The GeoServer team is pleased to announce the release of GeoServer 2.8.5
<http://geoserver.org/release/2.8.5/>. Download bundles are provided
(bin
<https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5-bin.zip/download>,
war
<https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5-war.zip/download>,
dmg
<https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5.dmg/download>
and exe
<https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5.exe/download>)
along with documentation and extensions.
GeoServer 2.8.5 is the final maintenance release of the 2.8.x series.
This release is made by Ben Caradoc-Davies (Transient
<http://transient.nz/>) in conjunction with GeoTools 14.5
<http://geotoolsnews.blogspot.com/2016/08/geotools-145-released.html>
and GeoWebCache 1.8.3. We thank the many contributors who have made this
release possible.
The GeoServer 2.8.5 release notes
<https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?projectId=10000&version=13200>
detail the changes in this release. These include:
* *Security enhancements: this release is a recommended upgrade* (see
Security Considerations below for details)
* Fixes for WFS editing failing for geometries in full 3D CRS
* ColorMap variable substitution now working correctly for multiple
layers in a GetMap request
* Fixed a missing JNA jar in the netcdf-out plugin
* KML placemarks now being set correctly when KMSCORE=0
* Support for multivalued xlink:href ClientProperty in app-schema
mappings, even without feature chaining
* Support requiring files to exist for GeoServer startup, to protect
against insecure fallback when a data directory on a network share
is unavailable
Security Considerations
This release includes several security enhancements and is a recommended
upgrade for production systems:
* A remote execution vulnerability has been reported against both the
Restlet library and the Apache Commons BeanUtils library, which is
used by a number of facilities including our JSON parser. While we
have not been able to demonstrate any way to exploit these
vulnerabilities, we have patched our use of these libraries as a
preventative measure. We would like to thank Kevin Smith for doing
the bulk of the work, and Andrea Aime for providing a patched
BeanUtils library addressing these vulnerabilities.
* Layer security restrictions in CHALLENGE mode were not being
correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter
for his responsible report of this vulnerability and for submitting
a fix that included a unit test.
* Carl Schroedl reported a vulnerability at application startup when
working with a data directory on a network file system: if the
network file system is not available at startup, GeoServer may fall
back to its default insecure configuration. We have added a
GEOSERVER_REQUIRE_FILE parameter to require the presence of one or
more files during startup to defend against this situation. Thanks
to Carl for following our responsible disclosure procedure, and to
Ben Caradoc-Davies for implementing the new parameter.
If you wish to report a security vulnerability, please visit our website
for instructions on responsible reporting <http://geoserver.org/issues/>.
About GeoServer 2.8
* State of GeoServer 2015
<http://www.slideshare.net/jgarnett/state-of-geoserver-2015> (FOSS4G)
* XEE Vunerability
<http://blog.geoserver.org/2015/06/27/geoserver-xee-vulnerability/>
(GeoServer)
* Remote Execution Vulnerability
<http://blog.geoserver.org/2015/10/20/remote-execution-vulnerability/>
(GeoServer)
* Z ordering features within and across feature types and layers
<http://docs.geoserver.org/latest/en/user/styling/sld-extensions/z-order/index.html#z-ordering-features-within-and-across-feature-types-and-layers>
(User Manual)
* JAI-Ext, the Open Source replacement for Oracle JAI
<http://www.geo-solutions.it/blog/developers-corner-jai-ext-the-open-source-replacement-for-oracle-jai/>
(GeoSolutions)
* Customizable arrow in GeoServer
<http://www.geo-solutions.it/blog/customizable-arrow-geoserver/>
(GeoSolutions)
* PostGIS Curve Support
<http://www.geo-solutions.it/blog/postgis-curves-in-geoserver/>
(GeoSolutions)
* Improved NetCDF/GRIB support in GeoServer
<http://www.geo-solutions.it/blog/netcdf-grib-support-geoserver/>
(GeoSolutions)
* Initial GeoServer 2.8.0 release
<http://blog.geoserver.org/2015/09/30/geoserver-2-8-0-released/>
announcement (GeoServer)
--
Ben Caradoc-Davies<b...@transient.nz>
Director
Transient Software Limited<http://transient.nz/>
New Zealand
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
