[thredds] XSS Vulnerability for TDS <= 5.5

Dear THREDDS users,

An XSS vulnerability has been brought to our attention and fixed. This
vulnerability only affects the DAP4 service for versions <= 5.5. We
strongly recommend that you either:

*1. Disable DAP4 services*
*2. or upgrade to the latest 5.6-SNAPSHOT version. *This can be downloaded
here <https://downloads.unidata.ucar.edu/tds/>. Please note that this
newest snapshot now requires JDK 17
<https://docs.unidata.ucar.edu/tds/5.6/userguide/install_java_tomcat.html>.
Additional JVM arguments are needed, which are in the CHRONICLE_CACHE
variable here
<https://docs.unidata.ucar.edu/tds/5.6/userguide/running_tomcat.html#setting-java_home-java_opts-catalina_home-catalina_base-and-content_root>
 .

Please let us know if you have any questions or concerns.

Best,
The THREDDS team

-- 
Tara Drwenski (she/her)
Software Engineer | THREDDS Developer
NSF Unidata | UCAR/UCP
  • 2024 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: