Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modernizing the SVG support in deegree #966

Open
deegree-ci opened this issue Mar 29, 2019 · 3 comments
Open

Modernizing the SVG support in deegree #966

deegree-ci opened this issue Mar 29, 2019 · 3 comments
Labels
contributions welcome asking for contribution (time and money sponsor) CVE Common Vulnerabilities and Exposures dependencies Pull requests that update a dependency (library) enhancement enhancement or improvement funding welcome financial sponsoring wanted (money) TMC discussion to be discussed by technical management committee members

Comments

@deegree-ci
Copy link
Contributor

deegree-ci commented Mar 29, 2019
edited by lgoltz
Loading

deegree currently uses Apache Batik for SVG support. We need a lightweight replacement for Apache Batik. @tfr42 written by
@deegree-ci deegree-ci added enhancement enhancement or improvement contributions welcome asking for contribution (time and money sponsor) funding welcome financial sponsoring wanted (money) labels Mar 29, 2019
@tfr42 tfr42 added the TMC discussion to be discussed by technical management committee members label Jan 15, 2022
@tfr42
Copy link
Member

tfr42 commented Jan 15, 2022
edited
Loading

There are PR #1262 and #1263 to resolve known security issues CVE-2020-11987 in Apache Batik < 1.14 (deegree uses 1.7).
Users are advised to verify that their installations are not effected by this vulnerability and may consider to disable SVG support (https://download.deegree.org/documentation/current/html/#_advanced_symbolization).

The following classes do have references to Apache Batik:

using the following types of Batik API:

import org.apache.batik.dom.GenericDOMImplementation;
import org.apache.batik.svggen.SVGGraphics2D;
import org.apache.batik.transcoder.TranscoderException;
import org.apache.batik.transcoder.TranscoderInput;
import org.apache.batik.transcoder.TranscoderOutput;
import org.apache.batik.transcoder.image.PNGTranscoder;
import org.apache.batik.bridge.BridgeContext;
import org.apache.batik.bridge.DocumentLoader;
import org.apache.batik.bridge.GVTBuilder;
import org.apache.batik.bridge.UserAgent;
import org.apache.batik.bridge.UserAgentAdapter;
import org.apache.batik.dom.svg.SAXSVGDocumentFactory;
import org.apache.batik.gvt.GVTTreeWalker;
import org.apache.batik.gvt.GraphicsNode;
import org.apache.batik.gvt.RootGraphicsNode;

@tfr42 tfr42 added CVE Common Vulnerabilities and Exposures dependencies Pull requests that update a dependency (library) labels Jan 15, 2022
@tfr42
Copy link
Member

tfr42 commented Jan 19, 2022

@copierrj suggestion for batik replacement: https://www.jfree.org/jfreesvg/

@stephanr
Copy link
Member

Another alternative could be the library https://github.com/blackears/svgSalamander

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contributions welcome asking for contribution (time and money sponsor) CVE Common Vulnerabilities and Exposures dependencies Pull requests that update a dependency (library) enhancement enhancement or improvement funding welcome financial sponsoring wanted (money) TMC discussion to be discussed by technical management committee members
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tfr42 @deegree-ci @stephanr