This is a follow up to 2024 roadmap post outlining development opportunities.

First of all thanks to developers and organisations that have responded with offers of in-kind contributions. This blog post is assessing current progress and outlines a way forward to complete the Java 17/Jakarta EE/Spring 6 upgrades.

This post highlights development activities that are available to be worked on today, along with interested developers and commercial support providers available to work on GeoServer roadmap items.

Spring Framework 6 Tasks

The key challenge we are building towards is a spring-framework 6 update, ideally by the end of 2024 when the version we use now reaches end-of-life.

The tasks below are steps towards this goal.

Wicket 9 upgrade

Interested Parties:

• Brad has been doing amazing work with the Wicket 9 upgrade and is in need of assistance.
• GeoCat has offered to do manual A/B testing when PR is ready for testing.

Activity:

• [GEOS-11275] Wicket 9 upgrade
• geoserver#7154

Spring Security 5.8 update

Spring Security 5.8 provides a safe stepping stone ahead of the complete spring-framework 6 upgrade and is an activity that can be worked on immediately.

Interested parties:

• Andreas Watermeyer (ITS Digital Solutions) offered to work on this activity in during the initial January call out, and has indicated they are now ready to start.

Activity:

• [GEOS-11271] Upgrade spring-security to 5.8

Spring Security Core implementation of OAuth2 / OIDC

The spring-security-oauth client has reached end-of-life and a GeoServer OAuth2 support must be rewritten or migrated as a result.

There are two paths to migrate to spring-security-core implementation:

• Option: Migrate the existing community module implementations to spring-security-core in place; with as little loss of functionality as possible. This has the advantage of using existing test coverage to maintain a consistent set of functionality during migration.

• Option: Setup a community module alongside the existing implementation with the goal of making a full supported etension. This approach has the advantages of allowing organisations the ability to do A/B testing as both the old and new implementation would be available alongside each other. This has the advantage of allowing stakeholders to only fund, implement, test functionality as required without disrupting existing use.

Security integrations often require infrastructure to develop and test against, which the core GeoServer team does not have access to for automated tests. We would like to see organisations review their security integration requirements and be on hand to support this development activity.

The initial priority will support for OAuth2 and Open ID Connect (OIDC), parties interested in maintaining support for Google, GeoNode, GitHub are welcome to participate.

Interested Parties:

• Andreas Watermeyer (ITS Digital Solutions) offered to work on this activity, or test as needed.
• GeoCat is interested in this work also, with the goal of bringing the OIDC plugin up to full extension status (if financing is available).

Activity: not started

• [GEOS-11272] spring-security-oauth replacement, with spring-security 5.8

ImageN / JAI Replacement

The image processing library used by GeoServer has been donated to the open source community under the name ImageN.

The immediate goal has been to add test cases to this codebase and make an ImageN 1.0 release. Andrea has come up with the amazing idea of integrating with JAI-Ext project immediately, to benefit from the improved operators, and jumpstart test coverage.

Interested Parties:

• Jody (GeoCat) is available to support this activity, or take lead if funding is available.
• Andrea (GeoSolutions) has had a deep dive into the implications for the JAI-EXT project outlining a roadmap for project integration

We would like to see organisations that depend on GeoServer for earth observation and imagery to step forward with funding for this activity.

2024 Financial support and sponsorship

Thus far 2024 has not had a strong enough sponsorship response to support the project goals above. As a point of comparison we established a budget of $15,000 with OSGeo last year to take on an low-level API change that affected several projects.

This year GeoServer sponsorship has raised between $1,000 and $2,000 which is not enough to plan with or coordinate in-kind contributions offered thus far.

Jody has worked with the OSGeo board to make adjustments to the sponsorship:

• Guidance has been provided for appropriate sponsorship levels for individual consultants, small organisation, companies and public institutions of different sizes.
• There are clear examples of how to sponsor and donate, along with the the perks and publicity associated with financial support
• GeoServer has a new sponsorship page on our website collecting this information
• GeoServer now lists sponsors logos on our home page, alongside core contributors.

