Hey all,
Please update your thredds-docker images to `unidata/thredds-docker:5.4`.
You can find the available tags here:
https://hub.docker.com/r/unidata/thredds-docker/tags
If you encounter any issues while doing so, please email
support-gateway@xxxxxxxxxxxxxxxx for docker specific assistance or
support-thredds@xxxxxxxxxxxxxxxx for more general THREDDS assistance.
Thank you,
Ana Espinoza (she/her)
*Software Engineer II -- Science Gateway*
*Unidata*
On Tue, Mar 28, 2023 at 4:13 PM Mouchyn, Chris via thredds <
thredds@xxxxxxxxxxxxxxxx> wrote:
> Howdy,
>
> Our campus vulnerability scanners indicate that the latest docker image
> for THREDDS is vulnerable to the Spring4Shell exploit.
>
> https://tenable.com/plugins/nessus/159542
>
> The listed solution is: Upgrade to Spring Framework version 5.2.20 or
> 5.3.18 or later.
>
> Is there an ETA on this update for THREDDS?
>
> Thanks,
>
> Chris Mouchyn | Linux Infrastructure
> Technology Services – Arts & Sciences
> Texas A&M University
> 1355 TAMU | College Station, TX 77843-1355
> mouchyn@xxxxxxxx
> - - - - - - - - - - - - - - - - - - - - - - - -
> it.tamu.edu/artscience
>
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web. Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe, visit:
> https://www.unidata.ucar.edu/mailing_lists/
>
