GeoServer Blog

GeoServer 2.23.1 Release

May 23, 2023 • Ian Turton

GeoServer 2.23.1 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a stable release of GeoServer suitable for production systems, made in conjunction with GeoTools 29.1 and GeoWebCache 1.23.0.

We are grateful to Ian Turton (Astun Technology Ltd) for making this release.

Release notes

Improvement:

  • GEOS-10858 jdbc-config turns off isolated workspace support

  • GEOS-10898 Preserve key order in STAC responses coming from JSONB columns

  • GEOS-10923 Use default writing params on GeoTIFFPPIO

  • GEOS-10940 Update MapML viewer to release 0.11.0

Bug:

  • GEOS-8162 CSV Data store does not support relative store paths

  • GEOS-10837 geopackage output fails when java.io.tmpdir on network share

  • GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes

  • GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls

  • GEOS-10921 Double escaping of HTML with enabled features-templating

  • GEOS-10922 Features templating exception on text/plain format

  • GEOS-10932 csw-iso: should only add 'xsi:nil = false' attribute

  • GEOS-10934 CSW does not show title/abstract on welcome page

  • GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunctionException

  • GEOS-10950 Performance regression in DescribeFeatureType across all feature types

  • GEOS-10955 STAC templates are initialised in the wrong location

  • GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits

  • GEOS-10969 Empty CQL_FILTER parameter should be ignored

  • GEOS-10975 JMS clustering reports error about ReferencedEnvelope type not being whitelisted in XStream

  • GEOS-10985 B/R of GeoServer catalog is broken with GeoServer 2.23.0

Task:

For the complete list see 2.23.1 release notes.

About GeoServer 2.23 Series

Additional information on GeoServer 2.23 series:

Release notes: ( 2.23.1 | 2.23.0 | 2.23-RC1 )

Read More

GeoServer 2.21.5 Release

May 8, 2023 • Daniele Romagnoli

GeoServer 2.21.5 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a maintenance release of the GeoServer 2.21.x series, made in conjunction with GeoTools 27.5 and GeoWebCache 1.21.5.

Thanks to Daniele Romagnoli (GeoSolutions) for making this release.

Security Considerations

2024-06-30 Update: The following mitigation has been provided:

  • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)

    geoserver-2.21.5-patches.zip (replacing gt-app-schema, gt-complex and gt-xsd-core jars) has been provided by Andrea (GeoSolutions)

See project security policy for more information on how security vulnerabilities are managed.

Release notes

Bug

  • GEOS-3978 Layer configuration allows admin to enter a zero area bounding box

  • GEOS-6313 Lifecycle handlers not properly called during shutdown

  • GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name

  • GEOS-10500 WFS-T unable to delete more than 30 features in a single transaction when the data source is PostGIS

  • GEOS-10517 jms-cluster classes missing from XStream security configuration

  • GEOS-10593 Regression: Creating SQL View via REST API and explicit attribute list is no-longer possible

  • GEOS-10611 Uploading application/zip to styles endpoint does not clean up temporary files

  • GEOS-10828 OGC API - Features - Plugin breaks core `/rest` API with JSON payloads

  • GEOS-10837 geopackage output fails when java.io.tmpdir on network share

  • GEOS-10869 Jayway JSON Path libraries not included anymore on GeoServer packages

  • GEOS-10878 wps-multidimensional and wps-jdbc are not being deployed on maven repo

  • GEOS-10896 Missing NULL check in the template backwards mapping

  • GEOS-10899 Features template escapes twice HTML produced outputs

  • GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes

  • GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls

  • GEOS-10921 Double escaping of HTML with enabled features-templating

  • GEOS-10932 csw-iso: should only add ‘xsi:nil = false’ attribute

  • GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunction Exception

  • GEOS-10950 Performance regression in DescribeFeatureType across all feature types

  • GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits

Improvement

  • GEOS-10870 Allow importer AttributesToPointGeometryTransform to preserve original geometries, and to configure the name of the target geometry

  • GEOS-10940 Update MapML viewer to release 0.11.0

Task

For complete information see 2.22.5 release notes.

About GeoServer 2.21

Additional information on GeoServer 2.21 series:

Release notes: ( 2.21.5 | 2.21.4 | 2.21.3 | 2.21.2 | 2.21.1 | 2.21.0 | 2.21-RC )

Read More

GeoServer 2.22.3 Release

May 5, 2023 • Daniele Romagnoli

GeoServer 2.22.3 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a maintenance release of the GeoServer 2.22.x series, made in conjunction with GeoTools 28.3 and GeoWebCache 1.22.2.

