GeoServer 2.10-beta released

We are happy to announce the release of GeoServer 2.10-beta. Downloads are available (zip, war, dmg and exe) along with docs and extensions.

This is a beta release of GeoServer made in conjunction with GeoTools 16-beta.

Beta Testing

The GeoServer Team has been hard at work to bring you this beta release.

Here is our priorities for testing:

We one crititcal known issues to keep in mind when testing:

  • GEOS-7750 – The WMS and LegendSample beans used in GeoServerTileLayer may provoke a cyclic dependency when Spring beans are loaded. As a consequence tiled layers may not be loaded and are deleted by GWC integration. Please back up your data and configuration before testing the GeoServer 2.10-beta with data you care about.

Highlights from the release notes:

  • Add CSS nested rule support
  • Add CSS rendering transform support
  • Add WMTS multi dimensional community module
  • Add WCS 2.0 Demo Requests
  • OL3 Preview in tiled mode supports map wrapping
  • Make JDBCStore compatible with HazelCast Clustering
  • Changes to WMS GetFeatureInfo for coverages:
    • Band names now presented in responses as NCNames for all info_formats (spaces and leading digits replaced with underscores)
    • Support for continuous map wrapping for latitude/longitude projections
    • Support for coverages with native latitude/longitude coordinates and longitudes > 180 degrees East

Also, looking at the GeoTools 16-M0 release notes, we have:

  • Support Azimuthal Equidistant projection
  • Implement Vladimir’s Polygon label point algorithim
  • GeoPackage can write to boolean fields

For more information about the what is included in the GeoServer 2.10 release, also refer to the GeoServer 2.10-M0 release anouncement.

Security Considerations

This release includes several security enhancements (which are also included in the recent GeoServer 2.8.5 and 2.9.1 releases

  • Although we have not been able to reproduce from GeoServer, a remote execution vulnerability has been reported against both the Restlet  and the Apache Commons BeanUtils libraries we use. We have patched our use of these libraries as a preventative measure. We would like to thank Kevin Smith for doing the bulk of the work, and Andrea Aime for providing a patched BeanUtils library addressing these vulnerabilities.
  • Layer security restrictions in CHALLENGE mode were not being correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter for his responsible report of this vulnerability and for submitting a fix (that included a unit test!)
  • Carl Schroedl reported a vulnerability at application startup when working with a data directory on a network file system, a new configuration option has been provided to check that the directory exists.  Thanks to Carl for following our responsible disclosure procedure, and to Ben Caradoc-Davies for implementing the new parameter.

If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.

About GeoServer 2.10

GeoServer 2.10 is scheduled for October release.

GeoServer 2.10-M0 Released

We are happy to announce the release of GeoServer 2.10-M0. Downloads are available (zip, war, dmg and exe) along with docs and extensions.

This is a milestone release of GeoServer made in conjunction with GeoTools 16-M0.

We have both new features and a number of key “under the hood” changes to GeoServer. This technology preview is made available for your evaluation and feedback and is not intended for production.

Highlights from the release notes:

  • Resource Browser (ResourceStore GUI)
  • LDAP UserGroupService
  • Add WMTS web admin page
  • Allow WMTS service requests per workspace (virtual service)
  • Allow the Wicket UI to show a Server Busy page when updating the configuration instead of locking the server
  • Control over execution time separate to total queuing and execution time
  • Fix Windows exe installer failure to start GeoServer
  • Can’t delete Default Cached Gridsets
  • Add support for dynamically choosing jpeg or png compression based on output contents

Also, looking at the GeoTools 16-M0 release notes, we have:

  • Upgrade to NetCDF-Java 4.6.6, including support for NetCDF rotated pole projection
  • Allows ImagePyramid supporting multiple Coverages
  • The old wfs module has now been replaced with the wfs-ng module

Security Considerations

This release includes several security enhancements (which are also included in the recent GeoServer 2.8.5 and 2.9.1 releases

  • Although we have not been able to reproduce from GeoServer, a remote execution vulnerability has been reported against both the Restlet  and the Apache Commons BeanUtils libraries we use. We have patched our use of these libraries as a preventative measure. We would like to thank Kevin Smith for doing the bulk of the work, and Andrea Aime for providing a patched BeanUtils library addressing these vulnerabilities.
  • Layer security restrictions in CHALLENGE mode were not being correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter for his responsible report of this vulnerability and for submitting a fix (that included a unit test!)
  • Carl Schroedl reported a vulnerability at application startup when working with a data directory on a network file system, a new configuration option has been provided to check that the directory exists.  Thanks to Carl for following our responsible disclosure procedure, and to Ben Caradoc-Davies for implementing the new parameter.

If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.

Style Page

The GeoServer Style page has been upgraded to include several features from the CSS Styles page (part of the CSS extension). The new GeoServer style page includes:

  • Updated Style Page layout
  • Style – Layer Association editor
  • Layer Preview
  • Layer Attribute Preview

About GeoServer 2.10

GeoServer 2.10 is scheduled for October release.

GeoServer 2.8.5 Released

The GeoServer team is pleased to announce the release of GeoServer 2.8.5. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.8.5 is the final maintenance release of the 2.8.x series. This release is made by Ben Caradoc-Davies (Transient) in conjunction with GeoTools 14.5 and GeoWebCache 1.8.3. We thank the many contributors who have made this release possible.

The GeoServer 2.8.5 release notes detail the changes in this release. These include:

  • Fixes for WFS editing failing for geometries in full 3D CRS
  • ColorMap variable substitution now working correctly for multiple layers in a GetMap request
  • Fixed a missing JNA jar in the netcdf-out plugin
  • KML placemarks now being set correctly when KMSCORE=0
  • Support for multivalued xlink:href ClientProperty in app-schema mappings, even without feature chaining
  • Support requiring files to exist for GeoServer startup, to protect against insecure fallback when a data directory on a network share is unavailable

Security Considerations

This release includes several security enhancements and is a recommended upgrade for production systems:

  • Although we have not been able to reproduce from GeoServer, a remote execution vulnerability has been reported against both the Restlet  and the Apache Commons BeanUtils libraries we use. We have patched our use of these libraries as a preventative measure. We would like to thank Kevin Smith for doing the bulk of the work, and Andrea Aime for providing a patched BeanUtils library addressing these vulnerabilities.
  • Layer security restrictions in CHALLENGE mode were not being correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter for his responsible report of this vulnerability and for submitting a fix (that included a unit test!)
  • Carl Schroedl reported a vulnerability at application startup when working with a data directory on a network file system, a new configuration option has been provided to check that the directory exists.  Thanks to Carl for following our responsible disclosure procedure, and to Ben Caradoc-Davies for implementing the new parameter.

If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.

About GeoServer 2.8

GeoServer 2.9.1 Released

The GeoServer team is pleased to announce the release of GeoServer 2.9.1. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.9.1 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 15.1 and GeoWebCache 1.9.1. Thanks to all contributors. Fixes and new functionality include:

  • Fixes for WFS editing failing for geometries in full 3D CRS
  • ColorMap variable substitution now working correctly for multiple layers in a GetMap request
  • PDF printing fixed to properly render SLD “shape://horline” symbol, prevent invalid polygon generation, out of memory errors, and large file generation.
  • Integrated GeoFence DB path is now set correctly in Windows.
  • KML placemarks now being set correctly when KMSCORE=0
  • Support for rotated pole projection NetCDF and GRIB2 files, including the native GRIB2 file format used by the NOAA Rapid Refresh (RAPv3) weather forecast model
  • Support for multivalued xlink:href ClientProperty in app-schema mappings
  • Support requiring files to exist for GeoServer startup, to protect against insecure fallback when a data directory on a network share is unavailable
  • And much more, see all the tickets resolved in the release notes

This release has been made by Devon Tucker (Boundless) with help and encouragement from the GeoServer community.

