Releases: NOAA-PMEL/LAS
LAS v8.6.10
This is a maintenance release to upgrade to Struts 2.5.25.
LAS v8.6.9
Edit 2: Added a tar file (v8.6.9.2) which re-compiles the client code to include a bug fix for inconsistencies with the Print buttons in the main window and the individual output windows. We are working toward a release with improved code for in-situ data sets, but coordinating with the PyFerret release will take time and this gets the print button fix out immediately.
Edit: Added a tar file there where the only change is to the configure.pl script to allow OpenJDK java. Everything else is the same.
I made the tar version v8.6.9.1 so you can tell if you have the version that allows OpenJDK.
This release is mostly a preventative maintenance release to insure that all of the jar files have version numbers associated with them. Many libraries were updated in the process.
This also fixes the problems with sending expressions which contained certain characters. For example, the conversion 9/5 * $ + 32 now works from the plot options menu.
LAS v8.6.8
The only significant change is in the file RequestFilter.java which is responsible for verifying the inputs to LAS. The change eliminates a potential XSS bug whereby JavaScript inserted into certain requests might run in the browser.
LAS v8.6.7
This release upgrades to the latest Struts 2 library (2.5.17) which addresses a potential vulnerability.
It includes some minor code changes and bug fixes.
If you don't want to upgrade your entire code base replace the file:
WebContent/WEB-INF/lib/struts2-core-2.5.13.jar with struts2-core-2.5.17.jar
and execute
ant clean
ant deploy
to install the changes.
This is 8.6.7 to keep in line with internal and specialized releases.
LAS v8.6.3
This release is functionally equivalent to the 8.6.x series. The difference here is an upgrade of Struts 2 and a few of the associated support libraries. This version uses Struts 2.5.13 which is the current GA release.
We do not believe that LAS suffers from the XML de-serialization issues that motivated the Struts 2.5.13 release, but we want to keep LAS in step with the Struts library.
LAS v8.6.1
This release is functionally the same as 8.6. It removes one library which conflicts with the latest versions of Tomcat. It removes the custom serialization policy which is unnecessary for most installations and it does not copy a logging library to the THREDDS webapp which can lead to conflicts when using the latest THREDDS Data Server release (4.6.8).
LAS v8.6
This release upgrades the Struts 2 jars to the latest and greatest. It also updates the Struts 2 dependencies and moves to log4j v2.
This is a security patch release and we recommend you move to this release ASAP.
LAS v8.5
This release further sanitizes the error message returned to include only text supplied by the server and removes any client input from the returned message to remove the potential for cross-site scripting attaches.