Versions Compared

Old Version 1

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 5.7

Warning

Support for DSpace 5 ended on January 1, 2023.  See Support for DSpace 5 and 6 is ending in 2023


Tip
titleDSpace 5.7 was officially released to the public on July 12, 2017.

DSpace 5.7 can be downloaded immediately from:

More information on the 5.7 release (and the 5.x platform in general) can be found in the 5.x Release Notes.

Upgrade instructions can be found at Upgrading DSpace


Note
titleWe highly recommend ALL users of DSpace 5.x upgrade to 5.7

DSpace 5.7 contains security fixes for the XMLUI, JSPUI and REST API. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.7.

DSpace 5.7 upgrade instructions are available at: Upgrading DSpace

Table of Contents
minLevel2
outlinetrue
stylenone

...

DSpace 5.7 is a security & bug fix release to resolve several issues located in previous 5.x releases. As it only provides only bug/security fixes, DSpace 5.7 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.7.
 

Major bug fixes include:

  • Security fixes for both JSPUI and XMLUI:

    • [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.) 
      • Discovered by Pascal Becker (The Library Code / TU Berlin).
    • [LOW SEVERITY] DSpace shipped with a version of Apache Commons Configuration that was vulnerable to COLLECTIONS-580 (Deserialization Vulnerability). (https://jira.duraspace.org/browse/DS-3520 - requires a JIRA account to access.)
      • Discovered by Alan Orth.
  • Security fixes for REST API:
    • [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.) 
      • Discovered by Emilio Lorenzo.
  • XMLUI bug fixes:
    • /handleresolver path was no longer working: DS-3366
    • Fix broken images when running Mirage 2 on Jetty: DS-3289
    • Improve error message when user attempts to update an e-mail address to an existing address: DS-3584
    • Fix error when uploading large files (>2GB) via a web browser: DS-2359
  • JSPUI bug fixes
    • READ access rights not being respected on Collection homepage: DS-3441
  • Solr Statistics fixes:
    • Sharding statistics corrupted some fields and was unstable: DS-3436DS-3458
  • AIP Backup and Restore fixes:
    • Failed AIP imports left files in assetstore: DS-2227

In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.

Upgrade Instructions

  • For upgrade instructions from ANY PRIOR VERSION to 5.7, please see Upgrading DSpace
  • When upgrading from any 5.x version, if you're reusing your 5.x configuration, make sure to change all instances of Filter attribute "red" to "ref" (e.g. <Filter red="exampleFilter" /> to <Filter ref="exampleFilter" />) in [dspace]/config/crosswalks/oai/oaixoai.xml. "red" was a temporary workaround for a bug (xoai issue #32), which was first fixed in DSpace 5.4.

No new features in DSpace 5.7

Note

5.7 is a bug-fix and security-fix release. This means it includes no new features and only includes the above listed fixes.

For a list of all new 5.x Features, please visit the 5.x Release Notes.

...

Release Timeline:

  • Release Date: TBAJuly 12, 2017