Thanks to Daniele Romagnoli (GeoSolutions) for making this release.

Feature Type Description

Building on top of the ability to customize FeatureTypes GeoServer can now define a description for each attribute. This information is used in WFS DescribeFeatureType to provide a human readable name or description for the attributes being published.

Attribute Descriptions

Thanks to Joseph Miller (GeoSolutions) for this improvement.

  • GEOS-10868 Add support for editable description in GeoServer customize feature type table

Release notes

Bug:

  • GEOS-3978 Layer configuration allows admin to enter a zero area bounding box

  • GEOS-6313 Lifecycle handlers not properly called during shutdown

  • GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name

  • GEOS-10500 WFS-T unable to delete more than 30 features in a single transaction when the data source is PostGIS

  • GEOS-10517 jms-cluster classes missing from XStream security configuration

  • GEOS-10593 Regression: Creating SQL View via REST API and explicit attribute list is no-longer possible

  • GEOS-10611 Uploading application/zip to styles endpoint does not clean up temporary files

  • GEOS-10837 geopackage output fails when java.io.tmpdir on network share

  • GEOS-10865 Backwards incompatible change in the XML representation of user roles

  • GEOS-10869 Jayway JSON Path libraries not included anymore on GeoServer packages

  • GEOS-10871 about geoserver page reporting @project.version@ for WAR deploy

  • GEOS-10878 wps-multidimensional and wps-jdbc are not being deployed on maven repo

  • GEOS-10890 Wrong path for the license file in the Windows installer script

  • GEOS-10896 Missing NULL check in the template backwards mapping

  • GEOS-10899 Features template escapes twice HTML produced outputs

  • GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes

  • GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls

  • GEOS-10921 Double escaping of HTML with enabled features-templating

  • GEOS-10922 Features templating exception on text/plain format

  • GEOS-10934 CSW does not show title/abstract on welcome page

  • GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunction Exception

  • GEOS-10950 Performance regression in DescribeFeatureType across all feature types

  • GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits

Improvement:

  • GEOS-10858 jdbc-config turns off isolated workspace support

  • GEOS-10870 Allow importer AttributesToPointGeometryTransform to preserve original geometries, and to configure the name of the target geometry

  • GEOS-10898 Preserve key order in STAC responses coming from JSONB columns

  • GEOS-10923 Use default writing params on GeoTIFFPPIO

Task:

For complete information see 2.22.3 release notes.

About GeoServer 2.22

Additional information on GeoServer 2.22 series:

Release notes: ( 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )

Read More

GeoServer 2.23.0 Release

Apr 5, 2023 • Jody Garnett

GeoServer 2.23.0 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a stable release of GeoServer suitable for production systems, made in conjunction with GeoTools 29.0 and GeoWebCache 1.23.0.

Thanks to Jody Garnett (GeoCat) for making this release. Additional thanks to those volunteering to test the release candidate, your assistance is seen and appreciated: Peter Rushforth, Mark Prins, Gabriel Roldan, and Juan Luis Rodríguez.

Keeping GeoServer sustainable requires community commitment. If you are unable to contribute time, sponsorship options are available via the Open Source Geospatial Foundation.

Security Considerations

This release addresses a security vulnerability and is considered an essential upgrade for production systems.

For more information see OGC Filter Injection Vulnerability Statement. If you have already updated to a patched release that is excellent. We still advise updating to benefit from the considerable work done updating dependencies for GeoServer 2.23.0.

Java 11 Minimum

With this release GeoServer no longer supports Java 8, and it is time to upgrade to Java 11 at a minimum. Our build system tests GeoServer in with Java 11 and Java 17 which are both long-term-support OpenJDK releases.

JVM 11 Minimum

If you try starting this version of GeoServer with Java 8 it will produce the following failure:

java.lang.UnsupportedClassVersionError: org/geoserver/GeoserverInitStartupListener
has been compiled by a more recent version of the Java Runtime (class file version 55.0),
this version of the Java Runtime only recognizes class file versions up to 52.0

For more information please see our User Manual Installation (User Manual) and Java Considerations (User Manual) pages.

CSS Cleanup

The first big internal change for this release of GeoServer is a cleanup of the theme used for the GeoServer web administration application. Previously the pages had lots of little styling adjustments to try and get components to line up correctly and appear okay.

With this update all of the handmade styling changes have been removed, and everything is managed by the “geoserver.css” theme.

Thanks to Michel Gabriël (GeoCat) who started this work at the Bolsena code-sprint as a labour of love (well frustration).

Spring Upgrade

The second internal change for this release of GeoServer is an upgrade to the Spring Framework used to wire the internals of GeoServer together.

While this should not result in any change to functionality, it has resulted in quite a lot of careful quality assurance and testing to ensure everything is still connected and works as intended.

Thanks to Joseph Miller (GeoSolution) who worked on this activity.

  • GEOS-10779 Upgrade GeoServer Core Spring to 5.3.23 and Spring Security to 5.7.3

  • GEOS-10907 Update spring.version from 5.3.25 to 5.3.26

Windows installer Java 11 Update

Windows users are advised to keep the Java 11 minimum requirement in mind when upgrading existing systems.

The installer will correctly detect the OpenJDK Adoptium, users of Oracle JDK may need to use the browse button:

Adoptium JDK 17 Manual

Thanks to Juan Luis Rodríguez (GeoCat) for troubleshooting the windows installer for this release.

  • GEOS-10890 Wrong path for the license file in the Windows installer script

Feature Type Description

A welcome new feature, building on top of the ability to customize FeatureTypes is the ability to provide a description for each attribute. This information is used in WFS DescribeFeatureType to provide a human readable name or description for the attributes being published.

Attribute Descriptions

Thanks to Joseph Miller (GeoSolutions) for this improvement.

  • GEOS-10868 Add support for editable description in GeoServer customize feature type table

OGC CITE Fixes

The traditional OGC Open Web Services have not had automated CITE tests run for a while, but a few fixes have been made to restore CITE compliance:

  • GEOS-10787 CITE WCS 1.1.1 - Throw exception on bad ‘store’ parameter

  • GEOS-10788 CITE WCS 1.1.1 - Empty InterpolationMethod should throw exception

  • GEOS-10757 CITE: WMS <Style> has elements in wrong order (DTD validation)

  • GEOS-10782 CITE WFS 1.1 - HITS mimetype is incorrect

  • GEOS-10783 CITE WFS 1.1 - Check customized feature type to determine if transform wrapper needed

  • GEOS-10784 CITE WFS 1.1 - don’t do illegal geometry conversions

  • GEOS-10785 CITE WFS 1.1 - Data Dir - allow anonymous users to modify data

Thanks to David Blasby (GeoCat) for this work on behalf of the GeoCat Live Project. David addressed several errors in the CITE testing for these services while addressing the above issues for the GeoServer community.

A number of CITE conformance issues remain open, notably the handling of acceptsVersions with a mix of older protocols (such as WFS 2.0, WFS 1.1 and WFS 1.0). If you are interested in funding or sponsoring this activity please visit our sponsorship page.

Configuration Saving and Loading

A special call out to Dieter Stuken for working on the kind of fixes that just cause frustration - trouble shooting the internal Resource Store component that allows GeoServer configuration to be saved in a disk or database.

These fixes help the GeoServer Admin Console provide better error messages when a file is unavailable. And prevent the accidental creation of “missing” files when attempting to read from locations with no content.

  • GEOS-10724 SpringResourceAdaptor should throw a FileNotFoundException instead of creating any missing file

  • GEOS-10743 ResourcePool.readStyle created empty files

  • GEOS-10723 clean up params-extractor plugin to use Resource

Documentation and Tutorials

A few section of the User manual have been updated:

Thanks to Jody Garnett (GeoCat) and all those who contributed documentation fixes for this release.

  • GEOS-10759 Welcome page unreachable with large / slow catalogue configuration

Community Updates

The following community module has been retired:

  • GEOS-10778 Retire GeoStyler community module

    The plugin is now maintained outside of the GeoServer repository at https://github.com/geostyler .

Security community modules

With the upgrade to Spring Security to 5.7.3 mentioned above, the community security modules have affected.

A reminder that these modules are in need of your support to be recognized as an extension (and be included in our automated testing). Contact the appropriate module maintainer (Alessio or David) to see how you can assist.

OGCAPI community module Updates

The OGCAPI community module remains under active development:

  • GEOS-10889 OGC API info section should report the spec version, not the server version

  • GEOS-10758 OGCAPI - Features - Add storageCrs property for Collections

  • GEOS-10888 OGC API styles OpenAPI document points to dangling remote resources

  • GEOS-10854 Move the OGC API OpenAPI definitions to the “openapi” resource

  • GEOS-10855 Update the new OGC APIs so that the major version number is part of the path

  • GEOS-10881 Add Content-Crs header to OGC API

  • GEOS-10885 Remove Axis Order from OGC API Header

Andrea (GeoSolutions) has been working towards CITE compliance on behalf of Geonovum.

OGC API Features

OGC API Features

As a community module GeoServer OGC API is made available to developers for collaboration, and can also be accessed as a nightly build for feedback. If you are in a position to support this activity with time, money or resources please contact Andrea.

Improvements and Fixes

New Feature:

  • GEOS-10696 Allow configuration of Output Format types allowed in GetFeature

Improvement:

  • GEOS-10735 Obfuscate secret key in S3 Blob Store, avoiding requiring reentry when editing and HTML source visibility

  • GEOS-10739 Contact information user interface feedback for welcome message

  • GEOS-10740 Service enabled does not respect minimal/custom service names

  • GEOS-10750 German Translation Overhaul Part 1

  • GEOS-10755 WCS 2.0 module should not use string concatenation to build XML

  • GEOS-10762 Allow enabling auto-escaping for WMS GetFeatureInfo HTML templates

  • GEOS-10814 Update jdbc config to use consistent SQL formatting

  • GEOS-10879 Dispatcher should not respond to non standard HTTP methods

Fixes:

  • GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name

  • GEOS-10865 Backwards incompatible change in the XML representation of user roles

  • GEOS-10905 Default CSW properties do not allow sorting by identifiers

Tasks:

For the complete list see 2.23.0 release notes.

About GeoServer 2.23 Series

Release notes: ( 2.23.0 | 2.23-RC1 )

Read More

GeoServer 2.23-RC1 Release

Mar 14, 2023 • Gabriel Roldan

GeoServer 2.23-RC1 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a release candidate intended for public review and feedback, made in conjunction with GeoTools 29-RC1 and GeoWebCache 1.23-RC1.

Thanks to Gabriel Roldan (Camptocamp), Jody Garnett (GeoCat), and Andrea Aime (Geosolutions) for making this release candidate.

Release candidate public testing and feedback

Testing and providing feedback on releases is part of the open-source social contract. The development team (and their employers and customers) are responsible for sharing this great technology with you.

The collaborative part of open-source happens now - we ask you to test this release candidate in your environment and with your data. Try out the new features, double check if the documentation makes sense, and most importantly let us know!

If you spot something that is incorrect or not working do not assume it is obvious and we will notice. We request and depend on your email and bug reports at this time. If you are working with commercial support your provider is expected to participate on your behalf.

Keeping GeoServer sustainable requires a long term community commitment. If you are unable to contribute time, sponsorship options are available via OSGeo.

Java 11 Minimum

With this release GeoServer no longer supports Java 8, and it is time to upgrade to Java 11 at a minimum. Our build system tests GeoServer in with Java 11 and Java 17 which are both long-term-support OpenJDK releases.

JVM 11 Minimum

If you try starting this version of GeoServer with Java 8 it will produce the following failure:

java.lang.UnsupportedClassVersionError: org/geoserver/GeoserverInitStartupListener
has been compiled by a more recent version of the Java Runtime (class file version 55.0),
this version of the Java Runtime only recognizes class file versions up to 52.0

For more information please see our User Manual Installation (User Manual) and Java Considerations (User Manual) pages.

CSS Cleanup

The first big internal change for this release of GeoServer is a cleanup of the theme used for the GeoServer web administration application. Previously the pages had lots of little styling adjustments to try and get components to line up correctly and appear okay.

With this update all of the handmade styling changes have been removed, and everything is managed by the “geoserver.css” theme.

Thanks to Michel Gabriël (GeoCat) who started this work at the Bolsena code-sprint as a labour of love (well frustration).

Spring Upgrade

The second internal change for this release of GeoServer in an upgrade to the Spring Framework used to wire the internals of GeoServer together.

While this should not result in any change to functionality, it has resulted in quite a lot of carefult quality assurance and testing to ensure everything is still connected and works as intended.

Your “it works” feedback during the release-candidate testing cycle is valuable and will make Joseph Miller (GeoSolution) who worked on this activity feel good.

  • GEOS-10779 Upgrade GeoServer Core Spring to 5.3.23 and Spring Security to 5.7.3

Windows installer Java 11 Update

We are especially interested in feedback on the Java 11 minium transition for those using the Windows Installer (none of our core development team is in position to test so we are depending on you).

