GeoServer 2.27.0 Release

GeoServer 2.27.0 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a stable release of GeoServer recommended for production use. GeoServer 2.27.0 is made in conjunction with GeoTools 33.0, GeoWebCache 1.27.0, and ImageIO-EXT 1.4.15.

This release graduates the OGC API Features module to extension status, ensures all OGC services pass CITE compliance tests, and adds performance improvements to the catalog loader that significantly reduces startup times for large deployments. The release also includes Smart Data Loader override rules. This release addresses several security vulnerabilities, and enforces browser Content Security Policy for increased security.

Thanks to extensive community testing through our user forum, we’re confident in recommending this release for production use. Check update notes for specific instructions.

Thanks to Gabriel Roldan (Camptocamp) and Jody Garnett (GeoCat) for making this release and to all contributors who helped with this release cycle.

Community Testing

This release cycle featured an extensive community testing effort, with our new discourse communication channels playing a central role in pre-release validation.

Testers helped identify and resolve several important issues:

Performance Improvements: Daniel Calliess verified faster startup times and validated the GeoFence plugin functionality.
Security Enhancements: Georg and Roar Brænden provided detailed feedback on the new Content Security Policy (CSP) implementation, helping refine the upgrade instructions.
Catalog Robustness: Andrea tested the new parallel catalog loader across various data directory configurations, identifying and helping resolve concurrency edge cases.
Documentation: Emanuele Tajariol collaborated with Daniel to update GeoFence plugin documentation.
Standards Implementation: Landry Breuil validated the OGC API Features extension on behalf of the geOrchestra community.

The GeoServer team is grateful to all community members who participated in this testing effort. Their feedback was instrumental in addressing issues before release and ensuring a smooth upgrade experience for users.

Special thanks to Andrea, Jody, Peter, and Gabriel for their diligent work reviewing feedback and addressing issues throughout the preflight testing period.

Security Considerations

This release addresses several security vulnerabilities, and is a recommended upgrade for production systems.

See project security policy for more information on how security vulnerabilities are managed.

OGC API FeaturesService Extension

The OGC API Features module has officially graduated from community status to become a supported GeoServer extension. This implementation of the modern, web-friendly OGC API - Features standard provides a RESTful API alternative to traditional WFS services.

Key capabilities include:

Feature collection discovery and access
Spatial and attribute filtering using CQL2
Multiple output formats (GeoJSON, HTML, etc.)
Service-level operations across multiple collections

This service operates alongside the existing WFS services:

Update the WFS Settings title and description appropriately.
This information is used for the service landing page:
GeoServer has not previously included draft or work-in-progress development - preferring to make such functionality available as community modules for developers to collaborate. However OGC API - Features specification is defined in a modular fashion, and accommodates the idea of both draft and community standards.

To configure enable/disable “conformances” for Features, CQL2, and ECQL.
For more information on OGC API support in GeoServer:
- OGC API Service Configuration (User Manual)
- Configuration of OGC API - Features module (User Manual)

This graduation is the result of a collaborative code sprint with developers from Camptocamp, GeoSolutions, and GeoCat joining forces. As part of this effort, the module now passes OGC CITE compliance tests, ensuring proper interoperability with other OGC-compliant systems.

Special thanks to the French “Commissariat général au développement durable du Ministère chargé de l’Ecologie” for sponsoring this work as part of the Collectif Interopérabilité et mise en Commun de Composants Logiciels pour les plateformes de données (CICCLO) project.

For more information, and the extension user docs.

GSIP-230 OGC API Features Extension
GEOS-11627 OGCAPI FeatureService Extension

OGC CITE Compliance

A significant effort has been made to ensure GeoServer passes the OGC Conformance and Interoperability Test and Evaluation (CITE) compliance tests across all supported services. This work improves the quality and interoperability of GeoServer with other OGC-compliant systems.

Restoring CITE Compliance has been a project goal for a number of years, and an ongoing sponsorship goal for the GeoServer project. Many thanks to prior sponsors of this activity including Gaia3D, and OSGeo:UK.

We are pleased to share that GeoServer now passes all the OGC CITE compliance tests available for the services it supports. Passing OGC CITE tests involved fixing numerous issues related to exception handling, version negotiation, and service behavior.

Special thanks to Andrea Aime for leveraging, extending, and improving the OGC CITE conformance testing infrastructure that was developed during the OGC API Features work, and methodically applying it to ensure all GeoServer services now pass their respective compliance tests.

While official certification from the OGC is still pending at the time of writing, the process is underway and we anticipate formal recognition of GeoServer in the coming days.

Thanks to Peter Smythe (AfriGIS) and Angelos Tzotsos for working with Open Source Geospatial Foundation to provide access to the CITE Certification process. Once certification is granted, we will update this post and home page with a “live logo” to reflect our official status.

