GeoServer Enterprise 2023.2,1 Release Notes

GeoCat is pleased provide our long-term support customers with this release of GeoServer Enterprise 2023.2.1.

Overview

This patch release updates existing installations of GeoServer 2023.2 to address CVE-2024-36401.

GeoServer Enterprise 2023.2.1 is an urgent update for customers to respond to this security issue. The appropriate mitigation measure should already be applied.

General

GeoServer Enterprise 2023.2 release notes:

• GeoServer Enterprise 2023.2 is proudly open source with the latest GeoServer 2.23.6, GeoWebCache 1.23.5, and GeoTools 29.6 technologies.

  GeoCat made these releases on behalf of our GeoServer Enterprise customers.

Detailed change log:

• GeoServer posts ( 2.23.5, 2.23.6 )

• GeoServer release notes ( 2.23.5 | 2.23.6 )

Security considerations:

• GeoCat respects the GeoServer coordinated disclosure policy, contact support directly to discuss list of known security vulnerabilities.

  • CVE-2023-51445 not yet public

  • CVE-2024-24749 not yet public

  • CVE-2024-23634 Arbitrary file renaming vulnerability in REST Coverage/Data Store API (Moderate).

Known issues:

• Known issues for GeoServer Enterprise 2023.2

GeoServer Enterprise Standard

Fixes:

• LegendGraphic from a PostGIS datastore with ‘hideEmptyRules’ and ‘Support on the fly geometry simplification’ enabled

GeoServer Enterprise Premium

Technology preview:

• Improve OAuth2 and OIDC integration with role service use