In response to vulnerabilities in the log4j library, the THREDDS development team has released new versions of the TDS 4.6.x and 5.x. TDS 4.6.19 and TDS 5.3 user log4j 2.17.0, and address CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105.
The Unidata THREDDS Development Team released an updated version of the THREDDS Data Server (TDS) (and bundled netCDF-Java/Common Data Model (CDM) library) on December 10th, 2021. This release addresses a severe third party library security vulnerability. TDS 4.6.x administrators are encouraged to upgrade to version 4.6.18.
The THREDDS Data Server (TDS) version 5.2 release was announced on December 10th, 2021. This is a minor release that addresses a severe third party library security vulnerability.
The Unidata Program Center is hiring! We are looking for a scientific software developer to join our team in creating and maintaining software and data services to support the geosciences.
Specifically, we are looking for a developer to join our open source efforts related to the suite of Thematic Real-time Environmental Distributed Data Services (THREDDS) projects. You'll work on projects like netCDF-Java, the THREDDS Data Server, and the Siphon data access library.
Users of the THREDDS Data Server (TDS) are strongly encouraged to update the configuration files on their servers as soon as possible, and before they next restart their servers. Changes in the UCAR/Unidata web infrastructure will cause Web Map Service (WMS) features provided by the TDS to behave incorrectly.
The Unidata THREDDS Development Team released an updated version of the THREDDS Data Server (TDS) (and bundled netCDF-Java/Common Data Model (CDM) library) on February 23rd, 2021. This release contains a variety of bug fixes, as well as updates to third-party libraries, including security updates. A summary of changes, download links, and links to Docker Images can be found on the 4.6.16.1 GitHub release page.
The Unidata THREDDS Development Team released updated versions of the THREDDS Data Server (TDS) and netCDF-Java/Common Data Model (CDM) library on June 17, 2020. In addition to feature enhancements, these releases contain a variety of updates to third-party libraries, including security updates. They also address a problem in previous versions that could lead to data returned by some NetcdfSubsetService (NCSS) requests being corrupted. While the circumstances under which the problem occurs are very specific (and rare), because the possibility of data corruption exists the development team strongly recommends these upgrades to anyone using netCDF-Java/CDM or TDS. TDS administrators who are not able to upgrade immediately should disable the NetcdfSubsetService until it is possible to do so.
The netCDF-Java ucar.nc2.util.DiskCache2 class method for generating unique file names is capable of producing identical names if called in quick succession. While the circumstances under which the problem occurs are very specific (and rare), because the possibility of data corruption exists the development team strongly recommends that anyone using netCDF-Java/CDM or TDS upgrade immediately.
In the spring of 2019, Northern Illinois University (NIU) applied for and received a Unidata Community Equipment Award grant for a project titled “Bringing back weather.niu.edu: A multifaced server at Northern Illinois University.” The NIU Meteorology department (now Geographic and Atmospheric Sciences) has been involved in the dissemination of meteorological data since the late 1990s, when Russell L. DeSouza Award winner Mr. Gilbert Sebenste set up the “NIU Weather” server at weather.niu.edu. The server relayed data to dozens of Universities via the LDM and had a popular “storm machine” website that provided some of the earliest model forecast soundings. After Mr. Sebenste's departure from NIU in 2017, the server was taken off-line.
