Page History

...

9.

...

1 Release Notes

DSpace 9.1 provides bug fixes, accessibility & performance improvements to the 9.x platform. No new features are provided. As such this release should be an easier upgrade for sites already running 9.x.

9.1 Security Fixes

• Fix for CVE-2025-53621 (moderate severity). XML External Entity (XXE) injection possible in import via Simple Archive Format (SAF) or import from external sources. See security advisory or mailing list “security notice” for details.
• Fix for CVE-2025-53622(moderate severity). Path traversal vulnerability in Simple Archive Format (SAF) package import via “contents” file. See security advisory or mailing list “security notice” for details.
• This release also many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities have been confirmed in DSpace.

9.1 Major Bug Fixes and Improvements

• Submission / Workflow enhancements and fixes
  • Fixed bug where importing a multi-paragraph abstract from PubMed would result in it being split into many abstracts in DSpace. #10559 (Donated by Atmire)
  • ArXiv importer began failing because its configuration didn't use the HTTPS URL. #10999 (Donated by Atmire)
  • Alphabetized all external sources in the import dropdown by source name. #10806
• Administrative enhancements and fixes
  • Fixed bug where community/collection subscription emails were not working as an error occurred when running "./subscription-send" #11001 (Donated by Alan Orth)
  • Deleting a Group now requires confirmation (via a confirmation popup). #4389 (Donated by Jukka Lipka)
• Fixed several CSS / style issues found since upgrading to Bootstrap 5. #4538 (Donated by Atmire)
• Fixed a REST API bug where sending a PATCH request for an unknown metadata field could clear all object metadata. (This only impacts REST API and not the UI.) #10961 (Donated by Atmire)
• Fixed bug where Geospatial Map javascript code was loaded even when it was not used. #4447 (Donated by Atmire)
• Fixed other small bugs.  See Changes in 9.x for a list of all changes.

9.1 New/Updated Language support

• German (Deutsch) language updates donated by Sascha Szott (saschaszott)
• Gujarati (ગુજરાતી) language translations donated by DSquare Technologies
• Hungarian (Magyar) language updates donated by Zoltán Kanász-Nagy (kanasznagyzoltan)
• Marathi (मराठी) language translations donated by DSquare Technologies
• Portuguese (Português) language updates donated by Ricardo Saraiva (rsaraivac)
• Russian (Русский) language translations donated by Arvo Consultores

9.1 Acknowledgments

The DSpace application would not exist without the hard work and support of its community. Thank you to the many developers who have worked very hard to deliver all the bug fixes and improvements. This release was entirely volunteer driven!

Development Acknowledgments

A total of 19 unique individuals contributed to 9.1.

Frontend / User Interface Acknowledgments 

The following 9 individuals have contributed directly to the new DSpace (Angular) User Interface in this release (ordered by number of GitHub commits):  Jukka Lipka (jlipka), Alexandre Vryghem (alexandrevryghem), Yury Bondarenko (ybnd), Sergio Fernández Celorio (sergius02), Gaurav Patel (GauravD2t), Kim Shepherd (kshepherd), Ricardo Saraiva (rsaraivac), Sascha Szott (saschaszott), Zoltán Kanász-Nagy (kanasznagyzoltan).

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

Backend / REST API Acknowledgments 

The following 14 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc.) in this release (ordered by number of GitHub commits): Kim Shepherd (kshepherd), Tim Donohue (tdonohue), Alan Orth (alanorth), Michele Boychuk (Micheleboychuk), Max Nuding (max-nuding),Abhinav Sidharthan (AbhinavS96), Sascha Szott (saschaszott), Jens Vannerum (jensvannerum), Marcin Miłosz (MMilosz), Mark Wood (mwoodiupui), Yury Bondarenko (ybnd), Adamo Fapohunda (AdamF42), Alexandre Vryghem (alexandrevryghem), Francisco Carvalho (ciscocarvalho), Jens Vannerum (jensvannerum).

The above contributor list was determined based on contributions to the "DSpace" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

9.0 Release Notes

DSpace 9.0 is a major release of the DSpace platform.  It provides new features and improvements, along with bug fixes.  You should be aware that all major releases may provide some "breaking changes" (major changes that may impact your local customizations).

...

