Page History
...
Info | ||
---|---|---|
| ||
This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 4.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC4x |
Welcome to Release 4.78, a security release for the DSpace 4.x platform. For information on upgrading to DSpace 4, please see Upgrading DSpace.
4.8 Release Notes
Note | ||
---|---|---|
| ||
DSpace 4.8 contain security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.8. DSpace 4.8 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.8 is a security fix release to resolve issues located in DSpace 4.x XMLUI and JSPUI. As it only provides security and bug fixes, DSpace 4.8 should constitute an easy upgrade from DSpace 4.x for most users. No additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.8. It is necessary to run a database update script. See Upgrading From 4.0 to 4.x for details.
This release addresses the following security issues discovered in DSpace 4.x and below:
- DSpace API security fixes:
- [HIGH SEVERITY] Apache Commons Collections vulnerability (COLLECTIONS-580) (DS-3520 - requires a JIRA account to access)
- Reported by Alan Orth
- Reported by Alan Orth
- [HIGH SEVERITY] BasicWorkflow system is vulnerable to unauthorized manipulations (was: DS-3431) (DS-3647 - requires a JIRA account to access)
- Reported by Pascal-Nicolas Becker
- [HIGH SEVERITY] Apache Commons Collections vulnerability (COLLECTIONS-580) (DS-3520 - requires a JIRA account to access)
In addition, this release fixes minor bugs in the 4.x releases. For more information, see the Changes in 4.x page.
4.8 Acknowledgments
The 4.8 release was led by the Committers.
The following individuals provided code or bug fixes to the 4.8 release: Pascal-Nicolas Becker (pnbecker), Tim Donohue (tdonohue), Samuel Cambien (samuelcambien), Jonas Van Goolen (Jonas VG (atmire)), Mark Wood (mwood).
4.7 Release Notes
Note | ||
---|---|---|
| ||
DSpace 4.7 contain security fix for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.7. DSpace 4.7 upgrade instructions are available at: Upgrading DSpace |
...