Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.

[thredds] Spring4Shell in THREDDS

  • To: "thredds@xxxxxxxxxxxxxxxx" <thredds@xxxxxxxxxxxxxxxx>
  • Subject: [thredds] Spring4Shell in THREDDS
  • From: "Mouchyn, Chris" <mouchyn@xxxxxxxx>
  • Date: Tue, 28 Mar 2023 22:08:13 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tamu.edu; dmarc=pass action=none header.from=tamu.edu; dkim=pass header.d=tamu.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FxZ/iPNhRWqkjEHdiWQlrXb2lPaHjkuIoERXGa+4tLA=; b=RnlMS6zzR0LdnilS3yRjvp+2op0JauPvn2Tb9fZgXt3nv20UKG+wO4GW5EsR8k5Zs3BCoyFfDWiwezrOM7bKTR0ZZaJ3uUbmkR3CieGw1nXF/X35uyiMsOcnKXGFsKnYoqHgfDP9tSbtM50ph1LSpba1k90oKjvuRkBG1k5hXOCiRmBjMha6+oiXhY39gVL7Sw05IthJ2E/MZpjanhPHNBuq2vZ9x3Gcw2K0iZSd55dVaIel6Gc/e3oMZ8z2wB7Ukal92Y/uYCnRhJVxPyNR0t9FRC4BWSeABGqt1Yx8LYbKDCIIhH3F/cPiSkO4IJaRF6hDHiIfeLLqEvByqWLqmg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aII5vXauzp8g3pQU5xfG7m2b54yonThPUNAooafNl0YgdwFDOqp23Yqp8NDfem22uypWPDbf0rrf0BbJyR9xq1PD31aL1sqJWeMMgh6Y/u1W/jG5IV6DTJrjMn+DQ0dkc7laJUJ2ZqG9+eLvkRJh+PkKnfdZL94v23VJoUz8iLCnZU9IbIDtjjvDToAXCefhC9y1OGhOvrJub4h169JbZkmnigdabq1jytpKdL5l0mix25Q4kOl30YZgXx18w5Vm2UaVz0tRM8YUPeBMEvhEieUCHjhmMvCXoY1KKpqhqwEnoKlbLzqXaekE13rL5owbthfjPl03takFWKKFNez1sA==
  • Msip_labels: 
Howdy,

Our campus vulnerability scanners indicate that the latest docker image for 
THREDDS is vulnerable to the Spring4Shell exploit.

https://tenable.com/plugins/nessus/159542

The listed solution is: Upgrade to Spring Framework version 5.2.20 or 5.3.18 or 
later.

Is there an ETA on this update for THREDDS?

Thanks,

Chris Mouchyn | Linux Infrastructure
Technology Services – Arts & Sciences
Texas A&M University
1355 TAMU | College Station, TX 77843-1355
mouchyn@xxxxxxxx
- - - - - - - - - - - - - - - - - - - - - - - -
it.tamu.edu/artscience
  • 2023 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: