GeoServer 2.7.6 released

The GeoServer team is happy to announce the release of GeoServer 2.7.6. Download bundles are provided (zip, war, dmg and exe) along with documentation and extensions.

The release contains 17 fixes compared to 2.7.5, including improvements in the WMS cascading, a deadlock fix for admins re-configuring GWC while under load, a fix for a regression with SqlViews using more than one geometry field, and a WPS file descriptor leak, and some other WMS related fixes. For a full list, see the release notes.

GeoServer 2.7.6 is the last maintenance release of the GeoServer 2.7.x series, users are recommended to upgrade to 2.8.x or just wait next month for 2.9.0 to be released as stable.

Thanks to everyone taking part, reporting issues and making pull requests, and also thanks to Andrea Aime (GeoSolutions) for this release.

This release is made in conjunction with GeoTools 13.6.

GeoServer code sprint success

It’s been an exciting time here at GeoServer HQ. To explain, let’s start with a little history lesson.

History

In 2009, GeoServer released GeoServer 2.0, sporting a new user interface based on Apache Wicket. Wicket allows Java developers to construct an AJAX UI with minimal HTML experience. Since its adoption, Wicket has made development of GeoServer more accessible, due the ease of creating graphical configuration pages.

The problem is that we’ve still been using Wicket version 1.4 all this time, and the current version is 7. We’ve tried to address this activity at two previous single-day code sprints, which were aborted due to insufficient time and resources. And the longer we’ve waited, the more difficult it has become.

Without an upgrade, we were starting to see less compatibility with modern browsers, which would eventually lead to the UI not being usable. Something needed to be done.

Enter the code sprint

The GeoServer PSC responded to this challenge by contacting sponsors and organizing a code sprint.

This was not a small task. The problem is neatly summed up by a graphic created by Jody Garnett explaining the Wicket upgrade:

Can you see the difference? Neither can we.

Can you see the difference? Neither can we.

As you can see, when properly implemented, the visual change for users will be…nothing at all.

So I was very impressed when we got the go-ahead (and funding!) to meet in Victoria, BC, at the Boundless Canadian office.

What we did

Developers from the US, Canada, Italy, and Belgium descended upon the diminutive capital of British Columbia to spend a week doing the upgrade.

Since we held off this work for so long, it wasn’t as simple as a single upgrade, as we had to negotiate several API changes in one go. And GeoServer, being highly extensible software, has dozens of modules and extensions that needed to be tested too:

And on and on…

Developer experience

Here is the team and their primary accomplishments:

  • Andrea Aime (GeoSolutions): Really focused on fixing the build and crushing bugs as they popped up in manual testing. Spent a lot of time migrating the security modules.
  • Torben Barsballe (Boundless): Unit test fixes. Component testing. Styling fixes. Fixed links on the Styles page Fixed the Layer Importer. Fixed the LegendGraphic display.
  • Niels Charlier (Scitus): Fixed code and unit tests for many of the core components. Manually tested and fixed many commonly used pages in the UI such as the Layer Preview and Tile Caching sections.
  • Justin Deoliveira (Voyager Search):  Justin helped out monday-tuesday getting the wicket7 branch to compile and helping everyone learn the tips and tricks of wicket debugging.
  • Jody Garnett (Boundless): Learned a lot about how Wicket worked, suffered through manual testing and enjoyed making usability improvements to the configuration pages.
  • Jim Hughes (CCRi): Helped with updates to unit tests. Fixed issues identified by testers.
  • Morgan Thompson (Boundless): Fixed the CoverageBands panel for raster pages. Tested/upgraded the Stores page. Tested various other pages such as the Security section and NetCDF.
  • Devon Tucker (Boundless): Manual testing of core GeoServer and some extensions. Fixed some regressions from the Wicket migrations and did some improvements on the Layers page

And one week later, we are excited to announce that the sprint was a success, and GeoServer is now running Wicket 7. Hooray!

Here is a master nightly build – please download and test it out.

Documentation changes

I was invited to take part in the code sprint, but as I focus on documentation and user experience, I had a lot of down time while the rest of the team was deep in the weeds.

So I took a hard look at the GeoServer User Manual, and performed a fairly significant restructuring, along with some small improvements in the theme.

You can see the new documentation, (compare to an older version). Details on what was done can be found on GitHub. I feel like these changes will make it easier to find information in the documentation, which is fairly extensive.

docupgrade

Documentation Upgrade

More exciting were the visual documentation improvements. I updated the theme of the documentation to increase readability and fix some visual bugs (for example step 10 and higher being cut off).

 

doc_content

Documentation Theme and Content Update

Visual Changes and Blue-sky thinking

With so many experienced GeoServer users in the room, we had a short breakout session discussing high-level improvements to the UI and its workflow, in an attempt to answer the question, “what have you always wished the GeoServer UI would do?” It didn’t take too long to fill up a spreadsheet full of more than two dozen ideas for the next co de sprint- and the team was able to make a few of the easier ones on Thursday and Friday.

The rest of the team decided to follow suit and made a few small visual changes, such as:

  • Updating the JAI page (now called “Image Processing”)
  • Updating the Coverage Access page (now called “Raster Access”)
  • “Add a new resource” is now called “Add a new layer”. (Minuscule change, but this has bugged me for years.)
  • Group fields consistently in Global Settings

So I guess we got some visual changes in after all. Hooray again!

Global Settings

Adding Headings and Reorganizing Global Settings

Thanks

Thanks to OSGeoBoundless, Vivid Solutions, How 2 Map, San Jose Water Company, Transient, GeoBeyond, Scitus, GeoSolutions, CCRi, Astun Technology, and Voyager Search for sponsoring this work.

It’s precisely this kind of support for OSGeo projects that enable our community to thrive.

OSGeo_project.png

 

DSC01732  DSC01733

DSC01736   DSC01739

DSC01741  IMG_1106

IMG_1111

IMG_1112 DSC01734 DSC01738

GeoServer 2.8.2 Released

The GeoServer team is pleased to announce the release of GeoServer 2.8.2. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.8.2 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 14.2. Thanks to all contributors. Fixes and new functionality include:

  • Multiple improvements to Geofence UI.
  • Various concurrency and thread-safety fixes.
  • WPS and Storied Queries hardening.

Thanks to Jody Garnett (Boundless) and Jim Hughes (CCRi) for this release.

About GeoServer 2.8

Articles, blog posts and presentations:

GeoServer Code Sprint 2016 Ready

Follow up to our GeoServer Code Sprint 2016 post – we are all ready to go for next week!

  • Monday: Initial migration, Wicket 7 bootcamp / Java 8 bootcamp
  • Tuesday: Migration/testing workspace and datastore configuration
  • Wednesday: Migration/testing global, service and layer configuration
  • Thursday: Migration/testing tile cache, security and demos
  • Friday: demos, extensions and select community modules

Mike Pumphrey will be on hand to update the User Guide reference section and ask awkward questions about how things work. We expect to corner a few new volunteers for the scheduled release of GeoServer 2.8.2.

See the OSGeo wiki page for details, sponsors, participants and schedule. For participants (local and remote) there is a pre-flight wiki page with background reading for the upgrade.

Thank you Sponsors

A big thanks to organizations sponsoring the sprint – you help make this gathering possible. Special thanks to the “In-Kind” sponsors sending staff to participate.

Gold Sponsors:

OSGeo    Boundless    Vivid Solutions

Silver Sponsors:

How 2 Map

Bronze Sponsors:

San Jose Water Company     Transient     Geobeyond

In-Kind Sponsors:

scitus development     GeoSolutions    CCRi

Astun Technology   Voyager

Welcome to Victoria

Thanks to Boundless Victoria for making their offices available (see prep below). We look forward to taking over next week and thanks to everyone for their hospitality.

IMG_1104

DSC01574

IMG_1106

GeoServer Explorer Plugin for QGIS

Victor Olaya has just announced the QGIS GeoServer Explorer plugin which uses the REST API to configure GeoServer.  This plugin serves as a QGIS-based tool to configure and manage GeoServer catalogs, acting as a GUI for GeoServer.

Browsing GeoServer Catalog

The GeoServer Explorer plugin also wraps up some QGIS functionality making it possible to perform operations that go beyond the capabilities of the REST API and easily perform more complex workflows:

  • For instance, uploading a layer in a format not supported by the REST API is done in the same way as uploading a simple shapefile. The plugin will take care of converting its format before uploading, without the user noticing it. Pre-upload hooks can be set up, to process all layers before they are published (for instance, running some topology check or a geometry simplification routine.)
  • Styling can be defined in QGIS using its symbology tools and will be converted to SLD when publishing a layer. This allows a layer to be published with the same style as it has when rendered as part of a QGIS project.

The GeoServer Explorer plugin integrates with other QGIS plugins, like the Processing framework. This allows easy automation of tasks such as publishing a set of layers or seeding a GWC layer, and these tasks can also be integrated in workflows using the QGIS Processing Graphical modeler.

QGIS GeoServer Explorer REST API Integration

QGIS GeoServer Explorer REST API Integration

QGIS GeoExplorer Plugin

The GeoServer Explorer plugin is available in the QGIS plugins server, and can now be downloaded from within QGIS using the plugin manager.

GeoServer Explorer Installation

GeoServer Explorer Installation

For developers the source code is available on github (https://github.com/boundlessgeo/qgis-geoserver-plugin), GPL with details on how to contribute.

We would like to thank Victor for his hard work, the community members who encouraged this release, and Boundless for making this plugin available for wider use. We look forward to seeing continued GeoServer and QGIS community collaboration.

GeoServer 2.7.5 released

The GeoServer team is happy to announce the release of GeoServer 2.7.5. Download bundles are provided (zip, war, dmg and exe) along with documentation and extensions.

GeoServer 2.7.5 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes including:

Bug
[GEOS-4179] – Importer and monitoring REST resources are not thread-safe
[GEOS-7116] – Applying a CRS in Importer clears other found CRSes
[GEOS-7306] – Stored Queries don’t work on App-Schema layers backed by database
[GEOS-7346] – WPS cancelling output stream ends up writing a single byte at a time

For a full list, see the release notes.

The next release, 2.7.6, will mark the planned end of life for this release series. You and your organisation should now consider looking into to the 2.8 release and start testing it now.

Thanks to Ian Turton (Astun Technology) for this release.

This release is made in conjunction with GeoTools 13.5.

GeoServer Code Sprint 2016

The GeoServer web administration console is built on top of the Wicket 1.4.x series, which is pretty old and unmaintaned. The purpose of the sprint is to update it to Wicket 7.x, the current stable version.

Upgrade from Wicket 1.3 to Wicket 7

Due to the large distance between the two releases and the number of backwards incompatible changes accumulated by Wicket in the years this will require the concerted effort of a handful of developers over a few days, including the changes to upgrade the code, and the thorough hand testing of the resulting modified interface.

Victoria British Columbia

The code sprint is planned for the week of January 18th in sunny Victoria British Columbia. Thanks to Boundless for providing a venue (either the boundless offices or Fort Techtoria depending on numbers).

A note on the timing: We were unable to join the Paris Code Sprint 2016 as it is scheduled too close to the GeoServer 2.9 code freeze. This location was selected to reduce travel costs allowing us to run the event with minimal sponsorship.

Participation and Sponsorship

We have the following sponsorship levels available:

  • Gold: $1000
  • Silver: $500
  • Bronze: $250

We are reaching out to international and local sponsors. Contributions will be put towards travel costs for overseas sprinters who would be otherwise unable to attend. Any surplus at the end of the event will be turned over to OSGeo or used for a future code sprints.

For more details on participation, sponsorship or budget for the event please see the GeoServer Code Sprint 2016 wiki page.

