XSS Vulnerability for TDS <= 5.5

An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either:

1. Disable DAP4 services
2. or upgrade to the latest 5.6-SNAPSHOT version. This can be downloaded here. Please note that this newest snapshot now requires JDK 17. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here.

If you have any questions or concerns, please contact support-thredds@unidata.ucar.edu.

Best, The THREDDS development team.

Comments:

Post a Comment:
Comments are closed for this entry.
News@Unidata
News and information from the Unidata Program Center
News@Unidata
News and information from the Unidata Program Center

Welcome

FAQs

Developers’ blog

Recent Entries:
Take a poll!

What if we had an ongoing user poll in here?

Browse By Topic
Browse by Topic
« December 2024
SunMonTueWedThuFriSat
2
3
4
5
6
7
8
11
12
13
14
15
16
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy