GeoServer 2.19.6 Released
GeoServer 2.19.6 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is an extra maintenance release of the 2.19.x series recommended for production systems. This release was made in conjunction with GeoTools 25.6.
Thanks to everyone who contributed, and to Andrea Aime (GeoSolutions) for making this release.
Security Considerations
This release includes several security enhancements and is a recommended upgrade for production systems.
This release includes two improvements addressing Jiffle and GeoTools RCE vulnerabilities:
-
GEOS-10458 Upgrade to JAI-EXT 1.1.22
-
GEOT-7115 Streamline JNDI lookups
This release also includes:
-
GEOS-10445 Upgrade springframework from 5.1.20.RELEASE to 5.2.20.RELEASE
Although GeoServer assessment did not identify any issue we have now updated the the spring framework library.
Improvements and Fixes
Fixes:
-
GEOS-10437 Breaking SLD 1.1 style by REST upload
-
GEOS-10336 INSPIRE failure: version not propagated in GetCapabilities LegendURL
-
GEOS-9978 WMS vendor parameter CLIP - ignores TIME/CQL_FILTER and other parameters when using with ImageMosaic
Tasks:
- GEOS-10303 Upgrade to jackson 2.13.2
For more information see 2.19.6 release notes.
About GeoServer 2.19
Additional information on GeoServer 2.19 series:
- Jiffle and GeoTools RCE vulnerabilities
- Log4J2 zero day vulnerability assessment
- WMS GetFeatureInfo includes labels from ColorMap
- Promote WMTS multidim to extension
- Promote WPS-Download to extension
- Promote params-extractor to extension
- Promote GWC-S3 to extension
- Promote WPS-JDBC to extension status
- Promote MapML to extension status
- GeoServer repository transition to main branch
Release notes ( 2.19.6 | 2.19.5 | 2.19.4 | 2.19.3 | 2.19.2 | 2.19.1 | 2.19.0 | 2.19-RC )
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release