

I’m not in the PSC, however as an org we’d have hesitation moving to 4 purely based on the number of critical vulnerabilities (https://hub.docker.com/_/geonetwork/tags), we’re already challenged and have to justify using v3 for our Cyber Security Plus Certification (https://www.ncsc.gov.uk/cyberessentials/overview), and v4 “on paper” is more vulnerable.

V3 has ~ 18 C 84 H

V4 has ~ 23C 94H

We did want to send someone to the last sprint to get more familiar with the codebase and allow us to contribute more but unfortunately it didn’t work out that time.

Regards,

Edd

British Geological Survey

From: Jo Cook via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net>
Sent: Wednesday, October 4, 2023 4:04 PM
To: Florent Gravin <florent.gravin@anonymised.com>
Cc: Geonetwork Devel <geonetwork-devel@lists.sourceforge.net>
Subject: Re: [GeoNetwork-devel] CFV / End of life for GeoNetwork 3

Hi All,

+1 for me. I worry a little that some people might think the tiniest little issue is a bug that needs fixing though!

Jo

On Wed, Oct 4, 2023 at 3:57 PM Florent Gravin via GeoNetwork-devel <geonetwork-devel@anonymised.com.sourceforge.net> wrote:

Thanks Jose

+1 as well for me, we need to move forward =)

On Wed, Oct 4, 2023 at 4:02 PM Jose Garcia via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net> wrote:

Hi

At the last PSC meeting on September 28 2023, we discussed proposing a vote for the end the life of GeoNetwork 3 at the end of March 2024.

The last stable version for GeoNetwork 3, GeoNetwork 3.12, has been maintained since 2021. Users are encouraged to upgrade to versions 4.2 or 4.4.

Until March 2024, only bug/security fixes will be merged, there will be no new features.

We look forward to your vote.

+1 for me.

Regards,

Jose García

Jose Garcia E-mail: jose.garcia@anonymised.com https://www.geocat.net

Veenderweg 13 6721 WD Bennekom The Netherlands Tel: +31318416664

---

GeoNetwork-devel mailing list
GeoNetwork-devel@anonymised.comourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

–

---

GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

–

Jo Cook

Data Discovery Lead, Astun Technology
t:+44 7930 524 155 | twitter:@archaeogeek | mastodon:@archaeogeek@anonymised.com…

Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009

–

• Book a call with one of us

• Sign up to our mailing list for any updates

iShare - enterprise geographic intelligence platform

GeoServer, PostGIS and QGIS training
Open Source Support

Astun Technology Ltd t:+44 1372 744 009 contact us online

web: astuntechnology.com twitter:@astuntech

^{Company registration no. 5410695. Registered in England and Wales. Registered office: Penrose House, 67 Hightown Road, Banbury, OX16 9BE VAT no. 864201149.}

This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses.

---

GeoNetwork-devel mailing list

GeoNetwork-devel@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/geonetwork-devel

GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork