Best Practice

Running the most current versions of software keeps your environment protected against known security vulnerabilities. This includes the JDK, Tomcat, the TDS and any other third-party libraries or software you run.

Stay Informed! Subscribe to announcement lists for Tomcat, the TDS and any other software you deploy, to stay abreast of new versions released due to security issues.

As soon as a security issue is disclosed, potential attackers will begin trying to exploit that vulnerability. It is important you upgrade your software before an attacker uses the vulnerability against you.

Resources

  • Tomcat security reports A complete list of known and documented security vulnerabilities associated with each Tomcat release.

  • Tomcat mailing lists Various tomcat-related mailing lists, including Tomcat-announce which is a low volume list for release announcements and security vulnerabilities.

  • Java SE Security Oracle’s Java security page which includes a chronology of Java security issues and user forums.

  • thredds mailing list The THREDDS mailing list where announcements of new releases will be made.

  • Buqtraq vunerability database SecurityFocus’ database of all known vulnerabilities for all different types of software from different vendors.