[las_users] LAS v8.6.7

To: las_users@xxxxxxxx

Subject: [las_users] LAS v8.6.7

From: Roland Schweitzer - NOAA Affiliate <roland.schweitzer@xxxxxxxx>

Date: Fri, 24 Aug 2018 16:21:37 -0500

Arc-authentication-results: i=2; mx.google.com; dkim=pass header.i=@noaa.gov header.s=google header.b=nmcIGnsF; spf=pass (google.com: domain of roland.schweitzer@xxxxxxxx designates 209.85.220.41 as permitted sender) smtp.mailfrom=roland.schweitzer@xxxxxxxx; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=noaa.gov

Arc-authentication-results: i=1; mx.google.com; dkim=pass header.i=@noaa.gov header.s=google header.b=nmcIGnsF; spf=pass (google.com: domain of roland.schweitzer@xxxxxxxx designates 209.85.220.41 as permitted sender) smtp.mailfrom=roland.schweitzer@xxxxxxxx; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=noaa.gov

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-archive:list-help:list-post:list-id:mailing-list:precedence:to :subject:message-id:date:from:mime-version :arc-authentication-results:arc-message-signature:dkim-signature :arc-authentication-results; bh=up78vfXZCNH0B1qtmH14M4typmc+QUYOKGrJ4vvSlrk=; b=r8//4Fvi9C9L9zmQwivxeeBNZC/eiMd7ZTwDgigyJczO+KMAN8wNUu3bIUfdfouJp3 RRn0/PHp1KtBhKrW6p/9UUCYLagO7IkStBX15uZBBADqwCdbAYyBw4fg/Ox1VuSpW97y P5ETK+S5BF4bt7b345gYBH4Rv7RuhTTiY1Pk4H1ARuAlgsRXOkGnsj/6q8cgpK4x+EE0 5NYDkcLUqvYgiqooukR8yXY6G8fOxMu36A//Do+Asj950If674RYWfWY1ElVwz9r0dE4 fjzqlVx8zfawt286GQbj8C5vAT7c9eUFPK7jRL0GzWQUkIkwuBmhA8OXbt1fCJ1xaJOK wOqg==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:subject:message-id:date:from:mime-version:dkim-signature :arc-authentication-results; bh=up78vfXZCNH0B1qtmH14M4typmc+QUYOKGrJ4vvSlrk=; b=NciKiJtz7QT9UlFijYfQ8oW8Kf3Br4cPwpt9/x6S1aKAxePhGTvH1wGtILxnix9ee3 KYxMEjBDJ/zxEzqCf3Cjcc35IqrEJAQJomCZNDQUkXkILBm6eHRL17s/2nr7O3/Pw5GJ Gyd8jfr+6xiBkVzHKSP6CG2MQtblJiz26VeV+on2mggv2rgFThdF63mDGkLMtCzkxcmn Y2rUJaQOrL5g0UjbvBtjJ8xcmgrdTsJOROr+Ty/Z10x/JiYj4T0m96MMZZGngZu4XdKN 92XPRCHAqY1s/ineWCrCqoSAwn5rr0llLM3AhfSpxaWuwb8puekcBed6xiGOFaZGAwMM V9Dw==

Arc-seal: i=2; a=rsa-sha256; t=1535145709; cv=pass; d=google.com; s=arc-20160816; b=EkyAxzGtaUjdTkcm8jQpbnrhqPYsf5gJSxlje+z9qJj9WRMjSLVv6Ts3lp2vFDvyPq ZUze7Qdke0oUMPrMPnbWvuFFEQ/ugy1jIVOwl2p+naj3IU3Kv06lZIpyNnU8pDG/SGxk yUAUpfRj80c7NtR0wXrJ9m2+UaEPRbK8ZaMmtWYgRc3OhO8t5tqtt3FWHHeiSfYlLsSb 4dOHWbzr0Zl57Sr1B08x1IUB0dy18FkXQzsKbgxKWBjTW+8RnjyhxvmMMNWMlMm/YR92 bDDBbQBnPjivrxoaFbnRhDEvpopY9nePewC7A68lUFwR74C/JI568WaQ1fjR8lzOEUYM ofhQ==

Arc-seal: i=1; a=rsa-sha256; t=1535145709; cv=none; d=google.com; s=arc-20160816; b=PRTBv3bVCvOYXpCMLxkR5msZU/2Pia1khEYBJFoWDHKCiFu6LWUxErPH7Md86HBtHM M7gc+ToiSJhdW7ubmW3dcxJRS5FUqdtE7fTzJui/NxeXSp3FId2CMlnJnLdwW7bOFjxe jkBE0H1GtXXhMT3rKCgTbEoOFeWIbPG/HnFWAj11Evz3fOmEW48QveQE6yAoHn4gAvGe YOwxt82oHBJ+fjHUUqP6WcLzZxACThTGBjeUESvhl1q4AOL3621IKQNX7XWeoV6lbnYB VEv2ED6ndAptQqXfAczXguko7dPclsGOBR2yQEcOzJdKEjZ3GfCB9KrLjQccHHesC8Km 8a+g==

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noaa.gov; s=google; h=mime-version:from:date:message-id:subject:to:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive; bh=up78vfXZCNH0B1qtmH14M4typmc+QUYOKGrJ4vvSlrk=; b=bj1GzocUOwuVINp0bg6a7NzsZ3Q0WRJa4FRmELT/n1f6PsBAy4Cy6RFvMg8lnjWb+z IpkgVh2O9zJLTZNCrniDmPcnVGwZZ9S5Euspd9SEofFjUNMdDhv5WfN9PJXLIl/P5yyb oK1ltphaGjKuLBYw+762Nrz98w9c1WXjJCNxhoz3oDDmXuhEse4u9Z1yRsNsYgGw2Sv0 lYSzqgoe/17y7akbC0zOnUM43d+tT7okpqEMmF8D9Uhp1MWV4JC9H7YMkzUE8yhdJbpH VcWE2ilbrroDm8N7P0QMXlM4KuOfK8kZNlDIuVV0CfoDRbY1Y68ogjHrLO/p5amQolmt Op7w==

List-archive: <https://groups.google.com/a/noaa.gov/group/las_users/>

List-help: <https://support.google.com/a/noaa.gov/bin/topic.py?topic=25838>, <mailto:las_users+help@noaa.gov>

List-id: <las_users.noaa.gov>

List-post: <https://groups.google.com/a/noaa.gov/group/las_users/post>, <mailto:las_users@noaa.gov>

Mailing-list: list las_users@xxxxxxxx; contact las_users+owners@xxxxxxxx

Sender: owner-las_users@xxxxxxxx

Hi,

There is a new release on GitHub which addresses a potential vulnerability with the Struts 2 library. I don't believe LAS is susceptible to this vulnerability, but being at the latest version of the underlying framework is always a good idea. And it's possible that we don't fully understand the scope of the problem as it relates to LAS.

If you have a public facing LAS you should upgrade either by downloading the new release and following the upgrade instructions.

Or if your LAS Struts library is at struts2-core-2.5.13.jar you can replace it with a copy of struts2-core-2.5.17.jar from the release above or from apache.org.

Once replace it, you can deploy it with these commands from your $LAS_HOME directory

./stopserver.sh # or what every scripts you use to stop and start you server.

ant clean

ant deploy

./startserver.sh # or what every scripts you use to stop and start you server.

Roland

The policy of the DOC and NOAA requires me to inform you that the opinions in this email are mine and do not necessarily represent the opinion or policy of the Department of Commerce or the National Oceanic and Atmospheric Administration.