Upgrade GeoServer for vulnerabilities

CHANGES.md

@@ -15,7 +15,35 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
-[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+## Changes
+
+- GeoServer: upgrade to 2.25.2 to fix vulnerabilities
+
+  See:
+  * https://nsfocusglobal.com/remote-code-execution-vulnerability-between-geoserver-and-geotools-cve-2024-36401-cve-2024-36404-notification/
+  * https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
+  * https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w
+
+  This change will upgrade to GeoServer 2.25.2 and GeoTools 31.2 (the version of `gt-complex.jar`).
+
+  ```shell
+  $ docker exec -u 0 geoserver find / -iname '**gt-complex**'
+  /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/gt-complex-31.2.jar
+  ```
+
+  The previous version was GeoServer 2.22.2 and GeoTools 28.2.
+
+  ```shell
+  $ docker exec -u 0 geoserver find / -iname '**gt-complex**'
+  /usr/local/tomcat/webapps/geoserver/WEB-INF/lib/gt-complex-28.2.jar
+  ```
+
+  Also enable
+  * OGC-API plugins https://docs.geoserver.org/stable/en/user/community/ogc-api/features/index.html
+    so we can slowly transition from the WPS plugin.
+  * STAC Datastore plugin https://docs.geoserver.org/latest/en/user/community/stac-datastore/index.html
+    so we can test integration with our STAC component.
+
 
 [2.5.1](https://github.com/bird-house/birdhouse-deploy/tree/2.5.1) (2024-07-10)
 ------------------------------------------------------------------------------------------------------------------

birdhouse/components/geoserver/default.env

@@ -8,21 +8,34 @@
 # "moving" tags, meaning not reproducible behavior !
 # See https://github.com/kartoza/docker-geoserver/issues/232#issuecomment-808754831
 # The version is used for representation in CanarieAPI, while the full tag is used to reference the image.
-export GEOSERVER_DOCKER=pavics/geoserver
-export GEOSERVER_VERSION=2.22.2
-export GEOSERVER_TAGGED=2.22.2-kartoza-build20230226-r7-allow-change-context-root-and-fix-missing-stable-plugins-and-avoid-chown-datadir
+export GEOSERVER_DOCKER="pavics/geoserver"
+export GEOSERVER_VERSION="2.25.2"
+export GEOSERVER_TAGGED="2.25.2--v2024.06.25-kartoza"
 export GEOSERVER_IMAGE='${GEOSERVER_DOCKER}:${GEOSERVER_TAGGED}'
 export GEOSERVER_IMAGE_URI='registry.hub.docker.com/${GEOSERVER_IMAGE}'
 
 export GEOSERVER_ADMIN_USER="admin"
 
 # # Install the stable plugin specified in
 # https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt
-export GEOSERVER_STABLE_EXTENSIONS="grib-plugin,netcdf-plugin,netcdf-out-plugin,csw-iso-plugin,metadata-plugin"
+export GEOSERVER_STABLE_EXTENSIONS="grib-plugin,\
+netcdf-plugin,\
+netcdf-out-plugin,\
+csw-iso-plugin,\
+metadata-plugin"
 
 # Install the community edition plugins specified in
 # https://github.com/kartoza/docker-geoserver/blob/master/build_data/community_plugins.txt
-export GEOSERVER_COMMUNITY_EXTENSIONS="geopkg-plugin"
+export GEOSERVER_COMMUNITY_EXTENSIONS="geopkg-plugin,\
+ogcapi-coverages-plugin,\
+ogcapi-dggs-plugin,\
+ogcapi-features-plugin,\
+ogcapi-images-plugin,\
+ogcapi-maps-plugin,\
+ogcapi-styles-plugin,\
+ogcapi-tiled-features-plugin,\
+ogcapi-tiles-plugin,\
+stac-datastore-plugin"
 
 # Must use single-quote for delayed eval.
 export GEOSERVER_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/geoserver'