Publish 2.24.4 with critical CVE fixes

kartoza / docker-geoserver

A docker recipe for GeoServer

GNU General Public License v2.0

628 stars 423 forks source link

Publish 2.24.4 with critical CVE fixes #678

Closed francbartoli closed 4 months ago

francbartoli commented 4 months ago

Feature description

It would be useful to have the previous 2.24.x version available with the patch 2.24.4 which includes critical CVE fixes. I have already started the process to upgrade in this branch https://github.com/francbartoli/docker-geoserver/tree/2.24.4 by starting from a commit before the move to 2.25.0. cc @pascallike

Additional context

No response

NyakudyaA commented 4 months ago

@francbartoli wouldn't it make sense to use the logic in develop branch, since the plugin list is dynamically generated and the other things are configured using env vars? I think you would need to add the appropriate section in the workflows i.e https://github.com/kartoza/docker-geoserver/blob/develop/.github/workflows/build-latest.yaml#L64-L66

francbartoli commented 4 months ago

@NyakudyaA yes, I agree. In fact https://github.com/francbartoli/docker-geoserver/commit/e1d2f906498203c643a9b35f93748a47e01c4310 should accomplish your point if I'm not wrong. The only doubt is about the history in develop, I started from that commit just to be conservative with recent changes which may or may not be backward compatible with 2.24.x. Your guidance is appreciated, if you can suggest then I'll try to build from the latest commit.

NyakudyaA commented 4 months ago

There shouldn't be anything breaking, if you just edit the actions you can see if the test pass