GeoServer 2.9.2 Released
The GeoServer team is pleased to announce the release of GeoServer 2.9.2. Download bundles are provided (bin, war, dmg and exe) along with documentation and extensions.
This is a stable release of GeoServer suitable for production systems. This release is made in conjunction with GeoTools 15.2 and GeoWebCache 1.9.2. We extend our thanks to all contributors for making this release possible.
Highlights of this release include:
-
The macOS DMG is now signed by the Open Source Geospatial Foundation. This work done by Larry Shaffer and the system admin committee improves the Mac install experience. For macOS 10.12 Apple has asked that all applications to be from the App Store (sigh) or signed by identified developers. Using the OSGeo certificate to sign our application
-
Style icons can now be referenced by URL in both the global styles folder and workspace styles folders.
-
WMTS improved with both a web admin page and “virtual service” support providing a WMTS for each workspace.
-
The INSPIRE extension now supports WMTS capabilities document. Upon installation of the INSPIRE extension the INSPIRE WMTS grid is now available.
-
Embedded GeoWebCache now supports mbtiles based tile storage.
-
Improvements to image mosaic documentation with more examples.
-
Support for “JPEG or PNG “output format, dynamically choosing the best format based on image transparency
-
Lots of bug fixes (check the release notes for details)
For more information about GeoServer 2.9.2 refer to release notes (2.9.2 | 2.9.1 | 2.9.0 | RC1 | beta2 | beta | M0 ). |
Security Considerations
This release addresses two security vulnerabilities:
-
The default data directory now includes security restrictions on WFS-T functionality (restricting editing of data to the administrator account). This has the effect of making the service read-only by default, while still advertising we are a compliant WFS-T implementation. If you have an existing GeoServer deployment which you wish to be read-only your can configure security settings as described, or set the WFS service level to “basic”.
-
Aaron Waddell reported an XXE vulnerability in the GeoTools library which has been resolved (and is used by GeoServer). We encourage all users to upgrade to GeoServer 2.9.2 at this time. Please note that there are no additional releases of GeoServer 2.8 scheduled - now is the time to upgrade.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
About GeoServer 2.9
Articles, docs, blog posts and presentations:
-
Lots of goodies in the original 2.9.0 announcement (GeoServer Blog)
-
Results of our Bug Stomp Mini Code Sprint in July (GeoServer blog)
-
Internals upgrade to spring-4 for Java 8 compatibility (User Guide)
-
GeoServer code sprint success and wicket migration code sprint (GeoServer Blog)
-
GeoServer Plugin for QGIS (Boundless)
-
QGIS SLD export improvements (GeoSolutions)
-
Smart transparency in GeoServer with image/vnd.jpeg-png format (GeoSolutions)
-
Simplify complex feature mappings setup with HALE (GeoSolutions)
-
REST management of Resources (User Guide)
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release