GeoServer 2.8-beta released

We are happy to announce the release of GeoServer 2.8-beta. Downloads are available (zipwardmg and exe) along with docs and extensions.

GeoServer 2.8 has a wide range of new features, behind the scenes changes, and a several of important security updates. This is beta release of GeoServer made in conjunction with GeoTools 14-beta.

This beta release is made available for collaboration with our user list (and is not intended for production). The beta release marks the of a feature freeze, we appreciate any and all testing during this period as we prepare for a September release.

New capabilities:

Fixes and improvements:

  • Significant increase in GML 3.X encoding speed
  • Pretty print option for style REST API
  • Allow environment variables to be used in freemarker template files
  • GeoWebCache parameter filters can now be set via GUI
  • INSPIRE metadata entry is now more forgiving and can be entered on a layer by layer basis
  • Fix for XXE security vulnerability has been revised and now functions in a JBoss environment
  • Faster startup for installations with large number of Oracle layers
  • The CSV output format can now handle WFS GetFeature join results (will transparently flatten the joined features)

Internal changes:

  • JAI-Ext integration for geospatial specific image processing operations, adding direct support for NODATA in raster sources. Disabled by default, needs to be enabled using a system variable.
  • Replacement of vecmath with EJML matrix library
  • Due to license restrictions the oracle extension no longer includes an Oracle JDBC driver, see the user guide for manual install instructions.

Community update:

  • We would like to welcome Stefano Costa (GeoSolutions) as a new committer!
  • Developers guide refresh covering release cycle, updating PSC members, and fixing tutorials
  • Responsible disclosure expectations covered on the website and user guide

See release notes for more information.

Thanks to Jody (Boundless) for publishing this beta, and the entire GeoServer team for an enormous effort bringing this release together.

About GeoServer 2.8

GeoServer 2.8 is scheduled for September release. For more information:

For additional details see the 2.8-beta and 2.8-M0 release notes.

New Community Modules

In addition to the formal GeoServer 2.8 release our code base has a community area for ideas an experimentation:

  • WCS and WPS output formats based on gdal_translate to provide a greater range of output formats
  • Embedded GeoFence server, REST API and GUI is the result of a productive collaboration between GeoSolutions and Boundless offering greater rule-based control of GeoServer security
  • MongoDB DataStore enabling GeoServer to publish from this popular JSON based document database (no zip packaging, needs volunteer)

Community modules should be considered a work-in-progress and are subject to quality assurance, documentation IP checks and a maintainer before being considered ready for release.

GeoServer 2.7.2 released

The GeoServer team is happy to announce the release of GeoServer 2.7.2. Download bundles are provided (zipwardmg and exe)  along with documentation and extensions.

GeoServer 2.7.2 is a stable release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality including:

  • Importer raster improvements, added support for GDAL based file optimization when importing rasters, also, it is now possible to add add granules to a mosaic (and optimize them with GDAL in the process)
  • Importer vector improvements, now one can import data into non JDBC data stores too
  • Some improvements in the documentation on using GDAL based data sources in Windows
  • More tweaks on the XXE vulnerability fixes (we left it open just enough not to break OGC compliance)
  • Properly rendering GeoTiff files with flipped Y axis
  • Making sure WPS really stops answering requests when not enabled
  • Improvements in NetCDF handling of reprojected requests
  • For a full list, see the release notes.

Also, as a heads up for Oracle users, the Oracle store does not ship anymore with the JDBC driver (due to redistribution limitations imposed by Oracle). For details see the updated the oracle installation instructions here.

Thanks to Andrea (GeoSolutions) and Kevin (Boundless) for this release.

GeoServer XEE Vulnerability

GeoServer has encountered an XML External Entity (XEE) vulnerability permitting an unauthenticated read access to server files.

This vulnerability GEOS-7032 is addressed in the following releases and we strongly encourage all users to upgrade:

Thanks to Ben Caradoc-Davies (Transient Software) for the maintenance release along with Jody Garnett (Boundless) and Andrea Aime (GeoSolutions) for the unscheduled patch releases provided above.

If you are running an earlier version of GeoServer and would like to generate a patch release please contact one of our commercial support providers, or join us on geoserver-devel to volunteer.

