NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hello THREDDS users, As some of you may already be aware, an RCE vulnerability was recently reported for the Spring Framework library (cve-2022-22965 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965>). You can read Spring's statement here <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>. A Spring Framework patch release was made available this morning. We've published a new snapshot of the TDS 5 that uses the patched version (5.3.18), and it is now available on the Unidata downloads page <https://downloads.unidata.ucar.edu/tds/>. *All previous releases of TDS 5.x are vulnerable to this exploit. *We strongly encourage 5.x users to upgrade to the latest snapshot. To our knowledge, no releases of TDS 4.6.x are vulnerable due to its older JDK dependency (JDK 8). *Updates on upcoming releases:* We will be publishing an official release of TDS 5.4 shortly, and apologize that it has taken longer than expected to do so. The 5.4 release will contain a large number of bug fixes, particularly to the NetcdfSubsetService and S3 support. best, The THREDDS development team -- Hailey Johnson (she/her) Software Engineer | THREDDS Developer Unidata | UCAR Community Programs (UCP)
thredds archives: