A severe remote vulnerability in openBIS, coming from a Java third-party library, has been discovered. We strongly recommend that you patch your openBIS instance as soon as possible with the quick fix described below to prevent unauthorized access to your data via the openBIS HTTP server. All openBIS production releases before 13.04.14 are affected. All sprint releases before S218 are affected.
1) Replace the previous version of commons-collections*.jar located:
2) Replace the previous version of commons-fileupload*.jar located:
3) Restart both AS and DSS servers.
For standard openBIS installation, where the application has been deployed following our wiki guide, we are providing this shell script that patches the application for you.