bird-house / birdhouse-deploy

Scripts and configurations to deploy the various birds and servers required for a full-fledged production platform
https://birdhouse-deploy.readthedocs.io/en/latest/
Apache License 2.0
4 stars 6 forks source link

:shield: [Security] Remove deprecated GeoServer #349

Closed fmigneault closed 1 year ago

fmigneault commented 1 year ago

Description

Some Docker references for GeoServer are specified here: https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver

However, they have not been modified over 4 years, and only seem to be leftover and unused code. This should be removed entirely, as it causes unnecessary confusion about which GeoServer is employed, as well as causing many (>50 critical, >160 high) vulnerabilities to be reflected by security scans due to very old references.

The active GeoServer in the stack is referenced with the following file instead: https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile

A much more up-to-date and reduced set of security vulnerabilities (~4 critical with pavics/geoserver:2.22.2) is detailed in https://github.com/bird-house/birdhouse-deploy/issues/320 (note that this is still not the latest active version in the stack still using pavics/geoserver:2.19.0).

References

Concerned Organizations

All using GeoServer.

fmigneault commented 1 year ago

Causes auto-PR by Snyk: https://github.com/bird-house/birdhouse-deploy/pull/352

tlvu commented 1 year ago

Yeah, we neither use https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver nor https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile anymore, they can all be deleted.

We use this one https://github.com/kartoza/docker-geoserver