Page History
Version 5.7
Warning |
---|
Support for DSpace 5 ended on January 1, 2023. See Support for DSpace 5 and 6 is ending in 2023 |
Tip | ||
---|---|---|
| ||
DSpace 45.8 7 can be downloaded immediately from: More information on the 5.7 release (and the 5.x platform in general) can be found in the 5.x Release Notes. Upgrade instructions can be found at Upgrading DSpace |
...
Major bug fixes include:
Security fixes for both JSPUI and XMLUI:
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [LOW SEVERITY] DSpace shipped with a version of Apache Commons Configuration that was vulnerable to COLLECTIONS-580 (Deserialization Vulnerability). (https://jira.duraspace.org/browse/DS-3520 - requires a JIRA account to access.)
- Discovered by Alan Orth.
- .
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Security fixes for REST API:
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- Discovered by Emilio Lorenzo.
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- XMLUI bug fixes:
- JSPUI bug fixes
- READ access rights not being respected on Collection homepage: DS-3441
- Solr Statistics fixes:
- AIP Backup and Restore fixes:
- Failed AIP imports left files in assetstore: DS-2227
...
- For upgrade instructions from ANY PRIOR VERSION to 5.7, please see Upgrading DSpace
- When upgrading from any 5.x version, if you're reusing your 5.x configuration, make sure to change all instances of Filter attribute "red" to "ref" (e.g. <Filter red="exampleFilter" /> to <Filter ref="exampleFilter" />) in [dspace]/config/crosswalks/oai/oaixoai.xml. "red" was a temporary workaround for a bug (xoai issue #32), which was first fixed in DSpace 5.4.
...
Overview
Content Tools