Thursday, February 13, 2014

Security Flaw with Apache Archiva 1.3.6

The current stable release of Apache Archiva (1.3.6) has a serious, known security flaw: I've reported this to Apache security and to the Archiva mailing lists.  If you are running Archiva as a privileged user, this would allow the remote attacker to gain access to your entire machine.

This is apparently a downstream security flaw resulting from the use of an older version of Struts:

Friday, January 17, 2014

Accessing XSEDE Resources with GSI-SSH

This is from the "right in front of our noses" department. XSEDE has excellent (and pithy) instructions for installing MyProxy and GSI-SSH clients at the bottom of ("Command Line GSI-SSH Tools").

We found these to be the most useful of several different documentation
sources while setting up a VM on the XSEDE gateway hosting system ((