[Geoserver-devel] GeoTools / GeoServer PMC meeting - 2022-03-15

GeoTools / GeoServer PMC meeting - 2022-03-08Attending

   -

   Jody Garnet
   -

   Andrea Aime
   -

   Jukka Rahkonnen
   -

   Torben Barsballe

Actions from prior meetings:

   -

   action: jody: update communication page to change from nabble to
   mailarchive
   -

   action: take github advisory discussion to geoserver-devel list
   -

   action: aaime: Make a proposal to make 2.22.x Java 11 only

Agenda

   -

   Log4J2 updates
   -

   Keeping up with the security list

Actions

   -

   AA: ask Steve about joining security team
   -

   JG: ask the PSC about Steve joining security team

Log4J2 updates

Updates from Jody:

   -

   Moving on, carefully
   -

   Keeping Log4J along Log4J2, and switch to reload4j for the 1.x
   -

   Mapping all logging levels while at it (config/finest)

Tentative PRs by the end of the week.

Release candidate will be scheduled when this activity is completed.
Keeping up with the security list

List is very active:

   -

   Folks expressing concern on log4j update progress (non sponsors :smiley: )
   -

   Jody check your spam filter (was not getting updates)
   -

   Having troubles keeping up with questions and verifying validity of
   reports/questions, should try to open tickets in the private repo

Steve from General Dynamics has been actively researching a security issue,
which is not yet logged internally.

   -

   Q: Ask Steve if he has budget/time to resolve the issue and would be
   interested in joining geoserver security team?
   -

      action: Ask Steve (and PSC) about joining geoserver-security team

Chit-chat

   -

   foss4g presentations sent in!
   -

   geoserver release announcements are up, but geotools release
   announcement not done
   -

   website updates
   -

      do not need to update config.yaml anymore, it will figure out the
      latest stable / maintain / dev release now
      -

   website migration / DNS transfer
   -

      OSGeo has space for docs.geoserver.org ready; jody confirmed access
      -

      No progress from planet, not sure what the hold up is, Andrea
      contacted most recently …
      -

   GSIP 208 may not make it in time for the release
   <https://github.com/geoserver/geoserver/wiki/GSIP-208&gt;
   -

   WPS saving outputs to a random directory?
   -

      Remove this community module functionality before geopackage output
      is available (in release candidate)
      -

      If the functionality is desired in the future a proposal can be made
      -

   release candidate, can we make the external entity protection "on" by
   default?
   -

      action: Ask Nuno and the email list