This GeoServer 2.19.4 release was produced in conjunction with GeoTools 25.4 and GeoWebCache 1.19.2, this is a maintenance release recommended for production systems.
Thanks to everyone who contributed, and to Andrea Aime (GeoSolutions) for making this release.
This release includes several security enhancements and is a recommended upgrade for production systems:
GeoServer uses the earlier log4j1 library and is not subject to the Log4j2 remote code execution vulnerabilities reported worldwide. For a detailed discussion please read GeoServer Log4J2 zero day vulnerability assessment.
The release of GeoServer includes a patched version of log4j1 which does not include any remote loggers or socket communication.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
Improvements and Fixes
GEOS-10337 Harden importer against failed imports, make failures more evident
GEOS-10322 JDBCConfig community module does not deal with stale connections to the database
GEOS-10300 The map preview logs errors when using AUTO codes
GEOS-10299 The reprojection console does not work with AUTO codes
GEOS-10292 Changing worker pool size in raster access is not actually applied (silent error)
GEOS-10289 GeoServer busy for 1 hour on reloading a 50000 shapefiles Directory datastore
GEOS-10281 GeoServer log level not picked up with Catalog reload
GEOS-10249 GWC produce NPE when it comes to race condition
GEOS-10328 Expire completed and stale importer contexts
GEOS-10321 WCS 2.0 might fail to return coverages whose native BBOX goes slighly outside of the dateline
GEOS-10315 Features Templating - Allow injecting JSON-LD output in HTML
GEOS-10314 Features Templating - allow specifying root @type in the JSON-LD output and a different name for features array
GEOS-9904 GeoFence backend DBMS dependencies
GEOS-10335 Update GeoServer to a log4j version that does not support RCEs
GEOS-10269 Overriding JSON Object while Merging Feature Templates
GEOS-10268 Null Support in Features Templating
About GeoServer 2.19
Additional information on GeoServer 2.19 series:
- Log4J2 zero day vulnerability assessment
- WMS GetFeatureInfo includes labels from ColorMap
- Promote WMTS multidim to extension
- Promote WPS-Download to extension
- Promote params-extractor to extension
- Promote GWC-S3 to extension
- Promote WPS-JDBC to extension status
- Promote MapML to extension status
- GeoServer repository transition to main branch