Versions Compared

Old Version 36

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 37

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleOnline Version of Documentation also available

This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 5.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC5x

 
Welcome to Release 5.34, a bug-fix release for the DSpace 5.x platform. For information on upgrading to DSpace 5, please see Upgrading DSpace.  

 

5.4 Release Notes

 

DSpace 5.4 is a bug fix release to resolve several issues found in DSpace 5.x. As it only provides only bug fixes, DSpace 5.4 should constitute an easy upgrade from any other DSpace 5.x version for most users. Beginning with DSpace 5.x, we also provide an easier upgrade process from any prior version of DSpace (1.x.x, 3.x or 4.x).

Major bug fixes include:

  • JSPUI security fixes: 
    • [MEDIUM SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser). (DS-2736 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to embed dangerous Javascript code into links to search results. If a user was emailed such a link and clicked it, the javascript would be run in their local browser. This vulnerability has existed since DSpace 3.x 
      • Discovered by Genaro Contreras
    • [LOW SEVERITY] Expression language injection (EL Injection) is possible in JSPUI search interface. (DS-2737 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to obtain information from the site/server using JSP syntax. This vulnerability has existed since DSpace 3.x
      • Discovered by Genaro Contreras
  • Google Scholar fix:
    • Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
  • Search / Browse fixes (for Discovery/Solr):
    • Resolved a significant memory leak when searching/browsing (gradual leak) (DS-2869)
    • Resolved a significant memory spike when reindexing (only triggered when running "index-discovery" with no arguments) (DS-2832)
    • Fixes to allow fielded or boolean searches to work once again (DS-2699, DS-2803)
    • Solr logging was broken. It did not properly log to the "[dspace]/log/solr.log" files (DS-2790)
  • OAI-PMH fixes:
    • Upgraded the XOAI library to 3.2.10 to resolve several issues
    • OAI did not support harvesting by date (YYYY-MM-DD) without a time (DS-2524, DS-2542) 
    • OAI getRecord was wrongly including all virtual sets (DS-2573)
    • OAI was ignoring the "dspace.oai.url" setting in "oai.cfg" (DS-2744)
  • REST API fixes:
    • /handle not reflecting updates (DS-2692)

    • /collections/<id>/items ignores offset parameter (DS-2719)

    • login/logout thread safety (DS-2830)

  • Deposit/Submission fixes:

    • Fix issue where if PubMed server is down submission lookup fails (DS-2813)

    • JSPUI: Allow reviewers to upload files (DS-2814)

  • Minor fixes to XMLUI Mirage2 theme

In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes in 5.x page.

5.3 Release Notes

DSpace 5.3 is a bug fix release to resolve several issues found in DSpace 5.2. As it only provides only bug fixes, DSpace 5.3 should constitute an easy upgrade from DSpace 5.0, 5.1 or 5.2 for most users. Beginning with DSpace 5.x, we also provide an easier upgrade process from any prior version of DSpace (1.x.x, 3.x or 4.x).

...