GeoServer 2.24.2 Release
GeoServer 2.24.2 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is a stable release of GeoServer recommended for production use. GeoServer 2.24.2 is made in conjunction with GeoTools 30.2, and GeoWebCache 1.24.2.
Thanks to Jody Garnett (GeoCat) for making this release, everyone who contributed, and to Georg Weickelt and Peter Smythe for preflight testing.
Security Considerations
This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
- CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API (Moderate).
2024-06-30 Update: The following mitigation has been provided:
-
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
geoserver-2.24.2-patches.zip (replacing
gt-app-schema
,gt-complex
andgt-xsd-core
jars) has been provided by Andrea (GeoSolutions)
See project security policy for more information on how security vulnerabilities are managed.
Release notes
Improvement:
- GEOS-11213 Improve REST external upload method unzipping
- GEOS-11246 Schemaless plugin performance for WFS
- GEOS-11219 Upgraded mail and activation libraries for SMTP compatibility
Bug:
- GEOS-9757 Return a service exception when client provided WMS dimensions are not a match
- GEOS-11051 Env parametrization does not save correctly in AuthKey extension
- GEOS-11223 Layer not visible in preview/capabilities if security closes the workspace, but allows access to the layer
- GEOS-11224 Platform independent binary doesn’t start properly with default data directory
- GEOS-11235 preauthentication filters - session reuse even after having logout
- GEOS-11241 ModificationProxy breaks information hidding on CatalogInfo.accept(CatalogVisitor) exposing the proxied object
- GEOS-11250 WFS GeoJSON encoder fails with an exception if an infinity number is used in the geometry
- GEOS-11255 Multiple inserts in WPS with different idGen strategies does not work
Task:
- GEOS-11220 Upgrade Hazelcast from 5.3.1 to 5.3.6
- GEOS-11245 Update OSHI from 6.2.2 to 6.4.10
For the complete list see 2.24.2 release notes.
Community Updates
Community module development:
- GEOS-10933 keycloak logout NPE
Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.
About GeoServer 2.24 Series
Additional information on GeoServer 2.24 series:
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release