GeoTools 31.2 released
The GeoTools team is pleased to announce the release of the latest maintenance version of GeoTools 31.2:
This release is also available from the OSGeo Maven Repository and is made in conjunction with GeoServer 2.24.4 and GeoWebCache 1.24.4.
This is an unscheduled release provided to help teams address CVE-2024-36404. Details of this issue will be made available at the end of the month. This is in keeping with our coordinated vulnerability disclosure policy allowing projects sufficient time to upgrade.
We are grateful to Jody Garnett (GeoCat) for carrying out the release on behalf of the GeoCat Live product team.
Security considerations
This update is considered essential to address the following:
- CVE-2024-36404 Remote Code Execution (RCE) vulnerability in evaluating XPath expressions (Critical 9.8)
Summary of changes
See Release Notes from 31.2.
Release notes
Bug
GEOT-7537 GeoPackage TIMESTAMP must be DATETIME according to the GeoPackage spec
GEOT-7580 Fix missing builder clear writing FlatGeobuf data
GEOT-7587 Improve handling of XPath expressions
Improvement
GEOT-7558 GeoPackage extension output contains field types that are not supported by GDAL
GEOT-7586 GeoPackage output contains invalid field types when publishing content from other JDBCDataStore
Task
GEOT-7582 Upgrade to ImageIO-EXT 1.4.11
GEOT-7588 Maven javadoc build fix for Java 11.0.22 and newer aggregate build
GEOT-7597 Upgrade to ImageIO-EXT 1.4.12
