bird-house · tlvu · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025 · Aug 11, 2025
@@ -15,7 +15,21 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
-[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+## Changes
+
+- GeoServer: upgrade to 2.27.2 to fix vulnerabilities
+
+  See:
+  * https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2
+  * https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f
+  * https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc
+
+  As for the docker image changes, unfortunately there was no github tag for our
+  existing `2.25.2--v2024.06.25` so this is the best approximate diff we can have
+  https://github.com/kartoza/docker-geoserver/compare/v2.25.4--2024.11.17--e7732f7...v2.27.2--2025.08.05--f411524
+
+  From this diff, the geoserveruserid has changed so we also updated to match.
+
 
 [2.16.7](https://github.com/bird-house/birdhouse-deploy/tree/2.16.7) (2025-08-05)
 ------------------------------------------------------------------------------------------------------------------

@@ -9,27 +9,27 @@
 # See https://github.com/kartoza/docker-geoserver/issues/232#issuecomment-808754831
 # The version is used for representation in CanarieAPI, while the full tag is used to reference the image.
 export GEOSERVER_DOCKER="pavics/geoserver"
-export GEOSERVER_VERSION="2.25.2"
-export GEOSERVER_TAGGED="2.25.2--v2024.06.25-kartoza"
+export GEOSERVER_VERSION="2.27.2"
+export GEOSERVER_TAGGED="2.27.2--v2025.08.05-kartoza"
 export GEOSERVER_IMAGE='${GEOSERVER_DOCKER}:${GEOSERVER_TAGGED}'
 export GEOSERVER_IMAGE_URI='registry.hub.docker.com/${GEOSERVER_IMAGE}'
 
 export GEOSERVER_ADMIN_USER="admin"
 
 # # Install the stable plugin specified in
-# https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt
+# https://github.com/kartoza/docker-geoserver/blob/develop/build_data/stable_plugins.txt
 export GEOSERVER_STABLE_EXTENSIONS="grib-plugin,\
+ogcapi-features-plugin,\
 netcdf-plugin,\
 netcdf-out-plugin,\
 csw-iso-plugin,\
 metadata-plugin"
 
 # Install the community edition plugins specified in
-# https://github.com/kartoza/docker-geoserver/blob/master/build_data/community_plugins.txt
+# https://github.com/kartoza/docker-geoserver/blob/develop/build_data/community_plugins.txt
 export GEOSERVER_COMMUNITY_EXTENSIONS="geopkg-plugin,\
 ogcapi-coverages-plugin,\
 ogcapi-dggs-plugin,\
-ogcapi-features-plugin,\
 ogcapi-images-plugin,\
 ogcapi-maps-plugin,\
 ogcapi-styles-plugin,\

@@ -1,10 +1,12 @@
 # The Geoserver that Raven will connect to.
 # Same default value as
-# https://github.com/CSHS-CWRA/RavenPy/blob/2e56041b605e83ab28ffdc5d817e645481dcc5fc/ravenpy/utilities/geoserver.py#L51
+# https://github.com/CSHS-CWRA/RavenPy/blob/1dc534cd3b7faed2ff18a90a915d448b2fca6bf7/src/ravenpy/utilities/geoserver.py#L50-L52
+# https://github.com/Ouranosinc/raven/blob/4a5cc6462b4a5b89a465f3b4dc99a617591c44f9/src/raven/utilities/geoserver.py#L45
 # This is the production Geoserver that is always available with appropriate data.
 # For site that want to run your own Geoserver with your own data, please
 # override this variable with your own Geoserver instance.
 # Ex: RAVEN_GEO_URL="${BIRDHOUSE_PROXY_SCHEME}://${BIRDHOUSE_FQDN}/geoserver/"
+# The mapping to GEO_URL is done in components/raven/docker-compose-extra.yml.
 __DEFAULT__RAVEN_GEO_URL="https://pavics.ouranos.ca/geoserver/"
 export RAVEN_GEO_URL='${__DEFAULT__RAVEN_GEO_URL}'
 

@@ -31,4 +31,4 @@ docker run --rm --name fix-geoserver-data-dir-perm \
     --env FIRST_RUN_ONLY \
     "${BASH_IMAGE}" \
     bash -xc 'if [ -z "$FIRST_RUN_ONLY" -o ! -f /datadir/global.xml ]; \
-    then chown -R 1000:10001 /datadir; else echo "No execute."; fi'
+    then chown -R 2000:2000 /datadir; else echo "No execute."; fi'