Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Hello THREDDS users, As some of you may already be aware, an RCE vulnerability was recently reported for the Spring Framework library (cve-2022-22965 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965>). You can read Spring's statement here <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>. A Spring Framework patch release was made available this morning. We've published a new snapshot of the TDS 5 that uses the patched version (5.3.18), and it is now available on the Unidata downloads page <https://downloads.unidata.ucar.edu/tds/>. *All previous releases of TDS 5.x are vulnerable to this exploit. *We strongly encourage 5.x users to upgrade to the latest snapshot. To our knowledge, no releases of TDS 4.6.x are vulnerable due to its older JDK dependency (JDK 8). *Updates on upcoming releases:* We will be publishing an official release of TDS 5.4 shortly, and apologize that it has taken longer than expected to do so. The 5.4 release will contain a large number of bug fixes, particularly to the NetcdfSubsetService and S3 support. best, The THREDDS development team -- Hailey Johnson (she/her) Software Engineer | THREDDS Developer Unidata | UCAR Community Programs (UCP)
thredds archives: