GeoServer 2.7.3 released
The GeoServer team is happy to announce the release of GeoServer 2.7.3. Download bundles are provided (zip, war, dmg and exe) along with documentation and extensions.
GeoServer 2.7.3 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality including:
-
Further fixes for the XXE vulnerability, along with a fix for a remote code execution vulnerability in the REST API (requires admin credentials to trigger it)
-
Some WCS 1.1 and 2.0 fixes
-
Some improvements in the management of style specific workspaces when modifying layer groups with the REST API
-
Optimized the size of DBF in the SHAPE-ZIP output format
-
A few improvements in the importer, including speeding up import setup by delaying layer bounds computation, and allowing to harvest granules in an empty mosaic previously setup via the REST API
-
For a full list, see the release notes.
Also, as a heads up for Oracle users, the Oracle store does not ship anymore with the JDBC driver (due to redistribution limitations imposed by Oracle). For details see the updated the oracle installation instructions here.
Thanks to Andrea (GeoSolutions) and Kevin (Boundless) for this release.
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release