GeoServer 2.22.4 release is now available with downloads ( bin, war, windows) , along with docs and extensions.

This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes.

GeoServer 2.22.4 is made in conjunction with GeoTools 28.4.

Thanks to Peter Smythe (AfriGIS) and Jody Garnett (GeoCat) for making this release. This is Peter’s first time making a GeoServer release and we would like to thank him for volunteering.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

  • CVE-2023-43795 WPS Server Side Request Forgery
  • CVE-2023-41339 Unsecured WMS dynamic styling sld=url parameter affords blind unauthenticated SSRF

See project security policy for more information on how security vulnerabilities are managed.

Release notes

New Feature:

  • GEOS-10949 Control remote resources accessed by GeoServer



  • GEOS-8162 CSV Data store does not support relative store paths
  • GEOS-10906 Authentication not sent if connection pooling activated
  • GEOS-10936 YSLD and OGC API modules are incompatible
  • GEOS-10969 Empty CQL_FILTER-parameter should be ignored
  • GEOS-10975 JMS clustering reports error about ReferencedEnvelope type not being whitelisted in XStream
  • GEOS-10980 CSS extension lacks ASM JARs as of 2.23.0, stops rendering layer when style references a file
  • GEOS-10981 Slow CSW GetRecords requests with JDBC Configuration
  • GEOS-10993 Disabled resources can cause incorrect CSW GetRecords response
  • GEOS-10994 OOM due to too many dimensions when range requested
  • GEOS-10998 LayerGroupContainmentCache is being rebuilt on each ApplicationEvent
  • GEOS-11015 geopackage wfs output builds up tmp files over time
  • GEOS-11024 metadata: add datetime field type to feature catalog


  • GEOS-10987 Bump xalan:xalan and xalan:serializer from 2.7.2 to 2.7.3
  • GEOS-11008) Update sqlite-jdbc from 3.34.0 to
  • GEOS-11010 Upgrade guava from 30.1 to 32.0.0
  • GEOS-11011 Upgrade postgresql from 42.4.3 to 42.6.0
  • GEOS-11012 Upgrade commons-collections4 from 4.2 to 4.4
  • GEOS-11018 Upgrade commons-lang3 from 3.8.1 to 3.12.0
  • GEOS-11020 Add test scope to mockito-core dependency


  • GEOS-10989 Update spring.version from 5.2.23.RELEASE to 5.2.24.RELEASE

For the complete list see 2.22.4 release notes.

About GeoServer 2.22 Series

Additional information on GeoServer 2.22 series:

Release notes: ( 2.22.4 | 2.22.3 | 2.22.2 | 2.22.1 | 2.22.0 | 2.22-RC | 2.22-M0 )