Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FREE Webinar: GeoServer 2.26.0 and Beyond

FREE Webinar: GeoServer 2.26.0 and Beyond

In this free webinar, our Lead GeoServer developer Andrea Aime will walk us through the latest GeoServer release covering what has been done as well as what to expect next.

Simone Giannecchini

October 30, 2024
Tweet

Video

More Decks by Simone Giannecchini

Other Decks in Technology

Transcript

  1. Andrea Aime Technical Lead [email protected] @geowolf GeoSolutions Innovative, robust, cost-effective

    solutions leveraging best-of-breed Open Source products. This presentation is brought to you by GeoSolutions 2 Enterprise Support Services Deployment Subscription Professional Training Customized Solutions
  2. September 2025 March 2024 2.24.x Releases covered by this presentation

    YOU ARE HERE 2.25.x September 2024 2.25.x 4 March 2025 2.26.x 2.26.x 2.26.x
  3. • Security fixes for supported versions only ◦ In September

    2024 “supported” is 2.25.x and 2.25.0 ◦ In April 2025 “supported” will mean 2.26.x and 2.27.x • Please upgrade your GeoServer installations! • Always two, there are. No more. No less. ◦ Balance between stability and encouraging development ◦ Easier to get answers - user forum and stack exchange typically cover only supported versions Are you using a older version? Upgrade! Photo by SpaceX on Unsplash 5
  4. Demo request page rewritten • Demo request page rewritten •

    Works fully with Javascript, no server side helper • Can show response in-line, with headers • Can show response in separate page • WPS and WCS request builders switched as well 2.25.2+ Dave Blasby GeoCat GeoCat Live
  5. • OGC API services now show up in the home

    page under their general category • Old and new services for the same purpose, side by side OGC APIs at home Dave Blasby GeoCat GeoCat Live 2.26.x 10 COM MUN NITY
  6. Raster Attribute Table support - .aux.xml sidecar file associating pixel

    values with various classifications and colors - Generate SLDs out of them and associate with layers - Mimics QGIS RasterAttributeTable plugin - The RAT in the screenshot has 30k entries! - Graduated to extension! 2.25.x Andrea Aime GeoSolutions NOAA 12
  7. AUTO:97004, Geostationary satellite - Extended AUTO code for GeoStationary Satellite

    projection - Only actual customizable parameter is latitude of origin 2.25.x Andrea Aime GeoSolutions Eumetsat 13 AUTO:97004,9001,0,0 AUTO:97004,9001,90,0
  8. MapML module improvements 14 2.26 Andrea, Joseph, Daniele GeoSolutions Natural

    Resources Canada • Maps for HTML initiative • Have a <mapml-viewer> tag just like we have a <video> tag • Lots of novelties ◦ MapML CRS authority ◦ Better WMS integration, WFS viewer ◦ MapML vector tiles with CSS client side styling ◦ Better multi-layer handling ◦ Custom WMS dimensions ◦ Output templating with Freemarker
  9. GeoCSS language improvements 15 2.26 Andrea Aime • Multi-layer styles

    • Scale dependencies by zoom level @mode 'Flat'; @TileMatrixSet 'WorldCRS84Quad' tiger:poly_landmarks { /* @title parks and green spaces */ [CFCC in ('D82', 'D32', 'D84', 'D85')] { fill: #B4DFB4; stroke: #88B588; }; … } tiger:tiger_roads [@z > 12] { stroke: #666666, #FFFFFF; stroke-width: 6, 4; z-index: 1, 2; … } tiger:poi [@z > 14] { mark: symbol('circle'), mark-size: 11, 7; … } ♥
  10. WMS Graticules • Community module (datastore + rendering transformation) •

