Versions Compared

Old Version 2

changes.mady.by.user Luigi Andrea Pascarelli (4Science)

Saved on

compared with

New Version 3

changes.mady.by.user Luigi Andrea Pascarelli (4Science)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleDSpace 5.6 was officially released to the public on September 2729, 2016.

DSpace 5.6 can be downloaded immediately from:

More information on the 5.6 release (and the 5.x platform in general) can be found in the 5.x Release Notes

Upgrade instructions can be found at Upgrading DSpace.

...

Major bug fixes include:

  • JSPUI and , XMLUI, REST security fixes:
    • JSPUI and XMLUI
       
      • [HIGH SEVERITY]  XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
        • Reported by Seth Robbins  
    • JSPUI, XMLUI and REST
      • [HIGH SEVERITY]  Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
        • Reported by Franziska Ackermann
  • JSPUI security fix:
  • REST security fix:
    • [HIGH SEVERITY]  SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
  • Other minor fixes and improvements
    • JSPUI: Creative Commons license assignment silently fails (DS-2604) (improvements: with fetch directy the url (instead use the Creative Commons REST API) (DS-2604)
    • JSPUI: Upload a file, multifile, with a description text during the submission process (DS-2623)
    • XMLUI: Recyclable Cocoon components should clear local variables (DS-3246)  

    • METSRightsCrosswalk NPE During AIP Restore - No Anonymous Read (DS-3140)

    • AIP Restore is not respecting access restrictions (on Items) (DS-3266)

In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.

...

Release Timeline:

  • Release Date: September 2729, 2016