GeoServer Blog
GeoServer 2.10.4 Released
We are pleased to announce the release of GeoServer 2.10.4. Downloads are available (zip, war, dmg and exe) along with documentation and extensions.
This is a maintenance release of GeoServer suitable for production systems. Maintenance releases are focused on bug fixes and stability, rather than new features. This release is made in conjunction with GeoTools 16.4 and GeoWebCache 1.10.3.
This release is made by Torben Barsballe and Kevin Smith from the Boundless team. Special thanks to Nick Stires from Boundless and the Frank Warmerdam from OSGeo for their help setting up the new build.geoserver.org server used for this release. We would like to thank these volunteers and everyone who contributed features, fixes and time during the release process.
Security Considerations
The 2.10.3 release addressed three security vulnerabilities. Details of these vulnerabilities were not included in the 2.10.3 blog post to provide time for the fixes to be included in 2.11.1, and have been replicated here:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
Add rest endpoint for geofence admin rules
-
Add REST endpoint for a user to change their password
-
Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services)
Bug Fixes
-
Native JAI installation instructions report incorrect information about the installers
-
Downloading zip file using /rest/workspaces/
/datastores/ /file.shp doesn't work after GeoServer reload -
Virtual services do not play nice with GML 3 encoding
-
Namespace filtering on capabilties returns all layer groups (including the ones in other workspaces)
-
Cascaded WMS does not encrypt configuration password
-
Reloading GeoServer re-enables all disabled WMTS services
-
Slow WFS GetFeature when using a 3D bbox POST request
-
WMS cascading fails with NPE when advanced projection handling gets disabled
-
Style Editor Preview Legend Fails on non-SLD Styles
-
Exception when saving a layer group in GeoServer UI
-
JMS fails to handle styles workspaces changes
-
WFS-T Insert FeatureIds being returned in incorrect order
-
CSW get capabilities ingore virtual services settings and always use the global service ones
-
Integrated GWC does not work with layer and layer group specific services
And more! For more information on this release check the release notes ( 2.10.4 | 2.10.3 | 2.10.2 | 2.10.1 | 2.10.0 | 2.10-RC1 | 2.10-beta | 2.10-M0 ) |
About GeoServer 2.10
Articles, docs, blog posts and presentations:
-
The YSLD extension added, with extensive documentation (user guide)
-
State of GeoServer 2016 (slideshare)
-
The style editor has been refreshed with the best ideas from the css extension (user guide)
-
The styling workshop has been updated for foss4g 2016 and now includes both CSS and YSLD examples (user guide)
-
Smart transparency in GeoServer with image/vnd.jpeg-png format (GeoSolutions)
-
QGIS SLD export improvements (GeoSolutions)
Community modules
-
A new community module to backup/restore and restore GeoServer configuration
-
A resource browser is available allowing remote management of styles, icons and fonts (needs building from sources).
-
A new WMTS multidimensional domain discovery community module for discovering patches of data in scattered data sets
GeoServer at FOSS4G 2017 Boston
The annual “Free and Open Source Software for Geospatial” conference is coming to Boston on August 14-19.
This is the global meeting-of-the-tribes event for the spatial community, held by the Open Source Geospatial Foundation. Going well beyond just an event, FOSS4G features hands-on workshops, exciting presentation, technical presentations, exciting technical presentations … along with informal bird-of-a-feather gatherings, a code sprint, and social events.
The GeoServer project is proudly represented at FOSS4G with presentations from the core GeoServer team and success stories from happy users worldwide.
Workshops
The conference opens with two days of workshops. FOSS4G workshops are a great way to access hands-on training with GeoServer, provided by core members of the development team. You are sure to learn something new.
GeoServer workshops:
-
OGC Services in Action: an introduction with GeoServer: Join Andrea Aime from GeoSolutions for this popular course. Covering OGC services, setting up vector and raster data, along with viewing and styling data.
-
GeoServer & PostGIS in Containers and On Kubernetes: Steve Pousty from Red Hat provides an introduction to Docker containers and Kubernetes using the popular combo of PostGIS and GeoServer.
-
Enterprise class deployment for GeoServer and GeoWebcache: optimizing performances and availability: Simone Giannecchini and Andrea Aime from GeoSolutions are back with hands on experience guiding you through the performance, availability and optimization of GeoServer and GeoWebCache.
GeoTools workshops:
-
**Introduction to GeoTools: **Ian and Jody offer an introduction for Java developers.
-
GeoTools DataStore Workshop: Teach GeoServer a new format with this java development workshop.
Presentations
The conference features three days of presentations (with some great keynotes to look forward to from Dr. Richard Stallman, Paul Ramsey and others). GeoServer is well represented with a great selection of talks to choose from.
