Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

Version 6.3

Support for DSpace 6 will be ending on July 1, 2023.  See Support for DSpace 5 and 6 is ending in 2023

DSpace 6.3 was officially released to the public on June 27, 2018.

DSpace 6.3 can be downloaded immediately from:

More information on the 6.3 release (and the 6.x platform in general) can be found in the 6.x Release Notes.

Upgrade instructions can be found at Upgrading DSpace

We highly recommend ALL JSPUI users of DSpace 6.x upgrade to 6.3

DSpace 6.3 contains security fixes for the JSPUI (only). To ensure your 6.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 6.x users upgrade to DSpace 6.3

DSpace 6.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well.

DSpace 6.3 upgrade instructions are available at: Upgrading DSpace


DSpace 6.3 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.3 should constitute an easy upgrade from DSpace 6.x for most users. No database changes should be necessary when upgrading from DSpace 6.x to 6.3. One configuration addition (orcid.api.url property) has been made to the default dspace.cfg to support the new ORCID API v2, for ORCID Authority Control users.

JSPUI security fixes include

  • [HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. ( - requires a JIRA account to access.) 

    • Reported by Julio Brafman

  • [MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. ( - requires a JIRA account to access.) 

    • Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)

Major bug fixes include

  • Update DSpace ORCID Integration to use ORCID API v2 (instead of now obsolete ORCID v1): DS-3447
  • Update DSpace Statistics to use GeoIP API v2 (instead of now discontinued GeoIP API v1): DS-3832
  • Database specific fixes
    • Oracle database migration fix. Configurable Workflow migration threw errors: DS-3788
    • PostgreSQL JDBC driver upgraded to latest version (to allow for full compatibility with PostgreSQL v10): DS-3854
    • Fix issue where DSpace wasn't starting if it used a database connection pool supplied through JNDI: DS-3434
  • Bitstream deletion issues ("dspace cleanup" command)
    • Fixed issues where Bitstreams were not being flagged for deletion when an Item was deleted: DS-3729
    • Fixed issues where Bitstreams were not being removed from assetstore even when flagged as deleted: DS-3627 and DS-3461
      • Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically occurred when Item Level Versioning was NOT enabled (which is the default setting) or when Item Level Versioning was first enabled on DSpace version 6.0, 6.1 or 6.2
    • Fixed issues where Bitstreams were removed from all versions of an Item (resulting in inaccurate versioning) when deleted from the latest version of an Item: DS-3627
      • Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically ONLY occurred when Item Level Versioning was first enabled on DSpace version 4.x or 5.x (and that old versioning data had since been migrated to 6.x).
  • Other API-level fixes (affecting all UIs)
    • Fixed issues where Item Level Versioning accidentally duplicated both metadata (DS-3703) and bitstreams (DS-3702)
    • Fixed issue where Shibboleth authentication plugin appeared to login when no password provided: DS-3662
    • Fixed issues with Solr Search Query escaping in both UIs: DS-3507
    • Update last modified timestamp (on Item) when a new bitstream is added: DS-3734
    • Ensure ImageMagick thumbnails respect the orientation of original file: DS-3839
    • Fix MediaFilter "too many open files" issues (where it forgot to close an input stream): DS-3700
    • Fix PubMed Import submission step (StartSubmissionLookupStep) to use updated URL of PubMed API:  DS-3933
    • Cleanup EHCache configuration: DS-3694 and DS-3710
  • JSPUI fixes
    • Fixed issues with authority control popup: DS-3404
    • Fixed issues with pausing HTML5 uploads: DS-3865
  • XMLUI fixes
    • Fixed Mirage v2 build issues caused by Bower Registry URL change: DS-3936
    • Fixed performance issues for Items with 100+ bitstreams: DS-3883
    • Fixed occasional Hibernate LazyInitializationException when completing submissions: DS-3775
    • Fixed Unicode character issues in metadata: DS-3733
    • Fix issue where search results lose Community/Collection context when sorting: DS-3835
    • Fixed bitstream download issues which could leave AWS connections open when using S3 storage backendDS-3870
    • Update Mirage to use recommended MathJax inline delimiters (DS-3087) and to use new CDN location (DS-3560)
  • OAI-PMH Fixes
    • Ensure OAI-PMH updates harvestable items when an item is made private (DS-3707) or an embargo expires (DS-3715)
    • Fixed Unicode character issues in metadata: DS-3733 and DS-3556
    • Fix content type of OAI-PMH response: DS-3889
    • Enhanced "oai import" command to report on items that cause indexing issues: DS-3852
  • REST API fixes and minor improvements
    • Fixed issue where REST API was no longer able to return JSON responses: DS-3903
    • Fixed update bitstream data returning 500 response: DS-3511
    • Improvements to REST Based Quality Control Reports:
      • Enable login via Shibboleth: DS-3811
      • Add bitstream field data to item listing: DS-3704
      • Fix bug filtering for bitstream permissions: DS-3713
      • Improve ability to find withdrawn items: DS-3714

For more information, see the Changes section below.

Upgrade Instructions

No new features in DSpace 6.3

6.3 is a bug-fix only release. This means it includes no new features and only includes the below listed fixes.

For a list of all new 6.x Features, please visit the 6.x Release Notes.


The following bug fixes were released in 6.3.


key summary type created updated due assignee reporter priority status resolution

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Organizational Details

Release Coordination

  • No labels