GeoServer Blog
GeoServer 2024 Roadmap Planning
Happy new year and welcome to 2024 from the GeoServer team!
The GeoServer team is doing something different this year: sharing our roadmap plans and asking our community for resources (participation and funding) to meet our 2024 goals.
The GeoServer project is supported and maintained thanks to the hard work of volunteers and the backing of companies providing professional support.
We are seeking a healthy balance in 2024 and request increased support in the following areas:
-
Maintenance: GeoServer was started in 2001 by a non-profit technology incubator. Subsequent years has seen the project supported by larger companies with investors and venture capital. This support is no longer available - and without this cushion we must rely on our community to play a greater role in sharing ongoing maintenance activities.
The team has provided a great response with increased use of automation, quality assurance tools, and dropping modules such as SAML that have not attracted participation. Keep in mind that participation, not popularity, determines what functionality is available each release.
However maintenance costs for software are increasing in 2024. Expectations for prompt response to security vulnerabilities have increased. This causes the components used by GeoServer to be updated more frequently, and with greater urgency.
Volunteers can answer questions on geoserver-user list, reproduce issues as they are reported, and verify fixes.
Developers are encouraged to get started by reviewing pull-requests to learn what is needed, and then move on to fixing issues.
Trusted volunteers can help mind geoserver-security email list, and help reproduce vulnerabilities as they are reported. We also seek developer capacity and funding to address confirmed vulnerabilities.
-
Testing: In 2023 we saw a greater response to our call for release-candidate testing. This was very much appreciated given the technical-challenge undertaken in 2023. However this response was largely taken up by downstream projects, where we could personally create a ticket in their issue trackers discussing the technical risk and asking for help.
Volunteers and service providers are asked to help test release-candidates in March 2024 and September 2024. The GeoServer team operates with a time-boxed release model so it is predictable when testing will be expected.
-
Sponsorship: In 2023 we made a deliberate effort to “get over being shy” and ask for financial support, setting up a sponsorship page, and listing sponsors on our home page.
We received $1000 USD. You might think of this as a poor response.
North River Geographic Systems Inc provided funding to thank Andrea Aime for speaking at an event with no clear expectation of sponsorship. How 2 Map sponsorship reflects Jody’s personal company being used for screen snaps on how to badge a github repository as supporting OSGeo.
With this in mind - no funds were directly raised in answer to our 2023 call for financial support. So this is actually a terrible response.
We ask for your financial assistance in 2024 (see bottom of page for recommendations).
The above priorities of maintenance, testing and sponsorship represent the normal operations of an open-source project. This post is provided as a reminder, and a call to action for our community.
Roadmap Planning
We have shared the following roadmap planning information in foss4g presentations in 2023, and it is time to share these goals with a wider audience as part of this blog post.
This is a brave step for the project: as we learned early on that placing a goal on a roadmap can be taken as an indication that funding is already secured. We even had a negative example where placing a goal on a roadmap resulted in the interested party withdrawing (as they understood that the community was now going to do the work instead!)
With this in mind here are our priorities for 2024:
-
Migrate to spring-framework-6 (Deadline December 2024)
GeoServer uses the spring-framework 5.3 which will reach end-of-life in December 2024. This provides motivation for all roadmap planning in calendar year 2024.
We are already getting concerned inquiries in response to CVE scans recommending upgrading to spring-framework 6. We look forward to your support of this activity.
In order to stay on a supported version of spring-framework we need to migrate to spring-framework 6 for December 2024.
-
Migrate to spring-security 6
The spring-security framework is used by GeoServer for integrating with a number of systems.
- Central Authentication Service (CAS)
- Lightweight Directory Access Protocol (LDAP)
Use of spring-framework 6 and above requires the use of spring-security 6.
-
Remove spring-security-oauth plugin
A number of popular community modules are built on spring-security-oauth plugin:
- OAuth2 google
- OAuth2 github
- OAuth2 geonode
- OAuth2 OpenID Connect
Support for OAuth2 in GeoServer is based on the deprecated spring-security-oauth library. The same functionality is now provided by spring-security itself, but exposing a different API, making the GeoServer plugin incompatible.
Our GeoServer security integrations will need to be rewritten to use the spring-security framework directly.
The good news is that this activity is available to be worked on immediately with spring-security 5.8 and then migrated to spring-security 6. Other projects such as GeoNetwork have already made the transition.
