Yes please download from https://www.dhis2.org/downloads .
On Wed, Mar 15, 2017 at 11:58 AM, Hannan Khan <hann...@gmail.com> wrote: > Dear Lars > > I find problem downloading from https://ci.dhis2.org/. The download was > very slow and interrupted. > > Is the links https://www.dhis2.org/download/releases/2.22/dhis.war has > updated war files? > > Regards > > Hannan > > On Tue, Mar 14, 2017 at 12:10 AM, Lars Helge Øverland <l...@dhis2.org> > wrote: > >> Hi all, >> >> a critical vulnerability has been detected in one of the software >> libraries used by DHIS 2. This vulnerability allows an attacker to run >> remote commands on the server as the user running Tomcat/DHIS 2. >> >> We have patched all DHIS 2 versions from 2.21 to 2.26 / master. You can >> find new WAR file builds here: >> >> https://www.dhis2.org/downloads >> >> We strongly recommend all DHIS 2 server admins to *upgrade immediately* >> to a patched version. >> >> Keep in mind that your server might already be compromised. As a result >> one should look for suspicious activity on the server (bandwidth usage, tmp >> folders, etc). If you run Tomcat as a user with sudo privileges (not >> recommended) this means that your server might be fully compromised. To be >> on the absolute safe side it might be necessary to do a full wipe and >> re-install of your server environment. >> >> More info on the exploit: >> >> - https://arstechnica.com/security/2017/03/critical-vulnerab >> ility-under-massive-attack-imperils-high-impact-sites/ >> >> - http://www.javaworld.com/article/3179215/security/hackers- >> exploit-apache-struts-vulnerability-to-compromise-corporate- >> web-servers.html#tk.rss_all >> >> >> We are sorry about this. The vulnerable library is the Struts2 web >> framework, which we are in the process of writing out of the system. >> >> regards, >> >> Lars >> >> >> >> -- >> Lars Helge Øverland >> Lead developer, DHIS 2 >> University of Oslo >> Skype: larshelgeoverland >> l...@dhis2.org >> http://www.dhis2.org <https://www.dhis2.org/> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-users >> Post to : dhis2-users@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-users >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Muhammad Abdul Hannan Khan > DHIS2 Country coordinator & Secretary > HISP Bangladesh > > T +880-2- 8816459 <+880%202-8816459>, 8816412 ext 118 > F +88 02 8813 875 > M+88 01819 239 241 > M+88 01534 312 066 > E hann...@gmail.com > S hannan.khan.dhaka > B hannan-tech.blogspot.com > L https://bd.linkedin.com/in/hannankhan > > > -- Lars Helge Øverland Lead developer, DHIS 2 University of Oslo Skype: larshelgeoverland l...@dhis2.org http://www.dhis2.org <https://www.dhis2.org/>
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
