GeoServer 2.13.2 released
We are happy to announce the release of GeoServer 2.13.2. Downloads are available (zip, war, and exe) along with docs and extensions.
This is a stable release recommended for production use. This release is made in conjunction with GeoTools 19.2 and GeoWebCache 1.13.2.
Highlights of this release are featured below, for more information please see the release notes (2.13.2 | 2.13.1 | 2.13.0 | 2.13-RC1 | 2.13-beta). |
Improvements and Fixes
-
style editor map legend always includes legend
-
performance improvement for multi-band coverage time series
-
WMS 1.3.0 performance improvement for north/east axis order
-
Fix support of external graphics over http
Security updates
Please update your production instances of GeoServer to receive the latest security updates and fixes.
This release addresses several security vulnerabilities:
-
Prevent arbitrary code execution via Freemarker Template injection
-
XXE vulnerability in GeoTools XML Parser
-
XXE vulnerability in WPS Request builder
-
Various library upgrades (see above) from versions with known CVEs
Thanks to Steve Ikeoka, Kevin Smith, Brad Hards and Nuno Oliveira for providing fixes to these issues.
If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.
About GeoServer 2.13 Series
Additional information on the 2.13 series:
-
Isolated workspaces (User Guide)
-
Coverage views from heterogeneous bands (User Guide)
-
State of GeoServer 2.13 (slideshare)
-
See the GeoServer 2.13.0 released announcement for visual guide to new features
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release