GeoServer Enterprise 2024.1 Release Notes

GeoCat is pleased to present our latest distribution of GeoServer Enterprise.

Overview

GeoServer Enterprise 2024.1 provides support for publishing geospatial data using open standards.

This distribution is made available to GeoCat customers:

  • GeoServer Enterprise Standard distribution provides a web archive (or docker image) of GeoServer bundled with popular extensions backed by GeoCat long-term support

  • GeoServer Enterprise Premium offers a custom distribution with your selection of extensions backed by GeoCat extended support.

  • GeoCat Live provides a hosted GeoServer environment

GeoServer Enterprise 2024.1 is a recommended upgrade for all our customers and is compatible with GeoCat Bridge for both ArcGIS Desktop and QGIS Desktop.

General

GeoServer Enterprise 2024.1 release notes:

  • Offers our GeoServer Enterprise Premium customers “predefined war” service with a ready to use war including your selection of supported GeoServer extensions.

  • GeoServer Enterprise 2024.1 is proudly open source with the latest GeoServer 2.25.2, GeoWebCache 1.25.2, and GeoTools 31.2 technologies.

Detailed change log:

  • GeoServer posts ( 2.25.2 )

  • GeoServer release notes ( 2.25.2 )

Security considerations:

  • GeoCat respects the GeoServer coordinated vulnerability disclosure policy, contact us directly to discuss known security vulnerabilities mitigation and resolution availability.

    • CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions

    • CVE-2024-24749 Tomcat / Windows pre-authorization file read to gain Administrator privilege (Moderate)

    • CVE-2024-34696 GeoServer About Status lists sensitive Environmental Variables (Moderate)

    • CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information (Moderate)

Known issues:

GeoServer Enterprise Standard

New Feature:

  • Demo requests page has been rewritten for an improved user experience.

    This is a welcome change replacing the TestWfsPost servlet which has been a consistent source of security vulnerabilities.

Fixes:

  • GeoPackage output contains invalid field types when exporting content from PostGIS

GeoServer Enterprise Premium

Technology preview:

  • Cloud Optimized GeoTIFF:

    Due to conflicting libraries the different cloud providers (Azure,Google,S3) cannot be used at the same time.