An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either:
1. Disable DAP4 services
2. or upgrade to the latest 5.6-SNAPSHOT version. This can be downloaded here. Please note that this newest snapshot now requires JDK 17. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here.
If you have any questions or concerns, please contact support-thredds@unidata.ucar.edu.
Best, The THREDDS development team.