GeoServer 2.11.1 Released
We are happy to announce the release of GeoServer 2.11.1. Downloads are available (zip, war, dmg and exe) along with documentation and extensions.
GeoServer 2.11.1 is the latest stable release of GeoSever recommended for production system. This release is made in conjunction with GeoTools 17.1.
Highlights of this release are featured below, for more information please see the release notes (2.11.1 | 2.11.0 | 2.11-RC1 | 2.11-beta ). |
Security Considerations
This release addresses three security vulnerabilities:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
These fixes are also included in the 2.10.3 release.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
There is a new Mapbox Style community module available, which adds support for an interoperable json styling language. For more details, refer to the documentation.
-
GSIP 158 - NetCDF output support for variable attributes and extra variables. This improvement adds the ability to set attributes on output NetCDF variables, copy attributes from source NetCDF/GRIB variables, and copy scalar variables from NetCDF/GRIB sources including ImageMosaics. See the documentation for details.
-
Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services).
Bug Fixes
-
Various improvements to virtual services, including lookup and GML 3 encoding handling
-
Namespace filtering on capabilities returns all layer groups (including the ones in other workspaces)
-
Not possible to PUT workspace using REST
-
GeoServer Home Page missing information messages
-
Style Editor Preview Legend Fails on non-SLD Styles
-
Integrated GWC does not work with layer and layer group specific services
-
Generating a raster SLD style from template produces a functionally invalid style
-
GeoServer generates invalid GeoPackage raster mosaics
-
Metatiling may throw a ClassCastException: Raster cannot be cast to WritableRaster
About GeoServer 2.11
Articles, docs, blog posts and presentations:
-
OAuth2 for GeoServer (GeoSolutions)
-
YSLD has graduated and is now available for download as a supported extension
-
Vector tiles has graduate and is now available for download as an extension
-
The rendering engine continues to improve with underlying labels now available as a vendor option
-
A new “opaque container” layer group mode can be used to publish a basemap while completely restricting access to the individual layers.
-
Layer group security restrictions are now available
-
Latest in performance optimizations in GeoServer (GeoSolutions)
-
Improved lookup of EPSG codes allows GeoServer to automatically match EPSG codes making shapefiles easier to import into a database (or publish individually).
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release