« NSF Unidata Update:... | Main | XSS Vulnerability... »

Email this

XSS Vulnerability for TDS <= 5.5

13 August 2024

An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either:

1. Disable DAP4 services
2. or upgrade to the latest 5.6-SNAPSHOT version. This can be downloaded here. Please note that this newest snapshot now requires JDK 17. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here.

If you have any questions or concerns, please contact support-thredds@unidata.ucar.edu.

Best, The THREDDS development team.

Posted by Tara Drwenski [ Comments [0] ]

Comments:

Post a Comment:

News@Unidata

News and information from the Unidata Program Center

News@Unidata

News and information from the Unidata Program Center

Developers’ blog

Recent Entries:

Recent Changes at the NSF Unidata Program Center
2024-08-13 11:42:24.343
XSS Vulnerability for TDS <= 5.5
2024-08-13 11:15:37.573
NSF Unidata Update: July 2024
2024-08-01 08:30:00.0

Take a poll!

What if we had an ongoing user poll in here?

Browse By Topic

Community (422)

Browse by Topic

All
Community (422)
Jobs (172)
Unidata (204)
Data (56)
News (8)
Software (0)
AWIPS (126)
Decoders (0)
GEMPAK (18)
IDV (48)
LDM (17)
McIDAS (14)
NetCDF (135)
NetCDF-Java (28)
RAMADDA (6)
TDS (43)
UDUNITS (3)
Events (23)
LDM-McIDAS (1)
LibCF (1)
NetCDF-Perl (0)
Python (19)
Rosetta (1)
Cloud (6)
MetPy (44)

Blog Search