We anticipate the release of Portal in the upcoming weeks based on MapStore2 v2025.01.01, as well as promoting FIPS compliance for GeoServer to a generally available release.

Other exciting features on our roadmap include:

• Expanded deployment options with Docker Compose
• AI Enablement via MCP API
• Expanded FIPS 140 compliance across all CoreSpatial modules

CoreSpatial Server and Basemaps Release Notes

2025.3.5 (9/24/2025)

• Docker setup scripts hardened and simplified:
  • Unified permission / ownership helpers (fix_dir, fix_file) across data load steps
  • More robust curl version / SigV4 capability detection and consolidated S3 / MinIO download logic
  • Non‑root friendly: scripts no longer require running as root
• Default basemap data storage now points to Cloudflare R2 (via BUCKET_HOST)

2025.3.4 (8/29/2025)

• Update GeoServer to 2.27.2
• Docker build now uses Iron Bank ubi9 base image
• Minor improvements to docker setup script

2025.3.3 (8/14/2025)

• Patch vulnerabilities in OpenJDK 17

2025.3.1 (7/2/2024)

• Update PostgreSQL JDBC jar to 42.7.7 – patches CVE-2025-49146
• Update commons-beanutils to 1.11.0 – patches CVE-2025-48734

2025.2.4 (7/1/2025)

• Add logic for catalog manifest to allow for updates to catalog

CoreSpatial Map Manager Release Notes

2025.3.3 (9/22/2025)

• Bump Spring Boot to 3.5.6 to clear 1 High severity CVE

2025.3.2 (8/27/2025)

• Bump Spring Boot to 3.5.5 to clear 1 High and 1 Medium severity CVEs

2025.3.1 (7/7/2025)

• Bump Postgres JDBC Jar to 42.7.7
• Bump Spring Boot to 3.5.3 to clear 1 High and 2 Medium severity CVEs

The post CoreSpatial 2025-Q3 Release Announcement first appeared on .

What Is FIPS Compliance and Why Does It Matter?

FIPS stands for Federal Information Processing Standards, a set of publicly announced standards developed by the National Institute of Standards and Technology (NIST) for use in computer systems by non-military government agencies and contractors. Specifically, FIPS 140-2 and 140-3 relate to cryptographic module validation. They define the security requirements for cryptographic operations like encryption, hashing, and signing.

• Learn more about FIPS 140-2
  
• Explore the latest FIPS 140-3 standard
  
• NIST’s full FIPS series can be found at csrc.nist.gov
  

Many U.S. federal systems (and an increasing number of enterprise platforms handling sensitive or regulated data) are required to run only FIPS-validated cryptographic modules. Without this validation, software components like web services, authentication providers, or spatial data servers will be deemed unsuitable for use in secure environments, particularly those that handle Controlled Unclassified Information (CUI), Protected Health Information (PHI), or mission-critical defense data.

Why This Is a Big Deal for CoreSpatial and GeoServer Users

GeoServer, a cornerstone of open-source geospatial services, is widely adopted across both public and private sectors. However, until now, deploying GeoServer in a FIPS-validated environment was not possible due to compatibility issues related to the use of older style JCEKS keystores for secret management, among other password handling issues. 

With this new release of CoreSpatial Server, we’ve resolved those limitations by:

• Configuring the Java runtime environment to use Bouncy Castle FIPS 140-2 validated cryptographic providers
  
• Hardening container images and RPM-based installations to ensure strict FIPS mode enforcement
  
• Providing turnkey compatibility with RHEL FIPS-enabled operating systems
  
• Validating compatibility with secure ingress and TLS termination using approved ciphers and key lengths
  
• Ensuring continued compatibility with key plugins and extensions, such as WMS/WFS/WCS services, PostGIS integration, and security modules
  

This means CoreSpatial Server customers can now deploy GeoServer in environments where FIPS 140-2 compliance is not optional – including DoD, DHS, and state-level emergency management systems.

Deployment Scenarios Supported

The FIPS-compliant CoreSpatial Server supports:

• Bare metal or VM installations on RHEL 8 and 9 with FIPS mode enabled
  
• Containerized deployments using Podman, Docker, or Kubernetes where the underlying host supports FIPS 140-2 compliant cryptography
  

Whether you’re deploying in a SCIF, in a hybrid cloud with strict compliance policies, or inside an accredited container security boundary, CoreSpatial Server now enables you to take full advantage of GeoServer’s spatial publishing power without compromising on compliance.

Get Started Today

To explore FIPS-ready deployment options or see a demo, contact us at sales@newmoyergeospatial.com or visit our CoreSpatial overview.

For federal agencies and contractors already navigating FedRAMP, CMMC, or NIST 800-171 compliance landscapes, this enhancement brings CoreSpatial one step closer to being your go-to open-source alternative for secure geospatial systems.

The post CoreSpatial Server Adds FIPS 140-2 Compliance to GeoServer first appeared on .

This release includes major security and performance updates across the stack. We are hard at work to bring a new release of Portal based on the recently dropped MapStore2 v2025.01.00, as well as FIPS compliance for GeoServer (CS Server).

CoreSpatial Server and Basemaps Release Notes

2025.2.3 (6/10/2025)

• Update GeoServer to 2.27.1
• Update Jetty to 9.4.57.v20241219
• Update PostgreSQL JDBC jar to 42.7.6
• Update C3P0 Connection Pooling lib 0.11.1
• Update Marlin Jar to v0_9_4_8_jdk17

2025.2.2 (5/12/2025)

• Add ability to map data from mounted volume in Kubernetes environment

2025.2.1 (5/2/2025)

• Improvements to container initialization scripts
• Multiple High and Medium severity security patches in OpenJDK, libexpat, c-ares, and giflib
• Update OSM database to 3/31/2025 build

CoreSpatial Map Manager Release Notes

2025.2.2 (6/10/2025)

• Bump Spring Boot to 3.5.0 to clear 2 Low severity CVEs
• Bump Python to 3.12.11 to clear multiple CVEs (Medium, High, and Critical severity)
• Bump Postgres JDBC Jar to 42.7.6

2025.2.1 (5/2/2025)

• Bump Spring Boot to 3.4.5 to clear multiple CVEs

The post CoreSpatial 2025-Q2 Release Announcement first appeared on .