[IPT] Security update

Daniel Amariles daniel.amariles88 at gmail.com
Wed Sep 25 18:58:18 CEST 2013

Dear Kyle

Thank you so much for notifying.

All our IPTs instances were successfully updated.


All the best

Daniel Amariles

2013/9/23 Kyle Braak [GBIF] <kbraak at gbif.org>

> Dear IPT users,
> This is an important message.
> IPT administrators should update their IPTs to the new version which has a
> security update and was released yesterday:
> https://code.google.com/p/gbif-providertoolkit/
> The security update fixes critical vulnerabilities that have been
> discovered in the Apache Struts web framework, which the IPT uses.
> According to this article<http://www.computerworld.com/s/article/9241639/Hackers_target_servers_running_Apache_Struts_apps?source=CTWNLE_nlt_security_2013-08-15>,
> these Struts vulnerabilities allow hackers to break into a server. It goes
> on to say that hackers are actively exploiting these vulnerabilities.
> Simple instructions on how to update your IPT are below. If you don't have
> time to update your IPT immediately, I would advise you to take it offline
> until you can.
> You can refer to this article<https://www.mandiant.com/blog/responding-attacks-apache-struts2/>, which
> describes how to determine if you have been attacked.
> Please email the IPT list directly for more help upgrading your
> installation.
> Sincerely,
> Kyle, on behalf of the IPT development team and the GBIF Secretariat
> Instructions how to update IPT in Tomcat:
>    1. Please download:
>    https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-1.war
>    2. Backup IPT data directory somewhere safe
>    3. Remove ipt.war from $tomcat/webapps/ (some seconds later, the
>    deployed /ipt folder should automatically delete)
>    4. Once ipt.war and /ipt have been removed from /webapps - stop Tomcat
>    5. Add new version to /webapps renaming it from
>    ipt-2.0.5-security-update-1.war to ipt.war
>    6. Start Tomcat
>    7. In a browser open the application (if it doesn't appear at first,
>    try restarting Tomcat once more).
>    8. When prompted for IPT data directory, enter same location as
>    existing IPT data directory
>    9. Press continue, hopefully installation succeeds.
> _______________________________________________
> IPT mailing list
> IPT at lists.gbif.org
> http://lists.gbif.org/mailman/listinfo/ipt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gbif.org/pipermail/ipt/attachments/20130925/c09cb65f/attachment.html 

More information about the IPT mailing list