Page History
...
Major bug fixes include:
- JSPUI, XMLUI, REST security fixes:
- JSPUI and XMLUI
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
- Reported by Seth Robbins
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
- JSPUI, XMLUI and REST
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
- Reported by Franziska Ackermann
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- JSPUI and XMLUI
- JSPUI security fix:
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- Reported by Andrea Bollini (4Science)
- Reported by Andrea Bollini (4Science)
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- REST security fix:
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- Reported by Bram Luyten (Atmire)
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- JSPUI bug fixes:Other minor fixes and improvements
- XMLUI bug fixes:
- XMLUI: Recyclable Cocoon components should clear local variables (DS-3246)
- XMLUI: "Request a copy" feature was not working when the property request.item-type was set to all ( DS-3294)
- XMLUI: Bug fix to policy search form (DS-3206)
- XMLUI: Recyclable Cocoon components should clear local variables (DS-3246)
- Other minor fixes and improvements
METSRightsCrosswalk NPE During AIP Restore - No Anonymous Read (DS-3140)
AIP Restore is not respecting access restrictions (on Items) (DS-3266)
- "Request a copy" feature was not working when the property request.item-type was set to all Error when missing Context Description in xoai.xml (DS-32942874)
- DS-3206
- DS-2968
- DS-2874
- DS-3248
- DS-3347
...
- Bug fix to REST API 'find-by-metadata-field' (DS-3248)
In addition, this release fixes minor bugs in the 5.x releases. For more information, see the Changes in 5.x page.
...
Overview
Content Tools