<div dir="ltr">Dear Kyle<div><br></div><div>Thank you so much for notifying.</div><div><br></div><div>All our IPTs instances were successfully updated.</div><div><br></div><div><a href="http://ipt.sibcolombia.net/sib/">http://ipt.sibcolombia.net/sib/</a><br>
</div><div><a href="http://ipt.sibcolombia.net/valle/">http://ipt.sibcolombia.net/valle/</a><br></div><div><a href="http://ipt.sibcolombia.net/sinchi/">http://ipt.sibcolombia.net/sinchi/</a><br></div><div><a href="http://ipt.sibcolombia.net/iiap/">http://ipt.sibcolombia.net/iiap/</a><br>
</div><div><a href="http://ipt.sibcolombia.net/iavh/">http://ipt.sibcolombia.net/iavh/</a><br></div><div><a href="http://ipt.sibcolombia.net/resnatur/">http://ipt.sibcolombia.net/resnatur/</a><br></div><div><a href="http://ipt.sibcolombia.net/rnjb/">http://ipt.sibcolombia.net/rnjb/</a><br>
</div><div><a href="http://ipt.sibcolombia.net/rnoa/">http://ipt.sibcolombia.net/rnoa/</a><br></div><div><a href="http://ipt.sibcolombia.net/repatriados/">http://ipt.sibcolombia.net/repatriados/</a><br></div><div><br></div>
<div>All the best</div></div><div class="gmail_extra"><br clear="all"><div>Daniel Amariles<br><a href="http://flavors.me/Danipilze" target="_blank">http://flavors.me/Danipilze</a></div>
<br><br><div class="gmail_quote">2013/9/23 Kyle Braak [GBIF] <span dir="ltr"><<a href="mailto:kbraak@gbif.org" target="_blank">kbraak@gbif.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Dear IPT users,<br><br>This is an important message. <br><br>IPT administrators should update their IPTs to the new version which has a security update and was released yesterday: <a href="https://code.google.com/p/gbif-providertoolkit/" target="_blank">https://code.google.com/p/gbif-providertoolkit/</a><br>
<br>The security update fixes critical vulnerabilities that have been discovered in the Apache Struts web framework, which the IPT uses. <br><br>According to <a href="http://www.computerworld.com/s/article/9241639/Hackers_target_servers_running_Apache_Struts_apps?source=CTWNLE_nlt_security_2013-08-15" target="_blank">this article</a>, these Struts vulnerabilities allow hackers to break into a server. It goes on to say that hackers are actively exploiting these vulnerabilities.<br>
<br>Simple instructions on how to update your IPT are below. If you don't have time to update your IPT immediately, I would advise you to take it offline until you can.<br><br>You can refer to <a href="https://www.mandiant.com/blog/responding-attacks-apache-struts2/" target="_blank">this article</a>, which describes how to determine if you have been attacked.<div>
<br></div><div>Please email the IPT list directly for more help upgrading your installation.<br><br>Sincerely,<br><br>Kyle, on behalf of the IPT development team and the GBIF Secretariat<br><br>Instructions how to update IPT in Tomcat:<br>
<div><ol><li>Please download: <a href="https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-1.war" target="_blank">https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-1.war</a></li>
<li>Backup IPT data directory somewhere safe</li><li>Remove ipt.war from $tomcat/webapps/ (some seconds later, the deployed /ipt folder should automatically delete)</li><li>Once ipt.war and /ipt have been removed from /webapps - stop Tomcat</li>
<li>Add new version to /webapps renaming it from ipt-2.0.5-security-update-1.war to ipt.war</li><li>Start Tomcat</li><li>In a browser open the application (if it doesn't appear at first, try restarting Tomcat once more).</li>
<li>When prompted for IPT data directory, enter same location as existing IPT data directory </li><li>Press continue, hopefully installation succeeds.</li></ol></div></div><div><br></div></div><br>_______________________________________________<br>
IPT mailing list<br>
<a href="mailto:IPT@lists.gbif.org">IPT@lists.gbif.org</a><br>
<a href="http://lists.gbif.org/mailman/listinfo/ipt" target="_blank">http://lists.gbif.org/mailman/listinfo/ipt</a><br>
<br></blockquote></div><br></div>