NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hello THREDDS users, A second log4j CVE <https://nvd.nist.gov/vuln/detail/CVE-2021-45046> was reported yesterday stating that the last patch did not fully address the exploit. There is now a new patch, 2.16.0. We have published snapshot releases of the TDS (TDS 4.6.19-20211215.210521-2 and TDS 5.3-SNAPSHOT) which use the latest log4j release. The snapshots are now listed on the TDS downloads page <https://www.unidata.ucar.edu/downloads/tds/>.This is a stop-gap solution to immediately address the security issue, and we will put out official releases next week. Importantly, there is *no difference* between a snapshot and a full release other than the process of naming and archiving the version. The snapshots available are complete and stable. An official release is a lengthy process, a snapshot can be made quickly to address a situation such as this. We appreciate your patience on this and will update you when official releases are available (though they will not be different from the currently available snapshot releases). best, THREDDS development team -- Hailey Johnson (she/her) Software Engineer | THREDDS Developer Unidata | UCAR Community Programs (UCP)
thredds archives: