We have released a new version of the IPT, version 2.5.4 [1]. This
version contains fixes to critical security issues with the Struts and
Log4J[2] libraries.
According to the press [3], the problem with the Log4J library
vulnerability is being exploited by malicious users — and I can already
see queries containing "jndi" in the web server logs for the IPTs GBIF
hosts at cloud.gbif.org, although they are random attempts and would not
succeed.
All users are highly encouraged to upgrade to this version as soon as
possible.
Update ipt, test ipt and biodata ipts.