Security Considerations

This release includes several security enhancements and is a recommended upgrade for production systems:

  • Although we have not been able to reproduce from GeoServer, a remote execution vulnerability has been reported against both the Restlet  and the Apache Commons BeanUtils libraries we use. We have patched our use of these libraries as a preventative measure. We would like to thank Kevin Smith for doing the bulk of the work, and Andrea Aime for providing a patched BeanUtils library addressing these vulnerabilities.
  • Layer security restrictions in CHALLENGE mode were not being correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter for his responsible report of this vulnerability and for submitting a fix (that included a unit test!)
  • Carl Schroedl reported a vulnerability at application startup when working with a data directory on a network file system, a new configuration option has been provided to check that the directory exists.  Thanks to Carl for following our responsible disclosure procedure, and to Ben Caradoc-Davies for implementing the new parameter.

If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.

About GeoServer 2.9

Articles, docs, blog posts and presentations:

Online GeoServer Bug Stomp – July 2016 Results

cropped-geoserver_icon.png

Dear Readers,

A few words to report on the results of the Online GeoServer Bug Stomp that took place on the 22nd of July 2016.

The goal, as indicated, was to look at GeoServer and GeoServer JIRA and clean old, useless reports as well as to fix as many bugs as possible within the day of the sprint. Well, the results are not bad, as the image below shows.

download

Numbers are as follow:

  • Improvements closed 103 (9 fixed – remainder failed to attract budget/interest after quite some time)
  • Bugs closed 35 (25 fixed – followed by 6 won’t fix, 3 cannot reproduce, 1 not a bug )
  • New Feature 14 (2 fixed – with 12 not a bug)
  • Task 9 (2 fixed – with 7 not a bug)
  • Wish 2 (not a bug)
  • Subtask 1
  • TOTAL 164

You can check the live report here:

  • Thanks to everybody who participated (a list of the participating people can be found in this spreadsheet).
  • As noted above many new features/improvements/wishes were quite old and had failed to attract budget/volunteers
  • The not-a-bug category is used for ideas or conversations which are best taken to the developers or users list for discussion
  • Not shown is the review of incoming issues to see which issues are ready to be worked on, or held back for further clarification before they can be reproduced.

If you did not participate this month don’t worry, we are going to have this event again on August 27-28th as part of the foss4g post-sprint. Remember, we want to make this event a periodic gathering so keep following this blog for news.

Happy GeoServer to everybody!

Online GeoServer Bug Stomp

geoserver_icon

Dear Readers,

a quick post to spread the word about the Online GeoServer Bug Stomp which will take place this Friday, the 22nd of July 2016.

Developers as well as users from the GeoServer community will gather online to spend up to a full day (in their timezone) on tasks like:

  • Reviewing JIRA Reports to make sure they are valid
  • Fix bugs as we come across them
  • Improved docs
  • Test and report new bugs or close existing reports

The rules of engagement as well as a first rough list of participants can be found in this document; the event is an online gathering, people will be working from their place coordinating using the GeoServer Gitter channel with whomever will be online in their timezone.

If you feel like helping don’t be scared, jump onboard, read the rules of engagement say hi on the gitter channel (github login required) and help us make GeoServer even better.

If you cannot, don’t worry, we are going to try and make this event a monthly event.

Happy GeoServer to everybody!

gitter

Videos about GeoServer at FOSS4G North America 2016

The FOSS4G North America (NA) 2016 was held in North Carolina from 02 and 05th May. This year’s FOSS4G NA conference is yet another collaborative effort involving OSGeo and LocationTech. The conference provides opportunities for the FOSS4G community to learn, explore, share, and collaborate on the latest ideas and information.

If you can not attend the event, you can watch the videos of the presentations that were made available on YouTube Channel of FOSS4G NA.

Below is a list of presentations (in video) related to GeoServer:

Some talks were not available in video, but you can download the presentations in PDF format.

