GeoTools 29.6 released
This is an unscheduled release provided to help teams address CVE-2024-36404. Details of this issue will be made available at the end of the month. This is in keeping with our coordinated vulnerability disclosure policy allowing projects sufficient time to upgrade.
This release is also available from the OSGeo Maven Repository and is made in conjunction with GeoServer 2.23.6 and GeoWebCache 1.23.5.
Thanks to Jody Garnett (GeoCat) for making this release.
Security considerations
This update is considered essential to address the following:
- CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)
Summary of changes
See Release Notes from 29.6.
Improvement
GEOT-7527 StreamingRenderer can ask stores to simplify geometries with a distance of "zero"
Bug
GEOT-7532 GDALTestCase superfluous reports on missing test.zip
GEOT-7534 accept geojson with geometry=null
GEOT-7535 Per layer interpolation setting not honored with rendering transformation and oversampling
GEOT-7587 Improve handling of XPath expressions
Task
GEOT-7592 Bump org.eclipse.platform:org.eclipse.jface from 3.23.0 to 3.31.0
GEOT-7593 Bump org.eclipse.platform:org.eclipse.core.runtime from 3.23.0 to 3.29.0
GEOT-7594 Bump org.postgresql:postgresql from 42.6.0 to 42.7.2
