N.B. There is a serious vulnerabilty in this software (CVE-2025-62193).
There are no release packages available. You should not be intalling new instances of the application.
If you have other options for providing similar services to you users, I suggest you move to those tools and stop using LAS.
- Get the latest version of gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java from here. It has the necessary fix.
- Compile it as appropriate for your local environment.From LAS directory from your original install:
- Put the new source in place, JavaSource/gov/noaa/pmel/tmap/las/filter/RequestInputFilter.java:
- ant compile
- ant deploy (or just copy .class to $TOMCAT_HOME/webapps/las/WEB-INF/classes/gov/noaa/pmel/tmap/las/filter/.)
- restart your tomcat
This repository is a software product and is not official communication of the National Oceanic and Atmospheric Administration (NOAA), or the United States Department of Commerce (DOC). All NOAA GitHub project code is provided on an 'as is' basis and the user assumes responsibility for its use. Any claims against the DOC or DOC bureaus stemming from the use of this GitHub project will be governed by all applicable Federal law. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the DOC. The DOC seal and logo, or the seal and logo of a DOC bureau, shall not be used in any manner to imply endorsement of any commercial product or activity by the DOC or the United States Government.