Dear IPT users,
This is an important message.
IPT administrators should update their IPTs to the new version which has a security update and was released yesterday: https://code.google.com/p/gbif-providertoolkit/
The security update fixes critical vulnerabilities that have been discovered in the Apache Struts web framework, which the IPT uses.
According to this article, these Struts vulnerabilities allow hackers to break into a server. It goes on to say that hackers are actively exploiting these vulnerabilities.
Simple instructions on how to update your IPT are below. If you don't have time to update your IPT immediately, I would advise you to take it offline until you can.
You can refer to this article, which describes how to determine if you have been attacked.
Please email the IPT list directly for more help upgrading your installation.
Sincerely,
Kyle, on behalf of the IPT development team and the GBIF Secretariat
Instructions how to update IPT in Tomcat: Please download: https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-... Backup IPT data directory somewhere safe Remove ipt.war from $tomcat/webapps/ (some seconds later, the deployed /ipt folder should automatically delete) Once ipt.war and /ipt have been removed from /webapps - stop Tomcat Add new version to /webapps renaming it from ipt-2.0.5-security-update-1.war to ipt.war Start Tomcat In a browser open the application (if it doesn't appear at first, try restarting Tomcat once more). When prompted for IPT data directory, enter same location as existing IPT data directory Press continue, hopefully installation succeeds.