Closed fmigneault closed 1 year ago
Causes auto-PR by Snyk: https://github.com/bird-house/birdhouse-deploy/pull/352
Yeah, we neither use https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver nor https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile anymore, they can all be deleted.
We use this one https://github.com/kartoza/docker-geoserver
Description
Some Docker references for GeoServer are specified here: https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver
However, they have not been modified over 4 years, and only seem to be leftover and unused code. This should be removed entirely, as it causes unnecessary confusion about which GeoServer is employed, as well as causing many (>50 critical, >160 high) vulnerabilities to be reflected by security scans due to very old references.
The active GeoServer in the stack is referenced with the following file instead: https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile
A much more up-to-date and reduced set of security vulnerabilities (~4 critical with
pavics/geoserver:2.22.2
) is detailed in https://github.com/bird-house/birdhouse-deploy/issues/320 (note that this is still not the latest active version in the stack still usingpavics/geoserver:2.19.0
).References
Concerned Organizations
All using GeoServer.