Page History
...
Tip | ||
---|---|---|
| ||
DSpace 5.6 can be downloaded immediately from: More information on the 5.6 release (and the 5.x platform in general) can be found in the 5.x Release Notes Upgrade instructions can be found at Upgrading DSpace. |
...
Major bug fixes include:
- JSPUI and , XMLUI, REST security fixes:
- JSPUI and XMLUI
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
- Reported by Seth Robbins
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
- JSPUI, XMLUI and REST
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
- Reported by Franziska Ackermann
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- JSPUI and XMLUI
- JSPUI security fix:
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- Reported by Andrea Bollini (4Science)
- Reported by Andrea Bollini (4Science)
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- REST security fix:
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- Reported by Bram Luyten (Atmire)
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- Other minor fixes and improvements
- JSPUI: Creative Commons license assignment silently fails (DS-2604) (improvements: with fetch directy the url (instead use the Creative Commons REST API) (DS-2604)
- JSPUI: Upload a file, multifile, with a description text during the submission process (DS-2623)
- XMLUI: Recyclable Cocoon components should clear local variables (DS-3246)
METSRightsCrosswalk NPE During AIP Restore - No Anonymous Read (DS-3140)
AIP Restore is not respecting access restrictions (on Items) (DS-3266)
- JSPUI: Creative Commons license assignment silently fails (DS-2604) (improvements: with fetch directy the url (instead use the Creative Commons REST API) (DS-2604)
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
...
Release Timeline:
- Release Date: September 2729, 2016
Overview
Content Tools