Dear customers,
GeoCat is pleased to share the release of GeoServer Enterprise 2024.0.
This update includes several improvements and configuration changes:
- Upgraded for Java 11 (Java 8 no longer supported)
- Feature type description can now be edited when customizing feature type attribute
- Fast polygon intersection enabled by default
And contains fixes of interest to our customers:
- About page version and build details only displayed when logged in as an administrator
- Java 17 support for GetFeature “lazy” count(*) performance optimization
Upgrade notes:
- If using tile caching "disk quota" feature there are some manual steps required to change from local H2 Database to local HSQL database (used to track disk usage).
- Configuration option ENTITY_RESOLUTION_ALLOWLIST default changed to to ogc, w3c, and inspire required by the majority of our customers. Previously this was an optional setting.
For more information on the improvements and fixes see the GeoServer Enterprise 2024.0 release notes.
This release addresses security vulnerabilities and is considered an essential upgrade for production systems. Additional information is available in our knowledge base.
- CVE-2024-36401 not publicly disclosed
- CVE-2024-34711 not publicly disclosed
- CVE-2024-34696 not publicly disclosed
- CVE-2024-35230 not publicly disclosed
- CVE-2023-51444 Arbitrary file upload vulnerability in REST Coverage Store API
- CVE-2023-41877 GeoServer log file path traversal vulnerability
- CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API
- CVE-2024-23643 Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
- CVE-2024-23821 Stored Cross-Site Scripting (XSS) vulnerability in GWC Demos Page
- CVE-2024-23819 Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
- CVE-2024-23818 Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
- CVE-2024-23642 Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
- CVE-2024-23640 Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
- CVE-2023-51445 Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
Kind Regards,
The GeoCat team
Thursday, June 6, 2024