• Fix possible "Zip Slip" in SWORDv2 ingest process. This potential issue was found via an automated code scan and no exploit has been confirmed. See #10725
• This release also includes many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities has have been confirmed in DSpace.

...

• OpenAlex integration. DSpace now supports importing content (on via MyDSpace) from OpenAlex.org.  The DSpace Publication Claim feature also now supports importing a Publications related to a a Researcher Profiles, provided that the profile has an OpenAlex ID.  Additional screenshots & examples at #10433 (Donated by 4Science and University of Cambridge with additional funding from the Vietsch Foundation)
• Support for tracking usage statistics via Matomo (a Google Analytics alternative). DSpace can now integrate with Matomo Analytics, in order to track usage statistics, search statistics and downloads. This integration requires an existing Matomo account or instance.  See screenshots at #10435 (Donated by 4Science with additional funding from University of Maryland )
• ORCID Login flow is improved. Users logging in via ORCID can now merge their ORCID login with an existing DSpace login.  Users can also login via ORCID without sharing their email from their ORCID account to DSpace.  See #9849 for more details (Donated by 4Science and Lyrasis with additional funding from ORCID's Global Participation Fund)
• Support for SAML authentication. DSpace now includes a SAML Authentication Plugin, which can be configured to allow your DSpace site to use an external SAML IdP. See also #9470 and #9438 for more details (Donated by DSpaceDirect)
• Request a Copy now supports sending a secure download link for larger files.  Files under a (configurable) size threshold are still attached in requests.  But, larger files now send a secure (auto-expiring) link to allow the requester to download the file.  See also #3984 (Donated Built by The Library Code, funded by Technische Universität Berlin)
• ALTCHA captcha protection is now supported.  At this time, ALTCHA is only used by the (updated) Request a Copy feature.  It may be extended to other features in the future.  See CAPTCHA Verification. (Donated by The Library Code)
• Embargo release dates for embargoed files are now displayed on Item page. The user interface includes a new "showAccessStatuses" configuration for bitstreams on the Item page.  When enabled, any embargoed files will show a "badge" next to the file name on the Item page. This badge will display the date the embargo ends. Screenshots can be found in the comments of #3882 (Donated by Université Laval)
• Support for Geospatial maps, including browsing and searching. If any Items/Entities include geospatial data in the "dcterms.spatial" metadata field (or similar), then new "geospatialMapViewer" settings now provide ways to interact with this data via maps. This includes options to display a map of the location on the Item page, view search results on a map, or browse geospatial data via a map. See #3540 (Donated by The Library Code)
• The default tab on Community/Collection pages is now configurable. By default it will still be the "Search" tab, but it can be modified using the new "defaultBrowseTab" setting under the "community" or "collection" configurations in your config.*.yml. See also #3164 (Donated by Abel Gomez)
• The "Edit Item → Metadata" tab now supports a dropdown for "dspace.entity.type" field. In previous versions, this field was free-text, but now only valid Entity types can be selected.  Metadata field code was also refactored on this page. See #3722 (Donated by Atmire)
