Thursday, February 13, 2014

Security Flaw with Apache Archiva 1.3.6

The current stable release of Apache Archiva (1.3.6) has a serious, known security flaw: http://cxsecurity.com/issue/WLB-2014010087. I've reported this to Apache security and to the Archiva mailing lists.  If you are running Archiva as a privileged user, this would allow the remote attacker to gain access to your entire machine.

This is apparently a downstream security flaw resulting from the use of an older version of Struts: http://struts.apache.org/release/2.3.x/docs/s2-016.html

Friday, January 17, 2014

Accessing XSEDE Resources with GSI-SSH

This is from the "right in front of our noses" department. XSEDE has excellent (and pithy) instructions for installing MyProxy and GSI-SSH clients at the bottom of
https://www.xsede.org/accessing-resources ("Command Line GSI-SSH Tools").

We found these to be the most useful of several different documentation
sources while setting up a VM on the XSEDE gateway hosting system ((https://portal.xsede.org/knowledge-base/-/kb/document/ayfa).