We would like to thank everyone who has responded thus far:

• Sponsors: How 2 Map, illustreets
• Individual Donations: Peter Rushforth, Marco Lucarelli, Gabriel Roldan, Jody Garnett, Manuel Timita, Andrea Aime

GeoServer 2.25.3 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a stable release of GeoServer recommended for production use. GeoServer 2.25.3 is made in conjunction with GeoTools 31.3. This release is smaller than usual due to the earlier 2.25.2 security update that was released earlier this month.

Thanks to Ian Turton for making this release.

Release notes

Improvement:

• GEOS-11336 security-keycloak: upgrade keycloak version
• GEOS-11424 Speed up web-ui WorkspaceAdminComponentAuthorizer
• GEOS-11441 DisabledServiceResourceFilter spams debugging logs with property accesses
• GEOS-11442 Cache availability of gdal_translate in gdal_translate based WCS output formats
• GEOS-11443 REST API does not take effect immediately due to 10 minute authentication cache

Bug:

• GEOS-11446 [INSPIRE] Incorrect behavior for unsupported languages
• GEOS-11462 500 error thrown when double adding a user to a group via REST with JDBC user/group services

Task:

• GEOS-11464 Update Jackson 2 libs from 2.17.1 to 2.17.2

For the complete list see 2.25.3 release notes.

Community Updates

Community module development:

• GEOS-10690 Task manager plugin is missing dependencies
• GEOS-11111 Open search for EO community module: STAC search page has wrong self link
• GEOS-11438 OpenSearch for EO/STAC lack the service configuration panel
• GEOS-11439 JDBCOpenSearch access should cache the list of type names in request scope
• GEOS-11445 OGCAPI ServiceDescriptors
• GEOS-11469 Datadir catalog loader does not decrypt HTTPStoreInfo passwords

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.25 Series

Additional information on GeoServer 2.25 series:

• GeoServer 2.25 User Manual
• GeoServer 2024 Roadmap Plannings
• GeoServer 2024 Q3 Developer Update
• Raster Attribute Table extension
• Individual contributor clarification

Release notes: ( 2.25.3 | 2.25.2 | 2.25.1 | 2.25.0 | 2.25-RC )

GeoSpatial Techno is a startup focused on geospatial information that is providing e-learning courses to enhance the knowledge of geospatial information users, students, and other startups. The main approach of this startup is providing quality, valid specialized training in the field of geospatial information.

( YouTube | LinkedIn | Facebook | X )

Utilizing the Demo Section in Geoserver

In this session we aim to provide content on how to use the Demo menu and its modules in GeoServer and teach the process of making different requests and getting responses from the server. If you want to access the complete tutorial, simply click on the link.

Introduction

The Demo page provides valuable tool to help you practice with requests and understand how GeoServer works. The Demo Requests is used to create and test requests to GeoServer. The user can see the response to successful requests, or troubleshoot problems. To become familiar with the demo page, navigate to Demos to open the GeoServer Demos page. This page contains these options:

• Demo Requests
• SRS List
• Reprojection Console
• WCS Request Builder.

If you have installed the WPS extension, you will see an additional option called WPS Request Builder.

Note. These tools are for the public like Layer Preview, you do not need to be logged into GeoServer to access this page.

Note. This video was recorded on GeoServer 2.22.4, which is not the most up-to-date version. Currently, versions 2.24.x and 2.25.x are supported. To ensure you have the latest release, please visit this link. and avoid using older versions of GeoServer.

Demo Request

This page has examples of WMS, WCS, and WFS requests for GeoServer that you can use to examine and change. To learn about WMS, WFS, and WCS standards, simply click on the link.

