Page History
...
- JSPUI security fix:
- [MEDIUM SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- Reported by Andrea Bollini (4Science)
- Reported by Andrea Bollini (4Science)
- [MEDIUM SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- JSPUI, XMLUI, REST security fix:
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access) (NOTE: this issue was actually fixed in an earlier, unannounced 4.6 release, but it is also included in 4.7)
- Reported by Seth Robbins
- [MEDIUM SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
- Reported by Franziska Ackermann
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access) (NOTE: this issue was actually fixed in an earlier, unannounced 4.6 release, but it is also included in 4.7)
...
Overview
Content Tools