GeoServer 2.22.5 release is now available with downloads ( bin, war, windows) , along with docs and extensions.

This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes. GeoServer 2.22.5 is made in conjunction with GeoTools 28.5, and GeoWebCache 1.22.5.

Thanks to Peter Smythe (AfriGIS) for making this release.

2023-09-05 update: GeoServer 2.22.5 has been recompiled and uploaded to SourceForge. The initial upload was accidentally compiled with Java 11 and would not function in a Java 8 environment.

Thanks to Jody Garnett (GeoCat) for this update, and Steve Ikeoka for testing in a Java 8 environment.

Java 8 End-of-life

This GeoServer 2.22.5 maintenance release is final scheduled release of GeoServer 2.22.x series, and thus the last providing Java 8 support.

All future releases will require a minimum of Java 11.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

  • CVE-2023-43795 WPS Server Side Request Forgery
  • CVE-2023-41339 Unsecured WMS dynamic styling sld=url parameter affords blind unauthenticated SSRF

See project security policy for more information on how security vulnerabilities are managed.

Release notes


  • GEOS-10856 geoserver monitor plugin - scaling troubles
  • GEOS-11048 Improve URL checking
  • GEOS-11081 Add option to disable GetFeatureInfo transforming raster layers
  • GEOS-11099 ElasticSearch DataStore Documentation Update for RESPONSE_BUFFER_LIMIT
  • GEOS-11100 Add opacity parameter to the layer definitions in WPS-Download download maps


  • GEOS-10874 Log4J: Windows binary zip release file with log4j-1.2.14.jar
  • GEOS-10875 Disk Quota JDBC password shown in plaintext
  • GEOS-10901 GetCapabilities lists the same style multiple times when used as both a default and alternate style
  • GEOS-10903 WMS filtering with Filter 2.0 fails
  • GEOS-10932 csw-iso: should only add ‘xsi:nil = false’ attribute
  • GEOS-11025 projection parameter takes no effect on MongoDB Schemaless features WFS requests
  • GEOS-11035 Enabling OSEO from Workspace Edit Page Results in an NPE
  • GEOS-11054 NullPointerException creating layer with REST, along with attribute list
  • GEOS-11055 Multiple layers against the same ES document type conflict with each other
  • GEOS-11069 Layer configuration page doesn’t work for broken SQL views


For the complete list see 2.22.5 release notes.

About GeoServer 2.22 Series

Additional information on GeoServer 2.22 series:

Release notes: ( 2.22.5 | 2.22.4 | 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )