Page History
...
Major bug fixes include:
- Google Scholar fix:
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Discovered by Pascal-Nicolas Becker of Technische Universität Berlin
- Discovered by Pascal-Nicolas Becker of Technische Universität Berlin
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- Discovery / Solr fixes:
- Solr logging was broken. It did not properly log to the "
[dspace]/log/solr.log" files (DS-2790)
- Solr logging was broken. It did not properly log to the "
...
Overview
Content Tools