GeoServer 2.25.7 release is now available with downloads (bin, war, windows), along with docs and extensions.

This series has previously reached end-of-life, with this release issued to address an urgent bug or security vulnerability. Please apply this update as a mitigation measure only, and plan to upgrade to a stable or maintenance release of GeoServer. GeoServer 2.25.7 is made in conjunction with GeoTools 31.7.

Thanks to Jody Garnett and Andrea Aime (GeoSolutions) for making this release.

Security Considerations

This release addresses security vulnerabilities and is considered an critical update.

• CVE-2025-30220 XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High)

• CVE-2025-30145 Denial-of-service (DoS) Vulnerability in Jiffle process (High)

The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See project security policy for more information on how security vulnerabilities are managed.

Release notes

Improvement:

Bug:

• GEOS-11774 Logout with OAuth plugin will give error if logged in locally

Task:

• GEOS-11770 Update to jai-ext 1.1.31

For the complete list see 2.25.7 release notes.

Community Updates

Community module development:

• GEOS-11762 Feature Templates by feature type can not be listed via GeoServer Rest API
• GEOS-11783 Longitudinal profile process should allow for input chaining
• GEOS-11784 The longitudinal profile process should limit the number of points it can extract
• GEOS-11785 The longitudinal profile process should respect cancellation
• GEOS-11786 Longitudinal profile process: general performance improvements
• GEOS-11811 Features templating editor is unable to update and save the template body

Community modules are shared as source code to encourage collaboration. If a topic being explored is of interest to you, please contact the module developer to offer assistance.

About GeoServer 2.25 Series

Additional information on GeoServer 2.25 series:

• GeoServer 2.25 User Manual
• GeoServer 2024 Roadmap Plannings
• Raster Attribute Table extension
• Individual contributor clarification

Release notes: ( 2.25.7 | 2.25.6 | 2.25.5 | 2.25.4 | 2.25.3 | 2.25.2 | 2.25.1 | 2.25.0 | 2.25-RC )