About XEE

For more information on XEE see owasp articles on XML External Entity Processing and XML External Entity Attack provided to geoserver-devel by Johannes Kröger.

Responsible Disclosure

If you encounter a security vulnerability in GeoServer, or any other open source software, please take care to report the issue in a responsible fashion:

  • Keep exploit details out of issue report (send to developer/PSC privately – just like you would do for sensitive sample data)
  • Be prepared to work with Project Steering Committee (PSC) members on a solution
  • Keep in mind PSC members are volunteers and an extensive fix may require fundraising / resources

If you are not in position to communicate in public (or make use of the issue tracker) please consider commercial support, contacting a PSC member privately or contacting us via the Open Source Geospatial Foundation at

We will be revising the GeoServer Developers Guide to clarify in the coming days.

GeoServer 2.6.4 Released

The GeoServer team is pleased to announce the release of GeoServer 2.6.4. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

GeoServer 2.6.4 is a maintenance release of GeoServer recommended for production deployment. This release contains IMPORTANT SECURITY FIXES so please upgrade.

Thanks to everyone who took part by contributing fixes, new functionality, and documentation. Notable changes:

Thanks to Ben Caradoc-Davies (Transient Software Limited) for this release. Thanks also to Kevin Smith (Boundless) for releasing GeoWebCache 1.6.2 and to Jody Garnett (Boundless) for building the GeoServer 2.6.4 DMG.

About GeoServer 2.6

Articles and resources for GeoServer 2.6 series:

GeoServer 2.8-M0 Released

We are happy to announce the release of GeoServer 2.8-M0. Downloads are available (zip, war, dmg and exe) along with docs and extensions.

This is milestone release of GeoServer made in conjunction with GeoTools 14-M0.

We have both new features and a number of key “under the hood” changes to GeoServer. This technology preview is made available for your evaluation and feedback and is not intended for production.

Highlights from the release notes:

  • JAI-Ext integration for geospatial specific image processing operations  (github), adding direct support for NODATA in raster sources
  • Replacement of vecmath with EJML matrix library
  • Importer improvements, dalwarp/gdal_translate/gdaladdo transformations and ability to add a granule to a mosaic
  • Read/write PostGIS curve support
  • GetMap support for by layer interpolation methods
  • Stop shipping old Oracle JDBC driver
  • Pretty print option for style REST API
  • Allow environment variables to be used in freemarker template files

Also, looking at the GeoTools 14-M0 release notes, we have:

  • Significant increase in GML 3.X encoding speed
  • New projections supported: sinusoidal, gnomonic
  • New extshape://arrow with parameters controlling its proportions

Thanks to Jody (Boundless) for pulling this release together.

About GeoServer 2.8

GeoServer 2.8 is scheduled for September release. For more information:

We will add additional blog posts to this section as news is made available.

GeoServer 2.7.1 Released

The GeoServer team is happy to announce the release of GeoServer 2.7.1. Download bundles are provided (zipwardmg and exe)  along with documentation and extensions.

GeoServer 2.7.1 is a stable release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality including:

  • Add WMS GetMap support for by layer interpolation methods
  • Allow usage of environment variables from various sources in ftl files
  • Allow cql expressions in ColorMapEntry for GetLegendGraphic
  • This release is made in conjunction with GeoTools 13.1 and GeoWebCache 1.7.1
  • For a full list, see the release notes.

Thanks to Kevin (Boundless) and  Torben (Boundless) for this release

The Windows executable installer should now be available.  Sorry about the broken link.

GeoServer 2.6.3 released

The GeoServer team is happy to announce the release of GeoServer 2.6.3. Download bundles are provided (zipwardmg and exe)  along with documentation and extensions.

GeoServer 2.6.3 is a maintenance release of GeoServer recommended for production deployment. Thanks to everyone taking part, submitting fixes and new functionality:

  • The WPS download community module is now available on the 2.6.x branch too
  • Some WPS fixes related to requests not including the response form
  • Fixed layer naming regression that prevented non XML valid names to be used for coverages (care on naming is still advised, different protocols have different requirements, check the ones you are using)
  • Some WFS 2.0 join related fixes
  • Speed up generation of JSON files when the native CRS is EPSG:900913
  • Avoid leaks of commons-httpclient pools (which in turn can lead to a native thread leak)
  • Check the release notes for more details
  • This release is made in conjunction with GeoTools 12.3

Thanks to Andrea (GeoSolutions), Jody (Boundless) for this release

About GeoServer 2.6

Articles and resources for GeoServer 2.6 series:




Thanks to some last minute planning, and Boundless renting space, we were able to set aside some time for a code sprint after the FOSS4G-NA conference. One of the goals of this sprint was to onboard new developers to build and run CITE tests. We also had Jim Hughes from GeoMesa joining us as a new GeoServer community member.

Clockwise from the bottom left corner: Torben Barsballe (Boundless), Travis Brundage (Boundless), Kevin Smith (Boundless), Andrea Aime (GeoSolutions)

Offscreen: Jim Hughes (GeoMesa), Jody Garnett (Boundless), Tyler Battle (Boundless)


Andrea introduced us to the OGC Compliance Testing Program (CITE), which provides resources for ensuring conformance with the OGC Standards.

One of the core tools within CITE is the Test, Evaluation, And Measurement (TEAM) Engine, which executes test suites written using the OGC Compliance Test Language (CTL). This is the official test framework of the CITE program, and all CITE tests published by the OGC are written for the TEAM engine, using CTL.

Currently, we execute a number of nightly geoserver builds that run CITE tests:

  • cite-wcs-1.0
  • cite-wcs-1.1
  • cite-wfs-1.0
  • cite-wfs-1.1
  • cite-wms-1.1
  • cite-wms-1.3

These do not encompass the full set of CITE tests published by the OGC. In the interests of adding better test coverage, it is important to familiarize new developers with how the CITE tests are build and run.

During the code sprint, we attempted to set up and execute tests on a local instance of the TEAM engine. This entailed:

To run the WFS 1.0 CITE tests, we:

  • Ran geoserver using citewfs-1.0 data directory
  • Ran the TEAM Engine on a local tomcat server
  • Configured the WFS test suite in the TEAM engine, and ran it.

There were a few hiccups during this process, but closely following the existing documentation was sufficient to get the CITE tests running properly. While I did not run into this issue, Andrea mentioned that bugs in the CITE tests themselves are about as common as bugs in the OGC-compliant GeoServer services. This makes running CITE tests a bit of a treasure hunt between which test failures are coming from from the tests, and which are coming from the service being tested.

Successful WFS 1.0 CITE Tests!


After I succeed in getting the WFS 1.0 test suite running, I tried building the WCS 1.0 test suite (which was a bit more complicated). I was able to get the tests running, but encountered a number of test failures. Among other things, the WCS CITE tests fail if the endpoint they are querying also publishes WCS 1.1 resources. This means that in order to properly run the tests, you have to build GeoServer without WCS 1.1. There also other test failures that I was unable to debug during the sprint.


We would like to thank the GeoServer community for welcoming newcomers, Boundless for renting the space and congratulate Jim Hughes on his new community modules.

GeoServer 2.7 released

The GeoServer team is pleased to announce the latest major release of GeoServer: version 2.7.

Quick links:

This release includes a variety of improvements and fixes provided by and for the community over the past six months since GeoServer 2.6 was released. (See our release schedule.) While many of these high-level features have been highlighted in previous posts, we’d like to list them in brief here, with links to documentation so you can learn more.

Color composition and color blending

These are two new extensions to the rendering engine that allows for greater control over how overlapping layers in a map are merged together. Instead of just placing layers on top of others (with or without transparency), there is now a range of filters and effects, such as “multiply”, “darken”, and “hard light”.

Please see the documentation for an example on how to create inner line effects such as the image below:

Thanks to Cleveland Metroparks for sponsoring this improvement.

Relative time support in WMS/WCS

GeoServer has long had the ability to specify dates/times in requests to subset data. Up until now these dates/times needed to be absolute. Support has now been added for specifying relative time, for example:

  • Last 36 hours from the present (PT36H/PRESENT)
  • Day after December 25 2012: (2010-12-25T00:00:00.0Z/P1D)

Thanks to Jonathan Meyer for this improvement.

WPS clustering

There are quite a few improvements to the Web Processing Service module, courtesy of Andrea Aime and GeoSolutions. (Please note that WPS is still an extension.)

GeoServer has a new WPS extension point allowing GeoServer nodes in the same cluster to share the status of current WPS requests. This is particularly important for asynchronous requests, as the client polling for the progress/results might not be hitting the same node that’s currently running the request.

This initial implementation leverages the Hazelcast library to share the information about the current process status using a replicated map.

WPS security

GeoServer now has the ability to connect WPS processes to the standard role-based security system. This means that administrators can now determine what users and groups can access or execute, making WPS usage safer and more secure.

WPS limits

In addition to limiting the users and groups that can access WPS processes, GeoServer now also has the ability to set WPS input execution limits (such as timeout values), ensuring that a runaway process can’t cause a system to fail due to utilizing too many resources. Limits can be set globally and on a per-process basis.

WPS dismiss

A client that connects to the WPS now not only has the ability to execute processes, but also the ability to dismiss/kill processes. Also new is the ability for the administrator to see the current processes that are being executed on the system.

CSS extension refresh

The popular CSS extension, originally written by David Winslow of Boundless, allows users to style layers using a CSS-like syntax instead of SLD. This extension has now been entirely rewritten in native Java. The functionality remains the same, though with improvements in speed and stability.

Thanks to Andrea Aime from GeoSolutions for this improvement.

New CSS workshop

There is also now a full workshop-sized tutorial devoted to using CSS in GeoServer. This expands upon the basic tutorial, and goes into greater detail, providing a powerful learning resource for anyone who wants to learn how to style maps with CSS.

Thanks to Jody Garnett from Boundless for donating the workshop to the community.

Cascade WFS Stored Queries

Thanks to Sampo for adding support for cascaded WFS stored queries.

Try out the new version

See the full list of changes linked from the release page, and please read these previous posts for more information on these new features. While no software is ever bug-free, we fully stand behind this release, and believe it will provide you with a better, more stable, and featured-filled GeoServer. Thanks!

Download GeoServer 2.7

About GeoServer 2.7

Articles and resources for GeoServer 2.7 series:

GeoServer 2.7-RC1 Released

The GeoServer team is pleased to announce the release of GeoServer 2.7-RC1 with some great new features. The download page for 2.7-RC1 provides links for zipwardmg, and exe bundles. As a release candidate, 2.7-RC1 is considered experimental and is provided for testing purposes. This release is not recommended for production (even if you are enthusiastic about the new features).

This release is made in conjunction with GeoTools 13-RC1 and GeoWebCache 1.7-RC1. Thanks to Ben Caradoc-Davies (Transient Software, New Zealand) for making this release, Kevin Smith (Boundless) for releasing GeoWebCache 1.7-RC1, Jody Garnett (Boundless) for building the dmg and testing, and a big thanks to Andrea Aime (GeoSolutions) for gathering up the contents (and pictures) for this blog post, which is based almost entirely on his post announcing the release of 2.7-beta.

A complete change log since 2.7-beta is available from the issue tracker.

Please Download and Test

The committers have a great release for you to look forward to, we would like to ask you to download and test. By trying GeoServer out on a wide range of platforms and datasets we can all help the next release be great.

Testing is a key part of the open source social contract. This is your best chance to identify issues early while we still have time to do something about it. If you make use of commercial support ask your vendor about their plans for 2.7-RC1 testing.

When testing Geoserver 2.7-RC1 please let us know on the user list how it works for you. We will be sure to thank you in the final release announcement and product presentations.

New Features

Color composition and blending

Color composition and blending are two new extensions to SLD allowing the web map styler to control how overlapping layers in a map are merged together. Beyond the simple stacking and translucency control a wide range of effects are now possible by allowing masking and specific color operations for blending layers together in new ways.

A common well known example is a polygon thematic map on top of a DEM, which tends to provide under-par results using only transparency control, but generates very appealing ones when using the “multiply” blending mode:

Alpha masking also allows for neat cartographic tricks, like the one below, where the polygon fill has been cut at the border of the states generating a “inner line” effect:

Check out the documentation for a list of supported operations and some examples. We would like to thank Cleveland Metroparks for sponsoring this improvement.

WPS Clustering

GSIP 119 added support for asynchronous requests over a cluster of GeoServer instances. In WPS an asynchronous request starts by returning the client a URL that can be polled in order to know about the execution progress, and eventually to retrieve the final results.  Previous to 2.7-beta the status information was kept in memory, thus only the GeoServer instance running the process could meaningfully respond to a poll from the client. With GeoServer 2.7-beta a new extension point allows the programmer to create a process status repository that can be shared among the GeoServer instances.

The first default implementation of the shared repository is a Hazelcast based one, leveraging in-memory, replicated and distributed maps to share the state information, while the results (which can be pretty large) are stored in a shared file system. The community is welcome to develop other variants that could store the information in other places, for example, a relational database, a nosql one, or in the cloud (e.g., S3 storage).

WPS Security

GSIP 121 added the ability to provide fine grained access control to processes based on our usual role based authentication system: each process or group of processes can be associated to a list of roles that can access them, while other users will be disallowed seeing or accessing the same processes.


WPS Limits

Integrating with the security, GSIP 123 added support for process execution limits, bringing WPS up to par with the other OGC services in terms of limiting the resources used by a single request. In the main WPS panel one can now configure how much processing time to give synchronous and asynchronous requests:


Also, in the new process security page one can configure a global limit for the size of complex inputs (see above), it is also possible to configure limits on a process by process basis, in order to restrict the size of inputs, the range of numerical values, and the multiplicity of repeatable inputs, to constrain the effort of a WPS process call. All these limits will be dutifully reflected in the DescribeProcess output.


If you’re not satisfied with the above limits and would like to develop new ones, no worries, the current code is setup on a pluggable WPSInputValidator extesion point that will allow you to create new types of input validators.

WPS Dismiss

The final Finally, GSIP 122 added the ability to dismiss an ongoing process from the client that requested the execution, or as an administrator. The new Dismiss operation comes from the WPS 2.0 specification, which GeoServer does not support yet, so it has to be seen as a vendor extension to WPS 1.0, which leverages the executionId parameter returned in the asynch status links to allow execution cancellation, you can read more about it in the user documentation. The administrator instead gets a new user interface panel showing the currently running operations, allowing selection and forceful dismissal of processes that are running:


The user guide contains more details about its usage. We would like to thank NATO STO CMRE for sponsoring all the above WPS improvements.

Refresh of the CSS module

The initial CSS extension (responsible for using CSS to generate SLD styles) was written in Scala. Although wildly popular, and featured up until GeoServer 2.6, the module has not been maintained to the level expected of a GeoServer extension.

Andrea has taken it unto himself to address this gap, rewriting the functionality in Java and making the result available to the GeoTools library.

The new CSS engine performs the same function as the Scala original and has managed to make a few key improvements. In particular the Java implementation can efficiently handle large CSS files without bogging down with minutes of translation time.

The user interface for the CSS editor has also been revamped a bit, making better usage of available screen space, and sporting syntax highlighting and formatting thanks to CodeMirror. This change addresses a common gripes correctly supporting relative images (the generated SLD preserves the relative path) and polygon with strokes are now translated to a single polygon symbolizer (to the benefit of GetLegendGraphic calls). Finally, you’ll notice that the download size have been significantly trimmed, as we don’t need anymore the Scala runtime.

The new translator has been tested against a few hundreds CSS styles already, but of course it’s new, so it’s of paramount importance that you test your own styles, and let us know if you notice any regression.

We take the occasion to thank David Window for creating the initial CSS module, and Andrea Aime for porting it to java and acting as the new maintainer.

Relative time support in WMS/WCS

As you probably knows GeoServer supports time based filtering in both WMS (aka WMS-T) and WCS (as part of WCS-EO). Up until now you had to specify the desired time either as an absolute value, e.g. &time=2011-05-02, or as an absolute range of values, e.g. &time=2011-05-02/2011-05-05.

The work done in GSIP 124 adds support for a vendor specific extension to the time syntax which allows the specification of relative times, e.g., the last 36 hours, “PT36H/PRESENT”, or the day after December 25 2012, “2010-12-25T00:00:00.0Z/P1D”.

This allows for more compact requests, but more importantly, it allows to generate stable, publishable links to instants or intervals relative to the present server time, e.g., the weather forecast for tomorrow, two days and three days in the future, or the temperature maps for the last three days, maybe in a KML document generated with animations over time.


In addition a wide range of improvements have been made:

  • For those making printed maps, we added a new vendor parameter forcing GeoServer to ignore the WMS simple scale computation algorithm, and run a local and accurate one instead, resulting in better integration between printing requirements and maps with scale dependencies.
  • The flow-control module now also supports rate based rules, with the ability to slow down, or simply reject, requests that are incoming from a specific client at an excessive rate.
  • For those working at the dateline, you’ll be pleased to know that the WCS 2.0 GetCoverage requests can now handle bounding boxes crossing the dateline, and they will take the two halves of your coverage from the antipodes, merge them together in a single output file that will be returned to you (much like the same support for WMS, introduced in 2.6.0).
  • For people using configuration in the database, the JDBCConfig module and core modules have seen a number of changes to increase scalability and push down into the database as much filtering as possible in a larger number of commonly used code paths.
  • The DDS module, allowing extraction of DEM portions using the WMS protocol in order to feed Nasa Worldwind, has seen a number of fixes and now allows the specification of a texture compression format.
  • Finally, the map preview has been switched to OpenLayers 3, although the nostalgic can get back the OL2 based one by adding the “-DENABLE_OL3=false” parameter to the JVM startup options. Thanks to Bart for helping add this to GeoServer.

This concludes the most visible changes, if you are missing some please check the full changelog for details, there is quite a bit more stuff in there.

Community modules

In addition to the core GeoServer and extensions we have an active community area for experiments and new volunteers. This release comes with a number of new community modules that you might find useful.

Clustering modules

The community section now holds two clustering modules allowing a cluster of GeoServer instances to work against a shared vision of the data directory.

The first one, contributed by GeoSolutions, works using J2EE JMS messages to share the state against the various nodes, and allows the usage of the normal file based configuration, either in a shared data dir mode, or data dir per node mode. This is know as the “JMS clustering”, see the documentation for more details. The module is ready for testing as it’s part of the nightly builds.

The second one, contributed by Boundless, works by using Hazelcast distributed messages, and it’s designed to work best against the JDBConfig module. At this time there are no released artifacts or documentation, but the adventurous user will find it pretty easy to figure out.


The GeoFence advanced security subsystem has been donated to the GeoServer project by GeoSolutions earlier this year, this module is the plugin connecting a GeoServer instance to the GeoFence rule engine.

GeoFence allows to setup complex security rules and leverage the full power of the underlying GeoServer security subsystem, for example, it’s possible to establish security rules mixing in the same condition data and service being used, limit attributes available to certain users/operations, filter data so that certain records are not visible to the public, force certain default style to given user roles, and so on. The GeoFence wiki contains documentation on how to use and configure the system.

SOLR data store

The SOLR data store allows GeoServer to connect to a SOLR server and publish its spatial document via the OGC protocols, efficiently making maps, serving them via the WFS service, and allowing spatial analysis via WPS. The user interface allows to classify sets of documents as layers, and map the document variable structure into the fixed structure of simple feature types served by GeoServer.

You can read an introduction in this blog post, and delve into details in the user documentation.

New WPS output formats

The gs-gpx and gs-kml modules offer two new PPIO to translate feature collection resulting off WPS processes in the respective formats. The KML one, in particular, also supports limited input parsing, allowing to send KML documents as inputs to the WPS services.

The WPS download process

The wps-download community module forms the basis of an “advanced clip and ship” tool that allows a client to ask for data in a specific area, eventually reprojecting it, estimate the download size, and allow the preparazion of a zip package with the desired data, all via asynchronous calls, providing a good replacement for WFS/WCS when the amount of data to be extracted is too large to be delivered via synchronous HTTP calls.

About GeoServer 2.7

Articles and resources for GeoServer 2.7 series:


Download GeoServer