GeoServer 2.23.6 release is now available with downloads (bin, war, windows), along with docs and extensions.

This series has previously reached end-of-life, with this release issued to address an urgent bug or security vulnerability (see CVE-2024-36401 below).

This GeoServer 2.23.6 update is provided as a temporary measure. Rather plan to upgrade to a stable GeoServer 2.25.2 or maintenance GeoServer 2.24.4.

GeoServer 2.23.6 is made in conjunction with GeoTools 29.6, and GeoWebCache 1.23.5.

Thanks to Jody Garnett (GeoCat) for making this release on behalf of GeoCat customers.

Security Considerations

This release addresses security vulnerabilities and is considered an essential update for production systems.

  • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
  • CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate)

See project security policy for more information on how security vulnerabilities are managed.

Release notes


  • GEOS-11327 Add warning about using embedded data directories
  • GEOS-11347 STAC Landing Page links should include root link


  • GEOS-11331 OAuth2 can throw a “java.lang.RuntimeException: Never should reach this point”


For the complete list see 2.23.6 release notes.

Community Updates

Community module development:

  • GEOS-11348 JMS cluster does not allow to publish style via REST “2 step” approach
  • GEOS-11358 Feature-Autopopulate Update operation does not apply the Update Element filter
  • GEOS-11381 Error in OIDC plugin in combination with RoleService
  • GEOS-11412 Remove reference to JDOM from JMS Cluster (as JDOM is no longer in use)

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.23 Series

Additional information on GeoServer 2.23 series:

Release notes: ( 2.23.6 | 2.23.5 | 2.23.4 | 2.23.3 | 2.23.2 | 2.23.1 | 2.23.0 | 2.23-RC1 )