GeoServer 2.23.5 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is the last planned maintenance release of GeoServer 2.23.x, providing existing installations with minor updates and bug fixes. Sites using the 2.23.x series are encouraged to upgrade to GeoServer 2.24.x, or eventually wait next month, for the 2.25.0 release, and upgrade their installation, with the help of the upgrade guide.

GeoServer 2.23.5 is made in conjunction with GeoTools 29.5, and GeoWebCache 1.23.4.

Thanks to Andrea Aime (GeoSolutions) for making this release.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

  • CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API (Moderate)

See project security policy for more information on how security vulnerabilities are managed.

Release notes

New Feature:

  • GEOS-11225 AuthKey synchronize the user/group automatically
  • GEOS-11279 metadata: allow same field on multiple tabs


  • GEOS-11213 Improve REST external upload method unzipping
  • GEOS-11246 Schemaless plugin performance for WFS
  • GEOS-11260 JNDI tutorial uses outdated syntax
  • GEOS-11276 Use style_body to define CSS style for a layer
  • GEOS-11288 Improve input validation in ClasspathPublisher


  • GEOS-11174 GWC rest api returns erroneous truncated response when gzip http encoding is enabled
  • GEOS-11205 Layer page: style image fails if it is in isolated workspace
  • GEOS-11250 WFS GeoJSON encoder fails with an exception if an infinity number is used in the geometry
  • GEOS-11255 Multiple inserts in WPS with different idGen strategies does not work
  • GEOS-11256 Cannot retrieve LegendGraphic from a PostGIS datastore with ‘hideEmptyRules’ and ‘Support on the fly geometry simplification’ enabled
  • GEOS-11278 metadata: only selected tab is submitted
  • GEOS-11285 GWC REST Content-Encoding gzip returns broken response
  • GEOS-11291 GeoFence: Cleanup stale log4j references

For the complete list see 2.23.5 release notes.

Community Updates

Community module development:

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.23 Series

Additional information on GeoServer 2.23 series:

Release notes: ( 2.23.5 | 2.23.4 | 2.23.3 | 2.23.2 | 2.23.1 | 2.23.0 | 2.23-RC1 )