NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi Mitchell, The TDS 5 uses Thymeleaf templates which control the look of the catalog pages. They can be modified to display the catalogs to exclude the server version information: - https://docs.unidata.ucar.edu/tds/5.0/userguide/customizing_tds_look_and_feel.html We implement a custom footer on our thredds-test.unidata.ucar.edu and thredds-dev.unidata.ucar.edu servers. Here is how we do it: - https://github.com/Unidata/TdsConfig/blob/753f1000dc77163afc1fc0c0e19336f9a1154224/threddsTest/templates/tdsTemplateFragments.html#L25 The file would live in ${tds.content.root.path}/thredds/templates/ and should use the name tdsTemplateFragments.html <h4><th:block th:text="${webappName} + ' [Version ' + ${webappVersion} + ' - ' + ${webappBuildTimestamp} + ']'"/><a class="static" href=" https://docs.unidata.ucar.edu/thredds/5.0.0-SNAPSHOT/userguide/index.html";> Documentation</a></h4> To be clear, the TDS 5.0.0-beta9 release currently does not have any known/open security vulnerabilities. That said, I completely understand why you would want to obfuscate or remove the version info from any third-party server or application you run. Therefore, we will be removing the server version info from public visibility in the next release of the TDS 5. :-) Please let us know if you have any questions! Cheers, Jennifer On Fri, Sep 3, 2021 at 8:53 AM Brown, Mitchell E ERDC-RDE-CHL-MS CIV via thredds <thredds@xxxxxxxxxxxxxxxx> wrote: > I have security vulnerabilities that I have to address for our TDS > instances that deal with server version information being displayed. This > occurs on EVERY page that comes up in the catalog at the very bottom and > looks something like this: > > THREDDS Data Server [Version 5.0.0-beta9 - 2021-09-01T02:47:21+0000] > Documentation > > Also, the Info page displays information, such as shown below. > > - Webapp Name: THREDDS Data Server > - Webapp Version: 5.0.0-beta9 > > I am temporarily addressing the vulnerability by commenting out a few > lines in the following files: > > - thredds##5.0.0-beta9/WEB-INF/templates/commonFragments.html > - > > thredds##5.0.0-beta9/WEB-INF/jsp/thredds/server/serverinfo/serverInfo_html.jsp > > > Is there a better way to do this? Each time I update the TDS version, I > have to manually modify these files again. This is occurring in TDS 5 > betas, but also was present in TDS 4.x as well. > > Thanks, > Mitchell Brown > > _______________________________________________ > NOTE: All exchanges posted to Unidata maintained email lists are > recorded in the Unidata inquiry tracking system and made publicly > available through the web. Users who post to any of the lists we > maintain are reminded to remove any personal information that they > do not want to be made public. > > > thredds mailing list > thredds@xxxxxxxxxxxxxxxx > For list information or to unsubscribe, visit: > https://www.unidata.ucar.edu/mailing_lists/ >
thredds archives: