GeoCat is pleased to present our latest distribution of GeoServer Enterprise.
Overview
GeoServer Enterprise 2024.0 provides support for publishing geospatial data using open standards.
This distribution is made available to GeoCat customers:
- GeoServer Enterprise Standard distribution provides a web archive (or docker image) of GeoServer bundled with popular extensions backed by GeoCat long-term support
- GeoServer Enterprise Premium offers a custom distribution with your selection of extensions backed by GeoCat extended support.
- GeoCat Live provides a hosted GeoServer environment
GeoServer Enterprise 2024.0 is a recommended upgrade for all our customers and is compatible with GeoCat Bridge for both ArcGIS Desktop and QGIS Desktop.
General
GeoServer Enterprise 2024.0 release notes:
- Offers our GeoServer Enterprise Premium customers “predefined war” service with a ready to use war including your selection of supported GeoServer extensions.
- GeoServer Enterprise 2024.0 is proudly open source with the latest GeoServer 2.25.1, GeoWebCache 1.25.1, and GeoTools 31.1 technologies.
Detailed change log:
Security considerations:
-
GeoCat respects the GeoServer coordinated vulnerability disclosure policy, contact us directly to discuss known security vulnerabilities mitigation and resolution availability.
-
Mitigation only.
The above vulnerabilities are not disclosed at the time of writing.
-
-
The following vulnerabilities are presently disclosed:
- CVE-2023-51444 Arbitrary file upload vulnerability in REST Coverage Store API
- CVE-2023-41877 GeoServer log file path traversal vulnerability
- CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API
- CVE-2024-23643 Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
- CVE-2024-23821 Stored Cross-Site Scripting (XSS) vulnerability in GWC Demos Page
- CVE-2024-23819 Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
- CVE-2024-23818 Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
- CVE-2024-23642 Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
- CVE-2024-23640 Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
- CVE-2023-51445 Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
If you are using GeoServer Enterprise 2023.3 the disclosed vulnerabilities have already been patched.
Known issues:
- Known issues for 2024.0
GeoCat Map Standard
Upgrade notes:
-
Tile Caching / Disk Quota store changes from H2 Database has been replaced with HSQL database to track use of diskspace.
During initial startup you will receive a log message indicating the DiskQuota has been disabled.
Use the Disk Quota page to configure an external HSQL database or switch to in-process HSQL database.
You may then remove the unused
gwc/diskquota_page_store_h2/databases.
New Feature:
- Upgraded for Java 11 (Java 8 no longer supported)
- Feature type description can now be edited when customizing feature type attribute
Improvements:
- About page version and build details only displayed when logged in as an administrator
- Java 17 support for GetFeature “lazy” count(*) performance optimization
- Fast polygon intersection enabled by default
- FreeMarker Template HTML Auto-escaping is now enabled by default.
- Configuration option
ENTITY_RESOLUTION_ALLOWLISTdefault changed to to ogc, w3c, and inspire required by the majority of our customers. Previously this was an optional setting. - Configuration option
GEOSERVER_USE_STRICT_FIREWALLenabled by default. - Configuration option
GEOSERVER_DISABLE_STATIC_WEB_FILESavailable to restrict use ofgeoserver/wwwfolder (used to serve static web files). - Configuration option
GEOSERVER_MODULE_SYSTEM_ENVIRONMENT_STATUS_ENABLEDandGEOSERVER_MODULE_SYSTEM_PROPERTY_STATUS_ENABLEDto control behaviour of Module Status information
GeoCat Map Premium
New feature:
- Raster Attribute Table Extension now available to support GDAL format mapping pixel values to tabular data.
Improvements:
- MapML viewer updated, changing the permalink made to any previously available maps
- MapML Tiled CRS setting available t define the GridSet used my the MapML viewer
Technology preview:
- JWT Headers allowing Apache to OAuth2 to pass JSON payloads to GeoServer Authorization
