GeoServer 2.22.6 Release
GeoServer 2.22.6 release is now available with downloads (bin, war, windows), along with docs and extensions.
This series has previously reached end-of-life, with this release issued to address a security vulnerability. Please apply this update as a mitigation measure only, and plan to upgrade to a stable or maintenance release of GeoServer. GeoServer 2.22.6 is made in conjunction with GeoTools 28.6.
Thanks to Jody Garnett for making this release.
Security Considerations
This release addresses security vulnerabilities for those operating in a Java 8 environment:
-
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
For more information see the following statement.
See project security policy for more information on how security vulnerabilities are managed.
Java 8 End-of-life
This GeoServer 2.22.6 is archived and has reached end-of-life. This release uses recent GeoTools 28.6 Java 8 artifacts addressing CVE-2024-36404.
All future releases will require a minimum of Java 11.
Release notes
Improvement:
- GEOS-11102 Allow configuration of the CSV date format
- GEOS-11116 GetMap/GetFeatureInfo with groups and view params can with mismatched layers/params
- GEOS-11155 Add the X-Content-Type-Options header
- GEOS-11246 Schemaless plugin performance for WFS
Bug:
- GEOS-11138 Jetty unable to start cvc-elt.1.a / org.xml.sax.SAXParseException
Task:
- GEOS-11318 Upgrade postgresql from 42.6.0 to 42.7.2
For the complete list see 2.22.6 release notes.
Community Updates
Community module development:
- GEOS-11412 Remove reference to JDOM from JMS Cluster (as JDOM is no longer in use)
Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.
About GeoServer 2.22 Series
Additional information on GeoServer 2.22 series:
- GeoServer 2.22 User Manual
- Update Instructions
- Metadata extension
- CSW ISO Metadata extension
- State of GeoServer (FOSS4G Presentation)
- GeoServer Beginner Workshop (FOSS4G Workshop)
- Welcome page (User Guide)
Release notes: ( 2.22.6 | 2.22.5 | 2.22.4 | 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )
Vulnerability
- GeoServer 2.22.6 Release
- GeoServer 2.26.2 Release
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release