New snapshot deployed to resolve critical security vulnerability

19 views
Skip to first unread message

John Collins

unread,
Dec 13, 2021, 5:10:06 PM12/13/21
to Power TAC support
Today I deployed updated 1.9.0-SNAPSHOT packages for powertac-core and powertac-server. If your broker is using an older version, such as the 1.8.0 release, it is time to update your pom.xml. The powertac-parent dependency is near the top of the file; it should be updated to read

  <parent>
    <groupId>org.powertac</groupId>
    <artifactId>powertac-parent</artifactId>
    <version>1.9.0-SNAPSHOT</version>
    <relativePath />
  </parent>

Once you have updated your pom.xml, just rebuild your broker and let us know if you run into problems. The vulnerability has been news for a few days.

If you are running the server, you should be using the 1.9.0-SNAPSHOT version that's also fixed and deployed today. If you are using the latest server-distribution, you will get this version the next time you run it. If you are running a local build of the server, you will need to pull down the latest from github and do a re-build.

Thanks to Govert Buijs and Erik Kemperman for alerting me and working out the details on this. FWIW, the reason the weather server has been down for a couple days is that Govert was concerned about this vulnerability and wanted me to check whether it applied to the weather server. It did not and the weather server is back up and running.

As always, please let us know if you have questions or concerns.

John
Reply all
Reply to author
Forward
0 new messages