Thanks for making this release Ben, and to everyone who helped out.
--
Jody Garnett
On 11 August 2016 at 19:40, Ben Caradoc-Davies <[email protected]> wrote:
> The GeoServer team is pleased to announce the release of GeoServer 2.8.5
> <http://geoserver.org/release/2.8.5/>. Download bundles are provided (bin
> <https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5-bin.zip/download>
> , war
> <https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5-war.zip/download>
> , dmg
> <https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5.dmg/download>
> and exe
> <https://sourceforge.net/projects/geoserver/files/GeoServer/2.8.5/geoserver-2.8.5.exe/download>)
> along with documentation and extensions.
>
> GeoServer 2.8.5 is the final maintenance release of the 2.8.x series. This
> release is made by Ben Caradoc-Davies (Transient <http://transient.nz/>)
> in conjunction with GeoTools 14.5
> <http://geotoolsnews.blogspot.com/2016/08/geotools-145-released.html> and
> GeoWebCache 1.8.3. We thank the many contributors who have made this
> release possible.
>
> The GeoServer 2.8.5 release notes
> <https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?projectId=10000&version=13200>
> detail the changes in this release. These include:
>
> - *Security enhancements: this release is a recommended upgrade* (see
> Security Considerations below for details)
> - Fixes for WFS editing failing for geometries in full 3D CRS
> - ColorMap variable substitution now working correctly for multiple
> layers in a GetMap request
> - Fixed a missing JNA jar in the netcdf-out plugin
> - KML placemarks now being set correctly when KMSCORE=0
> - Support for multivalued xlink:href ClientProperty in app-schema
> mappings, even without feature chaining
> - Support requiring files to exist for GeoServer startup, to protect
> against insecure fallback when a data directory on a network share is
> unavailable
>
> Security Considerations
>
> This release includes several security enhancements and is a recommended
> upgrade for production systems:
>
> - A remote execution vulnerability has been reported against both the
> Restlet library and the Apache Commons BeanUtils library, which is used by
> a number of facilities including our JSON parser. While we have not been
> able to demonstrate any way to exploit these vulnerabilities, we have
> patched our use of these libraries as a preventative measure. We would like
> to thank Kevin Smith for doing the bulk of the work, and Andrea Aime for
> providing a patched BeanUtils library addressing these vulnerabilities.
> - Layer security restrictions in CHALLENGE mode were not being
> correctly applied by embedded GeoWebCache. Thanks to Nick Muerdter for his
> responsible report of this vulnerability and for submitting a fix that
> included a unit test.
> - Carl Schroedl reported a vulnerability at application startup when
> working with a data directory on a network file system: if the network file
> system is not available at startup, GeoServer may fall back to its default
> insecure configuration. We have added a GEOSERVER_REQUIRE_FILE parameter to
> require the presence of one or more files during startup to defend against
> this situation. Thanks to Carl for following our responsible disclosure
> procedure, and to Ben Caradoc-Davies for implementing the new parameter.
>
> If you wish to report a security vulnerability, please visit our website
> for instructions on responsible reporting <http://geoserver.org/issues/>.
> About GeoServer 2.8
>
> - State of GeoServer 2015
> <http://www.slideshare.net/jgarnett/state-of-geoserver-2015> (FOSS4G)
> - XEE Vunerability
> <http://blog.geoserver.org/2015/06/27/geoserver-xee-vulnerability/>
> (GeoServer)
> - Remote Execution Vulnerability
> <http://blog.geoserver.org/2015/10/20/remote-execution-vulnerability/>
> (GeoServer)
> - Z ordering features within and across feature types and layers
>
> <http://docs.geoserver.org/latest/en/user/styling/sld-extensions/z-order/index.html#z-ordering-features-within-and-across-feature-types-and-layers>
> (User Manual)
> - JAI-Ext, the Open Source replacement for Oracle JAI
>
> <http://www.geo-solutions.it/blog/developers-corner-jai-ext-the-open-source-replacement-for-oracle-jai/>
> (GeoSolutions)
> - Customizable arrow in GeoServer
> <http://www.geo-solutions.it/blog/customizable-arrow-geoserver/>
> (GeoSolutions)
> - PostGIS Curve Support
> <http://www.geo-solutions.it/blog/postgis-curves-in-geoserver/>
> (GeoSolutions)
> - Improved NetCDF/GRIB support in GeoServer
> <http://www.geo-solutions.it/blog/netcdf-grib-support-geoserver/>
> (GeoSolutions)
> - Initial GeoServer 2.8.0 release
> <http://blog.geoserver.org/2015/09/30/geoserver-2-8-0-released/>
> announcement (GeoServer)
>
>
> --
> Ben Caradoc-Davies <[email protected]> <[email protected]>
> Director
> Transient Software Limited <http://transient.nz/> <http://transient.nz/>
> New Zealand
>
>
> ------------------------------------------------------------
> ------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