• Health page now includes an "SEO" validation check. A basic check of your DSpace site's Search Engine Optimization is now available on your Health page (/health) in the Admin sidebar.  This SEO report checks that your sitemap is visible, your robots.txt is visible and that you have SSR (Server Side Rendering) enabled. #10485 (Donated by Atmire)
• Health page now includes an "SEO" validation check. A basic check of your DSpace site's Search Engine Optimization is now available on your Health page (/health) in the Admin sidebar.  This SEO report checks that your sitemap is visible, your robots.txt is visible and that you have SSR (Server Side Rendering) enabled. #10485 (Donated by Atmire)
• Embargo release dates for embargoed files are now displayed on the Item page. The user interface includes a new "showAccessStatuses" configuration for bitstreams on the Item page.  When enabled, all embargoed files will display a badge (on the Item page) which contains the date the embargo expires. Screenshots can be found in the comments of #3882 (Donated by Université Laval)
• Support for Geospatial maps, including browsing and searching. If any Items/Entities include geospatial data in the "dcterms.spatial" metadata field (or similar), then new "geospatialMapViewer" settings now provide ways to interact with this data via maps. This includes options to display a map of the location on the Item page, view search results on a map, or browse geospatial data via a map. See #3540 (Donated by The Library Code)
• The default tab on Community/Collection pages is now configurable. By default it will still be the "Search" tab, but it can be modified using the new "defaultBrowseTab" setting under the "community" or "collection" configurations in your config.*.yml. See also #3164 (Donated by Abel Gomez)
• Accessibility Settings can be customized Accessibility Settings are customizable by users. Basic accessibility settings like Notification (popup) timeouts and ARIA Live Region timeouts can now be customized by each user of your site via the "Accessibility Settings" link in the footer.  This allows users more control over how long confirmation and error messages are displayed. link in the footer.  This allows users more control over how long confirmation and error messages are displayed. (Donated by Atmire)
• The "Edit Item → Metadata" tab now supports a dropdown for "dspace.entity.type" field. In previous versions, this field was free-text, but now only valid Entity types can be selected.  Metadata field code was also refactored on this page. See #3722 (Donated by Atmire)
• CSV Export from Admin Report.  The Administrator Reports (Beta feature) now supports CSV export.  After running a report, next to the results is export button that allows you to export those results to a CSV.  See  #4071 (Donated by Université Laval)
• Bitstream Storage (assetstore) now supports Apache JClouds, supporting many cloud providers. See Configuring JCloudstore for Asset Storage documentation and #9915 (Donated by Atmire)many cloud providers. See Configuring JCloudstore for Asset Storage documentation and #9915 (Donated by Atmire)  WARNING: Unfortunately, just after the 9.0 release, Apache JClouds was retired by Apache and will no longer be supported.  We do not recommend using it for DSpace as we'll have to remove it in a future version.
• Creative Commons license display now uses the backend configuration. The existing "cc.license.name" and "cc.license.url" configurations on the backend are now used by the frontend to determine which metadata field(s) to use for display of the CC license on the Item page. See #3165 (Donated by Abel Gomez)

