GeoServer 2.20.2 Released
We are happy to announce GeoServer 2.20.2 release is available with downloads (bin, war, windows), along with docs and extensions.
This is a stable release of the 2.20.x series recommended for production systems. This release was made in conjunction with GeoTools 26.2 and GeoWebCache 1.20.1.
Security Considerations
This release includes several security enhancements and is a recommended upgrade for production systems:
-
GeoServer uses the earlier log4j1 library and is not subject to the Log4j2 remote code execution vulnerabilities reported worldwide. For a detailed discussion please read GeoServer Log4J2 zero day vulnerability assessment.
The release of GeoServer includes a patched version of log4j1 which does not include any remote loggers or socket communication.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
Mark Factory Precedence
When rendering maps with lots of individual graphics, looking up the correct implementation (known as a MarkFactory) can be time consuming.
WMS Settings have new capability to filter out any mark factories not being used, and provide an order to prioritise the ones being used.
For more information see WMS Web Administration (user guide).
Source Code
For developers building from source, we have committed a .gitattributes
file to help preserve consistent line encoding across our repository.
With this change it is no longer necessary to set your global configuration to core.autocrlf=input
.
Use git reset
as outlined below if encounter difficulty updating your checkout:
git pull --rebase
git reset --hard
Improvements and Fixes
- WMS rendering preserves region of interest when clipping working with palette based images
- Importer improvements to better report failed imports and clean up stale importer contents
- WCS return coverages whose native BBOX are slightly outside of the dateline
- Reduce the CPU load of returning Server Status information using OSHI on windows
For more information see 2.20.2 release notes.
About GeoServer 2.20
Additional information on GeoServer 2.20 series:
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release