Security update, essential for production systems.
See knowledge base:
-
CVE-2023-25158 CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
Overview
GeoServer Enterprise 2022.2-1 provides support for publishing geospatial data using open standards.
This distribution is made available to GeoCat customers:
- GeoServer Enterprise Standard distribution provides a web archive (or docker image) of GeoServer bundled with popular extensions backed by GeoCat long-term support
- GeoServer Enterprise Premium offers a custom distribution with your selection of extensions backed by GeoCat extended support.
- GeoCat Live provides a hosted GeoServer environment
GeoServer Enterprise 2022.2-1 is a recommended upgrade for all our customers and is compatible with GeoCat Bridge for both ArcGIS Desktop and QGIS Desktop.
General
GeoServer Enterprise 2022.2-1 release notes:
- Offers our GeoServer Enterprise Premium customers “predefined war” service with a ready to use war including your selection of supported GeoServer extensions.
- GeoServer Enterprise 2022.2-1 is proudly open source with a snapshot of GeoServer 2.21.4, GeoWebCache 1.21.4, and GeoTools 27.4 technologies.
Detailed change log:
- GeoServer posts 2.21.4, 2.21.3, 2.21.2, 2.21.1, 2.21.0 )
- GeoServer release notes (2.21.4, 2.21.3, 2.21.2, 2.21.1, 2.21.0, 2.21-RC )
Security considerations:
-
Essential update
-
CVE-2023-25158 CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
-
GeoCat respects the GeoServer responsible disclosure policy, contact us directly to discuss for a list of known security vulnerabilities.
Known issues:
- Request body logging incompatible with OAuth security authentication
- Known issues for 2.21.4
GeoServer Enterprise Standard
Improvements:
- Table and column remmarks now avaialble when using JNDI
Fix:
- Server status page collection of system information prevented clean shutdown of Tomcat
GeoServer Enterprise Premium
No improvements of note.
