The GeoServer team is pleased to announce the release of GeoServer 2.9.3. Download bundles are provided (bin, war, dmg and exe) along with documentation and extensions.
This is a maintenance release of GeoServer suitable for production systems. Maintenance releases are focused on bug fixes and stability, rather than new features.
The team has been working hard, resulting in a wide range of bug fixes:
- Windows installer fixed allowing port to set for standalone or service use
- KML Output managed a date-month swap when used in a non-POSIX locale.
- Improved documentation for the demo pages, including the WCS Request builder.
- CSS stroke-offset now supports expressions
- WMS GetCapabilities fix for inadvertently show layer group contents multiple times.
- Style generation fix for raster data layers
- Coverage view improvements include preservation of origional band names, and alpha band if available.
- WFS correctly handles disabled stores
- REST API
- Correctly represent empty true/false values for html output
- Representation of an empty styles list in JSON fixed
- Cascade delete fixed to correctly handle nested layer groups
- JMS Clustering has received a number of fixes: correctly handles virtual service configuration, propagation of workspace and service settings.
- Lots of bug fixes (check the release notes for details)
For more information about GeoServer 2.9.3 refer to release notes (2.9.3|2.9.2 | 2.9.1 | 2.9.0 | RC1 | beta2 | beta | M0 ).
Community Modules
Community module updates:
- A community module is now available allowing GeoServer to authenticate against the OAuth2 protocol (including Google OAuth2).
Security Considerations
This release addresses three security vulnerabilities:
- Additional restrictions have been placed on the demo request page
- Addressed an XML injection vulnerability identified in an automatic scan.
- GeoServer now changes sessions during login, this addresses a class of vulnerablities known as “session fixation”.
Thanks again to Nick Muerdter for reporting these in a responsible manner (and Andrea and Jody for addressing these during the November bug stomp.)
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
About GeoServer 2.9
Articles, docs, blog posts and presentations:
- Lots of goodies in the original 2.9.0 announcement (GeoServer Blog)
- Results of our Bug Stomp Mini Code Sprint in July (GeoServer blog)
- Internals upgrade to spring-4 for Java 8 compatibility (User Guide)
- GeoServer code sprint success and wicket migration code sprint (GeoServer Blog)
- GeoServer Plugin for QGIS (Boundless)
- QGIS SLD export improvements (GeoSolutions)
- Smart transparency in GeoServer with image/vnd.jpeg-png format (GeoSolutions)
- Simplify complex feature mappings setup with HALE (GeoSolutions)
- REST management of Resources (User Guide)