[thredds] New Tomcat CVEs

To: THREDDS community <thredds@xxxxxxxxxxxxxxxx>
Subject: [thredds] New Tomcat CVEs
From: Jennifer Oxelson Ganter <oxelson@xxxxxxxx>
Date: Mon, 18 Nov 2024 12:26:43 -0700

There are 3 new CVEs out for Tomcat. While they may not necessarily affect
the TDS, please consider upgrading, especially if you use the TDS Remove
Management Tool
<https://docs.unidata.ucar.edu/tds/current/userguide/remote_management_ref.html>
or the TDSmonitor Tool
<https://docs.unidata.ucar.edu/tds/current/userguide/using_the_tdsmonitor_tool.html>,
or are running other web applications.


   - CVE-2024-52318 <https://nvd.nist.gov/vuln/detail/CVE-2024-52318>
   (Severity: Important)
   - CVE-2024-52317 <https://nvd.nist.gov/vuln/detail/CVE-2024-52317>
   (Severity: Important)
   - CVE-2024-52316 <https://nvd.nist.gov/vuln/detail/CVE-2024-52316>
   (Severity: Low)



-- 
------------------------------------------------------------------------------------
Jennifer Oxelson Ganter                                       NSF Unidata
Software Engineer IV                                          P.O. Box 3000
oxelson@xxxxxxxx                                       Boulder, CO 80307
------------------------------------------------------------------------------------