GeoServer Enterprise 2022.2-1 Release Notes¶
Security update for 2022.2-1 release essential for production systems.
See knowledge base:
-
CVE-2023-25158 CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
Overview¶
GeoServer Enterprise 2022.2-1 provides support for publishing geospatial data using open standards.
This distribution is made available to GeoCat customers:
GeoServer Enterprise Standard distribution provides a web archive (or docker image) of GeoServer bundled with popular extensions backed by GeoCat long-term support
GeoServer Enterprise Premium offers a custom distribution with your selection of extensions backed by GeoCat extended support.
GeoCat Live provides a hosted GeoServer environment
GeoServer Enterprise 2022.2-1 is a recommended upgrade for all our customers and is compatible with GeoCat Bridge for both ArcGIS Desktop and QGIS Desktop.
General¶
GeoServer Enterprise 2022.2-1 release notes:
Offers our GeoServer Enterprise Premium customers “predefined war” service with a ready to use war including your selection of supported GeoServer extensions.
GeoServer Enterprise 2022.2-1 is proudly open source with a snapshot of GeoServer 2.21.4, GeoWebCache 1.21.4, and GeoTools 27.4 technologies.
Detailed change log:
Security considerations:
Essential update
-
CVE-2023-25158 CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
GeoCat respects the GeoServer responsible disclosure policy, contact us directly to discuss for a list of known security vulnerabilities.
Known issues:
Request body logging incompatible with OAuth security authentication
Known issues for 2.21.4
GeoServer Enterprise Standard¶
Improvements:
Table and column remmarks now avaialble when using JNDI
Fix:
Server status page collection of system information prevented clean shutdown of Tomcat