The use of spring-security 6 requires removing spring-security-oauth plugin.
-
Remove spring-security-keycloak plugin
A community module offering keycloak integration will need to be rewritten or replaced.
The Keycloak team has announced that their spring-security-keycloak plugin has reached end-of-life and will be removed from a future release of Keycloak. They recommend migrating to OAuth2/OpenID Connect support from spring-security 6.
We recommend those using the spring-security-keycloak plugin to join forces in development and testing of OAuth2/OpenID Connect integration.
The use of spring-security 6 requires removing spring-security-keycloak plugin.
-
Migrate to Jakarta Enterprise Edition
GeoServer is a Java Web Application comprised of a number of “servlets” that can be run by an application server. The specification of how these components work together is defined by the Java Enterprise Edition specification. This specification is now managed by the Eclipse Foundation as Jakarta Enterprise Edition.
With the change to Jakarta Enterprise Edition we expect a number of compatibility issues:
-
The charts extension is based on eastwood charts last updated in 2008.
This library is not compatible with Jakarta Enterprise Edition and will need to be replaced.
-
mapfish-print-v2
This library is not compatible with Jakarta Enterprise Edition and will need to be updated or replaced.
Application Servers that support Jakarta Enterprise Edition:
- Apache Tomcat 10.1 / Jakarta Enterprise Edition 10 / Servlet 6 / Java 17+
- Jetty 12.0 / Jakarta Enterprise Edition 10 / Servlet 6 / Java 17+
When ready we will need volunteers to test on the new application servers and update the binary release and documentation to reflect the new environment. Organizations operating in a managed environment may wish to pursue permission to operate Tomcat 10.1 ahead of this planned change.
The spring-framework version 6 uses the newer Jakarta Enterprise Edition specification.
-
-
Upgrade to Apache Wicket 10
Apache Wicket user-interface framework is used for the GeoServer Admin console screens.
Brad Hards has started this activity by going to the intermediate goal of Wicket 9, and will require a fleet of testers to perform A/B testing of each screen. This is an impressive undertaking, in 2016 we did an entire round of fundraising to assemble a team sprint when updating from Apache Wicket 1.4. to Wicket 7.x
Volunteers can help Brad test Wicket 9 now, and when the transition to Wicket 10 is complete a second round of A/B testing will be scheduled
The use of Jakarta Enterprise Edition requires the use of Apache Wicket 10.
-
Upgrade to Java 17
GeoServer is presently compiled with Java 11 LTS, with the result tested on Java 11 LTS, Java 17 LTS, and soon Java 21 LTS.
With the change to Java 17 we expect a number of libraries we use to require updating or replacing.
GeoServer is presently building on Java 17, however documentation will need to be updated when Java 11 support is dropped. Organizations may wish to pursue permission to operate Java 17 LTS ahead of this planned change.
The spring-framework 6 and Jakarta Enterprise Edition application servers require Java 17 as a minimum.
-
Migrate to ImageN 1.0
The Java Advanced Imaging library is used as the engine for our image and raster processing capabilities. This library reached end-of-life with the last JAI 1.1.3 release in 2005.
This library has received considerable investment from our community with GeoSolutions heading up the JAI-EXT project to better work with geospatial datasets, operations and analysis including recent support for hyperspectral imagery.
We have been planning for this migration for some time:
- Boundless worked with LocationTech to outline the creation of a new “Raster Processing Engine” library (with estimate of $150k). This library was planned after assessing alternatives in the Java ecosystem (nothing matched JAI on-demand capabilities required for geospatial content).
- LocationTech was able to contact Oracle, resulting in the source code being donated to the Eclipse Foundation as the ImageN project (consider that a $100k savings)
- Jody has worked on this project as a background activity when unemployed and the source code now compiles in a modern environment with documentation migrated to markdown (consider that at $25k savings)
- However test cases were not provided with the code donation (estimate $25k work remaining)
Once this library is ready:
- Migrate JAI-EXT project to ImageN 1.0 baseline (or merge for ImageN 1.1)
- GeoTools migration to ImageN 1.0 and integration testing
This activity is suitable for Java developers interested in Image Processing and will require coordination between ImageN, JAI-EXT and GeoTools projects.
Compiling with Java 17 requires migrating to ImageN library
This roadmap outlines goals that we wish to accomplish - we are seeking resources (funding, developers, testers, documentation writers) before work can be scheduled.
