[IPT] Security update

Kyle Braak [GBIF] kbraak at gbif.org
Thu May 1 16:13:52 CEST 2014

Dear IPT users,

This is an important message regarding the IPT. 

IPT administrators should update their IPTs to the new version (2.1.1) which has a security update and is available for download here. 

The security update fixes a couple vulnerabilities inherited from the Apache Struts web framework, which the IPT uses. Struts made this announcement describing their latest release and its patched security issues that the IPT has upgraded to.

For further information about the Struts vulnerabilities, as well as some helpful mitigation strategies for server administrators, you can refer to this article. 

Simple instructions on how to update your IPT are below. If you don't have time to update your IPT immediately, I would advise you to take it offline until you can.

Please email the IPT list directly for more help upgrading your installation.


Kyle, on behalf of the IPT development team and the GBIF Secretariat

Instructions how to update IPT in Tomcat:
Please download: http://repository.gbif.org/content/groups/gbif/org/gbif/ipt/2.1.1/ipt-2.1.1.war
Backup IPT data directory somewhere safe
Remove ipt.war from $tomcat/webapps/ (some seconds later, the deployed /ipt folder should automatically delete)
Once ipt.war and /ipt have been removed from /webapps - stop Tomcat
Add new version to /webapps renaming it from ipt-2.1.1.war to ipt.war
Start Tomcat
In a browser open the application (if it doesn't appear at first, try restarting Tomcat once more).
When prompted for IPT data directory, enter same location as existing IPT data directory 
Press continue, hopefully installation succeeds.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gbif.org/pipermail/ipt/attachments/20140501/f9b65080/attachment.html 

More information about the IPT mailing list