    Add a graticule to your WMS map • Specify sizes for zoom levels • Automatically calculate label points for the grid • Automatically redraws on each zoom or pan. 16 2.25.x Ian Turton Eumetsat COM MUN NITY
  11. Improved Polygon Label Function Improvement: - Automatic “tolerance” based on

    polygon size - Compare with centroid or envelope center 17 2.26 Andrea Aime GeoSolutions ♥ Tolerance 0.1 (too small for some polygons) Previously: “maximum inscribed circle”: - Rectangle → infinite max circles! - Tolerance → has to be “just” right or this happens (see below)
  12. Improved vector tiles generation 18 2.26 Andrea Aime ♥ @mode

    "Flat"; tiger:poly_landmarks { fill: gray; vt-attributes: 'CFCC,LANAME'; vt-labels: true; } tiger:tiger_roads [@z > 11] { stroke: black; vt-attributes: 'NAME'; vt-coalesce: true; } tiger:poi [@z > 12] { mark: symbol(square); } • New vendor option flags to control attributes, polygon label points, geometry merging • As usual, driven by the style (scale dependencies, filters, and now vendor options too)
  13. GDAL raster sources speed up • Implementation is using the

    GDAL API in a more efficient way • Used to compute statistics on the fly, even if missing (now only if they are pre-computed) • Used to open the source 2 times per render • More work planned (will we see a generic GDAL raster store for example?) 2.25.x Andrea Aime GeoSolutions MOSS 20
  14. Image mosaic: min/max merge mode • Given N overlapping images

    in a mosaic • Compute for each overlapping pixel the min or the max value 2.26.x Andrea Aime GeoSolutions Naval Research Laboratory 21
  15. Vector mosaicking store • Useful to handle thousands of files

    with similar structure • Database used only to index them • Much cheaper than storing everything in a database (on cloud) • Not suitable if on the fly aggregations are needed • Great if the end user application mostly pulls a few files (one?) at a time • Ongoing performance optimizations (best on 2.25.x and newer) 2.25 Joseph Miller, Andrea Aime GeoSolutions TROO/Eumetsat 22 COM MUN NITY
  16. GWC tile generation speedup 2.26.x Mitchell Bosecke ? 24 -

    Significant speed up by external contributor! - Changes across the board - Faster PNG encoding for tiles in a MetaTile (ImageIO-EXT) - Less locking contention (GWC) - Better parallelization (Geoserver, merged yesterday on dev branch) Before After
  17. GWC file system “filter parameters” management - GWC creates separate

    cache for extra request parameters that cause tile contents to change - TIME, CQL_FILTER - STYLES, ENV, VIEWPARAMS, … - Values are not necessarily file system friendly - SHA-1 of params identify them - Mapping between all SHA-1 and its values stored in a single file - Used to cause contention and lockups on the (network) file system - Fixed 2.26.x Andrea Aime GeoSolutions Eumetsat 25 With the previously mentioned fix for #880, in PR #1230, we now get substantial performance improvements with FileBlobStore. This is anywhere between 2x to 12x the performance, in terms of throughput (there are so many variables to our setup that I can't put a precise figure on it - but this, with other config tweaks to allow us to scale, brings us close to the 12x mark) https://github.com/GeoWebCache/geowebca che/issues/1276
  18. - Azure blob store allows storing tiles in Azure blobs

    - Better cloud integration, lower costs - Some mass tile removal operations paginate over tiles to delete them - Sudden change in behavior meant the pagination would never end… infinite requests. Infinite is … expensive! * termination token switched from null to empty string - Ongoing work to improve Azure blob store (Gabriel Roldan, Camptocamp) - Online tests against Azurite emulator and against actual cloud - Upgrade Azure SDK from 11 to 12 (completely different API, it means a rewrite) Critical fix on Azure blob store 2.24 + Andrea Aime GeoSolutions Strabag 26 COM MUN NITY
  19. • New OGC Standards ◦ Self describing OpenAPI ◦ REST

