Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Hello all, A couple of new CVEs were issued for Tomcat, including one with a severity designation of 'important' (see below). Please be sure to keep your Tomcat installations up-to-date with the most current version available. Cheers, Jennifer CVE-2021-25122 h2c request mix-up > Severity: Important > Vendor: The Apache Software Foundation > Versions Affected: > Apache Tomcat 10.0.0-M1 to 10.0.0 > Apache Tomcat 9.0.0.M1 to 9.0.41 > Apache Tomcat 8.5.0 to 8.5.61 > Description: > When responding to new h2c connection requests, Apache Tomcat could > duplicate request headers and a limited amount of request body from one > request to another meaning user A and user B could both see the results > of user A's request. > Mitigation: > Users of the affected versions should apply one of the following > mitigations: > - Upgrade to Apache Tomcat 10.0.2 or later > - Upgrade to Apache Tomcat 9.0.43 or later > - Upgrade to Apache Tomcat 8.5.63 or later > Note that issue was fixed in 10.0.1, 9.0.42 and 8.5.62 but the release > votes for those versions did not pass. > Credit: > This issue was identified by the Apache Tomcat Security Team. > History: > 2021-03-01 Original advisory > References: > [1] https://tomcat.apache.org/security-10.html > [2] https://tomcat.apache.org/security-9.html > [3] https://tomcat.apache.org/security-8.html > [4] https://tomcat.apache.org/security-7.html
thredds archives: