MalaGIS

Sharing GIS Technologies, Resources and News.

In the field of GIS development, on-premises deployment is an extremely common requirement, and MinIO is almost synonymous with private object storage. Whether storing hundreds of terabytes of remote sensing imagery or billions of loose map tiles, MinIO has consistently been the "cornerstone" of WebGIS architecture due to its simple deployment, excellent S3 compatibility, and the high performance of the Go language. However, just last week, the official MinIO GitHub repository announced an update to the project's status, moving it to maintenance mode and ceasing to accept new feature requests. The main changes are as follows:

• The codebase is now in a maintenance-only state.
• No new features, enhancements, or pull requests will be accepted.
• Critical security fixes may be evaluated on a case-by-case basis.
• Existing issues and pull requests will not be actively reviewed.
• Community support will continue on a best-effort basis via Slack.
• For enterprise support and actively maintained versions, please refer to MinIO AIStor.

To summarize the key point: if you wish to use a continually updated version of MinIO in the future, you must pay for the commercial version, MinIO AIStor. According to my research, the price is quite steep, requiring a subscription service. The annual fee is $96,000 to manage 400TB of data (a price point that is essentially unfeasible within the domestic GIS community in China).

Read More >>

In the previous article QGIS 4.0 Delayed: New Release Scheduled for February 2026, the editor introduced the latest progress on QGIS 4.0 development, noting that the originally planned QGIS 4.0 version has been postponed to February 2026. This is very disappointing news for many macOS users, especially those with M-series chips, as everyone has been waiting for the official native QGIS application for Mac M chips. Consequently, users will have to continue using the translated version of QGIS (which still works). However, there is good news: the official team has ported the Mac packaging method originally intended for QGIS 4.0 to the QGIS 3.x series. This means that an official native QGIS 3.x version for Mac M chips is now available. The editor checked today and confirmed that the official website has been updated. Users still on the Intel-translated version are highly recommended to upgrade immediately!

Read More >>

It's Friday, are you starting to slack off and prepare for the weekend? Hold on, just yesterday (December 3, 2025), React official and the Next.js team jointly disclosed a Critical-level security vulnerability. This is not just an ordinary bug, but a 'nuclear-level' vulnerability that allows unauthorized remote code execution (RCE). If your WebGIS project uses Next.js or React 19, please investigate promptly. This vulnerability is extremely dangerous and could lead to further data leakage risks.

Vulnerability Details

Vulnerability ID: CVE-2025-55182 (React) / CVE-2025-66478 (Next.js)

Affected Scope: As long as your project has React Server Components (RSC) enabled, even if you think you haven't written any backend logic, you could be affected.

Severity Level: CVSS 10.0 (maximum score) — This means attackers can execute arbitrary code on your Node.js server without logging in or performing complex operations, just by sending a carefully crafted HTTP request.

Affected Versions:

• React: 19.0.0 to 19.2.0
• Next.js: 15.x, 16.x, and versions after 14.3.0-canary.77

Read More >>

For GIS professionals, obtaining high-precision, global distribution data for energy facilities—particularly emerging sources like photovoltaics (PV) and wind power—is often challenging. While open-source maps like OpenStreetMap provide some data, they frequently fall short in terms of timeliness, coverage, and attribute detail required for rigorous scientific research or commercial analysis. Recently, Microsoft, in collaboration with organizations like The Nature Conservancy (TNC), launched a significant open-source project on GitHub called the Global Renewables Watch (GRW). The research team utilized high-resolution satellite imagery and deep learning image segmentation models to conduct a quarterly analysis of global high-resolution satellite images from Q4 2017 to Q2 2024. This process automatically identified PV and wind power installations worldwide, accompanied by estimated construction dates and pre-construction land use information.

Data Overview

Coverage: Globally processed
Data Volume: Over 13 trillion pixels
Detections:

• PV Power Plants: 86,410
• Wind Turbines: 375,197
  Data Format: gpkg (GeoPackage)
  Temporal Range: Q4 2017 to Q2 2024

Read More >>

This afternoon, while I was browsing the Mala GIS group, a user named @zheer discovered a pop-up demanding unpaid wages in an open-source Cesium examples project. This immediately piqued my interest, so I opened it to explore. The project summarizes common effects in Cesium development with over 200 demos, and also includes over 100 demos developed with ThreeJS. It's lamentable that such a talented developer had to resort to using an open-source project to plead for their wages, which is quite disheartening.

