Skip to content

Update GeoTools 28.6#8614

Merged
juanluisrp merged 2 commits into4.2.xfrom
geotools-maintenance-update
Feb 6, 2025
Merged

Update GeoTools 28.6#8614
juanluisrp merged 2 commits into4.2.xfrom
geotools-maintenance-update

Conversation

@jodygarnett
Copy link
Contributor

@jodygarnett jodygarnett commented Jan 23, 2025
edited
Loading

I have released an unsupported version of GeoTools 28.6 that contains the patch for CVE-2024-36404.

This is not intended to be a functional change, only to prevent security scans for being upset.

Checklist

  • I have read the contribution guidelines
  • Pull request provided for main branch, backports managed with label
  • Good housekeeping of code, cleaning up comments, tests, and documentation
  • Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation

@jodygarnett
Update GeoTools 31.5 and JTS 1.19.0
e3d1028 
The stable branch should stick to a supported version of GeoTools.
@juanluisrp
Copy link
Contributor

juanluisrp commented Jan 23, 2025
edited
Loading

@jodygarnett the dependency is not compatible with Java 8 that is what GN 4.2.x uses:

core-geonetwork/core/src/main/java/org/fao/geonet/util/XslUtil.java:[83,33] cannot access org.geotools.geojson.geom.GeometryJSON
  bad class file: /Users/juanl/.m2/repository/org/geotools/gt-geojson/31.5/gt-geojson-31.5.jar(org/geotools/geojson/geom/GeometryJSON.class)
    class file has wrong version 55.0, should be 52.0
    Please remove or make sure it appears in the correct subdirectory of the classpath.

gt-geojson-31.5.jar is compiled for Java 11. Last Geotools version compatible with Java 8 is 28.x so the most recent we can use is 28.5.

@jodygarnett jodygarnett changed the title Update GeoTools 31.5 and JTS 1.19.0 Update GeoTools 28.6 Feb 5, 2025
@jodygarnett jodygarnett linked an issue Feb 5, 2025 that may be closed by this pull request
Update latest branch GeoTools 30.4 / stable branch GeoTools 28.6 #8183
Closed
@jodygarnett
Copy link
Contributor Author

jodygarnett commented Feb 5, 2025

Thanks @juanluisrp I have released GeoTools 28.6 so we have something to update the stable branch to.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 5, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

juanluisrp
juanluisrp approved these changes Feb 6, 2025
View reviewed changes
Copy link
Contributor

@juanluisrp juanluisrp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are passing now. Merging it.

@juanluisrp juanluisrp merged commit 1302eb2 into 4.2.x Feb 6, 2025
10 checks passed
@juanluisrp juanluisrp deleted the geotools-maintenance-update branch February 6, 2025 16:18
landryb added a commit to georchestra/geonetwork that referenced this pull request Mar 12, 2025
@landryb
backport some spring/geotools security updates
2937ca2 
see geonetwork/core-geonetwork#8614 for geotools (fixes GHSA-w3pj-wh35-fq8w)
and geonetwork/core-geonetwork#7943 + geonetwork/core-geonetwork#8450 for spring/pg
@landryb landryb mentioned this pull request Mar 12, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juanluisrp juanluisrp juanluisrp approved these changes

Assignees

No one assigned

Labels

changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update latest branch GeoTools 30.4 / stable branch GeoTools 28.6

2 participants

@jodygarnett @juanluisrp