XSS Vulnerability for TDS <= 5.5

An XSS vulnerability has been brought to our attention and fixed. This vulnerability only affects the DAP4 service for versions <= 5.5. We strongly recommend that you either:

  1. Disable DAP4 services
  2. or upgrade to the latest 5.6-SNAPSHOT version. This can be downloaded here. Please note that this newest snapshot now requires JDK 17. Additional JVM arguments are needed, which are in the CHRONICLE_CACHE variable here.

If you have any questions or concerns, please contact support-thredds@unidata.ucar.edu.

Best, The THREDDS development team.

Posted by: tdrwenski
Aug 13, 2024

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Article Category
TDS
Article type
News Blog