GeoServer Blog

GeoServer 2.12.5 released

Aug 24, 2018 • tbarsballe

We are happy to announce the release of GeoServer 2.12.5. Downloads are available (zipwar, and exe) along with docs and extensions.

This is the last maintenance release for the 2.12.x series, so we recommend users to plan an upgrade to 2.13.x or to the upcoming 2.14.x series. This release is made in conjunction with GeoTools 18.5.

Highlights of this release are featured below, for more information please see the release notes (2.12.52.12.42.12.3,2.12.22.12.1  2.12.0   2.12-RC1   2.12-beta).

Improvements

  • ImageMosaic should work when the images have no CRS information

  • Upgrade Apache POI dependencies

  • Upgrade jasypt dependency

  • Upgrade json-lib dependency to 2.4

  • Upgrade bouncycastle provider to 1.60

Bug Fixes

  •  NullPointerException during WMS request of layer group when caching is enabled

  • GeorectifyCoverage fails to handle paths with spaces

  •  CSS translator does not support mark offset/anchors based on expressions (but SLD does)

  • GeoServerSecuredPage might not redirect to login page in some obscure cases after Wicket upgrade

Security updates

Please update your production instances of GeoServer to receive the latest security updates and fixes.

This release addresses several security vulnerabilities:

  • Prevent arbitrary code execution via Freemarker Template injection

  • XXE vulnerability in GeoTools XML Parser

  • XXE vulnerability in WPS Request builder

  • Various library upgrades (see above) from versions with known CVEs

Thanks to Steve Ikeoka, Kevin Smith, Brad Hards and Nuno Oliveira for providing fixes to these issues.

These fixes are also included in the 2.13.2 release.

If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.

About GeoServer 2.12 Series

Additional information on the 2.12 series:

Read More

GeoServer 2.13.2 released

Jul 25, 2018 • jgarnett

We are happy to announce the release of GeoServer 2.13.2. Downloads are available (zipwar, and exe) along with docs and extensions.

This is a stable release recommended for production use. This release is made in conjunction with GeoTools 19.2 and GeoWebCache 1.13.2.

Highlights of this release are featured below, for more information please see the release notes (2.13.2  2.13.1 2.13.0  2.13-RC1 2.13-beta).

Improvements and Fixes

  • style editor map legend always includes legend

  • performance improvement for multi-band coverage time series

  • WMS 1.3.0 performance improvement for north/east axis order

  • Fix support of external graphics over http

Security updates

Please update your production instances of GeoServer to receive the latest security updates and fixes.

This release addresses several security vulnerabilities:

  • Prevent arbitrary code execution via Freemarker Template injection

  • XXE vulnerability in GeoTools XML Parser

  • XXE vulnerability in WPS Request builder

  • Various library upgrades (see above) from versions with known CVEs

Thanks to Steve Ikeoka, Kevin Smith, Brad Hards and Nuno Oliveira for providing fixes to these issues.

If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.

About GeoServer 2.13 Series

Additional information on the 2.13 series:

Read More

GeoServer 2.12.4 Release

Jun 20, 2018 • iant

We are happy to announce the release of GeoServer 2.12.4. Downloads are available (zipwar, and exe) along with docs and extensions.

This is a maintenance release and a recommend update production systems. This release is made in conjunction with GeoTools 18.4.

Highlights of this release are featured below, for more information please see the release notes (2.12.42.12.3,2.12.2, 2.12.1  2.12.0   2.12-RC1   2.12-beta).

Improvements

  • Add forceLabels=on in the style editor map legend to help users,

  • Remove language warnings during Windows setup compilation and remove ‘work’ folder when uninstalling on Windows

  • Move MongoDB community module to supported status

Bug Fixes

  • Response time of WMS 1.3.0 significantly higher than vs WMS 1.x.x on systems whose axis in north/east order

  • Exception with NULL values with AggregateProcess

  • Style with Interpolate function causes NullPointerException on GetLegendGraphic

  • WFS with startIndex doesn’t return some results

  • Vector identifying feature info uses an undocumented system variable to set the default search area

  • Removing extensions with own configuration bits may cause GeoServer not to start up anymore

  • Windows Installation issue - upgrading GeoServer results in corrupt data_dir

  • Class java.util.Map$Entry is not whitelisted for XML parsing.

  • Add WMS GetMap and GetFeatureInfo tests for App-Schema MongoDB integration

  • CatalogRepository cannot find a store by name, if the store has just been added

  • WCS 1.0.0 generates wrong links in GetCapabilities

  • CatalogRepository should return a null on store not found, instead it throws a RuntimeException

  • Layer page will only show up to 25 bands, regardless of the actual set of bands available

  • Undocumented GDAL 2.3.0 CSV output geometry column name change breaks WPSOgrTest

Security Updates

Please update your production instances of GeoServer to receive the latest security updates and fixes.

If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.

About GeoServer 2.12 Series

Additional information on the 2.12 series:

Read More

GeoServer 2.13.1 Released

May 21, 2018 • tbarsballe

We are happy to announce the release of GeoServer 2.13.1. Downloads are available (zipwar, and exe) along with docs and extensions.

This is a stable release recommended for production use. This release is made in conjunction with GeoTools 19.1 and GeoWebCache 1.13.1.

Highlights of this release are featured below, for more information please see the release notes (2.13.1 2.13.0  2.13-RC1 2.13-beta):

New Features and Improvements

  • MongoDB community module moved to extension

  • Support PNG/JPEG WPS Downloads

  • Allow self joining GetFeature without aliases

  • Add support for priority in control-flow bounded queues

  • Hibernate Monitoring extension moved to a community module

Bug Fixes

  • WCS 1.0.0 generates wrong links in GetCapabilities

  • WFS 2.0 capabilities report transaction support even if the service level is not configured as such

  • WPSResourceManager cleanup is not deleting temporary subfolders (only files)

  • GeoServer in CITE compliance mode fails to validate an empty LockFeature request

  • WMS 1.3 GetMap request significantly slower than WMS 1.1.0 since GeoServer 2.11.4

  • Import objects cannot be deleted when in COMPLETE state

  • Style with Interpolate function causes NullPointerException on GetLegendGraphic

  • Windows Installation issue - upgrading GeoServer results in corrupt data_dir

  • Windows Installer: Remove ‘work’ folder when uninstalling

Read More

GeoServer 2.12.3 Released

Apr 25, 2018 • jgarnett

We are happy to announce the release of GeoServer 2.12.3. Downloads are available (zipwar, and exe) along with docs and extensions.

This is a maintenance release and a recommend update production systems. This release is made in conjunction with GeoTools 18.3.

Highlights of this release are featured below, for more information please see the release notes (2.12.3,2.12.2, 2.12.1  2.12.0   2.12-RC1   2.12-beta).

Improvements

  • Improved bounding box reporting in WMS GetCapabilities allowing more entries to be supported when Output bounding box for every support CRS is selected. Bounding boxes are now returned for layer groups as well.

  • NetCDF/GRIB has been improved with a new setting to copy over global attributes when generating NetCDF output

Bug Fixes

  • WFS 2.0 fix for interaction with startIndex and the total features count

  • CQL filters can now be used with the WMS vector tile output format

  • GeoPackage WPS output corrected to generate y coordinates from bottom left

  • User interface for editing workspace details checks for conflicts with name or namespace URI.

  • GML 3.2 output can now limit the number of decimals used for coordinate output

  • REST management of styles now supports defining a style using POST for CSS, YSLD and MapBox styles (previously this only worked for SLD)

  • WPS output error handling does a better job reporting when Async output format parameters are incorrect.

  • WPS improvements have also been made for the cleanup of temporary folders and output “raw data encoder” (which is often used for image generation).

  • Demo request page does a better job of of reporting authorization failures, and correctly sending credentials for testing service security.

  • GetLegendGraphic fixes to correct line thickness and ensure polygons and points are not cut off.

Community Updates

For developers building from source our community modules remain a great place to collaborate on new functionality and improvements. This month Nuno Oliveira has added a new community module for the GeoTools MongoDB datastore.

Security Updates

Please update your production instances of GeoServer to receive the latest security updates and fixes.

If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion.

About GeoServer 2.12 Series

Additional information on the 2.12 series:

Read More

 Announcements

 Behind The Scenes

 Tutorials

 Vulnerability

 Developer notes