NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.

To learn about what's going on, see About the Archive Site.

[thredds] Spring4Shell in THREDDS

  • To: "thredds@xxxxxxxxxxxxxxxx" <thredds@xxxxxxxxxxxxxxxx>
  • Subject: [thredds] Spring4Shell in THREDDS
  • From: "Mouchyn, Chris" <mouchyn@xxxxxxxx>
  • Date: Tue, 28 Mar 2023 22:08:13 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tamu.edu; dmarc=pass action=none header.from=tamu.edu; dkim=pass header.d=tamu.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FxZ/iPNhRWqkjEHdiWQlrXb2lPaHjkuIoERXGa+4tLA=; b=RnlMS6zzR0LdnilS3yRjvp+2op0JauPvn2Tb9fZgXt3nv20UKG+wO4GW5EsR8k5Zs3BCoyFfDWiwezrOM7bKTR0ZZaJ3uUbmkR3CieGw1nXF/X35uyiMsOcnKXGFsKnYoqHgfDP9tSbtM50ph1LSpba1k90oKjvuRkBG1k5hXOCiRmBjMha6+oiXhY39gVL7Sw05IthJ2E/MZpjanhPHNBuq2vZ9x3Gcw2K0iZSd55dVaIel6Gc/e3oMZ8z2wB7Ukal92Y/uYCnRhJVxPyNR0t9FRC4BWSeABGqt1Yx8LYbKDCIIhH3F/cPiSkO4IJaRF6hDHiIfeLLqEvByqWLqmg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aII5vXauzp8g3pQU5xfG7m2b54yonThPUNAooafNl0YgdwFDOqp23Yqp8NDfem22uypWPDbf0rrf0BbJyR9xq1PD31aL1sqJWeMMgh6Y/u1W/jG5IV6DTJrjMn+DQ0dkc7laJUJ2ZqG9+eLvkRJh+PkKnfdZL94v23VJoUz8iLCnZU9IbIDtjjvDToAXCefhC9y1OGhOvrJub4h169JbZkmnigdabq1jytpKdL5l0mix25Q4kOl30YZgXx18w5Vm2UaVz0tRM8YUPeBMEvhEieUCHjhmMvCXoY1KKpqhqwEnoKlbLzqXaekE13rL5owbthfjPl03takFWKKFNez1sA==
  • Msip_labels: 
Howdy,

Our campus vulnerability scanners indicate that the latest docker image for 
THREDDS is vulnerable to the Spring4Shell exploit.

https://tenable.com/plugins/nessus/159542

The listed solution is: Upgrade to Spring Framework version 5.2.20 or 5.3.18 or 
later.

Is there an ETA on this update for THREDDS?

Thanks,

Chris Mouchyn | Linux Infrastructure
Technology Services – Arts & Sciences
Texas A&M University
1355 TAMU | College Station, TX 77843-1355
mouchyn@xxxxxxxx
- - - - - - - - - - - - - - - - - - - - - - - -
it.tamu.edu/artscience
  • 2023 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: