GeoTools / GeoServer PMC meeting - 2022-03-08Attending
-
Jody Garnet
-
Andrea Aime
-
Jukka Rahkonnen
-
Torben Barsballe
Actions from prior meetings:
-
action: jody: update communication page to change from nabble to
mailarchive
-
action: take github advisory discussion to geoserver-devel list
-
action: aaime: Make a proposal to make 2.22.x Java 11 only
Agenda
-
Log4J2 updates
-
Keeping up with the security list
Actions
-
AA: ask Steve about joining security team
-
JG: ask the PSC about Steve joining security team
Log4J2 updates
Updates from Jody:
-
Moving on, carefully
-
Keeping Log4J along Log4J2, and switch to reload4j for the 1.x
-
Mapping all logging levels while at it (config/finest)
Tentative PRs by the end of the week.
Release candidate will be scheduled when this activity is completed.
Keeping up with the security list
List is very active:
-
Folks expressing concern on log4j update progress (non sponsors )
-
Jody check your spam filter (was not getting updates)
-
Having troubles keeping up with questions and verifying validity of
reports/questions, should try to open tickets in the private repo
Steve from General Dynamics has been actively researching a security issue,
which is not yet logged internally.
-
Q: Ask Steve if he has budget/time to resolve the issue and would be
interested in joining geoserver security team?
-
action: Ask Steve (and PSC) about joining geoserver-security team
Chit-chat
-
foss4g presentations sent in!
-
geoserver release announcements are up, but geotools release
announcement not done
-
website updates
-
do not need to update config.yaml anymore, it will figure out the
latest stable / maintain / dev release now
-
website migration / DNS transfer
-
OSGeo has space for docs.geoserver.org ready; jody confirmed access
-
No progress from planet, not sure what the hold up is, Andrea
contacted most recently …
-
GSIP 208 may not make it in time for the release
<https://github.com/geoserver/geoserver/wiki/GSIP-208>
-
WPS saving outputs to a random directory?
-
Remove this community module functionality before geopackage output
is available (in release candidate)
-
If the functionality is desired in the future a proposal can be made
-
release candidate, can we make the external entity protection "on" by
default?
-
action: Ask Nuno and the email list