Open-source project address: https://jiawanlong.github.io/

Read More >>

After much anticipation, ArcGIS Pro has been updated again! This update brings version 3.6, but the currently released version does not include a Chinese language pack, so only the English version is available. I downloaded and installed it, and the process is relatively straightforward and user-friendly for beginners, though the lack of a Chinese pack is a bit inconvenient. It is recommended for users with some English proficiency who want to try out the new features.

PS: For production use, it is advisable to wait until a Chinese language pack and subsequent update patches are released.

Read More >>

In today's rapidly evolving AI technology, we are constantly exploring ways to make AI process various types of data more efficiently. Currently, JSON is the most mainstream data format, but its redundancy leads to high token consumption when interacting with AI. To address this issue, a new data format called TOON has been designed to replace JSON in interactions with LLMs, reducing token consumption.

TOON GitHub: https://github.com/toon-format/toon

Demo Website: https://toonformat.dev/

Read More >>

In the previous article 'Apple's Source Code Leak Incident: Key Takeaways for GIS Frontend Development', the author mentioned the Apple front-end source code 'leak' incident and highlighted several serious security risks in current front-end development. So, besides improving developers' skills, is there a more perfect detection mechanism for these risks? If you are a team leader, how can you avoid these problems as much as possible? The author believes that in addition to proper build configuration and production environment security hardening, a mechanism for continuous detection of sensitive information submitted to the repository is needed, and Gitleaks is such a tool.

What is Gitleaks?

Gitleaks is an open-source tool that can scan Git repositories (including commit history) or directories/files to detect hardcoded sensitive information, such as passwords, API keys, tokens, credentials, etc. It supports multiple scanning modes (e.g., git mode, dir mode, stdin mode) as well as custom rules, ignore rules, baseline reports, etc. Its installation methods are flexible: it supports Homebrew (Mac), Docker images, Go source builds, etc. The community is active, with nearly 24k stars on GitHub, and it is widely adopted.

In short: if your project may have sensitive credentials, tokens, or keys (especially in front-end, back-end, DevOps, CI/CD processes) accidentally submitted or left in history, Gitleaks is a tool that significantly adds assurance.

Read More >>

A few days ago, while working on a GIS dashboard development, I encountered a highly peculiar issue: the map worked perfectly in the development environment but failed to display in the production environment. After a thorough investigation, I finally discovered that the GeoJSON data in the production environment was problematic. The data team might have manually edited and accidentally deleted some content during the GeoJSON export process, resulting in incomplete data. Since no comprehensive validation was performed beforehand, this caused the map to fail to load.

After identifying the problem, I decided to create a validation tool to prevent similar issues in the future. I tested several methods available online and have summarized a few reliable ones to share with you. The core idea is: Attempt to convert each GeoJSON file into an ArcGIS format (such as a feature class). If the conversion is successful, the file is considered valid; if it fails, capture the error and log it.

Method 1: Using Geoprocessing Tools for Manual Batch Processing (Suitable for a Small Number of Files)

This method leverages the error handling mechanism of geoprocessing tools but requires manual setup.

First, place all the GeoJSON files you need to check in the same folder. Then, open the Geoprocessing pane (Analysis > Tools), search for and find the JSON To Features tool. This official tool for converting GeoJSON is strict with format requirements, making it very suitable for checking validity. In the tool interface, click the folder icon next to the Input JSON parameter. Locate the GeoJSON folder and select multiple files (hold Ctrl or Shift keys). Finally, set an output location and click Run.

Read More >>

Recently, a hot topic has been the Apple source code leak incident. Due to negligence by a developer, Apple failed to disable the sourcemap functionality in the production environment during the deployment of the App Store web version, leading to the exposure of the complete frontend code. This incident quickly sparked heated discussions within the tech community. Although only frontend logic code was leaked, containing no user data or security vulnerabilities, it served as a wake-up call for the frontend development field. The author takes this opportunity to discuss some lessons that can be learned for GIS frontend development.

Read More >>