GeoServer 2.8.4 released

The GeoServer team is pleased to announce the release of GeoServer 2.8.4. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.8.4 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 14.4. Thanks to all contributors. Fixes and new functionality include:

  • Security fix for a reflected XSS vulnerability
  • Fix for potential out of memory state when rendering lots of very small tiles
  • Fix for an embedded GeoFence issue that caused user settings to be lost after a restart
  • Improved ImageMosaic creation and update speed for databases with many tables
  • Monitoring extension fixes for RemoteUser logging and monitoring hibernate extension causing startup issues to GeoServer
  • CSS styling extension related fix: A bug in CSS to SLD conversion led in some cases to performance issues with the generated SLD
  • PDF printing related fixes to properly render SLD “shape://horline” symbol, prevent invalid polygon generation and avoid potential out of memory state or very large files when handling large outputs with dense hatch fills
  • And much more, see all the 24 tickets resolved in the release notes

Thanks to Alessandro Parma (GeoSolutions) and Andrea Aime (GeoSolutions) for this release.

About GeoServer 2.8

Articles, blog posts and presentations:

Talks about GeoServer in FOSS4G Bonn

Guest post by Fernando Quadro: FOSS4G is the annual global event of the Open Source Geospatial Foundation (OSGeo). Although widely recognized as the largest technical open source geospatial conference we call FOSS4G an “event” because it is far more than “just” a conference. A typical FOSS4G will include regular presentations and talks, but also code sprints, birds of a feather sessions, workshops, topic talks and of course social events spanning all nine days.

The list of talks that will be presented are already published, here are the talks about GeoServer:

The workshops are include great GeoServer content:

FOSS4G 2016 takes place between August 24th and 27th in Bonn Germany. For more information see the video below:

GeoServer 2.9.0 Released

The GeoServer team is overjoyed to announce the GeoServer 2.9.0 release. Downloads are available (zipwardmg and exe) along with docs and extensions. We will be working with OSGeo to provide a signed DMG download shortly.

This release is made by Jody Garnett (Boundless) and Devon Tucker (Boundless) with help from Andrea Aime and Alessandro Parma (GeoSolutions) in conjunction with the GeoWebCache 1.9.0 and GeoTools 15.0 releases.

For more information on this release check the release notes (2.9.0|RC1|beta2|beta, M0).

GeoServer 2.9.0

Highlights

As this is a major release GeoServer 2.9.0 includes a number of important changes, including both new features and compatibility requirements.

Java 8 Required

This release requires the use of Java 8, and is compatible with both Oracle JDK and Open JDK.

Java 8 Required

Servlet 3 Required

Due to internal upgrades GeoServer now requires a Servlet 3 compatible application server.

  • The standalone downloads for Mac, Windows and Linux has been update to Jetty 9.2.13
  • Tomcat users will be required to upgrade to Tomcat 7 or newer (for those doing a WAR install)

Web Administration

A number of improvements and clarifications have been made to the web administration application:

  • The Layers and Layer Preview has been restructured to lead with layer title in the first column, layer workspace and name combined into the second column. By popular request these pages now use layer (rather than resource) actions with “Add a new layer”, and “Remove selected layers”.
    Layers Page
  • You can now generate layer bounds from either the data bounds or from the spatial reference system bounds. This is handy for dynamic layers that will have content added to them over time.
    2.9.0-srs-bounds
  • Styles can now include an optional legend graphic for use in WMS GetCapabilities.
    2.9.0-legend
  • Global Settings have been grouped into a section for configuration of web services and a section for internal settings (affecting the GeoServer application as a whole).
  • Image Processing and Raster Access are clearly presented with controls for memory and CPU use. Previously these screens were expressed in terms of the internal components used.
    image_processing.png

User Guide

The user guide has been restructured:

  • The document layout has been reduced to a smaller number of sections
    • Data management covers vector, raster, database and web services along with common settings
    • Services (WMS, WFS, WCS, WPS, CSW) have been gathered into a single section for consistency, even though WPS is an optional install.
  • The duplication between service description and application configuration has been resolved:
    • Each Service is described, both in terms of functionality, alongside details on how the service is configured
    • The Web administration interface section remains focused on on application configuration, linking to to service configuration above (to prevent duplication).
  • Tutorials have been gathered into a single location.

