[thredds] Updates on log4j

As of December 28th, 2021, log4j 2.17.0 is known to be vulnerable to
CVE-2021-44832 <https://logging.apache.org/log4j/2.x/>. We have published
snapshots of TDS 4.6.20 and 5.4 that use log4j 2.17.1. Like last time,
these snapshots are complete and stable, despite being called snapshot
releases.

You can get both new versions from the TDS downloads page
<https://www.unidata.ucar.edu/downloads/tds/>.

We will release TDS 4.6.20 and 5.4 sometime soon, but are choosing to "wait
and see" how the issue evolves for the time being.

Hope everyone is having a happy holiday season amidst all this!
Cheers,
THREDDS team

-- 
Hailey Johnson (she/her)
Software Engineer | THREDDS Developer
Unidata | UCAR Community Programs (UCP)
  • 2021 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: