A new, stable release of the THREDDS Data Server (3.17) is now
available at
http://www.unidata.ucar.edu/projects/THREDDS/tech/TDS.html
This release includes enhancements that give TDS more layers of
security, developed in close consultation with NOAA security experts.
While there are no known security vulnerabilities with TDS, Tomcat, or
Java, multiple layers of security are necessary to protect against
future possible exploits.
As part of your security process, you must keep both Java and Tomcat
up-to-date, as security fixes are ongoing. We recommend Java 1.6 for
performance; the current version is 1.6.0_11. If you are constrained
to stay with Java 1.5, go to the Java download page and make sure that
you are using the latest released version. The current Tomcat version
is 6.0.18.
While there is no immediate threat, we recommend that you upgrade to
current releases of TDS, Tomcat, and Java as soon as practical, and
that you make it a practice to keep production systems current.
