* Use PolyMeasure to draw great circle lines with Measure Tool

* Round meters to two digits on Measure tool x-axis

* Added option to not display PolylineMeasure tooltips

* Fix bug with noDataValue for single banded COGs (#700)

* Fixed issue where rubberline is not drawn with first click or after zoom

* Fix critical security vulnerabilities identified in SonarQube analysis (#701)

* Fix critical security vulnerabilities identified in SonarQube analysis

This commit addresses 8 legitimate security vulnerabilities while documenting
13 false positives that had adequate existing protections.

Security fixes implemented:

**Path Injection Vulnerabilities (3 issues fixed):**
- middleware.js: Added URL validation requiring /Missions prefix and blocking
  directory traversal sequences (../ and ..\)
- configs.js: Fixed flawed validation logic (AND→OR) and added directory
  traversal protection for mission names

**Cross-Site Scripting (1 issue fixed):**
- configs.js: Added sanitizeInput() function to escape HTML entities in error
  messages containing user-controlled data, preventing reflected XSS attacks

**Insecure Temporary File Creation (4 sample fixes):**
- Replaced insecure tempfile.mktemp() with tempfile.mkstemp() in:
  - auxiliary/demtiles/gdal2demtiles.py (lines 839, 874)
  - auxiliary/gdal2tiles4extent/gdal2tiles4extent.py (line 521)
  - auxiliary/gdal2customtiles/legacy/gdal2customtiles.py (line 601)
- Eliminates race condition vulnerabilities in GDAL processing scripts

**False Positives Documented:**
- SQL Injection (5 issues): Existing parameterized queries and input
  sanitization provide adequate protection
- Analysis details in reviewed_findings.md

All fixes maintain backward compatibility while significantly improving
security posture. Remaining auxiliary Python scripts follow the same
tempfile pattern for completion.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Tweaks to critical security vulnerability fixes

* Support .. as long as it stays within /Missions

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Tariq Soliman <Tariq.K.Soliman@jpl.nasa.gov>

* Minor fix: sort geodataset results

* Make sure polyline measurements are cleared on reset

* #702 Fix LayersTool filtering on non-dynamicExtent props-on-click geodatasets (#703)

* Minor fix: more versatile Help root pathing

* #704 Upgrade All Adjacent Servers (#705)

* Don't use polyline with LOS or else it results in two lines

* Make sure rubberline gets drawn in continuous modes

* Ensure line of sight follows great circle and polyline display cleanup

* Update Dockerfile to update certs

* Use LOS technique to draw great circle lines with varying colors

* Show great circle line even if no DEM #52

* #708 User Account Management (#711)

* #708 User Account Management 1

* #708 user account control part 2

* #708 user account management part 3

* User account control part 4

* #708 minor style tweaks

* Minor resetPassword link fix

* Use contours on all login pages

* #712 Fix some security issues (#713)

* #714 Configurable Wrapping for 2D Map (#715)

* #714 Map maxbounds

* #714 apply to projected maps too

* #716 Per Mission Permissions (#717)

* #716 Per-Mission Permission part 1

* #716 Per Mission Permissions

* #718 Globe Controls clash with Separated Tool buttons in the UI (#719)

* Added multi-platform build to support arm64 architecture

* Fix ensureUser for new Admins

* Separate platform builds and append -arm64 to the end of arm64 images

* Use separate ARM64 runner for faster ARM64 Docker builds

* Fix arm64 tag assignment syntax

* Use a prerendered image for the layer legend #658

* #721 Show, Delete, and Search for individual STAC items (#723)

* #721 STAC item UI part 1

* #721 STAC item UI part 2

* Bump version 4.0.0 -> 4.1.0

* Adjust legend width based on legend image up to 300px

* #724 Legends Max on top (#725)

* Add feature to set Layer header expanded state individually (#726)

* Expand layers feature

* Fix bug with keeping header expanded/unexpanded state

* Expand individual headers only if LayersTool.vars.expanded is not set to true

* #727 STAC item regex search and bulk delete (#728)

* #727 Stac item regex, bbox, bulk delete support part 1

* #727 Support 32bit stac items in map

* #729 Default configuration for live mode (#730)

* #731 Projection Tab Autocomplete, Case Insensitive Mission Sorting, Smart field dsiabling in /configure (#732)

* Filter out blank csv entries in csvToJSON function (#734)

* Add amd64 image suffix and build it last

* Use regular docker build instead of buildx

* Add Legend tool display options (#735)

* Add configuration options

* Add header options for legend tool

* Improve syntax

* #736 Configure Required Field Indicators (#737)

* #738 Fix GeoDataset LOCAL (#739)

* #740 Add mission planet radii (#741)

* Add legend-based property styling for vector layers

* #742 Configure Preview iframe to respect subpaths (#744)

* #709 Improved Continuous Legend Symbology Styling

* #745 Live Follow Mode (#746)

---------

Co-authored-by: Joe Roberts <joe.t.roberts@jpl.nasa.gov>
Co-authored-by: ac-61 <ac-61@users.noreply.github.com>
Co-authored-by: Jeff Leach <jl-0@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Joe T. Roberts <5315956+jtroberts@users.noreply.github.com>