[Thread Prev][Thread Next][Index]

[las_users] Re: LAS struts security issue - need to upgrade to struts 2.5.25



Bryan,

I built a tar file with the new library. I've tested it a bit. You can also just replace the library and recompile.

Roland

https://github.com/NOAA-PMEL/LAS/releases/tag/v8.6.13


On Tue, Jan 12, 2021 at 10:46 PM Bryan Littlefield <bryan.littlefield@xxxxxxxxxx> wrote:

HI Roland,

NASA opened another security ticket on our LAS with regards to Struts, we have structs 2.5.25 but need to upgrade to struts 2.5.26

We have some custom content in webapps that would get wiped out by a “ant clean/deploy” operation, so we hesitate to rebuild.

If you can create a new version with the upgraded struts version, that might be best like you did for this release:

https://github.com/NOAA-PMEL/LAS/releases/tag/v8.6.10.

 

From Security: This needs to be resolved within 14 calendar days.

#19510: High Vulnerability: Apache Struts 2.x < 2.5.26 RCE (S2-061) (143599)

https://www.tenable.com/plugins/nessus/143599

 

Thanks again –Bryan

 

***************************************************************

Bryan Littlefield | Email : bryanl.littlefield@xxxxxxxxxx

Science Systems and Applications, Inc. | (626)508-9403

***************************************************************

 



--
The policy of the DOC and NOAA requires me to inform you that the opinions in this email are mine and do not necessarily represent the opinion or policy of the Department of Commerce or the National Oceanic and Atmospheric Administration.

[Thread Prev][Thread Next][Index]


Contact Us
Dept of Commerce / NOAA / OAR / PMEL / TMAP

Privacy Policy | Disclaimer | Accessibility Statement