GEOS-11729 Pass WCS 1.0 certification OGC CITE tests
GEOS-11730 Pass WCS 1.1 certification OGC CITE tests
GEOS-11780 Pass WCS 2.0 certification OGC CITE tests
GEOS-11731 Pass WFS 1.0 certification OGC CITE tests
GEOS-11732 Pass WFS 1.1 certification OGC CITE tests
GEOS-11733 Pass WFS 2.0 certification OGC CITE tests
GEOS-11734 Pass WMS 1.1 certification OGC CITE tests
GEOS-11735 Pass WMS 1.3 certification OGC CITE tests
GEOS-11779 Pass WMTS 1.0 certification OGC CITE tests
GEOS-11736 Pass OGC API Features 1.0 certification OGC CITE tests
GEOS-11752 Pass GeoTIFF 1.1 certification OGC CITE tests
GEOS-11753 Pass GPKG 1.2 certification OGC CITE tests

Content Security Policy Enforced

The use of Content Security Policy (CSP) headers is an additional safety precaution introduced by your browser to mitigate cross-site scripting and clickjacking attacks.

GeoServer 2.27.0 pages now include a Content Security Policy, limiting expected browser interactions to increase security.

Before updating double check your PROXY_BASE_URL setting is correct.

This is a common mistake blocked by the new CSP policy.
It is expected that the web administration console functions correctly, along with extensions and community modules.

With these improved CSP safety measures GeoServer may now detect vulnerabilities in your environment that were previously undetected.

If you run into any problems, troubleshooting instructions are available in the user manual.
Additional tools are available for administrators seeking greater control.

Thanks to Steve Ikeoka for his dedication to this activity.

GSIP 227 Content-Security-Policy Headers
GEOS-11346 Add a configurable Content-Security-Policy header
GEOS-11698 Update GeoServer User Interface Troubleshooting Guidance
GEOS-11585 Patch Spectrum to work with Wicket’s CSP
GEOS-11586 Patch CodeMirror to work with Wicket’s CSP
GEOS-11669 Patch jscolor to work with Wicket’s CSP

Faster Catalog Loading

GeoServer 2.27.0 includes significant performance improvements for server startup with the promotion of the “datadir catalog loader” from a community module to the GeoServer core. This enhanced loader dramatically improves startup times for deployments with large data directories through parallel processing.

Startup Performance

The performance gains are substantial, as shown by these benchmark results:

NFS/10Gbps Storage:

16K layers: reduced from 5.8s to 3.3s (1.8× faster)
100K layers: reduced from 1.9min to 28.3s (4.1× faster)
1M layers: reduced from 21.3min to 5.9min (3.6× faster)

NVMe Gen5/ZFS Storage:

16K layers: reduced from 3.5s to 1.3s (2.7× faster)
100K layers: reduced from 21.2s to 3.2s (6.5× faster)
1M layers: reduced from 3.4min to 24.6s (8.3× faster)

The new loader uses work-stealing thread pools for catalog processing while ensuring thread safety. This enhancement is particularly valuable for large enterprise deployments where startup time has been a bottleneck.

The loader is enabled by default but can be disabled or tuned if needed as explained in the data directory documentation.

GSIP-231 Promote data_dir catalog loader to core
GEOS-11284 Promote community module “datadir catalog loader” to core

File System Sandbox Isolation

A file system sandbox is used to limit access for GeoServer Administrators and Workspace Administrators to specified file folders.

A system sandbox is established using GEOSERVER_FILESYSTEM_SANDBOX application property, and applies to the entire application, limiting GeoServer administrators to the <sandbox> folder, and individual workspace administrators into isolated <sandbox>/<workspace> folders.
A regular sandbox can be configured from the Security > Data screen, and is used to limit individual workspace administrators into <sandbox>/<workspace> folders to avoid accessing each other’s files.

Thanks to Andrea (GeoSolutions) for this important improvement at the bequest of Munich RE.

GSIP 229 - File system access isolation
File system sandboxing (User Manual)

MapML Enhancement

The MapML extension continues to receive significant updates.

Tiled Coordinate Reference Systems can now be managed with a new MapML TCRS Settings page, available in the Admin Console Settings section:

MapML_tcrs_menu

The MapML TCRS Settings page provides a selector containing available GridSets. The administrator can select GridSets from the left list that will be converted to TiledCRSs.

MapML_tcrs_selector

Check out the documentation for more insights.

These changes provide better integration and more powerful capabilities for creating web maps with MapML.

GEOS-11561 Client-Delegating MapML Proxy
GEOS-11577 Rename MapML <layer-> to <map-layer>, rename viewer bundle to mapml.js
GEOS-11605 MapML Support custom TCRS projections from existing GridSets
GEOS-11666 Update MapML viewer to latest release 0.16.0

Smart Data Loader Enhancements

The Smart Data Loader has been improved with override rules, making it more flexible for data management scenarios:

The Smart Data Loader plugin automates the creation of XSD schemas and App-Schema mapping files, significantly simplifying the configuration of complex feature data in GeoServer.

With the new override rules capability, you can now customize how database tables are mapped to feature types without modifying the database schema, providing greater control and flexibility when working with complex or legacy data structures.

