XSS Vulnerability for TDS <= 5.5

An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either:

1. Disable DAP4 services
2. or upgrade to the latest 5.6-SNAPSHOT version. This can be downloaded here. Please note that this newest snapshot now requires JDK 17. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here.

If you have any questions or concerns, please contact support-thredds@unidata.ucar.edu.

Best, The THREDDS development team.

Comments:

Post a Comment:
Comments are closed for this entry.
News@Unidata
News and information from the Unidata Program Center
News@Unidata
News and information from the Unidata Program Center

Welcome

FAQs

Developers’ blog

Recent Entries:
Take a poll!

What if we had an ongoing user poll in here?

Browse By Topic
Browse by Topic
« December 2024
SunMonTueWedThuFriSat
2
3
4
5
6
7
8
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today