GeoServer Blog

GeoServer 2.7.5 released

The GeoServer team is happy to announce the release of GeoServer 2.7.5. Download bundles are provided (zip, war, dmg and exe) along with documentation and extensions.

GeoServer 2.7.5 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes including:

Bug [GEOS-4179] - Importer and monitoring REST resources are not thread-safe [GEOS-7116] - Applying a CRS in Importer clears other found CRSes [GEOS-7306] - Stored Queries don’t work on App-Schema layers backed by database [GEOS-7346] - WPS cancelling output stream ends up writing a single byte at a time

For a full list, see the release notes.

The next release, 2.7.6, will mark the planned end of life for this release series. You and your organisation should now consider looking into to the 2.8 release and start testing it now.

Thanks to Ian Turton (Astun Technology) for this release.

This release is made in conjunction with GeoTools 13.5.

Read More

GeoServer Code Sprint 2016

The GeoServer web administration console is built on top of the Wicket 1.4.x series, which is pretty old and unmaintaned. The purpose of the sprint is to update it to Wicket 7.x, the current stable version.

Due to the large distance between the two releases and the number of backwards incompatible changes accumulated by Wicket in the years this will require the concerted effort of a handful of developers over a few days, including the changes to upgrade the code, and the thorough hand testing of the resulting modified interface.

Victoria British Columbia

The code sprint is planned for the week of January 18th **in sunny **Victoria British Columbia. Thanks to Boundless for providing a venue (either the boundless offices or Fort Techtoria depending on numbers).

A note on the timing: We were unable to join the Paris Code Sprint 2016 as it is scheduled too close to the GeoServer 2.9 code freeze. This location was selected to reduce travel costs allowing us to run the event with minimal sponsorship.

Participation and Sponsorship

We have the following sponsorship levels available:

  • Gold: $1000

  • Silver: $500

  • Bronze: $250

We are reaching out to international and local sponsors. Contributions will be put towards travel costs for overseas sprinters who would be otherwise unable to attend. Any surplus at the end of the event will be turned over to OSGeo or used for a future code sprints.

For more details on participation, sponsorship or budget for the event please see the GeoServer Code Sprint 2016 wiki page.

Read More

GeoServer 2.8.1 Released

The GeoServer team is pleased to announce the release of GeoServer 2.8.1. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.8.1 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 14.1. Thanks to all contributors. Fixes and new functionality include:

  • Multidimensional GRIB / NetCDF / NetCDF Output modules promoted to extension

  • Fixed query parameters in SLD external graphic

  • Fixed legend preview with SLD external graphic

  • Fixed multiline labels in PDF WMS request with translation

  • Fixed layer preview GML links for app-schema layers

  • Fixed JMS clustering to use qualified names for layers, layer groups, and styles

  • Avoid catalog linear scans in GWC integration listeners

  • Fixed OpenLayers preview with the authkey module enabled

  • For a full list, see the release notes

Thanks to Ben Caradoc-Davies (Transient) for this release.

About GeoServer 2.8

Articles, blog posts and presentations:

Read More

GeoServer 2.7.4 released

The GeoServer team is happy to announce the release of GeoServer 2.7.4. Download bundles are provided (zipwardmg and exe)  along with documentation and extensions.

GeoServer 2.7.3 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality including:

Bug

  • [GEOS-3228] - Empty filter causes IndexOutOfBoundsException

  • [GEOS-3432] - RESTConfig “styles” list does not get generated if a style is missing its associated sld file

  • [GEOS-4986] - Creating SQL Views via RESTConfig as JSON fails

  • [GEOS-6768] - externalGraphic with relative path and query parameters problem

  • [GEOS-7045] - Layer Security - Catalog Mode

  • [GEOS-7243] - Render (or transform) fails on Multipolygon but not on polygon

  • [GEOS-7256] - Maven Cobertura plugin does not work

  • [GEOS-7259] - JMS based cluster should use qualified names for Layers and Layergroups

  • [GEOS-7267] - JMS Clustering should prefix Styles names with workspace

  • [GEOS-7295] - OpenLayers preview does not work if authkey community module is enabled

  • [GEOS-7302] - Using on the fly meta tiling in WMS request may result in rendered images not being disposed of

  • [GEOS-7312] - RawDataPPIO does not close InputStreams it opens

  • [GEOS-7314] - GeoTiffPPIO can return the source file of a processed coverage

Improvement

  • [GEOS-4762] - WCS should force usage of imageread

  • [GEOS-7150] - Features counted twice for WFS queries with GeoJSON responses

For a full list, see the release notes.

Also, as a heads up for Oracle users, the Oracle store does not ship anymore with the JDBC driver (due to redistribution limitations imposed by Oracle). For details see the updated the oracle installation instructions here.

Thanks to Alessio Fabiani (GeoSolutions) for this release.

This release is made in conjunction with GeoTools 13.4 and GeoNode 2.4.

Read More

Remote Execution Vulnerability

GeoServer has encountered an remote execution vulnerability in the REST API (used for remote administration).

This vulnerability GEOS-7124 is addressed in the following scheduled releases:

Thanks to Andrea Aime (GeoSolutions) and Kevin Smith (Boundless) for both fixing this issue and back porting to the stable and maintenance series.

Users are encouraged to upgrade, keeping in mind exposure to this issue is limited to scripts using administrator credentials to access the REST API. Accounts making use of gsconfig (Python Library) also make use of these facilities.

About Remote Execution

For more information see redhat security article on remote code execution via serialized data.

Responsible Disclosure

Thanks to Matthias Kaiser for reporting this issue.

If you encounter a security vulnerability in GeoServer (or any other open source software) please take care to report the issue in a responsible fashion:

  • Keep exploit details out of issue report (send to developer/PSC privately - just like you would do for sensitive sample data)

  • Be prepared to work with Project Steering Committee (PSC) members on a solution

  • Keep in mind PSC members are volunteers and an extensive fix may require fundraising / resources

If you are not in position to communicate in public (or make use of the issue tracker) please consider commercial support, contacting a PSC member privately or contacting us via the Open Source Geospatial Foundation at info@osgeo.org.

Read More