Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Hello THREDDS users, A second log4j CVE <https://nvd.nist.gov/vuln/detail/CVE-2021-45046> was reported yesterday stating that the last patch did not fully address the exploit. There is now a new patch, 2.16.0. We have published snapshot releases of the TDS (TDS 4.6.19-20211215.210521-2 and TDS 5.3-SNAPSHOT) which use the latest log4j release. The snapshots are now listed on the TDS downloads page <https://www.unidata.ucar.edu/downloads/tds/>.This is a stop-gap solution to immediately address the security issue, and we will put out official releases next week. Importantly, there is *no difference* between a snapshot and a full release other than the process of naming and archiving the version. The snapshots available are complete and stable. An official release is a lengthy process, a snapshot can be made quickly to address a situation such as this. We appreciate your patience on this and will update you when official releases are available (though they will not be different from the currently available snapshot releases). best, THREDDS development team -- Hailey Johnson (she/her) Software Engineer | THREDDS Developer Unidata | UCAR Community Programs (UCP)
thredds archives: