GeoServer 2.13.2 released
We are happy to announce the release of GeoServer 2.13.2. Downloads are available (zip, war, and exe) along with docs and extensions.
This is a stable release recommended for production use. This release is made in conjunction with GeoTools 19.2 and GeoWebCache 1.13.2.
| Highlights of this release are featured below, for more information please see the release notes (2.13.2 | 2.13.1 | 2.13.0 | 2.13-RC1 | 2.13-beta). |
Improvements and Fixes
-
style editor map legend always includes legend
-
performance improvement for multi-band coverage time series
-
WMS 1.3.0 performance improvement for north/east axis order
-
Fix support of external graphics over http
Security updates
Please update your production instances of GeoServer to receive the latest security updates and fixes.
This release addresses several security vulnerabilities:
-
Prevent arbitrary code execution via Freemarker Template injection
-
XXE vulnerability in GeoTools XML Parser
-
XXE vulnerability in WPS Request builder
-
Various library upgrades (see above) from versions with known CVEs
Thanks to Steve Ikeoka, Kevin Smith, Brad Hards and Nuno Oliveira for providing fixes to these issues.
If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.
About GeoServer 2.13 Series
Additional information on the 2.13 series:
-
Isolated workspaces (User Guide)
-
Coverage views from heterogeneous bands (User Guide)
-
State of GeoServer 2.13 (slideshare)
-
See the GeoServer 2.13.0 released announcement for visual guide to new features
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release
Atom feed