GeoServer Blog
GeoServer at FOSS4G 2023
The GeoServer team was pleased to attend FOSS4G 2023 last week (26 June - 2 July 2023) in Prizren, Kosovo!
FOSS4G 2023 was put on this year by the Open Source Geospatial Foundation (OSGeo) and the regional Free Libre Open Source Software Kosova (FLOSSK) organization. The local organizing committee worked very hard to make everyone feel welcome and well cared for. Thank you for hosting everyone, we had a great time.
GeoServer content:
- State of GeoServer 2.23
- GeoServer Feature Frenzy 2023
- GeoServer used in fun and interesting ways
- GeoServer Orientation
- Getting Started with GeoServer (Workshop)
GeoServer community content:
- FOSS4G 2023 (GeoCat Blog)
- GeoSolutions presence at FOSS4G 2023 in Prizren (Kosovo) (GeoSolutions Blog)
- Many additional presentations featured GeoServer and showcased its capabilities.
When videos are provided of the event we will update this post with links.
Prizren (Kosovo)
FOSS4G Code sprint
We also had our first scheduled codesprint on refactoring org.opengis package. The foss4g sprint was a fact-finding mission to establish the scope of work and confirm time frame and budget.
- The activity was successful in that we were able to change from org.opengis to org.geotools.api and write a script to update GeoWebCache and GeoServer projects.
- GeoServer has some difficulties as gs-printing and gs-geofence-server include the work of external projects which will require assistance.
The work is scheduled for the Bolsena Codesprint 2023 ahead of the GeoServer 2.24.0 release cycle.
For more information see OpenGIS Harmonization at OSGeo. If you are in a position to provide sponsorship, or in-kind participation, this activity could use your support.
GeoServer 2.22.4 Release
GeoServer 2.22.4 release is now available with downloads ( bin, war, windows) , along with docs and extensions.
This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes.
GeoServer 2.22.4 is made in conjunction with GeoTools 28.4.
Thanks to Peter Smythe (AfriGIS) and Jody Garnett (GeoCat) for making this release. This is Peter’s first time making a GeoServer release and we would like to thank him for volunteering.
Security Considerations
This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
- CVE-2023-43795 WPS Server Side Request Forgery
- CVE-2023-41339 Unsecured WMS dynamic styling sld=url parameter affords blind unauthenticated SSRF
See project security policy for more information on how security vulnerabilities are managed.
Release notes
New Feature:
- GEOS-10949 Control remote resources accessed by GeoServer
Improvement:
- GEOS-10973 DWITHIN delegation to mongoDB
Bug:
- GEOS-8162 CSV Data store does not support relative store paths
- GEOS-10906 Authentication not sent if connection pooling activated
- GEOS-10936 YSLD and OGC API modules are incompatible
- GEOS-10969 Empty CQL_FILTER-parameter should be ignored
- GEOS-10975 JMS clustering reports error about ReferencedEnvelope type not being whitelisted in XStream
- GEOS-10980 CSS extension lacks ASM JARs as of 2.23.0, stops rendering layer when style references a file
- GEOS-10981 Slow CSW GetRecords requests with JDBC Configuration
- GEOS-10993 Disabled resources can cause incorrect CSW GetRecords response
- GEOS-10994 OOM due to too many dimensions when range requested
- GEOS-10998 LayerGroupContainmentCache is being rebuilt on each ApplicationEvent
- GEOS-11015 geopackage wfs output builds up tmp files over time
- GEOS-11024 metadata: add datetime field type to feature catalog
Task:
- GEOS-10987 Bump xalan:xalan and xalan:serializer from 2.7.2 to 2.7.3
- GEOS-11008) Update sqlite-jdbc from 3.34.0 to 3.41.2.2
- GEOS-11010 Upgrade guava from 30.1 to 32.0.0
- GEOS-11011 Upgrade postgresql from 42.4.3 to 42.6.0
- GEOS-11012 Upgrade commons-collections4 from 4.2 to 4.4
- GEOS-11018 Upgrade commons-lang3 from 3.8.1 to 3.12.0
- GEOS-11020 Add test scope to mockito-core dependency
Sub-task:
- GEOS-10989 Update spring.version from 5.2.23.RELEASE to 5.2.24.RELEASE
For the complete list see 2.22.4 release notes.
