GeoServer 2.10.1 Released
The GeoServer team is pleased to announce the release of GeoServer 2.10.1. Download bundles are provided (bin, war, dmg and exe) along with documentation and extensions.
GeoServer 2.10.1 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 16.1 and GeoWebCache 1.10.1. Thanks to all contributors.
New Features and Improvements:
-
Allow windows installer to use port 80
-
Allow underlined labels in SLD
-
Add documentation for the WMTS multidimensional module
-
Add an example of GS Download process with request of output reference
Bug Fixes:
-
Slow startup of GeoServer with many layers
-
Cannot upload style files in the style editor
-
Generating a raster SLD style from template produces a formally invalid style
-
WPS fails if geometry column is named “location”
-
REST API services settings.html throws errors for null values
-
REST PUT property update on ServiceInfo does not work properly for primitive properties
-
ClassCastException when posting WFS Transaction request on a URL containing a valid GetFeature request
-
High oversampling on raster cells with reproject can put a significant amount of load on GeoServer
-
JMS Clustering does not propagate virtual services configurations
And more! For more information on this release check the release notes (2.10.1 | 2.10.0 | 2.10-RC1 | 2.10-beta | 2.10-M0 ) |
Security Considerations
This release addresses three security vulnerabilities:
-
Additional restrictions have been placed on the demo request page
-
Addressed an XML injection vulnerability identified in an automatic scan.
-
GeoServer now changes sessions during login, this addresses a class of vulnerablities known as “session fixation”.
Thanks again to Nick Muerdter for reporting these in a responsible manner (and Andrea and Jody for addressing these during the November bug stomp.)
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
About GeoServer 2.10
Articles, docs, blog posts and presentations:
-
State of GeoServer 2016 (slideshare)
-
The style editor has been refreshed with the best ideas from the css extension
-
The styling workshop has been updated for foss4g 2016 and now includes both CSS and YSLD examples.
-
Smart transparency in GeoServer with image/vnd.jpeg-png format (GeoSolutions)
-
QGIS SLD export improvements (GeoSolutions)
Community modules
-
A new community module to backup/restore and restore GeoServer configuration
-
A resource browser is available allowing remote management of styles, icons and fonts (needs building from sources).
-
A new WMTS multidimensional domain discovery community module for discovering patches of data in scattered data sets
-
The YSLD community module has been updated with extensive documentation
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release