[IPT] Security update
daniel.amariles88 at gmail.com
Wed Sep 25 18:58:18 CEST 2013
Thank you so much for notifying.
All our IPTs instances were successfully updated.
All the best
2013/9/23 Kyle Braak [GBIF] <kbraak at gbif.org>
> Dear IPT users,
> This is an important message.
> IPT administrators should update their IPTs to the new version which has a
> security update and was released yesterday:
> The security update fixes critical vulnerabilities that have been
> discovered in the Apache Struts web framework, which the IPT uses.
> According to this article<http://www.computerworld.com/s/article/9241639/Hackers_target_servers_running_Apache_Struts_apps?source=CTWNLE_nlt_security_2013-08-15>,
> these Struts vulnerabilities allow hackers to break into a server. It goes
> on to say that hackers are actively exploiting these vulnerabilities.
> Simple instructions on how to update your IPT are below. If you don't have
> time to update your IPT immediately, I would advise you to take it offline
> until you can.
> You can refer to this article<https://www.mandiant.com/blog/responding-attacks-apache-struts2/>, which
> describes how to determine if you have been attacked.
> Please email the IPT list directly for more help upgrading your
> Kyle, on behalf of the IPT development team and the GBIF Secretariat
> Instructions how to update IPT in Tomcat:
> 1. Please download:
> 2. Backup IPT data directory somewhere safe
> 3. Remove ipt.war from $tomcat/webapps/ (some seconds later, the
> deployed /ipt folder should automatically delete)
> 4. Once ipt.war and /ipt have been removed from /webapps - stop Tomcat
> 5. Add new version to /webapps renaming it from
> ipt-2.0.5-security-update-1.war to ipt.war
> 6. Start Tomcat
> 7. In a browser open the application (if it doesn't appear at first,
> try restarting Tomcat once more).
> 8. When prompted for IPT data directory, enter same location as
> existing IPT data directory
> 9. Press continue, hopefully installation succeeds.
> IPT mailing list
> IPT at lists.gbif.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IPT