The installer will correctly detect the Adoptium JRE 11:

Oracle JDK 17 Manual

Early feedback indicates it is unable to detect Oracle JDK 17; but you can use Browse to manually select this JDK:

Oracle JDK 17 Manual

Thanks to Juan Luis Rodríguez (GeoCat) for troubleshooting the windows installer for this release.

  • GEOS-10890 Wrong path for the license file in the Windows installer script

Feature Type Description

A welcome new feature, building on top of the ability to customize FeatureTypes is the ability to provide a description for each attribute. This information is used in WFS DescribeFeatureType to provide a human readable name or description for the attributes being published.

Attribute Descriptions

  • GEOS-10868 Add support for editable description in GeoServer customize feature type table

OGC CITE Fixes

The traditional OGC Open Web Services have not had automated CITE tests run for a while, but a few fixes have been made to restore CITE compliance:

  • GEOS-10787 CITE WCS 1.1.1 - Throw exception on bad ‘store’ parameter

  • GEOS-10788 CITE WCS 1.1.1 - Empty InterpolationMethod should throw exception

  • GEOS-10757 CITE: WMS <Style> has elements in wrong order (DTD validation)

  • GEOS-10782 CITE WFS 1.1 - HITS mimetype is incorrect

  • GEOS-10783 CITE WFS 1.1 - Check customized feature type to determine if transform wrapper needed

  • GEOS-10784 CITE WFS 1.1 - don’t do illegal geometry conversions

  • GEOS-10785 CITE WFS 1.1 - Data Dir - allow anonymous users to modify data

Thanks to David Blasby (GeoCat) for this work on behalf of the GeoCat Live Project. David address several errors in the CITE testing for these services while addressing the above issues for the GeoServer community.

A number of CITE conformance issues remain open, notably the handling of acceptsVersions with a mix of older protocols (such as WFS 2.0, WFS 1.1 and WFS 1.0). If you are interested in funding or sponsoring this activity please visit our sponsorship page.

Community Updates

The following community module has been retired:

  • GEOS-10778 Retire GeoStyler community module

    The plugin is now maintained outside of the GeoServer repository at https://github.com/geostyler .

Security community modules

With the upgrade to Spring Security to 5.7.3 mentioned above, now is a good time for any teams working with community security modules to perform integration testing.

A reminder that these modules are in need of your support to be recognized as an extension (and be included in our automated testing). Contact the appropriate module maintainer (Alessio or David) to see how you can assist.

OGCAPI community module Updates

The OGCAPI community module remains under active development:

  • GEOS-10758 OGCAPI - Features - Add storageCrs property for Collections

  • GEOS-10888 OGC API styles OpenAPI document points to dangling remote resources

  • GEOS-10854 Move the OGC API OpenAPI definitions to the “openapi” resource

  • GEOS-10855 Update the new OGC APIs so that the major version number is part of the path

  • GEOS-10881 Add Content-Crs header to OGC API

  • GEOS-10885 Remove Axis Order from OGC API Header

Andrea (GeoSolutions) has been working towards CITE compliance on behalf of Geonovum.

OGC API Features

OGC API Features

As a community module GeoServer OGC API is made available to developers for collaboration, and can also be accessed as a nightly build for feedback. If you are in a position to support this activity with time, money or resources please contact Andrea.

OGC API Features

Improvements and Fixes

New Feature:

  • GEOS-10696 Allow configuration of Output Format types allowed in GetFeature

Improvement:

  • GEOS-10735 Obfuscate secret key in S3 Blob Store, avoiding requiring reentry when editing and HTML source visibility

  • GEOS-10739 Contact information user interface feedback for welcome message

  • GEOS-10740 Service enabled does not respect minimal/custom service names

  • GEOS-10750 German Translation Overhaul Part 1

  • GEOS-10755 WCS 2.0 module should not use string concatenation to build XML

  • GEOS-10762 Allow enabling auto-escaping for WMS GetFeatureInfo HTML templates

  • GEOS-10814 Update jdbc config to use consistent SQL formatting

  • GEOS-10879 Dispatcher should not respond to non standard HTTP methods

Tasks:

  • GEOS-10798 Sphinx site http://sphinx.pocoo.org/ is outdate

For the complete list see 2.23-RC1 release notes.

About GeoServer 2.23 Series

Additional information on GeoServer 2.23 series:

Release notes: ( 2.23-RC1 )

Read More

 Announcements

 Vulnerability

 Tutorials

 Behind The Scenes

 Developer notes