Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

This release addresses the following security issues discovered in DSpace 3.x and below:

\[HIGH SEVERITY\] The XMLUI "themes/" path is vulnerable to a full directory traversal using [any-two-or-more-chars]:[any-full-file-path]. ( DS-3094 - requires a JIRA account to access .) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.

...