[Halld-offline] Vulnerability on halldweb
Alexander Austregesilo
aaustreg at jlab.org
Tue Aug 20 15:18:15 EDT 2024
Dear Colleagues,
A vulnerability was found in httpd on our externally facing web server
halldweb, which is still running end-of-life RHEL7. This issue will be
fixed for RHEL9. Until the server can be rebuilt and properly tested,
halldweb will be moved behind an external proxy.
The external DNS will resolve the proxy and the connections should be
proxied to the current server. This alleviates, for the time being,
external access to the vulnerability. The expectation is that this would
not affect the user access from offsite at all, but making any change
can potentially cause issues.
The change is scheduled for 3:30pm today. Please let me know if you
experience any issues. Apparently, we can easily revert this change.
Best regards,
Alex
--
Alexander Austregesilo
Staff Scientist - Experimental Nuclear Physics
Thomas Jefferson National Accelerator Facility
Newport News, VA
aaustreg at jlab.org
(757) 269-6982
More information about the Halld-offline
mailing list