Further reading:
Service Providers
Service providers help bring GeoServer technology to a wider audience. We recognize core-contributors who take on an ongoing responsibility for the GeoServer project on our home page, along with a listing of commercial support on our website. We encourage service providers offering GeoServer support to be added to this list.
Helping meet project roadmap planning goals and objectives is a good way for service providers to gain experience with the project and represent their customers in our community. We recognize service providers that contribute to the sustainability of GeoServer as experienced providers.
We encourage service providers to directly take project maintenance and testing activities, and financially support the project if they do not have capacity to participate directly.
Sponsorship Opportunities
The GeoServer project steering committee uses your financial support to fund maintenance activities, code sprints, and research and development that is beyond the reach of an individual contributor.
GeoServer recognizes your financial support on our home page, sponsorship page and in release notes and presentations. GeoServer is part of the Open Source Geospatial Foundation and your financial support of the project is reflected on the OSGeo sponsorship page.
Recommendations:
- Individuals can use Donate via GitHub Sponsors to have their repository badged as supporting OSGeo.
- Individuals who offer GeoServer services should consider $50 USD a month to be listed as a bronze Sponsor on the OSGeo website.
- Organisations using GeoServer are encouraged to sponsor $50 USD a month to be listed as a bronze sponsor on the OSGeo website.
- Organisations that offer GeoServer services should consider $250 a month to be listed as a silver sponsor on the OSGeo website.
For instructions on sponsorship see how to Sponsor via Open Source Geospatial Foundation.
Further reading:
GeoServer 2.23.4 Release
GeoServer 2.23.4 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes. GeoServer 2.23.4 is made in conjunction with GeoTools 29.4, and GeoWebCache 1.23.3.
Thanks to Peter Smythe (AfriGIS) for making this release.
Security Considerations
This release addresses security vulnerabilities and is considered an essential update for production systems.
- CVE-2023-51444 Arbitrary file upload vulnerability in REST Coverage Store API (High).
- CVE-2023-41877 GeoServer log file path traversal vulnerability (High).
- CVE-2024-23821 Stored Cross-Site Scripting (XSS) vulnerability in GWC Demos Page (Moderate).
- CVE-2024-23819 Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page (Moderate).
- CVE-2024-23642 Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer (Moderate).
- CVE-2023-51445 Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API (Moderate).
See project security policy for more information on how security vulnerabilities are managed.
Release notes
Improvement:
- GEOS-11152 Improve handling special characters in the Simple SVG Renderer
- GEOS-11154 Improve handling special characters in the MapML HTML Page
- GEOS-11176 Add validation to file wrapper resource paths
- GEOS-11188 Let DownloadProcess handle download requests whose pixel size is larger than integer limits
- GEOS-11189 Add an option to throw a service exception when nearest match “allowed interval” is exceeded
- GEOS-11193 Add an option to throw an exception when the time nearest match does not fall within search limits
- GEOS-11219 Upgrade mail and activation libraries
Bug:
- GEOS-9757 Return a service exception when client provided WMS dimensions are not a match
- GEOS-11074 GeoFence may not load property file at boot
- GEOS-11184 ncwms module has a compile dependency on gs-web-core test jar
- GEOS-11190 GeoFence: align log4j2 deps
- GEOS-11196 NPE in VectorDownload if ROI not defined
- GEOS-11200 GetFeatureInfo can fail on rendering transformations that generate a different raster
- GEOS-11203 WMS GetFeatureInfo bad WKT exception for label-geometry
- GEOS-11206 Throw nearest match mismatch exceptions only for WMS
- GEOS-11223 Layer not visible in preview/capabilities if security closes the workspace, but allows access to the layer
- GEOS-11224 Platform independent binary doesn’t start properly with default data directory
For the complete list see 2.23.4 release notes.
Community Updates
Community module development:
- GEOS-11209 Open ID Connect Proof Key of Code Exchange (PKCE)
- GEOS-11212 OIDC accessToken verification using only JWKs URI
Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you please contact the module developer to offer assistance.
About GeoServer 2.23 Series
Additional information on GeoServer 2.23 series:
- GeoServer 2.23 User Manual
- Drop Java 8
- GUI CSS Cleanup
- Add the possibility to use fixed values in Capabilities for Dimension metadata
- State of GeoServer 2.23
- GeoServer Feature Frenzy 2023
- GeoServer used in fun and interesting ways
- GeoServer Orientation
Release notes: ( 2.23.4 | 2.23.3 | 2.23.2 | 2.23.1 | 2.23.0 | 2.23-RC1 )
GeoServer installation methods on Windows
GeoSpatial Techno is a startup focused on geospatial information that is providing e-learning courses to enhance the knowledge of geospatial information users, students, and other startups. The main approach of this startup is providing quality, valid specialized training in the field of geospatial information.
