GeoServer 2.9.3 Released

The GeoServer team is pleased to announce the release of GeoServer 2.9.3. Download bundles are provided (binwardmg and exe) along with documentation and extensions.

This is a maintenance release of GeoServer suitable for production systems. Maintenance releases are focused on bug fixes and stability, rather than new features.

The team has been working hard, resulting in a wide range of bug fixes:

  • Windows installer fixed allowing port to set for standalone or service use
  • KML Output managed a date-month swap when used in a non-POSIX locale.
  • Improved documentation for the demo pages, including the WCS Request builder.
  • CSS stroke-offset now supports expressions
  • WMS GetCapabilities fix for inadvertently show layer group contents multiple times.
  • Style generation fix for raster data layers
  • Coverage view improvements include preservation of origional band names, and alpha band if available.
  • WFS correctly handles disabled stores
    • Correctly represent empty true/false values for html output
    • Representation of an empty styles list in JSON fixed
    • Cascade delete fixed to correctly handle nested layer groups
  • JMS Clustering has received a number of fixes: correctly handles virtual service configuration, propagation of workspace and service settings.
  • Lots of bug fixes (check the release notes for details)

For more information about GeoServer 2.9.3 refer to release notes (2.9.3|2.9.2 | 2.9.1 | 2.9.0 | RC1 | beta2 | beta | M0 ).

Community Modules

Community module updates:

  • A community module is now available allowing GeoServer to authenticate against the OAuth2 protocol (including Google OAuth2).

Security Considerations

This release addresses three security vulnerabilities:

  • Additional restrictions have been placed on the demo request page
  • Addressed an XML injection vulnerability identified in an automatic scan.
  • GeoServer now changes sessions during login, this addresses a class of vulnerablities known as “session fixation”.

Thanks again to Nick Muerdter for reporting these in a responsible manner (and Andrea and Jody for addressing these during the November bug stomp.)

If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.

About GeoServer 2.9

Articles, docs, blog posts and presentations:

Download GeoServer