Versions Compared

Old Version 2

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel2
outlinetrue
stylenone

Warning

Support for DSpace 5 ended on January 1, 2023.  See Support for DSpace 5 and 6 is ending in 2023


Tip
titleDSpace 5.5 was officially released to the public on March 21, 2016.

DSpace 5.5 can be downloaded immediately from:

More information on the 5.5 release (and the 5.x platform in general) can be found in the 5.x Release Notes

Upgrade instructions can be found at Upgrading DSpace.


Note
titleWe highly recommend ALL users of DSpace 5.x (or below) upgrade to 5.5

DSpace 5.5 contains security fixes for both the XMLUI and JSPUI. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.5.

...

Major bug fixes include:

  • XMLUI security fixes:
    • [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
      • Reported by Virginia Tech
  • JSPUI security fixes: 
    • [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
      • Reported by CINECA
  • REST fixes
    • Fixed the "/handle" endpoint (DS-2936)
    • REST webapp wasn't registering itself on startup (DS-2946)
  • OAI fixes
    • Fixed a few incorrect URL encoding issue (DS-3050)
    • Fixed the broken "NOT" filter (DS-2820)
  • Configuration Fixes
    • Fixed misspelling in dcterms registry (conformsTo) (DS-2998) 
    • Updated our default DataCite configurations to point at the updated DataCite test server (DS-2923)
  • Other minor fixes
    • Broken SQL query in Item.findByMetadataFieldAuthority API method (DS-2517)
    • Mirage2:
    Minor fixes to the Mirage 2 XMLUI theme
    • Ensured printing the item page from doesn't include bitstream URLs (DS-2893)

...

The following bug fixes were released in 5.45.

 

Jira
serverDuraSpace JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
maximumIssues20
jqlQueryproject = DS AND issuetype = Bug AND resolution = Fixed AND fixVersion = "5.5" ORDER BY key ASC
serverIdc815ca92-fd23-34c2-8fe3-956808caf8c5

...