Page History
...
This release addresses the following security issues discovered in DSpace 3.x and below:
- \[HIGH SEVERITY\] The XMLUI "themes/" path is vulnerable to a full directory traversal using [any-two-or-more-chars]:[any-full-file-path]. ( DS-3094 - requires a JIRA account to access .) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
...
Overview
Content Tools