GeoServer 2.19.4 Released
The GeoServer team are happy to announce GeoServer 2.19.4 release is available for download (zip and war) along with docs and extensions.
This GeoServer 2.19.4 release was produced in conjunction with GeoTools 25.4 and GeoWebCache 1.19.2, this is a maintenance release recommended for production systems.
Thanks to everyone who contributed, and to Andrea Aime (GeoSolutions) for making this release.
Security Considerations
This release includes several security enhancements and is a recommended upgrade for production systems:
-
GeoServer uses the earlier log4j1 library and is not subject to the Log4j2 remote code execution vulnerabilities reported worldwide. For a detailed discussion please read GeoServer Log4J2 zero day vulnerability assessment.
The release of GeoServer includes a patched version of log4j1 which does not include any remote loggers or socket communication.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
Improvements and Fixes
Bug
-
GEOS-10337 Harden importer against failed imports, make failures more evident
-
GEOS-10322 JDBCConfig community module does not deal with stale connections to the database
-
GEOS-10300 The map preview logs errors when using AUTO codes
-
GEOS-10299 The reprojection console does not work with AUTO codes
-
GEOS-10292 Changing worker pool size in raster access is not actually applied (silent error)
-
GEOS-10289 GeoServer busy for 1 hour on reloading a 50000 shapefiles Directory datastore
-
GEOS-10281 GeoServer log level not picked up with Catalog reload
-
GEOS-10249 GWC produce NPE when it comes to race condition
Improvement
-
GEOS-10328 Expire completed and stale importer contexts
-
GEOS-10321 WCS 2.0 might fail to return coverages whose native BBOX goes slighly outside of the dateline
-
GEOS-10315 Features Templating - Allow injecting JSON-LD output in HTML
-
GEOS-10314 Features Templating - allow specifying root @type in the JSON-LD output and a different name for features array
GEOS-9904 GeoFence backend DBMS dependencies
Task
-
GEOS-10335 Update GeoServer to a log4j version that does not support RCEs
-
GEOS-10269 Overriding JSON Object while Merging Feature Templates
-
GEOS-10268 Null Support in Features Templating
About GeoServer 2.19
Additional information on GeoServer 2.19 series:
- Log4J2 zero day vulnerability assessment
- WMS GetFeatureInfo includes labels from ColorMap
- Promote WMTS multidim to extension
- Promote WPS-Download to extension
- Promote params-extractor to extension
- Promote GWC-S3 to extension
- Promote WPS-JDBC to extension status
- Promote MapML to extension status
- GeoServer repository transition to main branch
Release notes ( 2.19.3 | 2.19.2| 2.19.1 | 2.19.0 | 2.19-RC )
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release