 

GeoServer 2.8.1 Released

The GeoServer team is pleased to announce the release of GeoServer 2.8.1. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.8.1 is the latest stable release of GeoServer and is recommended for production deployment. This release is made in conjunction with GeoTools 14.1. Thanks to all contributors. Fixes and new functionality include:

  • Multidimensional GRIB / NetCDF / NetCDF Output modules promoted to extension
  • Fixed query parameters in SLD external graphic
  • Fixed legend preview with SLD external graphic
  • Fixed multiline labels in PDF WMS request with translation
  • Fixed layer preview GML links for app-schema layers
  • Fixed JMS clustering to use qualified names for layers, layer groups, and styles
  • Avoid catalog linear scans in GWC integration listeners
  • Fixed OpenLayers preview with the authkey module enabled
  • For a full list, see the release notes

Thanks to Ben Caradoc-Davies (Transient) for this release.

About GeoServer 2.8

Articles, blog posts and presentations:

 

GeoServer 2.7.4 released

The GeoServer team is happy to announce the release of GeoServer 2.7.4. Download bundles are provided (zipwardmg and exe)  along with documentation and extensions.

GeoServer 2.7.3 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality including:

Bug

  • [GEOS-3228] – Empty filter causes IndexOutOfBoundsException
  • [GEOS-3432] – RESTConfig “styles” list does not get generated if a style is missing its associated sld file
  • [GEOS-4986] – Creating SQL Views via RESTConfig as JSON fails
  • [GEOS-6768] – externalGraphic with relative path and query parameters problem
  • [GEOS-7045] – Layer Security – Catalog Mode
  • [GEOS-7243] – Render (or transform) fails on Multipolygon but not on polygon
  • [GEOS-7256] – Maven Cobertura plugin does not work
  • [GEOS-7259] – JMS based cluster should use qualified names for Layers and Layergroups
  • [GEOS-7267] – JMS Clustering should prefix Styles names with workspace
  • [GEOS-7295] – OpenLayers preview does not work if authkey community module is enabled
  • [GEOS-7302] – Using on the fly meta tiling in WMS request may result in rendered images not being disposed of
  • [GEOS-7312] – RawDataPPIO does not close InputStreams it opens
  • [GEOS-7314] – GeoTiffPPIO can return the source file of a processed coverage

Improvement

  • [GEOS-4762] – WCS should force usage of imageread
  • [GEOS-7150] – Features counted twice for WFS queries with GeoJSON responses

For a full list, see the release notes.

Also, as a heads up for Oracle users, the Oracle store does not ship anymore with the JDBC driver (due to redistribution limitations imposed by Oracle). For details see the updated the oracle installation instructions here.

Thanks to Alessio Fabiani (GeoSolutions) for this release.

This release is made in conjunction with GeoTools 13.4 and GeoNode 2.4.

Remote Execution Vulnerability

GeoServer has encountered an remote execution vulnerability in the REST API (used for remote administration).

This vulnerability GEOS-7124 is addressed in the following scheduled releases:

Thanks to Andrea Aime (GeoSolutions) and Kevin Smith (Boundless) for both fixing this issue and back porting to the stable and maintenance series.

Users are encouraged to upgrade, keeping in mind exposure to this issue is limited to scripts using administrator credentials to access the REST API. Accounts making use of gsconfig (Python Library) also make use of these facilities.

About Remote Execution

For more information see redhat security article on remote code execution via serialized data.

Responsible Disclosure

Thanks to Matthias Kaiser for reporting this issue.

If you encounter a security vulnerability in GeoServer (or any other open source software) please take care to report the issue in a responsible fashion:

  • Keep exploit details out of issue report (send to developer/PSC privately – just like you would do for sensitive sample data)
  • Be prepared to work with Project Steering Committee (PSC) members on a solution
  • Keep in mind PSC members are volunteers and an extensive fix may require fundraising / resources

If you are not in position to communicate in public (or make use of the issue tracker) please consider commercial support, contacting a PSC member privately or contacting us via the Open Source Geospatial Foundation at info@osgeo.org.

Download GeoServer