Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

This release addresses the following security issues discovered in DSpace 3.x and below:

[HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- Reported by Virginia Tech

Upgrade Instructions

For upgrade instructions for 3.x to 3.5 please see Upgrading From 3.0 to 3.x.
If you are upgrading from 1.8.x to 3.5, please see Upgrading From 1.8.x to 3.x
For general upgrade instructions, please see Upgrading a DSpace Installation

...