Tuesday, June 18, 2024

GeoTools 31.2 Released

GeoTools 31.2 released

The GeoTools team is pleased to announce the release of the latest maintenance version of  GeoTools 31.2:

This release is also available from the  OSGeo Maven Repository and is made in conjunction with GeoServer 2.24.4 and GeoWebCache 1.24.4. 

This is an unscheduled release provided to help teams address CVE-2024-36404. Details of this issue will be made available at the end of the month. This is in keeping with our coordinated vulnerability disclosure policy allowing projects sufficient time to upgrade.

We are grateful to Jody Garnett (GeoCat) for carrying out the release on behalf of the GeoCat Live product team.

Security considerations

This update is considered essential to address the following:

  • CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)

Summary of changes

See Release Notes from 31.2.

Release notes

Bug

GEOT-7537 GeoPackage TIMESTAMP must be DATETIME according to the GeoPackage spec

GEOT-7580 Fix missing builder clear writing FlatGeobuf data

GEOT-7587 Improve handling of XPath expressions

Improvement

GEOT-7558 GeoPackage extension output contains field types that are not supported by GDAL

GEOT-7586 GeoPackage output contains invalid field types when publishing content from other JDBCDataStore

Task

GEOT-7582 Upgrade to ImageIO-EXT 1.4.11

GEOT-7588 Maven javadoc build fix for Java 11.0.22 and newer aggregate build

GEOT-7597 Upgrade to ImageIO-EXT 1.4.12

GeoTools 29.6 Released

GeoTools 29.6 released

GeoTools team is providing a release of GeoTools 29.6:

This is an unscheduled release provided to help teams address CVE-2024-36404. Details of this issue will be made available at the end of the month. This is in keeping with our coordinated vulnerability disclosure policy allowing projects sufficient time to upgrade.

This release is also available from the OSGeo Maven Repository and is made in conjunction with GeoServer 2.23.6 and GeoWebCache 1.23.5.

Thanks to Jody Garnett (GeoCat) for making this release.

Security considerations

This update is considered essential to address the following:

  • CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)

Summary of changes

See Release Notes from 29.6.

Improvement

GEOT-7527 StreamingRenderer can ask stores to simplify geometries with a distance of "zero"

Bug

GEOT-7532 GDALTestCase superfluous reports on missing test.zip

GEOT-7534 accept geojson with geometry=null

GEOT-7535 Per layer interpolation setting not honored with rendering transformation and oversampling

GEOT-7587 Improve handling of XPath expressions

Task

GEOT-7592 Bump org.eclipse.platform:org.eclipse.jface from 3.23.0 to 3.31.0

GEOT-7593 Bump org.eclipse.platform:org.eclipse.core.runtime from 3.23.0 to 3.29.0

GEOT-7594 Bump org.postgresql:postgresql from 42.6.0 to 42.7.2

Sunday, June 16, 2024

GeoTools 30.4 released

GeoTools 30.4 released

The GeoTools team is pleased to announce the release of the latest maintenance version of GeoTools 30.4:

This release is also available from the OSGeo Maven Repository and is made in conjunction with GeoServer 2.24.4 and GeoWebCache 1.24.4.

We are grateful to Peter Smythe (AfriGIS) for carrying out the release.

Security considerations

This update is considered essential to address the following:

  • CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)

Summary of changes

See Release Notes from 30.4

Release notes

Bug

GEOT-7537 GeoPackage TIMESTAMP must be DATETIME according to the GeoPackage spec

GEOT-7568 GraphicLegendBuilder do not handle the symbols

GEOT-7570 Small features that cross the dateline may be interpreted as preflipped

GEOT-7580 Fix missing builder clear writing FlatGeobuf data

GEOT-7587 Improve handling of XPath expressions

Improvement

GEOT-7557 Provide the ability for downstream applications (e.g. GeoServer) to append additional querystring parameters e.g. AuthKey to every request made by the HTTPClient

GEOT-7558 GeoPackage extension output contains field types that are not supported by GDAL

GEOT-7586 GeoPackage output contains invalid field types when publishing content from other JDBCDataStore

Task

GEOT-7566 Upgrade commons-io from 2.12.0 to 2.16.1

GEOT-7567 Upgrade guava from 32.0.0 to 33.2.0

GEOT-7573 Upgrade PostgreSQL driver from 42.7.2 to 42.7.3

GEOT-7574 Upgrade commons-text from 1.10.0 to 1.12.0

GEOT-7577 Upgrade jackson from 2.15.2 to 2.17.1

GEOT-7578 Upgrade snakeyaml from 2.0 to 2.2

GEOT-7588 Maven javadoc build fix for Java 11.0.22 and newer aggregate build