GeoServer Enterprise 2024.5 Release Notes

GeoCat is pleased to present our latest distribution of GeoServer Enterprise.

Overview

GeoServer Enterprise 2024.5 provides support for publishing geospatial data using open standards.

This distribution is made available to GeoCat customers:

• GeoServer Enterprise Standard distribution provides a web archive (or docker image) of GeoServer bundled with popular extensions backed by GeoCat long-term support

• GeoServer Enterprise Premium offers a custom distribution with your selection of extensions backed by GeoCat extended support.

• GeoCat Live provides a hosted GeoServer environment

GeoServer Enterprise 2024.5 is a recommended upgrade for all our customers and is compatible with GeoCat Bridge for both ArcGIS Desktop and QGIS Desktop.

General

GeoServer Enterprise 2024.5 release notes:

• Offers our GeoServer Enterprise Premium customers “predefined war” service with a ready to use war including your selection of supported GeoServer extensions.

• GeoServer Enterprise 2024.5 is proudly open source with the latest GeoServer 2.26.4, GeoWebCache 1.26.4, and GeoTools 32.4 technologies.

Detailed change log:

• GeoServer posts ( 2.26.4 )

• GeoServer release notes ( 2.26.5 )

Security considerations:

• GeoCat respects the GeoServer coordinated vulnerability disclosure policy, contact us directly to discuss known security vulnerabilities mitigation and resolution availability.

  • CVE-2025-58360

    Not disclosed at the time of writing

  • CVE-2024-21621

    Not disclosed at the time of writing

Known issues:

• Known issues for 2024.6

GeoServer Enterprise Standard

Update notes:

• The global setting Unrestricted XML External Entity Resolution has been replaced with the ENTITY_RESOLUTION_UNRESTRICTED application property.

  This setting is an acknoledged security risk, and was only of interest to those working with applications schema against a local schema file system location.

  This functionality has been removed from the user interface, and into an application property, to avoid accidental use.

• The master password security page now displays the current value via the secured REST API.

  Due to this user interface change it is no longer necessary to generate a masterpw.info file when upgrading older security configuration.

New feature:

• The web admin console can be configured to display the user that made the last change, along modificaiotn date.