Resource REST API

A new feature for GeoServer 2.9 is the ability to manage resources (icons, fonts, configuration files) via the REST API.  This approach works with both the default file based GeoServer configuration and JDBCConfig community module.

  • GET: rest/resource/styles/grass_fill.png?

  • GET: rest/resource/styles/grass_fill.png?operation=metadata&format=json
    {  "ResourceMetadata":  {
         "name": "grass_fill.png",
         "parent": {
           "path": "/styles",
           "link": {
              "href": "http://localhost:8080/geoserver/rest/resource/styles",
              "rel": "alternate",
              "type": "application/json"
           }
         },
         "lastModified": "2016-05-27 19:31:30.0 UTC",
         "type": "resource"
       }
    }

 

About/Status REST API

The about REST API already reports on the jars installed and the version of high-level components. GeoServer 2.9 includes the addition of about/status which reports not only what components are installed, but if they are correctly functioning. We will be working with this endpoint in subsequent releases to better reporting on GeoServer installation status.

  • GET rest/about/status

2.9.0-status

Offset line support

Symbology Encoding 1.0 offset line is now supported, along with a vendor extension to use the same in SLD 1.0, and CSS support via the “stroke-offset” property. Here are a couple of screenshots of the effects that can be achieved by using offset line.

line_offset1

polygon_offset1

UTFGrid support in WMS and WMTS

GeoServer WMS and WMTS now support UTFGrid as an output format, to get fast and rich feature info on the client side. The WMS output has been tested with OpenLayers 2 by applying this patch, while not officially tested it should also work with OpenLayers 3 and Leaflet using the appropriate URL templates against the WMTS output.

Selezione_208

 

Improved WPS aggregation process with group by

The Aggregate process has been improved to support group-by against any data source, with the ability to turn the execution in an efficient SQL with group by query, if the underlying data source is a database. In case of group-by a rich JSON output is generated, than can then be used to drive client side libraries such as D3 to generate nice charts for your users:

{
  "GroupByAttributes": [ "groupingAttribute" ],
  "AggregationResults": [
    [ "Class1", 18 ],
    [ "Class2", 1 ],
    [ "Class3", 3 ],
    [ "Class4", 3 ]
  ],
  "AggregationFunctions": [ "Count" ],
  "AggregationAttribute": "countingAttribute"
}

Selezione_210

 

Vector masking support for GDAL based formats

All GDAL based formats now support vector masks to cut NODATA areas away from rendering, similar to what image mosaic already supported. Here is a sample, cutting away some areas from a JPEG 2000 image (the format adds compression artifacts at the border, thus the input transparent color cannot be used to achieve a similar effect).

masking

gdalmasks

 

Internal Upgrades

Internally GeoServer has received a number of important upgrades:

  • Update to Spring 4: The upgrade to Spring 4 is responsible for the delay of the GeoServer 2.9 and was required for Java 8 compatibility. This upgrade was far reaching with both  the REST-API and Security integration requiring a concerted quality assurance effort on geoserver-devel.
    This upgrade was technically challenging resulting in a delay to the 2.9 release schedule. Thanks to everyone who helped out, beta testers, and Justin, Andrea and Niels for tackling the harder issues.
  • Upgrade to JAI-EXT to 1.0.9: To enable JAI-EXT use startup parameter org.geotools.coverage.jaiext.enabled=true (for more information see Image Processing in the user guide).
  • Upgrade to Wicket 7: The web administration application has been updated to use the latest Wicket library, thanks to a larger team effort. We would like to thank the sponsors of the Wicket 7 upgrade sprint: OSGeoBoundlessVivid SolutionsHow 2 MapSan Jose Water CompanyTransientGeobeyond (with in-kind sponsors GeoSolutions, CCRi, Astun Technology and Voyager).
    Can you see the difference? Neither can we.
  • The GeoServer default data directory has been updated with titles and descriptions for many layers (to better take advantage of the user interface improvements). The previously disabled Pk50095 layer (shown below) is now enabled by default.
    Pk50095

About GeoServer 2.9

Articles, docs, blog posts and presentations:

Download GeoServer