GeoNetwork 4.2.13 and 4.4.8 released

Dear all,

We’re proud to announce the releases of GeoNetwork opensource v4.2.13 and v4.4.8.

The releases are made in conjunction with a security advisory to be published early June.

You can find the software at:

• GeoNetwork version 4.2.13
• GeoNetwork version 4.4.8

You can find a list of new functionalities and fixes for version 4.2.13 and for version v4.4.8.

If you have any improvements you want to contribute back, the best is to use git to get a local copy of the source code from the GeoNetwork GitHub repository, apply the fix and put out a pull request so your improvements can be integrated quickly. Otherwise you can also create new tickets in the GitHub issue tracker.

Thanks and congratulations to all the community members and developers that have been putting effort and energy in these releases and the documentation update.

Francois Prunayre and Jose García

Just a note that these releases address a security advisory:

Security Advisory

Release is made in conjunction with a security advisory to be published early June.

Please plan to update promptly as we are coordinating public disclosure with the GeoTools library (not only the GeoNetwork project is affected).

Hey folks the security vulnerability is now published (I trust everyone had an opportunity to update):

• CVE-2025-30220 https://github.com/geonetwork/core-geonetwork/security/advisories/GHSA-2p76-gc46-5fvc
• CVE-2025-30220 XML External Entity (XXE) Processing Vulnerability in XSD schema handling

aside: This vulnerability occurred in the GeoTools which was assigned the CVE-2025-30220 record number, affected software such as GeoNetwork do not get a distinct “common vulnerability and exploit” record. While I have not experienced this personally different national registrars may end up merging reports, I am curious what will happen if anyone wishes to report back on their experience.