Versions Compared

Old Version 1

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 4.8

Tip
titleDSpace 4.8 was officially released to the public on July 12, 2017.

DSpace 4.8 can be downloaded immediately from:

More information on the 4.8 release (and the 4.x platform in general) can be found in the 4.x Release Notes.

Upgrade instructions can be found at Upgrading DSpace


Note
titleWe highly recommend ALL users of DSpace 4.x upgrade to 4.8

DSpace 4.8 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.8.

DSpace 4.8 upgrade instructions are available at: Upgrading DSpace

Table of Contents
minLevel2
outlinetrue
stylenone

...

This release addresses the following security issues discovered in DSpace 4.x and below:

DSpace API security fixes:

  • [HIGH SEVERITY]  BasicWorkflow system is vulnerable to unauthorized manipulations (DS-3647 - requires a JIRA account to access)
    • Reported by Pascal-Nicolas Becker
  • [LOW SEVERITY]  Apache Commons Collections vulnerability (COLLECTIONS-580) (DS-3520 - requires a JIRA account to access)
    • Reported by Alan Orth

In addition, this release fixes a few minor bugs in the 4.x releases. For more information, see the Changes section below.

...

Release Timeline:

  • Release Date: TBAJuly 12, 2017