    / JSON ◦ Building on from W3C collaboration and STAC / WFS3 progress • Trying to collect funding to graduate Features to extension There is a full presentation on this topic right after this one! Stay if interested! OGC API community module Andrea Aime GeoSolutions GeoSolutions OGC GeoNovum API Common Maps API Coverages API Implementing (as part of TB14/TB15) Looking for volunteers/sponsors Process API Records API Features API Tiles API Styles API STAC API CITE compliant! 27 COM MUN NITY 2.24 +
  20. • New community module • Generate GetFeature outputs from the

    same templates as GetFeatureInfo WFS HTML Freemarker output format Alessio Fabiani GeoSolutions Comune di Genova 2.25.x 28 COM MUN NITY
  21. Community module packaging reworked 2.25 Andrea Aime GeoSolutions Geopard 30

    COM MUN NITY • 71 community modules, each one with its specific dependencies • Some dependencies just won’t match (e.g. S3 and Azure blob store ones are not compatible) • Before: try to force everyone on the same set of dependencies (ideal, but impractical for community modules) • Now: each one controls what gets packaged in their zip • Also, COG modules are now split per cloud geoserver-2.24-SNAPSHOT-cog-plugin.zip geoserver-2.25-SNAPSHOT-cog-http-plugin.zip geoserver-2.25-SNAPSHOT-cog-azure-plugin.zip geoserver-2.25-SNAPSHOT-cog-google-plugin.zip geoserver-2.25-SNAPSHOT-cog-s3-plugin.zip
  22. Disclosure Policy Update (GSIP 220) • Name Changed ◦ “Responsible

    Disclosure” to “Coordinated Vulnerability Disclosure” • Policy unchanged: ◦ Communicate first ◦ Stable and maintenance branches patched ◦ Patches are released for downloads ◦ Share vulnerability with community • Communication changed: ◦ GeoServer nows provides CVE Numbers ◦ Automated scans flag dependencies with known vulnerabilities, only if a vulnerability is confirmed will we provide a CVE number 32 2.24 Jody GeoCat GeoCat Map
  23. CVE-2024-36401 - 9.8 Critical (RCE) • Unauthenticated Remote Code Execution

    ◦ Exploit using GetMap/GetFeature requests • June 18th: Patched GeoServer versions were released with an indication to upgrade immediately ◦ 2.25.2, 2.24.4, 2.23.6 • June 30th: CVE and nature of issue announced • July 1st: Security systems autoscan • July 2nd: Active exploits in the wild ◦ 10k systems vulnerable • July 15th: CISA’s Known Exploited Vulnerabilities • August 5th: CISA compliance deadline ◦ required for civilian federal government agencies • September 6th: thehackernews.com update ◦ used in multiple campaigns 2.23+ Steve Ikeoka 🔥🔥🔥 33 • This is what “urgent” looks like: • GeoSolutions is also sharing with the community patched jars built for customers that could not upgrade • Available here • Covered versions: ◦ 2.25.1 ◦ 2.24.3 ◦ 2.24.2 ◦ 2.22.2 ◦ 2.20.7 ◦ 2.19.2 ◦ 2.18.0
  24. • Geoserver-users Geoserver-devel → OSGeo Discourse ◦ Can login with

    credentials you have and ask (or answer) a question ◦ Forum approach allows repetitive questions to stay answered ◦ Previously email list has seen a similar level of involvement as gis stackexchange (which is a surprising result) ◦ Ability to drop-in and engage without long term commitment ◦ GSIP-225 Reducing friction on communication channels 35 2.26 Jody ♥
  25. No more release candidates? • Developers have been asking for

    community uptake on RC testing for a while • It’s a “once every six months” activity • Response has been tepid/missing ◦ But massive thanks to the few that did provide feedback, we love you! • Time to accept reality: RCs, under this conditions, are just busywork • GeoServer 2.26.0 will be released directly, without a RC • Going forward: Help test nightly builds! (docker nightly builds included!) 36 Release Candidate
  26. • The community has a very loose “road map”, often

    missing funds to enact it • Core developers are mostly employed in companies providing commercial services for GeoServer, or using it in a product, or hosting solution → customer driven (no other significant source of funding) • Other developers pop up occasionally to provide improvements, fixes and new features they need • Larger changes require planning and funding! Roadmap - whatever you want to push for Community 38 Everyone ♥
  27. JakartaEE is the latest version of JavaEE API defining a

    Java “Web Application” Hard almost “all at once upgrade”. Split in 3 phases, we need volunteers and funding. GeoServer 3 crowdfunding campaign 39
  28. We are at a turning point in the Java ecosystem.

