GeoServer 2.20.7 Released
GeoServer 2.20.7 release is available with downloads (bin, war, windows), along with docs and extensions.
This series has previously reached end-of-life, with a release being issued to address an urdent security vulnerability. Please apply this upgrade as a mitigation measure only. Upgrade to 2.22.x series for community support.
Thanks to Andrea Aime (GeoSolutions) for making this update available on behalf of the GeoNode project.
This release was made in conjunction with GeoTools 26.7.
Security Considerations
This release addresses a security vulnerability and is considered an essential upgrade for production systems:
- CVE-2023-25158 OGC Filter SQL Injection Vulnerabilities (GeoTools)
- CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities (GeoServer)
For more information see OGC Filter Injection Vulnerability Statement.
- GEOT-7302 Escape user inputs in SQL queries
- GEOS-10842 JDBCConfig: escape user inputs in SQL queries
- GEOS-10839 JDBCConfig: add JDBC Configuration parameter to disable SQL comments and pretty-printing
Improvements and Fixes
For the full list of fixes and improvements, see 2.20.7 release notes.
About GeoServer 2.20
Additional information on GeoServer 2.20 series:
- Log4J2 zero day vulnerability assessment
- Internationalization of title and abstract
- State of GeoServer 2.20 edition
- Windows Installer
Release notes: ( 2.20.7 | 2.20.6 | 2.20.5 | 2.20.4 | 2.20.3 | 2.20.2 | 2.20.1 | 2.20.0 | 2.20-RC )
Tutorials
- How to style layers using GeoServer and QGIS
- How to Publish a GeoTIFF file in GeoServer
- A Comprehensive Guide to Publishing a Shapefile in GeoServer
- GeoServer About & Status - A Practical Guide
- GeoServer installation methods on Windows
- Introducing GeoSpatial Techno with a Video Tutorial
- GeoServer Presentations on FOSS4G 2019