Page History
...
DSpace 5.4 is a bug fix release to resolve several issues located in DSpace 5.0, 5.1, 5.2 or 5.3. As it only provides only bug fixes, DSpace 5.4 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.4.
Major bug fixes include:
- JSPUI security fixes:
- [LOW SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser). (DS-2736 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to embed dangerous Javascript code into links to search results. If a user was emailed such a link and clicked it, the javascript would be run in their local browser. This vulnerability has existed since DSpace 3.x
- [LOW SEVERITY] Expression language injection (EL Injection) is possible in JSPUI search interface. (DS-2737 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to obtain information from the site/server using JSP syntax. This vulnerability has existed since DSpace 3.x
- Google Scholar fix:
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- Discovery / Solr fixes:
- Resolved a significant memory leak when searching/browsing (gradual leak) (DS-2869)
- Resolved a significant memory spike when reindexing (only triggered when running "index-discovery" with no arguments) (DS-2832)
- Solr logging was broken. It did not properly log to the "
[dspace]/log/solr.log
" files (DS-2790)) - Fixes to allow fielded or boolean searches to work once again (DS-2699, DS-2803)
- OAI-PMH fixes:Several fixes in the xoai library (changes in xoai
- Upgraded the XOAI library to
- REST API fixes
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 5.4, please see Upgrading DSpace
- When upgrading from any 5.x version, if you're reusing your 5.x configuration, make sure to change all instances of Filter attribute "red" to "ref" (e.g. <Filter red="exampleFilter" /> to <Filter ref="exampleFilter" />) in [dspace]/config/crosswalks/oai/oai.xml. "red" was a temporary workaround for a bug (xoai issue #32), which has now been fixed in DSpace 5.4.
...
Overview
Content Tools