For more details on using Smart Override Rules, see the official documentation.

GEOS-11741 Enhancing Smart Data Loader with Override Rules
GEOS-11691 Smart data loader accepts bigint and bigserial but not int8 postgresql type alias

GeoFence Improvements

The GeoFence extension has received several significant improvements:

These improvements make GeoFence more flexible and powerful for implementing fine-grained security policies.

GEOS-11702 GeoFence: major libs update
GEOS-11704 GeoFence: filter rule list by IP address
GEOS-11705 GeoFence: make rules valid within a date range
GEOS-11526 GeoFence: slow GeoServer response when there are many roles and layergroups

Performance Improvements

Several performance improvements have been implemented in this release:

GEOS-11580 Improve embedded GWC meta-tiling performance
GEOS-11766 Speed up CRS and store factory lookups during catalog loading
GEOS-11722 Coverage view reader partially ignores multithreaded loading
GEOS-11739 Excessive memory usage for WMS KML output format
GEOS-11760 Fix a potential OOM in the KML transformation

WPS Improvements

Several improvements have been made to the Web Processing Service implementations:

GEOS-11564 WPS calls to internal WFS will handle requests with version=2.0.0
GEOS-11783 Longitudinal profile process now allows for input chaining
GEOS-11784 The longitudinal profile process limits the number of points it can extract
GEOS-11785 The longitudinal profile process now respects cancellation
GEOS-11786 General performance improvements for the longitudinal profile process

Other Improvements

GEOS-11468 Coverage REST API URL Checks
GEOS-11562 Default Gzip filter setting in web.xml does not compress application/javascript
GEOS-11578 WMTS Multidim extension, allow usage of a sidecar in a separate store
GEOS-11603 KML download mode now shows layer titles
GEOS-11612 Add system property support for Proxy base URL -> use headers activation
GEOS-11613 Increase control-flow logging admin visibility in logs
GEOS-11624 Split Geopackage extension into separate modules to reduce dependencies
GEOS-11625 Add “Challenge Anonymous Sessions” Option to AuthKey Filter
GEOS-11645 Control FreeMarker template access
GEOS-11654 Fix multiline strings that are missing a space between the lines
GEOS-11677 Hide version info on GWC home page

Library Updates

GeoServer 2.27.0 includes updates to many core libraries:

GEOS-11770 Update to jai-ext 1.1.31
GEOS-11771 Update to Imageio-EXT 1.4.15
GEOS-11590 Upgrade log4j to 2.24.1 and slf4j to 2.0.16
GEOS-11608 Update Bouncy Castle Crypto package from bcprov-jdk15on:1.69 to bcprov-jdk18on:1.79
GEOS-11609 Bump XStream from 1.4.20 to 1.4.21
GEOS-11685 Bump jetty.version from 9.4.56.v20240826 to 9.4.57.v20241219
GEOS-11631 Update MySQL driver to 9.1.0
GEOS-11743 Upgrade Oracle JDBC driver (ojdbc) from 8 to 11
GEOS-11754 Update to mapfish-print-v2 2.3.3
GEOS-11763 Update jai-ext to latest version (1.1.30)

Bug Fixes

Many bugs have been fixed in this release, including:

GEOS-4533, GEOS-7967 Fixed WPS demo builder chaining issues
GEOS-11494 WFS GetFeature request with a propertyname parameter fails when layer attributes are customized
GEOS-11524 CSW: default queryables mapping not generated
GEOS-11540 OGC API queryables features call not working in JSON
GEOS-11607 KML WMS GetMap is performing a heavy database load query
GEOS-11620 Smart Data Loader plugin produces a Mapping file data source definition and tries to establish a connection pool, but fails
GEOS-11636 Store panels won’t always show feedback in target panels
GEOS-11649 Welcome page per-layer is not respecting global service enablement
GEOS-11658 Time editor dumps stack trace in UI if the start or end time values are intervals
GEOS-11664 Update REST security paths
GEOS-11667 Make WMTS work in strict cite compliance mode
GEOS-11668 WMTS home page capabilities link uses 1.1.1 as the version, and the wrong version negotiation approach
GEOS-11684 GDAL no longer included in Docker image
GEOS-11762 Feature Templates by feature type can not be listed via GeoServer Rest API
GEOS-11792 Default Service Capabilities shown on initial start with no workspaces
GEOS-11796 Deadlocks During GeoServer Startup When Loading Style Group Layer Groups

Community Module Updates

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

Community module development:

GEOS-11651 Support env parametrization on OIDC filter
GEOS-11781 Community cleanup fall 2024
Removed abandoned community modules:
- GEOS-11641 Remove the abandoned community module webservice-test
- GEOS-11642 Remove the gwc-distributed community module

Full Release Notes

For the complete list of changes, see 2.27.0 release notes.

About GeoServer 2.27 Series

Additional information on GeoServer 2.27 series:

Release notes: (2.27.0)