Now let’s explore some basic operations:

• From the drop-down list, you can select a set of prepared requests. They are listed with a syntax declaring the standard as a prefix and the standard’s version as a suffix. Choose WFS_getCapabilities-1.1.xml.
• Press the Submit button. A new panel is shown, and, after a while, it lists the XML response from GeoServer.
• Another basic WFS operation is getFeature, which will retrieve a feature for you. Select WFS_getFeature-1.0.xml. If you look at the XML code, you can see a clear reference to the topp:states layer, which is included in the sample set.
• Press the Submit button. A new panel is shown, and, after a while, it lists the XML response from GeoServer. The code is a GML representation of the features with fid = 3, as requested in the filter.

The Demo requests interface lets you select sample requests and modify them to perform testing on GeoServer. When in doubt about a specific operation, this application should be the first point where you go to debug. From here, you can concentrate on the request’s syntax, avoiding network issues or other problems that you may have experienced with an external client.

New Feature: For GeoServer 2.25.2 the Demo Request page has been improved to show response Headers, and provide the option to pretty print XML output.

SRS List

GeoServer natively supports almost 4000 Spatial Referencing Systems (SRS), also known as projections, and more can be added. A spatial reference system defines an ellipsoid, a datum using that ellipsoid, and either a geocentric, geographic or projection coordinate system. This page lists all SRS info known to GeoServer.

The Code column refers to the unique integer identifier of that spatial reference system. Each code is linked to a more detailed description page, accessed by clicking on that code. Now let’s filter the projection list:

• In the Search textbox, type in the project code for the basic projection, 4326 or WGS 84; then press Enter.
• Click on the projection code to show the projection details that include:
  • A short text description of the SRS
  • An EPSG or Internal description of the SRS, provides an overview of how each projection is defined. It includes several parameters formatted in the WKT format.
  • And a map showing you the area of validity or bounding box for the SRS. For 4326, it is the planet’s surface.
• Repeat these steps to review another code 32633 which is the WGS 84, UTM zone 33N. Please consider the area of validity and the countries eligible to use this SRS.

Reprojection console

The reprojection console allows you to calculate and quickly test coordinate transformation. You can use it to convert a single coordinate or WKT geometry and transform it from one CRS to another. In this recipe, you’ll discover a simple, yet very useful tool that ships with GeoServer. It lets you have a look at how coordinates change when you move data from one CRS to another.

• From the list, select the Reprojection console.
• Insert EPSG:4326 in the Source CRS field and EPSG:32632 in the Target CRS field. Then, enter the coordinates of the POINT in the Geometry of Source CRS field, similar to what you see on the video. In this example, we used the coordinates of the San Siro stadium in Milan.
• Click on the Forward Transformation link; GeoServer calculates the new coordinates for you and fills the Geometry of Target CRS textbox. Use Forward transformation to convert from source CRS to target CRS, and Backward transformation to convert from target CRS to source CRS. You can also view the underlying calculation GeoServer is using to perform the transformation.

WCS Request Builder

The WCS Request Builder is a tool for generating and executing WCS requests. Since WCS requests can be cumbersome to the author, this tool can make working with WCS much easier. To access the WCS Request Builder, Select WCS Request Builder from the list of demos. The WCS Request Builder consists of a form that can be used to generate several different types of requests. When first opened, the form is short, only including these options:

• WCS Version—Version of WCS to use when crafting the request.
• Coverage name—Coverage to use in the request.

Note. All other options displayed will be non-functional until Coverage name is selected. Once selected, the remainder of the form will be displayed. Watch the video for a full explanation of these options:

• Spatial subset
• Coordinate reference system
• Specify source grid manually (1.0.0 only)
• Target coverage layout (1.1.1 only)
• Target CRS
• Output format

There is also a link for Describe coverage next to the Coverage name which will execute a WCS DescribeCoverage request for the particular layer. At the bottom of the form are two buttons for form submission:

• Get Coverage: It executes a GetCoverage request using the parameters in the form.
• Generate GetCoverage XML: Clicking this button generates the GetCoverage request based on the form parameters.