Breaking Changes

...

The following major changes may negatively impact or "break" your local customizations to prior versions of DSpace.  Please be aware of them before upgrading.

...

• General user enhancements and fixes
  • Search filters now include "Access Type" filter, which allows you to filter by open access, metadata only, etc. #10434 (Donated by Paulo Graça)
  • RSS/Atom feeds are now available for search results, allowing you to subscribe to a search via RSS. #2489 (Donated by Atmire)
  • Added ability for users to reject the "Correlation ID" cookie, tracked in the backend's logs for debugging purposes. #3889 (Donated by 4Science)
  • Fixed search bug where stale data could sometimes be returned. #3888 (Donated by Atmire)
  • Fixed bug where access restricted thumbnails were not shown to users who have proper access rights. #4165 (Donated by Atmire)
  • Fixed statistics bug where "view" events could be sent twice when using scoped themes. #4099 (Donated by Atmire)
  • Fixed bug where sorting in descending order on Browse by Author may result in an error. #10519 (Donated by Toni Prieto)
• Submission / Workflow enhancements and fixes
  • Project Entities can now be imported from DataCite #9636 (Donated by Florian Gantner)
  • Fixed caching issues that could occur on MyDspace page when switching between views. #4205 (Donated by 4Science)
  • Fixed issue where search filters could disappear from MyDSpace page. #4097 (Donated by Arvo Consultores)
  • Fixed infinite loading issue that could occur on submission forms. #4060 (Donated by Atmire)
  • Fixed bug where an admin could not upload a bitstream to an item in workflow when impersonating a user. #4288 (Donated by 4Science)
  • Fixed bug where fields of type "name" in submission forms could not be deleted properly. #4073 (Donated by Atmire)
  • Improved proxy support for all external sources/APIs. All external connections should now use the DSpace Proxy Configuration. See also #10639 (Donated by 4Science)
• Administrative enhancements and fixes
  • Edit menus on all community, collection, item pages are now dropdowns. #3994 (Donated by Atmire)
  • Fixed bug where CSV import (Batch Metadata Import) was not compatible with Controlled Vocabularies. #9749 (Donated by Atmire)
  • Fixed bug where Processes page wasn't properly supporting integer parameters. #4273 (Donated by 4Science)
  • Fixed bug where list of bitstreams on "Edit Item > Bitstreams" tab would be duplicated when using pagination. #4015 (Donated by Atmire)
  • COAR Notify was not fully adhering to the "Request Endorsement" pattern supported by PCI (https://peercommunityin.org/). #10053 (Donated by Agustina Martinez)
  • Fixed issued where Collection Admins could not add new policies to bitstreams. #10688 (Donated by 4Science)
  • Fixed issued where Collection Admins could not view metadata of withdrawn items. #10668 (Donated by 4Science)
  • Fixed pagination issue with Bulk Access Control script/page which could cause duplicate policies to be created. #10697 (Donated by 4Science)
  • Fixed issue where Handles were not stored for communities & collections when `VersionedHandleIdentifierProviderWithCanonicalHandles` provider was enabled. #10240 (Donated by Atmire)
• Performance/stability improvements:
  • Limited the number of Items that can be exported at once to 500.  This limit is configurable on backend via "metadataexportbulkedit.export.max.items" #10030 (Donated by Atmire)
  • Fixed issue where login endpoints to REST API didn't always close their database connection after login action was completed. #10598 (Donated by Atmire)
  • OpenSearch now limits its results per page to 100, though it is configurable via "websvc.opensearch.max_num_of_items_per_request" setting. #10549 (Donated by Sascha Szott)
  • Fixed performance issue with "import-loader-suggestions" script when run on a large repository. #10719 (Donated by 4Science)
  • Indexing improvements to the "index-discovery" script when your site has a larger number of relationships (between entities). #10351 (Donated by Atmire)
  • Fix bug when DSpace could fail to startup when ORCID connections failed (if ORCID is enabled). #9876 (Donated by The Library Code)
• Accessibility improvements:
  • Truncated abstracts now use ellipsis for truncation instead of fading out. #4341 (Donated by 4Science)
  • Improved screen reader accessibility for header and recent submissions. #4335 (Donated by Atmire)
  • Enhanced keyboard navigation on several pages. #4244 (Donated by eScire)
  • Fixed small screen display issues in footer and full item page. #4218 (Donated by Jesiel Viana)
• OpenAIRE v4 compliance improvements to both the OpenAIRE submission forms and the OAI-PMH "oai_openaire" metadata format. #10128 (Built by Atmire, funded from Ireland's National Open Research Forum (NORF) under the 2022 Open Research Fund))
• Klaro cookie settings popup was replaced with Orejime.  Orejime provides better accessibility and is better maintained. #2718 (Donated by 4Science)
• OAI-PMH templating has moved from using JTwig to Thymeleaf.  This also fixes errors thrown by the root page (/server/oai) since 8.x. See #10563 (Donated by Kim Shepherd)
• Includes all bug fixes and accessibility fixes also included in the 8.1 release.
• Fixed a large number of other small bugs.  See Changes in 9.x for a list of all changes.
• Major dependency updates: Frontend updated to Angular 18 and Bootstrap 5. (Both donated by Atmire)

...

DSpace 9.0 had 404,852 lines of code changed and 89 unique individuals contributing to either the frontend or backend.

