On Wed, Nov 25, 2020 at 5:26 PM Jim Hughes <[email protected]> wrote: > Hi David, > > Good question. I doubt anyone has tried, but that's just a guess. >
Actually it was tried back in 2016, see here: https://github.com/geoserver/geoserver/pull/1981 In particular, see my comment: "I am checking the Freemarker documentation, setting this flag seems to enable a lot of non backwards compatible behavioral changes... this needs to be carefully evaluated and documented for people upgrading GeoServer, or better, if possible, not done at all unless strictly necessary. Is it possible to get the html security improvements without throwing in all these changes?" Looks like in the meantime Freemarker kept on accumulating more and more backwards incompatible changes: https://freemarker.apache.org/docs/api/freemarker/template/Configuration.html#Configuration-freemarker.template.Version- It seems it's like a lost cause... we might as well upgrade, but maybe find a way to set the compatibility level to a given version by system variables. I am assuming that the Freemarker developers assume whoever is depending on them controls the templates, and can update them as they upgrade the FM version. We are not in that situation, freemarker templates can be put in the data directory instead. Another option is to upgrade the library, but force the configuration value to 2.3.0. Anyways, agreed that a PR is the way to go, and let's see how bad things can become (e.g., will they break built-in templates?). Oh, all OGC API resource HTML representations are built on Freemarker templates, and they are visible, front and center, when using these new services... wouldn't be thrilled to see them stop working :-( Cheers Andrea == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- *Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.*
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