Core contributors to GeoServer have the following talks:
-
State of GeoServer: Update of everything new and improved for 2017 brought to you by the project team.
-
GeoServer Feature Frenzy: A feature based tour of what GeoServer has to offer, brought to you by the project team.
-
GeoServer in Production: we do it, here is how! Simone and Andrea share battle hardened advice for production installations.
-
**MapBox Styles for GeoServer and OpenLayers: **Torben and David introduce native MapBox styles support, allowing shared client and server styling for a consistent visual presentation.
-
Mapping the world: going beyond web mercator with GeoServer: Andrea provides insight into the creativity available with GeoServer.
-
State of GeoWebCache: Kevin Smith explores tile protocols and the advantages they bring to your GeoServer deployment.
-
Creating Stunning Maps in GeoServer : mastering SLD and CSS styles: GeoServer is host to a powerful rendering engine, unlock your creativity with this introduction to the human-readable cascading style sheet cartography.
The wider GeoServer community is will represented in the rest of the program.
-
Development of an extension of GeoServer to provide handling three-dimensional spatial data: Pusan National Univeristy is back with an research and development area for GeoServer, use of 3D data for indoor mapping.
-
GeoServer Clustering Revisited: Getting Your Docker On
-
Monsanto & Boundless contribution to the open source community; enabling fine grain entitlement for open source geospatial cloud systems (GeoServer) and desktop applications (QGIS)
Many more talks feature GeoServer as part of a successful open source solution. During the abstract submission process GeoServer was the most cited software component.
Bird of a Feather Session
A highlight of FOSS4G is the community aspect of meeting with GeoServer enthusiasts from all backgrounds. We will schedule an evening bird-of-a-feather session for GeoServer Q&A.
Bring your questions, your stories and perhaps a map to share!
Code Sprint
An OSGeo code-sprint is held after the conference offering volunteers a chance to work on the codebase. If you are new to our community please consider attending, we will have a selection of activities ready to go for all skill levels.
Sign up on the OSGeo Wiki, and add your ideas and suggestions.
This is a great opportunity to contribute to the project, please be advised that it is a work party (so bring your own laptop, caffeine will be provided).
See you at FOSS4G Boston
If you would like to join GeoServer in Boston registration is open, $800 for the 3 day conference. Workshops are $125-$350 depending on how many you attend. There is also a great volunteer program (2 hours of training, and 12 work for a $50 registration).
Attending FOSS4G is strongly recommended. While there are friendly regional foss4g conferences nothing compares to the momentum and enthusiasm of the global event.
Thanks to all the presenters and instructors for the GeoServer advocacy, this will be a great event.
GeoServer 2.11.1 Released
We are happy to announce the release of GeoServer 2.11.1. Downloads are available (zip, war, dmg and exe) along with documentation and extensions.
GeoServer 2.11.1 is the latest stable release of GeoSever recommended for production system. This release is made in conjunction with GeoTools 17.1.
Highlights of this release are featured below, for more information please see the release notes (2.11.1 | 2.11.0 | 2.11-RC1 | 2.11-beta ). |
Security Considerations
This release addresses three security vulnerabilities:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
These fixes are also included in the 2.10.3 release.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
There is a new Mapbox Style community module available, which adds support for an interoperable json styling language. For more details, refer to the documentation.
-
GSIP 158 - NetCDF output support for variable attributes and extra variables. This improvement adds the ability to set attributes on output NetCDF variables, copy attributes from source NetCDF/GRIB variables, and copy scalar variables from NetCDF/GRIB sources including ImageMosaics. See the documentation for details.
-
Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services).
Bug Fixes
-
Various improvements to virtual services, including lookup and GML 3 encoding handling
-
Namespace filtering on capabilities returns all layer groups (including the ones in other workspaces)
-
Not possible to PUT workspace using REST
-
GeoServer Home Page missing information messages
-
Style Editor Preview Legend Fails on non-SLD Styles
-
Integrated GWC does not work with layer and layer group specific services
-
Generating a raster SLD style from template produces a functionally invalid style
-
GeoServer generates invalid GeoPackage raster mosaics
-
Metatiling may throw a ClassCastException: Raster cannot be cast to WritableRaster
About GeoServer 2.11
Articles, docs, blog posts and presentations:
-
OAuth2 for GeoServer (GeoSolutions)
-
YSLD has graduated and is now available for download as a supported extension
-
Vector tiles has graduate and is now available for download as an extension
-
The rendering engine continues to improve with underlying labels now available as a vendor option
-
A new “opaque container” layer group mode can be used to publish a basemap while completely restricting access to the individual layers.