Frontend / User Interface Acknowledgments

The following 66 individuals have contributed directly to the new DSpace (Angular) User Interface in this release (ordered by number of GitHub commits): Alexandre Vryghem (alexandrevryghem), Andreas Awouters (AAwouters), Tim Donohue (tdonohue), Francesco Molinaro (FrancescoMolinaro), Sascha Szott (saschaszott), Andrea Barbasso (AndreaBarbasso), Kim Shepherd (kshepherd), Andrea Guevara (Andrea-Guevara), Alan Orth (alanorth), Jens Vannerum (jensvannerum), Giuseppe Digilio (atarix83), Yana De Pauw (YanaDePauw), Pierre Lasou (pilasou), Milan Majchrak (milanmajchrak), Alisa Ismailati (alisaismailati), Vincenzo Mecca (vins01-4science), Dan Gastardelli (DanGastardelli), Abel Gómez (abelgomez), Art Lowel (artlowel), Yury Bondarenko (ybnd), Adamo Fapohunda (AdamF42), Ricardo Saraiva (rsaraivac), Simone Ramundi (Simone-Ramundi), Michał Dykas (michdyk), Toni Prieto (toniprieto), Victor Hugo Duran Santiago (VictorHugoDuranS), Paulo Graça (paulo-graca), Nicolas Boulay (nibou230), Emmanuel Pastor (pastr), Jesiel Viana (jesielviana), Zahraa Chreim (ZahraaChreim-Atmire), Julia Gilmore (alphapetjg), Kristof De Langhe (Atmire-Kristof),  Igor Baptista (IgorBaptist4), Krzysztof Kubiak (pcg-kk), Koen Pauwels (KoenP), Joran De Braekeleer (gingyx), Zoltán Kanász-Nagy (kanasznagyzoltan), Mohana Sarmiento (msarmie), Yannick Paulsen (YPaulsen-TLC), Lotte Hofstede (LotteHofstede), Nicholas Woodward (nwoodward), Arta Seyedian (aseyedia), Elvi Nemiz (eulereadgbe), Miika Nurminen (minurmin), Oscar Chacón (oscar-escire), Sergio Fernández Celorio (sergius02), Vladzislav Novski (vNovski), Alfeu Tavares (autavares-dev), Gaurav Patel (GauravD2t), Agustina Martinez (amgciadev), Bridget Almas (balmas), Carolyn Sullivan (Peredwel), Florian Gantner (floriangantner), Michael Spalti (mspalti), Mohamed Ali (mohamedali654321), Nima Behfourouz (nimabehforouz), Nona Luypaert (nona-luypaert), Abhinav Sidharthan (AbhinavS96), Jean-François Morin (jeffmorin), Christian Clauss (cclauss), Drew Heles (dheles), Mattia Vianelli (Sondissimo), Nathan Buckingham (ConfusionOrb221), Ray Lee (ray-lee), Escalante Guillermo (guillermo2519).

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 8.0 (after June 21, 2024) and 9.0 using "git shortlog" on the main branch and excluding all merge commits: 
git shortlog -s -n -e --no-merges --since 2024-06-21

Backend / REST API Acknowledgments

The following 58 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc) in this release (ordered by number of commits): Tim Donohue (tdonohue), Kim Shepherd (kshepherd), Sascha Szott (saschaszott), Adamo Fapohunda (AdamF42), Vincenzo Mecca (vins01-4science), Jens Vannerum (jensvannerum), Mark Wood (mwoodiupui), Giuseppe Digilio (atarix83), Nona Luypaert (nona-luypaert), Ray Lee (ray-lee), Stefano Maffei (steph-ieffam), Agustina Martinez (amgciadev), Nathan Buckingham (ConfusionOrb221), Florian Gantner (floriangantner), Kristof De Langhe (Atmire-Kristof), Toni Prieto (toniprieto), Nicolas Boulay (nibou230), Alfeu Tavares (autavares-dev), Igor Baptista (IgorBaptist4), Andrei Alesik (AndrewAlesik), Elios Buzo, Alphonse Bendt (abendt), Paulo Graça (paulo-graca), Jukka Lipka (jlipka), Mark Diggory (mdiggory), Alexandre Vryghem (alexandrevryghem), Christian Clauss (cclauss), Marie Verdonck (MarieVerdonck), Michele Boychuk (Micheleboychuk), Jesiel Viana (jesielviana), Mikhail Schastlivtsev (schastlivcev), Pierre Lasou (pilasou), Yury Bondarenko (ybnd), Bram Luyten (bram-atmire), Brian Keese (bkeese), Eike Löhden (Leano1998), Kevin Van de Velde (KevinVdV), Koen Pauwels (KoenP), Oscar Chacón (oscar-escire), Mohamed Eskander (eskander17), Nicholas Woodward (nwoodward), Alan Orth (alanorth), Chris Wilper (cwilper), David Steelman (dsteelma-umd), Mark Cooper (mark-cooper), Pascal-Nicolas Becker (pnbecker), Yana De Pauw (YanaDePauw), James Sullivan (jameswsullivan), Abel Gómez (abelgomez), Andreas Awouters (AAwouters), Drew Heles (dheles), Martin Walk (MW3000), Mattia Vianelli (Sondissimo), Piaget Bouaka Donfack (PiagetBouaka), Zahraa Chreim (ZahraaChreim-Atmire), Abhinav Sidharthan (AbhinavS96), Jean-François Morin (jeffmorin), Max Nuding (hutattedonmyarm).

...