Page History
...
Major bug fixes include:
- JSPUI security fixes:
- [LOW SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser). (DS-2736 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to embed dangerous Javascript code into links to search results. If a user was emailed such a link and clicked it, the javascript would be run in their local browser. This vulnerability has existed since DSpace 3.x
- Discovered by Genaro Contreras
- Discovered by Genaro Contreras
- [LOW SEVERITY] Expression language injection (EL Injection) is possible in JSPUI search interface. (DS-2737 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to obtain information from the site/server using JSP syntax. This vulnerability has existed since DSpace 3.x
- Discovered by Genaro Contreras
- Discovered by Genaro Contreras
- [LOW SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser). (DS-2736 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to embed dangerous Javascript code into links to search results. If a user was emailed such a link and clicked it, the javascript would be run in their local browser. This vulnerability has existed since DSpace 3.x
- Google Scholar fix:
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- Discovery / Solr fixes:
- Resolved a significant memory leak when searching/browsing (gradual leak) (DS-2869)
- Resolved a significant memory spike when reindexing (only triggered when running "index-discovery" with no arguments) (DS-2832)
- Solr logging was broken. It did not properly log to the "
[dspace]/log/solr.log
" files (DS-2790) - Fixes to allow fielded or boolean searches to work once again (DS-2699, DS-2803)
- OAI-PMH fixes:
- REST API fixes:
Deposit/Submission fixes:
Minor fixes to XMLUI Mirage2 theme
...
Overview
Content Tools