Dear Lars I find problem downloading from https://ci.dhis2.org/. The download was very slow and interrupted.
Is the links https://www.dhis2.org/download/releases/2.22/dhis.war has updated war files? Regards Hannan On Tue, Mar 14, 2017 at 12:10 AM, Lars Helge Øverland <l...@dhis2.org> wrote: > Hi all, > > a critical vulnerability has been detected in one of the software > libraries used by DHIS 2. This vulnerability allows an attacker to run > remote commands on the server as the user running Tomcat/DHIS 2. > > We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can > find new WAR file builds here: > > https://www.dhis2.org/downloads > > We strongly recommend all DHIS 2 server admins to *upgrade immediately* > to a patched version. > > Keep in mind that your server might already be compromised. As a result > one should look for suspicious activity on the server (bandwidth usage, tmp > folders, etc). If you run Tomcat as a user with sudo privileges (not > recommended) this means that your server might be fully compromised. To be > on the absolute safe side it might be necessary to do a full wipe and > re-install of your server environment. > > More info on the exploit: > > - https://arstechnica.com/security/2017/03/critical- > vulnerability-under-massive-attack-imperils-high-impact-sites/ > > - http://www.javaworld.com/article/3179215/security/ > hackers-exploit-apache-struts-vulnerability-to-compromise- > corporate-web-servers.html#tk.rss_all > > > We are sorry about this. The vulnerable library is the Struts2 web > framework, which we are in the process of writing out of the system. > > regards, > > Lars > > > > -- > Lars Helge Øverland > Lead developer, DHIS 2 > University of Oslo > Skype: larshelgeoverland > l...@dhis2.org > http://www.dhis2.org <https://www.dhis2.org/> > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-users > Post to : dhis2-us...@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-users > More help : https://help.launchpad.net/ListHelp > > -- Muhammad Abdul Hannan Khan DHIS2 Country coordinator & Secretary HISP Bangladesh T +880-2- 8816459, 8816412 ext 118 F +88 02 8813 875 M+88 01819 239 241 M+88 01534 312 066 E hann...@gmail.com S hannan.khan.dhaka B hannan-tech.blogspot.com L https://bd.linkedin.com/in/hannankhan
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
