GeoServer 2.21.2 Release
GeoServer 2.21.2 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a stable release of the GeoServer 2.21.x series, made in conjunction with GeoTools 27.2 and GeoWebCache 1.21.2.
Thanks to Jody Garnett (GeoCat) for making this release.
Security Considerations
This release includes a security enhancement and is a recommended upgrade for production systems.
- GEOS-10458 XSS vulnerability in the email address field
- Upgrade to org.apache.commons:commons-text 1.10.0 to avoid any risk from CVE-2022-42889. Although automated tools flagged this dependency GeoServer uses the library for capitalization and is not exposed to variable interpretation risk described.
REST API Cache Reset
For everyone who enjoys automating GeoServer a really useful feature. For the longest time GeoServer has had a REST API endpoint for resetting and reloading the Catalogue.
This change allows a reset of the information cached for:
[POST] /workspaces/<ws>/datastores/<cs>/reset
-
[POST] /workspaces/<ws>/datastores/<ds>/featuretypes/<ft>/reset
Resetting a featuretype will not overwrite any attribute selection / renaming / type conversion as this has been supplied by hand and not generated (That kind of information can be updated via REST API explicit PUT on the feature type resource.)
[POST] /workspaces/<ws>/coveragestores/<cs>/reset
[POST] /workspaces/<ws>/coveragestores/<cs>/coverages/<c>/reset
Consult the REST API reference for coveragestores / coverages, and datastores / featuretypes for detailed usage information.
Thanks to Andrea (GeoSolutions) for proposing and implementing this improvement. See proposal GSIP-214 - Selective reset of ResourcePool caches for background information.
- GEOS-10610 Selective cache reset on stores and resources, via REST API
Logging profile date formatting updates
The built-in logging profiles have been updated as the date was being incorrectly logged:
-
If you have hand edited any of the built-in logging profiles you can fix the data format manually. Locate appender
PatternLayout
entries and correct the date formatting to%date{dd MMM HH:mm:ss}
. -
If you have not modified any of the built-in logging profiles a quick way to update is to remove them from your GEOSERVER_DATA_DIRECTORY
logs
folder.The built-in logging profiles will be restored next time you change profiles or when the application starts up.
-
If you never plan to customize the built-in logging profiles use the system property
UPDATE_BUILT_IN_LOGGING_PROFILES=true
. This setting will cause GeoServer to update the files when changing profiles or on application startup.This setting only affects the built-in logging profiles; any new logging profiles that you have made manually are unaffected.
For more information see the user guide on built-in logging profiles.
-
GEOS-10701 Logging profiles timestamp reports minutes where it should report months
-
GEOS-10700 Impossible to customize built-in logging profiles: GeoServer will rewrite them on startup
Improvements and Fixes
Improvements:
-
GEOS-10677 Improve cleanup of multi part form upload to the dispatcher
-
GEOS-10676 Support uploading .bmp and .gif images as SLD Package icons through restconfig
-
GEOS-10644 Keycloak - Improvements to Role Service
-
GEOS-10639 Keycloak Filter - Allow to use a button to reach keycloak login page
-
GEOS-10637 Keycloak filter configurability improvements
-
GEOS-10625 GeoFence: improve filtering by role
-
GEOS-10620 Update oshi to 6.2.2 to support Apple M2 CPU
-
GEOS-10606 Generate html notice and license information for release assemblies
Fixes:
-
GEOS-10711 ConcurrentModificationException can happen while modifying data access rules with concurrent WMS traffic
-
GEOS-10699 WCS 2.0 latitude subsetting may fail if the source data has longitudes spanning both datelines
-
GEOS-10671 Parallel REST API calls failures (users)
-
GEOS-10649 Concurrent modification to GWC style parameter filter can lead to OOM
-
GEOS-10636 Proxied Login is broken after upgrade to 2.22-M0 and 2.21.1
-
GEOS-10635 GeoFence: area reprojection tests are failing
-
GEOS-10631 AccessManager will not be looked up if multiple beans are of type DefaultResourceAccessManager
-
GEOS-10628 GWC Environment parameterization does not work on geoserver startup
-
GEOS-10607 Links disappearing for the Admin user
-
GEOS-10547 Integrated WMS caching without the tiled parameter might result in deep recursion
-
GEOS-10507 GeoFence Internal - Support Batch operations for Rules and AdminRules
For complete information see 2.21.2 release notes.
About GeoServer 2.21
Additional information on GeoServer 2.21 series:
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release