GeoServer 2.21.5 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a maintenance release of the GeoServer 2.21.x series, made in conjunction with GeoTools 27.5 and GeoWebCache 1.21.5.

Thanks to Daniele Romagnoli (GeoSolutions) for making this release.

Security Considerations

2024-06-30 Update: The following mitigation has been provided:

  • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)

    geoserver-2.21.5-patches.zip (replacing gt-app-schema, gt-complex and gt-xsd-core jars) has been provided by Andrea (GeoSolutions)

See project security policy for more information on how security vulnerabilities are managed.

Release notes

Bug

  • GEOS-3978 Layer configuration allows admin to enter a zero area bounding box

  • GEOS-6313 Lifecycle handlers not properly called during shutdown

  • GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name

  • GEOS-10500 WFS-T unable to delete more than 30 features in a single transaction when the data source is PostGIS

  • GEOS-10517 jms-cluster classes missing from XStream security configuration

  • GEOS-10593 Regression: Creating SQL View via REST API and explicit attribute list is no-longer possible

  • GEOS-10611 Uploading application/zip to styles endpoint does not clean up temporary files

  • GEOS-10828 OGC API - Features - Plugin breaks core `/rest` API with JSON payloads

  • GEOS-10837 geopackage output fails when java.io.tmpdir on network share

  • GEOS-10869 Jayway JSON Path libraries not included anymore on GeoServer packages

  • GEOS-10878 wps-multidimensional and wps-jdbc are not being deployed on maven repo

  • GEOS-10896 Missing NULL check in the template backwards mapping

  • GEOS-10899 Features template escapes twice HTML produced outputs

  • GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes

  • GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls

  • GEOS-10921 Double escaping of HTML with enabled features-templating

  • GEOS-10932 csw-iso: should only add ‘xsi:nil = false’ attribute

  • GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunction Exception

  • GEOS-10950 Performance regression in DescribeFeatureType across all feature types

  • GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits

Improvement

  • GEOS-10870 Allow importer AttributesToPointGeometryTransform to preserve original geometries, and to configure the name of the target geometry

  • GEOS-10940 Update MapML viewer to release 0.11.0

Task

For complete information see 2.22.5 release notes.

About GeoServer 2.21

Additional information on GeoServer 2.21 series:

Release notes: ( 2.21.5 | 2.21.4 | 2.21.3 | 2.21.2 | 2.21.1 | 2.21.0 | 2.21-RC )