The following policy describes the support agreement that the DSpace Committers Group aspires to in supporting DSpace open source software. This is not a binding contract (either with individual members of the Committers Group or our respective institutions). This agreement may change at any time with a formal vote of the active Committers.
This software support policy was adopted (via majority vote) by the DSpace Committers Group in July 2013.
Support for Security Updates:
- Version(s) Supported
- The DSpace Committers provide security updates/support for the most recent three (3) major releases of the platform. (For example, as of October 2019, DSpace 6.x, 5.x and 4.x are all still supported for security updates.)
- Depending on the severity of a particular security issue, the DSpace Committers may make an effort to provide a security patch or recommendation for prior versions. This is decided on a case by case basis.
- Reporting Security Issues
- If you have located a possible security issue within DSpace, we ask that you report it to firstname.lastname@example.org (this emails all the DSpace Committers). We strive to provide a 7-day (or less) turnaround in investigating the reported issue, and will work towards resolution as soon as possible. Once a fix has been created and any necessary security releases are performed, we will then report the security issue and resolution to the general public. You will be publicly credited with discovering/reporting the security issue.
- We strongly encourage you to report security issues in private, before disclosing them in a public forum. We take DSpace security issues very seriously and will work quickly to eliminate them once reported.
Support for Bug Fixes:
- Version(s) Supported
- The DSpace Committers only regularly provide bug fixes to the most recent of the platform.
- Depending on the severity of a particular bug, DSpace Committers may backport it to prior versions of the software platform. This is decided on a case by case basis.
- Reporting Bugs / Issues
- If you have located a possible bug/issue within DSpace, we ask that you report it directly to our DSpace Issue Tracker (JIRA). We strive to investigate bugs as soon as we can after they are reported. However, based on the severity of the bug, the timeline of an actual fix may depend on how rapidly we can locate a volunteer developer (either a Committer or a community developer).
- If you are unsure if something you have found is a DSpace bug/issue, you are also welcome to ask about it on our DSpace Technology Mailing List (dspace-tech Google Group).