GeoServer 2.24.4 release is now available with downloads (bin, war, windows), along with docs and extensions.

This is a maintenance release of GeoServer providing existing installations with minor updates and bug fixes. It also includes security vulnerability fixes.

GeoServer 2.24.4 is made in conjunction with GeoTools 30.4, and GeoWebCache 1.24.4.

Thanks to Peter Smythe (AfriGIS) for making this release.

Security Considerations

This release addresses security vulnerabilities and is considered an essential upgrade for production systems.

  • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
  • CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate)
  • CVE-2024-34696 GeoServer About Status lists sensitive Environmental Variables (Moderate)

The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See project security policy for more information on how security vulnerabilities are managed.

Demo Requests page rewritten

The Demo Request page has been rewritten to use JavaScript to issue POST examples. This provides a much better user experience:

  • Show Result lists the response headers to be viewed along side the returned result (with an option for XML pretty printing).
  • Show Result in a New Page is available to allow your browser to display the result.

The WCS Request Builder and WPS Request Builder demos now have the option to show their results in Demo Requests page. Combined these changes replace the previous practice of using an iframe popup, and have allowed the TestWfsPost servlet to be removed.

For more information please see the Demo requests in the User Guide.

Thanks to David Blasby (GeoCat) for these improvements, made on behalf of the GeoCat Live project.

  • GEOS-11390 Replace TestWfsPost with Javascript Demo Page

Release notes

New Feature:

  • GEOS-11390 Replace TestWfsPost with Javascript Demo Page


  • GEOS-11311 Show a full stack trace in the JVM stack dump panel
  • GEOS-11369 Additional authentication options for cascaded WMS WMTS data stores
  • GEOS-11400 About Page Layout and display of build information
  • GEOS-11401 Introduce environmental variables for Module Status page


  • GEOS-7183 Demo request/wcs/wps pages incompatible with HTTPS/PKI
  • GEOS-11202 CAS extension doesn’t use global “proxy base URL” setting for service ticket
  • GEOS-11331 OAuth2 can throw a “ java.lang.RuntimeException: Never should reach this point”
  • GEOS-11332 Renaming style with uppercase/downcase empty the sld file
  • GEOS-11382 The interceptor “CiteComplianceHack” never gets invoked by the Dispatcher Servlet
  • GEOS-11385 Demo Requests functionality does not honour ENV variable PROXY_BASE_URL
  • GEOS-11416 GeoPackage output contains invalid field types when exporting content from PostGIS
  • GEOS-11430 CiteComplianceHack not correctly parsing the context


  • GEOS-11318 Upgrade postgresql from 42.6.0 to 42.7.2
  • GEOS-11374 Upgrade Spring version from 5.3.33 to 5.3.34
  • GEOS-11375 GSIP 224 - Individual contributor clarification
  • GEOS-11393 Upgrade commons-io from 2.12.0 to 2.16.1
  • GEOS-11395 Upgrade guava from 32.0.0 to 33.2.0
  • GEOS-11397 App-Schema Includes fix Integration Tests
  • GEOS-11402 Upgrade PostgreSQL driver from 42.7.2 to 42.7.3
  • GEOS-11403 Upgrade commons-text from 1.10.0 to 1.12.0
  • GEOS-11404 Upgrade commons-codec from 1.15 to 1.17.0

For the complete list see 2.24.4 release notes.

Community Updates

Community module development:

  • GEOS-11040 Could not get a ServiceInfo for service Features thus could not check if the service is enabled
  • GEOS-11381 Error in OIDC plugin in combination with RoleService
  • GEOS-11412 Remove reference to JDOM from JMS Cluster (as JDOM is no longer in use)

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.24 Series

Additional information on GeoServer 2.24 series:

Release notes: ( 2.24.4 | 2.24.3 | 2.24.2 | 2.24.1 | 2.24.0 | 2.24-RC )