As of December 28th, 2021, log4j 2.17.0 is known to be vulnerable to
CVE-2021-44832 <https://logging.apache.org/log4j/2.x/>. We have published
snapshots of TDS 4.6.20 and 5.4 that use log4j 2.17.1. Like last time,
these snapshots are complete and stable, despite being called snapshot
releases.
You can get both new versions from the TDS downloads page
<https://www.unidata.ucar.edu/downloads/tds/>.
We will release TDS 4.6.20 and 5.4 sometime soon, but are choosing to "wait
and see" how the issue evolves for the time being.
Hope everyone is having a happy holiday season amidst all this!
Cheers,
THREDDS team
--
Hailey Johnson (she/her)
Software Engineer | THREDDS Developer
Unidata | UCAR Community Programs (UCP)
