Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🛡️ [Security] Remove deprecated GeoServer #349

Closed
fmigneault opened this issue Jul 4, 2023 · 2 comments · Fixed by #353
Closed

🛡️ [Security] Remove deprecated GeoServer #349

fmigneault opened this issue Jul 4, 2023 · 2 comments · Fixed by #353
Assignees
@tlvu
Labels
security Issues or features related to security concerns

Comments

@fmigneault
Copy link
Collaborator

fmigneault commented Jul 4, 2023
edited
Loading

Description

Some Docker references for GeoServer are specified here:
https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver

However, they have not been modified over 4 years, and only seem to be leftover and unused code.
This should be removed entirely, as it causes unnecessary confusion about which GeoServer is employed, as well as causing many (>50 critical, >160 high) vulnerabilities to be reflected by security scans due to very old references.

The active GeoServer in the stack is referenced with the following file instead:
https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile

A much more up-to-date and reduced set of security vulnerabilities (~4 critical with pavics/geoserver:2.22.2) is detailed in #320 (note that this is still not the latest active version in the stack still using pavics/geoserver:2.19.0).

References

Concerned Organizations

All using GeoServer.
@fmigneault fmigneault added the security Issues or features related to security concerns label Jul 4, 2023
@fmigneault
Copy link
Collaborator Author

Causes auto-PR by Snyk: #352

@tlvu
Copy link
Collaborator

tlvu commented Jul 12, 2023

Yeah, we neither use https://github.com/bird-house/birdhouse-deploy/tree/master/birdhouse/docker/geoserver nor https://github.com/bird-house/birdhouse-deploy/blob/master/birdhouse/config/geoserver/Dockerfile anymore, they can all be deleted.

We use this one https://github.com/kartoza/docker-geoserver

@tlvu tlvu mentioned this issue Jul 12, 2023
Merged
@tlvu tlvu closed this as completed in #353 Aug 28, 2023
tlvu added a commit that referenced this issue Aug 28, 2023
@tlvu
Remove unused geoserver dockerfiles (#353)
f170664 
- Delete unused Dockerfiles, fixes #349 and fixes #352

* birdhouse/docker/geoserver: not used since 3-4 years, replaced by
https://github.com/kartoza/docker-geoserver

* birdhouse/config/geoserver/Dockerfile: was introduced in commit
f3b9896 (PR #233, merge commit
d1ecc63) as a temporary solution only,
not needed with newer kartoza docker images.

- Move birdhouse/docker/solr to
birdhouse/deprecated-components/solr/docker to group related files
together. Solr has been deprecated since PR #311 (merge commit
a8d3612).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tlvu tlvu

Labels
security Issues or features related to security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove unused geoserver dockerfiles bird-house/birdhouse-deploy
2 participants
@tlvu @fmigneault