By using this generated XML code, you can easily construct and customize your GetCoverage requests with various parameters, making it easier to retrieve the desired coverage data from GeoServer.

New Feature: For GeoServer 2.25.2 the WCS Request Builder has new option to open the generated request in the Demo Request Builder. This is very helpful allowing the response to be shown on the page, rather than downloaded in the browser.

WPS Request Builder

GeoServer with the WPS extension installed includes a request builder for generating and executing WPS processes. Using this tool can greatly simplify the process of authoring WPS requests and making your work with WPS much more convenient and efficient. It’s always nice to have assistance in tasks that can be complex or time-consuming. This tool can be a valuable asset in your WPS workflow.

In future sessions, we’ll dive deep into the Web Processing Service or WPS and explore its functionalities and how to use different functions in detail. So get ready to expand your knowledge and learn how to leverage the power of WPS for your geospatial analysis needs!

New Feature: For GeoServer 2.25.2 the WPS Request Builder has the new option to open the generated request in the Demo Request Builder.

In this session, we took a brief journey through GeoServer Demo section. we have explored the Demo menu and its modules in GeoServer. If you want to access the complete tutorial, simply click on the link.

GeoServer 2.25.2 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a stable release of GeoServer recommended for production use. This release is made ahead of schedule to address an urgent bug or security vulnerability (see CVE-2024-36401 below). GeoServer 2.25.2 is made in conjunction with GeoTools 31.2, and GeoWebCache 1.25.2.

Thanks to Jody Garnett (GeoCat) for making this release on behalf of GeoCat customers.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

• CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
• CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate)
• CVE-2024-34696 GeoServer About Status lists sensitive Environmental Variables (Moderate)
• CVE-2024-35230 Moderate

The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See the project security policy for more information on how security vulnerabilities are managed.

Demo Requests page rewritten

The Demo Request page has been rewritten to use JavaScript to issue POST examples. This provides a much better user experience:

• Show Result lists the response headers to be viewed along side the returned result (with an option for XML pretty printing).
• Show Result in a New Page is available to allow your browser to display the result.

The WCS Request Builder and WPS Request Builder demos now have the option to show their results in Demo Requests page. Combined these changes replace the previous practice of using an iframe popup, and have allowed the TestWfsPost servlet to be removed.

For more information please see the Demo requests in the User Guide.

Thanks to David Blasby (GeoCat) for these improvements, made on behalf of the GeoCat Live project.

• GEOS-11390 Replace TestWfsPost with Javascript Demo Page

Release notes

New Feature:

• GEOS-11390 Replace TestWfsPost with Javascript Demo Page

Improvement:

• GEOS-11351 Exact term search in the pages’ filters

Bug:

• GEOS-7183 Demo request/wcs/wps pages incompatible with HTTPS/PKI
• GEOS-11416 GeoPackage output contains invalid field types when exporting content from PostGIS
• GEOS-11430 CiteComplianceHack not correctly parsing the context

Task:

• GEOS-11411 Upgrade to ImageIO-EXT 1.4.11
• GEOS-11426 Rework community dependency packaging to use module’s dependencies
• GEOS-11429 Split COG community module packaging based on target cloud provider
• GEOS-11432 Upgrade to ImageIO-EXT 1.4.12

For the complete list see 2.25.2 release notes.

Community Updates

Community module development:

• GEOS-11412 Remove reference to JDOM from JMS Cluster (as JDOM is no longer in use)
• GEOS-11413 STAC uses inefficient dabase queries when asking for collections in JSON format

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.25 Series

Additional information on GeoServer 2.25 series:

• GeoServer 2.25 User Manual
• GeoServer 2024 Roadmap Plannings
• Raster Attribute Table extension
• Individual contributor clarification

Release notes: ( 2.25.2 | 2.25.1 | 2.25.0 | 2.25-RC )

GeoServer 2.24.4 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes. It also includes security vulnerability fixes.