( YouTube | LinkedIn | Facebook | Reddit | X )
GeoServer installation methods: “Windows Installer” and “Web Archive”
GeoServer installation methods: “Windows Installer” and “Web Archive” In this session, we will talk about how to install GeoServer software by two common methods in Windows. If you want to access the complete tutorial, simply click on the link.
Introduction
GeoServer can be installed on different operating systems, since it’s a Java based application. You can run it on any kind of operating system for which exists a Java virtual machine. GeoServer’s speed depends a lot on the chosen Java Runtime Environment (JRE). The latest versions of GeoServer are tested with both OracleJRE and OpenJDK. These versions are:
- Java 17 for GeoServer 2.23 and above
- Java 11 for GeoServer 2.15 and above
- Java 8 for GeoServer 2.9 to GeoServer 2.22
- Java 7 for GeoServer 2.6 to GeoServer 2.8
- Java 6 for GeoServer 2.3 to GeoServer 2.5
- Java 5 for GeoServer 2.2 and earlier
But remember that the older versions are unsupported and won’t receive fixes nor security updates, and contain well-known security vulnerabilities that have not been patched, so use at own risk. That is true for both GeoServer and Java itself.
There are many ways to install GeoServer on your system. This tutorial will cover the two most commonly used installation methods on Windows.
- Windows Installer
- Web Archive
Windows installer
The Windows installer provides an easy way to set up GeoServer on your system, as it requires no configuration files to be edited or command line settings.
Installation
- GeoServer requires a Java environment (JRE) to be installed on your system, available from Adoptium for Windows Installer, or provided by your OS distribution. For more information, please refer to this link: https://docs.geoserver.org/latest/en/user/installation/index.html#installation
Consider the operating system architecture and memory requirements when selecting a JRE installer. 32-bit Java version is restricted to 2 GB memory, while the 64-bit version is recommended for optimal server memory. Utilizing JAI with the 32-bit JRE can enhance performance for WMS output generation and raster operations.
- Install JRE by following the default settings and successfully complete the installation.
- Navigate to the GeoServer.org and download the desired version of GeoServer.
- Launch the GeoServer installer and agree to the license.
- Enter the path to the JRE installation and proceed with the installation. The installer will attempt to automatically populate this box with a JRE if it is found, but otherwise you will have to enter this path manually.
- Provide necessary details like the GeoServer data directory, administration credentials, and port configuration.
- Review the selections, install GeoServer, and start it either manually or as a service.
- Finally, navigate to localhost:8080/geoserver (or wherever you installed GeoServer) to access the GeoServer Web administration interface.
Uninstallation
GeoServer can be uninstalled in two ways:
- By running the uninstall.exe file in the directory where GeoServer was installed
- By standard Windows program removal
Web Archive
GeoServer is packaged as a web-archive (WAR) for use with an application server such as Apache Tomcat or Jetty. It has been mostly tested using Tomcat, and so is the recommended application server. There are reasons for installing it such as it is widely used, well-documented, and relatively simple to configure. GeoServer requires a newer version of Tomcat (7.0.65 or later) that implements Servlet 3 and annotation processing. Other application servers have been known to work, but are not guaranteed.
Installation
- Make sure you have a JRE installed on your system, then download Apache Tomcat from its website(https://tomcat.apache.org). For the Windows installation package, scroll down and choose the 32bit/64bit Windows Service Installer option.
- Configure Tomcat by selecting components, setting up a username and password, and specifying memory settings. So, before start the Tomcat service, you have to configure the memory settings that will use for Java VM. To do it, open the Tomcat9w from the bin folder, then click on the Java tab. This tab allows for configuration of memory settings, including initial and maximum memory pool sizes. Recommended values are 512MB for the initial memory pool and 1024MB for the maximum memory pool.
- Start Tomcat service and verify its functionality, then navigate to localhost:8080, and get the Tomcat9 web page.
- Navigate to the GeoServer.org and Download page. Select Web Archive on the download page from the version of GeoServer that you wish to download.