    Spring 5 is no longer supported, but Spring 6 requires switching from JavaEE to Jakarta EE (API break) and Java 17 as the minimum GeoServer 3 crowdfunding campaign 40 Spring 5 → 6 JavaEE → Jakarta EE Wicket 7 → 10 Tomcat 9 → 10 Spring security 5 → 6 OAuth/OpenID connect modules rewrite Java 11 → Java 17 Jetty 9 → 12 JAI → ImageN
  29. • Getting to Spring Security 6 can only be done

    along with Spring 6 • However, preparations can be done: ◦ Upgrading to the latest Spring Security 5.8 (done) ◦ The Auth/OpenID community modules are currently based on outdated libraries ◦ An upgrade is not feasible, the API is too different ◦ They are being rewritten from scratch (work in progress): GeoServer 3: Spring Security and OAuth 41
  30. • Spring 6 requiring Java 17 as the minimum means

    that everything depending on it also has to set that minimum version → GeoServer and GeoWebCache • However, GeoTools is also developed in tandem with the other two → switch to Java 17 as well • Java Advanced Imaging is performing some operations that are no longer allowed in newer versions of Java. • Thankfully, Eclipse got the sources of JAI as open source, and called the result ImageN GeoServer 3: Java 17 as the minimum 42
  31. • ImageN can be modified to comply with Java 17

    • Also, it can be made more modern ◦ Reduce code synchronization, increasing scalability ◦ Removing “finalizers”, which will be removed soon • There is a catch… it does not have a single test! • However, JAI-EXT provides replacement JAI operations (bug fixes, NODATA, performance) and has tests → merge it into ImageN and get an initial test coverage • More tests will need to be written • Then switch GeoTools, GeoWebCache and GeoServer to use ImageN GeoServer 3: ImageN 43
  32. • Oracle dropped Java Enterprise Edition • Project donated to

    the Jakarta foundation for future development • It contains all the basics for web development (Servlet, Filters, …) • Jakarta EE provides the same concepts, with newer API, and a different Java Package • An application can be either Java EE or Jakarta EE, mix is not allowed • Spring 6 requires Jakarta EE! • Jakarta EE applications require a different servlet container too GeoServer 3: Jakarta EE 44 • Java EE ◦ Up to Tomcat 9 ◦ Up to Jetty 9 • Jakarta EE ◦ Tomcat 10+ ◦ Jetty 10+ Switch all GeoWebCache and GeoServer code to Jakarta EE
  33. • Wicket is used to write the GeoServer administration console

    • Jakarta EE? Whoops, supported only since Wicket 10 • GeoServer is using Wicket 7! • Wicket upgrades are usually a lot of work • Multi-step process ◦ Prepration: Wicket 7 → 8 ◦ Preparation: Wicket 8 → 9 ◦ Wicket 9 enforces Content Security Policy ▪ Browser restricting inline style/inline javascript usage ▪ Helps fendig off Cross Site Scripting attacks ▪ GeoServer UI has lots of both ◦ Wicket 9 →10 can only be done along with all other changes GeoServer 3: Wicket 10 45
  34. GeoServer 3: the funding 47 • It’s going to be

    a massive amount of work • We never attempted something of this size before • Some of the work is being done with “in-kind” donations (AKA developers attacking a single problem and donating the result) • Much of the work will have to be performed in a large code sprint ◦ Several developers ◦ For a long time • We need your support! Crowdfunding page [email protected] Online pledge form