-
Layer group security restrictions are now available
-
Latest in performance optimizations in GeoServer (GeoSolutions)
-
Improved lookup of EPSG codes allows GeoServer to automatically match EPSG codes making shapefiles easier to import into a database (or publish individually).
GeoServer monthly bug stomp
Our monthly GeoServer bug stomps are moving to the last Friday of each month.
Previously these events were scheduled when people were available, making planning difficult. By choosing a set date each month it is easier to schedule a time to participate for all involved.
Tips for Participating
Thanks to Matt Kruszewski for the following notes on how to take part.
Before you start
Get ready:
-
Join the gitter.im channel geoserver/geoserver, you can sign in with your github id.
-
Sign up for Jira, so you can review and add to bugs.
-
Join the geoserver-devel@lists.sourceforge.net and introduce yourself! In your email, you can be asked to be added to the Jira development team (so you can volunteer to work on a bug during the sprint).
-
Double check the contributing guidelines (you may need to sign a code license agreement prior to starting work.)
Git ready:
> > _# GeoServer uses Fork & Branch GitFlow_ _ # Fork the geoserver/geoserver project on github, then clone it locally and add the main_ _ # project as an upstream._ > > _git clone https://github.com/{you}/geotools.git_ _git remote add upstream https://github.com/geoserver/geoserver.git_ _git pull --rebase upstream_ _git checkout -b myBugfixBranch_ _# Before making a pull request, make sure you are up-to-date with upstream._ _git pull --rebase upstream master_ _# (or, rebase)_
For the bug stomp you should work on a branch from master.
-
When your branch is finished, publish it to your fork, and then create a pull request to geoserver/geoserver.
-
For more details, see Geoserver Developer Guide on using Git.
Eclipse or InteliJ recommended:
- If you are setting up GeoServer for the first time as developer Quickstart in the developers guide.
Stomping
If you get stuck or are unsure of how to proceed, ask on gitter!
To find an issue to work on:
-
Ask on Gitter, and use the Jira triage list of good candidates (triage=sprint).
-
At the start of the sprint we review new bugs.
Style:
-
Make sure to follow the contribution guidelines
-
Format your code using the eclipse formatter profile here. The same formatter is used for GeoTools and GeoServer.
-
Make sure to add the license boilerplate
-
Consult the GeoTools code conventions for common habits
-
Documentation is required for a UI fix, javadocs for public classes appreciated.
Testing:
-
Test your fix!
-
See Testing in the GeoServer Developers Guide
-
Since this is a bug stomp, look at how the code around yours is tested and build on that.
Pull Request
-
Make a pull request from your branch on your fork to geoserver/geoserver master.
-
Ask for a review on gitter
-
Make revisions based on feedback and comments. Additional commits to the branch in your fork are automatically reflected in the PR.
Tips and Tricks
-
We work closely with the GeoTools library for data access, rendering and processing - you may need a checkout of the GeoTools library to be effective.
-
For the bug stomp, pick a bug you can fix, not one you need to fix.
-
Many older issues are already fixed, start by trying to reproduce the problem.
-
Many worth while bugs cannot be fixed in a day
-
-
Don’t get stuck. Timebox yourself and don’t be afraid to discuss the problem on gitter.
-
Use the code formatter!
-
Don’t worry about making mistakes! You can run findbugs, or ask for a shared screen code review before submitting your pull request (or “relax and realize the internet is full of fail”.)
Follow-up
- After the bug stomp, reply to the geoserver-devel email thread with a summary of your progress
Most of all welcome to GeoServer and thanks for taking part.
GeoServer 2.10.3 Released
We are happy to announce the release of GeoServer 2.10.3. Downloads are available (zip, war, dmg and exe) along with docs and extensions.
This is the release of GeoServer of the 2.10 branch is now going into maintenance and is no longer recommended for new production system. This release is made in conjunction with GeoTools 16.3.
This release is made by Ian Turton from the Astun Technology team. We would like to thank these volunteers and everyone who contributed features, fixes and time during the release process.
Security Considerations
This release addresses three security vulnerabilities:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
These fixes are also included in the 2.11.1 release.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
[GEOS-7684] - Add rest endpoint for geofence admin rules
-
[GEOS-7763] - Add REST endpoint for a user to change their password
-
[GEOS-7957] - GeoFence: REST Rule DTO does not handle addressrange
-
[GEOS-8022] - Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services)
Bug Fixes
A large number of bugs were fixed for this release including several that affected JMS clustering, WFS with 3D data and using the Style Editor with non-SLD styles. See the release notes for more details of all the fixes.
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release