Page History
...
This release addresses the following security issues discovered in DSpace 3.x and below:
- Directory path traversal vulnerability: DS-3094 reported by Tim Donohue\[HIGH SEVERITY\] The XMLUI "themes/" path is vulnerable to a full directory traversal using [any-two-or-more-chars]:[any-full-file-path]. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
Upgrade Instructions
- For upgrade instructions for 3.x to 3.5 please see Upgrading From 3.0 to 3.x.
- If you are upgrading from 1.8.x to 3.5, please see Upgrading From 1.8.x to 3.x
- For general upgrade instructions, please see Upgrading a DSpace Installation
...
Overview
Content Tools