GeoServer 2.20.7 release is available with downloads (bin, war, windows), along with docs and extensions.

This series has previously reached end-of-life, with a release being issued to address an urdent security vulnerability. Please apply this upgrade as a mitigation measure only. Upgrade to 2.22.x series for community support.

Thanks to Andrea Aime (GeoSolutions) for making this update available on behalf of the GeoNode project.

This release was made in conjunction with GeoTools 26.7.

Security Considerations

This release addresses a security vulnerability and is considered an essential upgrade for production systems:

For more information see OGC Filter Injection Vulnerability Statement.

2024-06-30 Update: The following mitigation has been provided:

  • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)

    geoserver-2.20.7-patches.zip (replacing gt-app-schema, gt-complex and gt-xsd-core jars) has been provided by Andrea (GeoSolutions)

See project security policy for more information on how security vulnerabilities are managed.

Improvements and Fixes

For the full list of fixes and improvements, see 2.20.7 release notes.

About GeoServer 2.20

Additional information on GeoServer 2.20 series:

Release notes: ( 2.20.7 | 2.20.6 | 2.20.5 | 2.20.4 | 2.20.3 | 2.20.2 | 2.20.1 | 2.20.0 | 2.20-RC )