- Deploy the GeoServer web archive as you would normally. Often, all that is necessary is to copy the GeoServer.war file to the Tomcat’s webapps directory, then the application will be deployed automatically.
- Now to access the Web administration interface, open a browser and navigate to localhost:8080 and press Manager App button. Enter the username and password of apache tomcat. Click on the start button for the GeoServer. Once it has started, click the GeoServer link. This will take you to the GeoServer web page.
Uninstallation
Stop the container application. Remove the GeoServer webapp from the container application’s webapps directory. This will usually include the GeoServer.war file as well as a GeoServer directory.
Difference between GEOSERVER.war and GEOSERVER.exe?
- The ‘GeoServer.exe’ NSIS installer registers GeoServer as a Windows Service, which uses the Jetty application server to run GeoServer. The ‘GeoServer.war’ is a platform independent web-archive package to be deployed in your own application server (we recommend Apache Tomcat). Using the ‘GeoServer.exe’ installer is a reliable way to setup GeoServer as a windows background service. The downside is the included Jetty application server is managed using text files (jetty.ini) once installed.
- Use of ‘GeoServer.war’ web-archive is provided to install into your own application server (we recommend Apache Tomcat as the market leader, with excellent documentation and integration options). A single application server may support several web application allowing GeoServer to be run alongside your own java web application.
GeoServer 2.24.1 Release
GeoServer 2.24.1 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a stable release of GeoServer recommended for production use. GeoServer 2.24.1 is made in conjunction with GeoTools 30.1, and GeoWebCache 1.24.1.
Thanks to Jody Garnett (GeoCat) for making this release.
Security Considerations
This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
- CVE-2023-51444 Arbitrary file upload vulnerability in REST Coverage Store API (High).
- CVE-2024-23819 Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page (Moderate).
- CVE-2024-23640 Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format (Moderate).
- CVE-2024-23821 Stored Cross-Site Scripting (XSS) vulnerability in GWC Demos Page (Moderate).
- CVE-2024-23643 Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form (Moderate).
- CVE-2024-23642 Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer (Moderate).
See project security policy for more information on how security vulnerabilities are managed.
Release notes
Improvement:
- GEOS-11152 Improve handling special characters in the Simple SVG Renderer
- GEOS-11153 Improve handling special characters in the WMS OpenLayers Format
- GEOS-11154 Improve handling special characters in the MapML HTML Page
- GEOS-11155 Add the X-Content-Type-Options header
- GEOS-11173 Default to using HttpOnly session cookies
- GEOS-11176 Add validation to file wrapper resource paths
- GEOS-11188 Let DownloadProcess handle download requests whose pixel size is larger than integer limits
- GEOS-11189 Add an option to throw a service exception when nearest match “allowed interval” is exceeded
- GEOS-11193 Add an option to throw an exception when the time nearest match does not fall within search limits
Bug:
- GEOS-11074 GeoFence may not load property file at boot
- GEOS-11166 OGC API Maps HTML representation fail without datetime parameter
- GEOS-11184 ncwms module has a compile dependency on gs-web-core test jar
- GEOS-11190 GeoFence: align log4j2 deps
- GEOS-11196 NPE in VectorDownload if ROI not defined
- GEOS-11200 GetFeatureInfo can fail on rendering transformations that generate a different raster
- GEOS-11203 WMS GetFeatureInfo bad WKT exception for label-geometry
- GEOS-11206 Throw nearest match mismatch exceptions only for WMS
For the complete list see 2.24.1 release notes.
Community Module Updates
OAuth2 OpenID-Connect improvements
Two improvements have been made to the community module for OAuth2 OpenID-Connect authentication:
- GEOS-11209 Open ID Connect Proof Key of Code Exchange (PKCE)
- GEOS-11212 OIDC accessToken verification using only JWKs URI
In addition the module includes an OIDC_LOGGING
profile and updated documentation covering new settings and troubleshooting guidance.
Thanks Jody Garnett for these improvements on behalf of GeoBeyond.
note: Over the course of 2024 the OAuth2 plugins will need to be rewritten for spring-framework 6. Interested parties are encouraged to reach out to geoserver-devel email list; ideally we would like to see this functionality implemented and included as part of GeoServer.
About GeoServer 2.24 Series
Additional information on GeoServer 2.24 series:
- GeoServer 2.24 User Manual
- State of GeoServer 2.24 (foss4g-na presentation)
- Control remote HTTP requests sent by GeoTools/GeoServer
- Multiple CRS authority support, planetary CRS
- Extensive GeoServer Printing improvements
- Upgraded security policy
Release notes: ( 2.24.1 | 2.24.0 | 2.24-RC )
GeoServer is an Open Source Geospatial Foundation project supported by a mix of volunteer and service provider activity. We reply on sponsorship to fund activities beyond the reach of individual contributors.
GeoServer 2.23.3 Release
GeoServer 2.23.3 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes. GeoServer 2.23.3 is made in conjunction with GeoTools 29.3, and GeoWebCache 1.23.2.
Thanks to Peter Smythe (AfriGIS) for making this release.
Security Considerations
This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
- CVE-2024-23818 Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format (Moderate).
- CVE-2024-23640 Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher (Moderate).
- CVE-2023-51445 Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API (Moderate).
This release includes security patches from projects that GeoServer depends on.
- GEOS-11030 Update jetty-server to 9.4.51.v20230217
See project security policy for more information on how security vulnerabilities are managed.
Also, another reminder of the URL check security setting that was introduced in version 2.22.4 and version 2.23.2 (but turned off by default). The latest GeoServer 2.24.0 release has this setting enabled by default. If you are not yet in a position to upgrade to 2.24.0 you are encouraged to enable this recommended setting.
Release notes
New Feature:
- GEOS-11000 WPS process to provide elevation profile for a linestring
Improvement:
- GEOS-10856 geoserver monitor plugin - scaling troubles
- GEOS-11081 Add option to disable GetFeatureInfo transforming raster layers
- GEOS-11087 Fix IsolatedCatalogFacade unnecessary performance overhead
- GEOS-11089 Performance penalty adding namespaces while loading catalog
- GEOS-11090 Use Catalog streaming API in WorkspacePage
- GEOS-11099 ElasticSearch DataStore Documentation Update for RESPONSE_BUFFER_LIMIT
- GEOS-11100 Add opacity parameter to the layer definitions in WPS-Download download maps
- GEOS-11102 Allow configuration of the CSV date format
- GEOS-11114 Improve extensibility in Pre-Authentication scenarios
- GEOS-11116 GetMap/GetFeatureInfo with groups and view params can with mismatched layers/params
- GEOS-11120 Create aggregates filterFunction in OSEO to support STAC Datacube extension implementation
- GEOS-11130 Sort parent role dropdown in Add a new role
- GEOS-11142 Add mime type mapping for yaml files
- GEOS-11148 Update response headers for the Resources REST API
- GEOS-11149 Update response headers for the Style Publisher
- GEOS-11153 Improve handling special characters in the WMS OpenLayers Format
- GEOS-11155 Add the X-Content-Type-Options header
Bug:
- GEOS-10452 Use of Active Directory authorisation seems broken since 2.15.2 (LDAP still works)
- GEOS-11032 Unlucky init order with GeoWebCacheExtension gwcFacade before DiskQuotaMonitor
- GEOS-11138 Jetty unable to start cvc-elt.1.a / org.xml.sax.SAXParseException
- GEOS-11140 WPS download can leak image references in the RasterCleaner
- GEOS-11145 The GUI “wait spinner” is not visible any longer
- GEOS-11166 OGC API Maps HTML representation fail without datetime parameter
Task:
- GEOS-10248 WPSInitializer NPE failure during GeoServer reload
- GEOS-11030 Update jetty-server to 9.4.51.v20230217
- GEOS-11084 Update text field css styling to look visually distinct
- GEOS-11091 Upgrade spring-security to 5.7.10
- GEOS-11092 acme-ldap.jar is compiled with Java 8
- GEOS-11094 Bump org.hsqldb:hsqldb:2.7.1 to 2.7.2
- GEOS-11124 Update json dependency to 20230227 in geowebcache-rest
- GEOS-11141 production consideration for logging configuration hardening
For the complete list see 2.23.3 release notes.
About GeoServer 2.23 Series
Additional information on GeoServer 2.23 series:
- GeoServer 2.23 User Manual
- Drop Java 8
- GUI CSS Cleanup
- Add the possibility to use fixed values in Capabilities for Dimension metadata
- State of GeoServer 2.23
- GeoServer Feature Frenzy 2023
- GeoServer used in fun and interesting ways
- GeoServer Orientation
Release notes: ( 2.23.3 | 2.23.2 | 2.23.1 | 2.23.0 | 2.23-RC1 )
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release