Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Dear THREDDS users, An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either: *1. Disable DAP4 services* *2. or upgrade to the latest 5.6-SNAPSHOT version. *This can be downloaded here <https://downloads.unidata.ucar.edu/tds/>. Please note that this newest snapshot now requires JDK 17 <https://docs.unidata.ucar.edu/tds/5.6/userguide/install_java_tomcat.html>. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here <https://docs.unidata.ucar.edu/tds/5.6/userguide/running_tomcat.html#setting-java_home-java_opts-catalina_home-catalina_base-and-content_root> . Please let us know if you have any questions or concerns. Best, The THREDDS team -- Tara Drwenski (she/her) Software Engineer | THREDDS Developer NSF Unidata | UCAR/UCP
thredds
archives: