Page History
...
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Warning |
---|
Support for DSpace 5 ended on January 1, 2023. See Support for DSpace 5 and 6 is ending in 2023 |
Tip | ||
---|---|---|
| ||
DSpace 5.5 can be downloaded immediately from: More information on the 5.5 release (and the 5.x platform in general) can be found in the 5.x Release Notes Upgrade instructions can be found at Upgrading DSpace. |
Note | ||
---|---|---|
| ||
DSpace 5.5 contains security fixes for both the XMLUI and JSPUI. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.5. |
...
Major bug fixes include:
- XMLUI security fixes:
- [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- Reported by Virginia Tech
- Reported by Virginia Tech
- [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- JSPUI security fixes:
- [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
- Reported by CINECA
- Reported by CINECA
- [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
- REST fixes
- OAI fixes
- Configuration Fixes
- Other minor fixes
- Broken SQL query in Item.findByMetadataFieldAuthority API method (DS-2517)
- Mirage2:
- Ensured printing the item page from doesn't include bitstream URLs (DS-2893)
- Broken SQL query in Item.findByMetadataFieldAuthority API method (DS-2517)
...
The following bug fixes were released in 5.45.
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
Overview
Content Tools