GeoServer 2.23.5 Release
GeoServer 2.23.5 release is now available with downloads (bin, war, windows), along with docs and extensions.
This is the last planned maintenance release of GeoServer 2.23.x, providing existing installations with minor updates and bug fixes. Sites using the 2.23.x series are encouraged to upgrade to GeoServer 2.24.x, or eventually wait next month, for the 2.25.0 release, and upgrade their installation, with the help of the upgrade guide.
GeoServer 2.23.5 is made in conjunction with GeoTools 29.5, and GeoWebCache 1.23.4.
Thanks to Andrea Aime (GeoSolutions) for making this release.
Security Considerations
This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
- CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API (Moderate)
See project security policy for more information on how security vulnerabilities are managed.
Release notes
New Feature:
- GEOS-11225 AuthKey synchronize the user/group automatically
- GEOS-11279 metadata: allow same field on multiple tabs
Improvement:
- GEOS-11213 Improve REST external upload method unzipping
- GEOS-11246 Schemaless plugin performance for WFS
- GEOS-11260 JNDI tutorial uses outdated syntax
- GEOS-11276 Use style_body to define CSS style for a layer
- GEOS-11288 Improve input validation in ClasspathPublisher
Bug:
- GEOS-11174 GWC rest api returns erroneous truncated response when gzip http encoding is enabled
- GEOS-11205 Layer page: style image fails if it is in isolated workspace
- GEOS-11250 WFS GeoJSON encoder fails with an exception if an infinity number is used in the geometry
- GEOS-11255 Multiple inserts in WPS with different idGen strategies does not work
- GEOS-11256 Cannot retrieve LegendGraphic from a PostGIS datastore with ‘hideEmptyRules’ and ‘Support on the fly geometry simplification’ enabled
- GEOS-11278 metadata: only selected tab is submitted
- GEOS-11285 GWC REST Content-Encoding gzip returns broken response
- GEOS-11291 GeoFence: Cleanup stale log4j references
For the complete list see 2.23.5 release notes.
Community Updates
Community module development:
- GEOS-10933 keycloak logout NPE
- GEOS-11290 With Oauth enabled, anon users get random auth requests
Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.
About GeoServer 2.23 Series
Additional information on GeoServer 2.23 series:
- GeoServer 2.23 User Manual
- Drop Java 8
- GUI CSS Cleanup
- Add the possibility to use fixed values in Capabilities for Dimension metadata
- State of GeoServer 2.23
- GeoServer Feature Frenzy 2023
- GeoServer used in fun and interesting ways
- GeoServer Orientation
Release notes: ( 2.23.5 | 2.23.4 | 2.23.3 | 2.23.2 | 2.23.1 | 2.23.0 | 2.23-RC1 )
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release
Atom feed