GeoServer 2.18.6 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is an extra maintenance release of the 2.18.x series recommended for production systems that have not yet upgraded to 2.19. This release was made in conjunction with GeoTools 24.6.

Thanks to everyone who contributed, and to Andrea Aime (GeoSolutions) and Jody Garnett (GeoCat) for making this release.

Security Considerations

This release includes security enhancements and is a recommended upgrade for production systems.

This release includes two improvements addressing Jiffle and GeoTools RCE vulnerabilities:

This release also includes:

  • GEOS-10445 Upgrade Spring Framework from 5.1.20.RELEASE to 5.2.20.RELEASE

    Although GeoServer assessment did not identify any issue we have now updated the the spring framework library.

Improvements and Fixes

  • GEOS-10437 Breaking SLD 1.1 style by REST upload

  • GEOS-10249 GWC produce NPE when it comes to race condition

  • GEOS-10215 Layers nested inside a group maintain their prefix even in workspace specific services

  • GEOS-10213 WMS requests fail on LayerGroup default style names, when used in GetMap/GetFeatureInfo/GetLegendGraphics

  • GEOS-10200 GetLegendGraphic can fail if SCALE removes all rules

  • GEOS-10321 WCS 2.0 might fail to return coverages whose native BBOX goes slighly outside of the dateline

  • GEOS-10194 Improve importer LOGGING

  • GEOS-10335 Update GeoServer to a log4j version that does not support RCEs

For more information see 2.18.6 release notes.

About GeoServer 2.18

Additional information on GeoServer 2.18 series:

Release Notes ( 2.18.6 | 2.18.5 | 2.18.4 | 2.18.3 | 2.18.2 | 2.18.1 | 2.18.0 | 2.18-RC )