GeoServer 2.24.4 is made in conjunction with GeoTools 30.4, and GeoWebCache 1.24.4.

Thanks to Peter Smythe (AfriGIS) for making this release.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

• CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
• CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate)
• CVE-2024-34696 GeoServer About Status lists sensitive Environmental Variables (Moderate)

The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See project security policy for more information on how security vulnerabilities are managed.

Demo Requests page rewritten

The Demo Request page has been rewritten to use JavaScript to issue POST examples. This provides a much better user experience:

• Show Result lists the response headers to be viewed along side the returned result (with an option for XML pretty printing).
• Show Result in a New Page is available to allow your browser to display the result.

The WCS Request Builder and WPS Request Builder demos now have the option to show their results in Demo Requests page. Combined these changes replace the previous practice of using an iframe popup, and have allowed the TestWfsPost servlet to be removed.

For more information please see the Demo requests in the User Guide.

Thanks to David Blasby (GeoCat) for these improvements, made on behalf of the GeoCat Live project.

• GEOS-11390 Replace TestWfsPost with Javascript Demo Page

Release notes

New Feature:

• GEOS-11390 Replace TestWfsPost with Javascript Demo Page

Improvement:

• GEOS-11311 Show a full stack trace in the JVM stack dump panel

• GEOS-11369 Additional authentication options for cascaded WMS

  WMTS data stores

• GEOS-11400 About Page Layout and display of build information
• GEOS-11401 Introduce environmental variables for Module Status page

Bug:

• GEOS-7183 Demo request/wcs/wps pages incompatible with HTTPS/PKI
• GEOS-11202 CAS extension doesn’t use global “proxy base URL” setting for service ticket
• GEOS-11331 OAuth2 can throw a “ java.lang.RuntimeException: Never should reach this point”
• GEOS-11332 Renaming style with uppercase/downcase empty the sld file
• GEOS-11382 The interceptor “CiteComplianceHack” never gets invoked by the Dispatcher Servlet
• GEOS-11385 Demo Requests functionality does not honour ENV variable PROXY_BASE_URL
• GEOS-11416 GeoPackage output contains invalid field types when exporting content from PostGIS
• GEOS-11430 CiteComplianceHack not correctly parsing the context

Task:

• GEOS-11318 Upgrade postgresql from 42.6.0 to 42.7.2
• GEOS-11374 Upgrade Spring version from 5.3.33 to 5.3.34
• GEOS-11375 GSIP 224 - Individual contributor clarification
• GEOS-11393 Upgrade commons-io from 2.12.0 to 2.16.1
• GEOS-11395 Upgrade guava from 32.0.0 to 33.2.0
• GEOS-11397 App-Schema Includes fix Integration Tests
• GEOS-11402 Upgrade PostgreSQL driver from 42.7.2 to 42.7.3
• GEOS-11403 Upgrade commons-text from 1.10.0 to 1.12.0
• GEOS-11404 Upgrade commons-codec from 1.15 to 1.17.0

For the complete list see 2.24.4 release notes.

Community Updates

Community module development:

• GEOS-11040 Could not get a ServiceInfo for service Features thus could not check if the service is enabled
• GEOS-11381 Error in OIDC plugin in combination with RoleService
• GEOS-11412 Remove reference to JDOM from JMS Cluster (as JDOM is no longer in use)

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.24 Series

Additional information on GeoServer 2.24 series:

• GeoServer 2.24 User Manual
• Control remote HTTP requests sent by GeoTools/GeoServer
• State of GeoServer 2.24.1 (foss4g-asia presentation)
• Multiple CRS authority support, planetary CRS
• Extensive GeoServer Printing improvements
• Upgraded security policy

Release notes: ( 2.24.4 | 2.24.3 | 2.24.2 | 2.24.1 | 2.24.0 | 2.24-RC )