GeoTools

OSGeo

Tuesday, June 18, 2024

GeoTools 29.6 Released

GeoTools 29.6 released

GeoTools team is providing a release of GeoTools 29.6:

This is an unscheduled release provided to help teams address CVE-2024-36404. Details of this issue will be made available at the end of the month. This is in keeping with our coordinated vulnerability disclosure policy allowing projects sufficient time to upgrade.

This release is also available from the OSGeo Maven Repository and is made in conjunction with GeoServer 2.23.6 and GeoWebCache 1.23.5.

Thanks to Jody Garnett (GeoCat) for making this release.

Security considerations

This update is considered essential to address the following:

  • CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)

Summary of changes

See Release Notes from 29.6.

Improvement

GEOT-7527 StreamingRenderer can ask stores to simplify geometries with a distance of "zero"

Bug

GEOT-7532 GDALTestCase superfluous reports on missing test.zip

GEOT-7534 accept geojson with geometry=null

GEOT-7535 Per layer interpolation setting not honored with rendering transformation and oversampling

GEOT-7587 Improve handling of XPath expressions

Task

GEOT-7592 Bump org.eclipse.platform:org.eclipse.jface from 3.23.0 to 3.31.0

GEOT-7593 Bump org.eclipse.platform:org.eclipse.core.runtime from 3.23.0 to 3.29.0

GEOT-7594 Bump org.postgresql:postgresql from 42.6.0 to 42.7.2