About GeoServer 2.22 Series
Additional information on GeoServer 2.22 series:
- GeoServer 2.22 User Manual
- Update Instructions
- Metadata extension
- CSW ISO Metadata extension
- State of GeoServer (FOSS4G Presentation)
- GeoServer Beginner Workshop (FOSS4G Workshop)
- Welcome page (User Guide)
Release notes: ( 2.22.4 | 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )
GeoServer 2.23.1 Release
GeoServer 2.23.1 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a stable release of GeoServer suitable for production systems, made in conjunction with GeoTools 29.1 and GeoWebCache 1.23.0.
We are grateful to Ian Turton (Astun Technology Ltd) for making this release.
Release notes
Improvement:
-
GEOS-10858 jdbc-config turns off isolated workspace support
-
GEOS-10898 Preserve key order in STAC responses coming from JSONB columns
-
GEOS-10923 Use default writing params on
GeoTIFFPPIO
-
GEOS-10940 Update MapML viewer to release 0.11.0
Bug:
-
GEOS-8162 CSV Data store does not support relative store paths
-
GEOS-10837 geopackage output fails when
java.io.tmpdir
on network share -
GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes
-
GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls
-
GEOS-10921 Double escaping of HTML with enabled features-templating
-
GEOS-10922 Features templating exception on text/plain format
-
GEOS-10932 csw-iso: should only add
'xsi:nil = false'
attribute -
GEOS-10934 CSW does not show title/abstract on welcome page
-
GEOS-10946 WMS
GetLegendGraphic
throwsFootprintsTransformation
cannot be cast toProcessFunctionException
-
GEOS-10950 Performance regression in
DescribeFeatureType
across all feature types -
GEOS-10955 STAC templates are initialised in the wrong location
-
GEOS-10957 Support
ResourceAccessManager
implementations returning custom subclasess ofAccessLimits
-
GEOS-10969 Empty
CQL_FILTER
parameter should be ignored -
GEOS-10975 JMS clustering reports error about
ReferencedEnvelope
type not being whitelisted in XStream -
GEOS-10985 B/R of GeoServer catalog is broken with GeoServer 2.23.0
Task:
- GEOS-10859 OGC API: swagger-api 4.15.5 upgrade
For the complete list see 2.23.1 release notes.
About GeoServer 2.23 Series
Additional information on GeoServer 2.23 series:
GeoServer 2.21.5 Release
GeoServer 2.21.5 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a maintenance release of the GeoServer 2.21.x series, made in conjunction with GeoTools 27.5 and GeoWebCache 1.21.5.
Thanks to Daniele Romagnoli (GeoSolutions) for making this release.
Security Considerations
2024-06-30 Update: The following mitigation has been provided:
-
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
geoserver-2.21.5-patches.zip (replacing
gt-app-schema
,gt-complex
andgt-xsd-core
jars) has been provided by Andrea (GeoSolutions)
See project security policy for more information on how security vulnerabilities are managed.
Release notes
Bug
-
GEOS-3978 Layer configuration allows admin to enter a zero area bounding box
-
GEOS-6313 Lifecycle handlers not properly called during shutdown
-
GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name
-
GEOS-10500 WFS-T unable to delete more than 30 features in a single transaction when the data source is PostGIS
-
GEOS-10517 jms-cluster classes missing from XStream security configuration
-
GEOS-10593 Regression: Creating SQL View via REST API and explicit attribute list is no-longer possible
-
GEOS-10611 Uploading application/zip to styles endpoint does not clean up temporary files
-
GEOS-10828 OGC API - Features - Plugin breaks core `/rest` API with JSON payloads
-
GEOS-10837 geopackage output fails when java.io.tmpdir on network share
-
GEOS-10869 Jayway JSON Path libraries not included anymore on GeoServer packages
-
GEOS-10878 wps-multidimensional and wps-jdbc are not being deployed on maven repo
-
GEOS-10896 Missing NULL check in the template backwards mapping
-
GEOS-10899 Features template escapes twice HTML produced outputs
-
GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes
-
GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls
-
GEOS-10921 Double escaping of HTML with enabled features-templating
-
GEOS-10932 csw-iso: should only add ‘xsi:nil = false’ attribute
-
GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunction Exception
-
GEOS-10950 Performance regression in DescribeFeatureType across all feature types
-
GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits
Improvement
-
GEOS-10870 Allow importer AttributesToPointGeometryTransform to preserve original geometries, and to configure the name of the target geometry
-
GEOS-10940 Update MapML viewer to release 0.11.0
Task
-
GEOS-10867 Bump commons-fileupload from 1.4 to 1.5
-
GEOS-10873 Upgrade XStream to 1.4.20
-
GEOS-10908 Update spring version from 5.2.22 to 5.2.23
-
GEOS-10863 Update Oracle JDBC driver to 19.18.0.0
-
GEOS-10904 Bump jettison from 1.5.3 to 1.5.4
For complete information see 2.22.5 release notes.
About GeoServer 2.21
Additional information on GeoServer 2.21 series:
Release notes: ( 2.21.5 | 2.21.4 | 2.21.3 | 2.21.2 | 2.21.1 | 2.21.0 | 2.21-RC )
GeoServer 2.22.3 Release
GeoServer 2.22.3 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a maintenance release of the GeoServer 2.22.x series, made in conjunction with GeoTools 28.3 and GeoWebCache 1.22.2.
Thanks to Daniele Romagnoli (GeoSolutions) for making this release.
Feature Type Description
Building on top of the ability to customize FeatureTypes GeoServer can now define a description for each attribute. This information is used in WFS DescribeFeatureType to provide a human readable name or description for the attributes being published.
Thanks to Joseph Miller (GeoSolutions) for this improvement.
- GEOS-10868 Add support for editable description in GeoServer customize feature type table
Release notes
Bug:
-
GEOS-3978 Layer configuration allows admin to enter a zero area bounding box
-
GEOS-6313 Lifecycle handlers not properly called during shutdown
-
GEOS-10006 Seeding GWC doesn’t work for layers with a dot in the name
-
GEOS-10500 WFS-T unable to delete more than 30 features in a single transaction when the data source is PostGIS
-
GEOS-10517 jms-cluster classes missing from XStream security configuration
-
GEOS-10593 Regression: Creating SQL View via REST API and explicit attribute list is no-longer possible
-
GEOS-10611 Uploading application/zip to styles endpoint does not clean up temporary files
-
GEOS-10837 geopackage output fails when java.io.tmpdir on network share
-
GEOS-10865 Backwards incompatible change in the XML representation of user roles
-
GEOS-10869 Jayway JSON Path libraries not included anymore on GeoServer packages
-
GEOS-10871 about geoserver page reporting @project.version@ for WAR deploy
-
GEOS-10878 wps-multidimensional and wps-jdbc are not being deployed on maven repo
-
GEOS-10890 Wrong path for the license file in the Windows installer script
-
GEOS-10896 Missing NULL check in the template backwards mapping
-
GEOS-10899 Features template escapes twice HTML produced outputs
-
GEOS-10912 jms-cluster fails to clone grid coverage layer on other nodes
-
GEOS-10920 Excel output format packaging misses dependencies, cannot produce .xls
-
GEOS-10921 Double escaping of HTML with enabled features-templating
-
GEOS-10922 Features templating exception on text/plain format
-
GEOS-10934 CSW does not show title/abstract on welcome page
-
GEOS-10946 WMS GetLegendGraphic throws FootprintsTransformation cannot be cast to ProcessFunction Exception
-
GEOS-10950 Performance regression in DescribeFeatureType across all feature types
-
GEOS-10957 Support ResourceAccessManager implementations returning custom subclasess of AccessLimits
Improvement:
-
GEOS-10858 jdbc-config turns off isolated workspace support
-
GEOS-10870 Allow importer AttributesToPointGeometryTransform to preserve original geometries, and to configure the name of the target geometry
-
GEOS-10898 Preserve key order in STAC responses coming from JSONB columns
-
GEOS-10923 Use default writing params on GeoTIFFPPIO
Task:
-
GEOS-10908 Update spring version from 5.2.22 to 5.2.23
-
GEOS-10867 Bump commons-fileupload from 1.4 to 1.5
-
GEOS-10873 Upgrade XStream to 1.4.20
-
GEOS-10863 Update Oracle JDBC driver to 19.18.0.0
-
GEOS-10894 Random control-flow errors on Mac builds
-
GEOS-10904 Bump jettison from 1.5.3 to 1.5.4
For complete information see 2.22.3 release notes.
About GeoServer 2.22
Additional information on GeoServer 2.22 series:
- Update Instructions
- Metadata extension
- CSW ISO Metadata extension
- State of GeoServer (FOSS4G Presentation)
- GeoServer Beginner Workshop (FOSS4G Workshop)
- Welcome page (User Guide)
Release notes: ( 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release