Page History

...

9.1 Release Notes

...

...

DSpace 9.1 provides bug fixes, accessibility & performance improvements to the 9.x platform. No new features are provided. As such this release should be an easier upgrade for sites already running 9.x.

9.1 Security Fixes

• Fix for CVE-2025-53621 (moderate severity). XML External Entity (XXE) injection possible in import via Simple Archive Format (SAF) or import from external sources. See security advisory or mailing list “security notice” for details.
• Fix for CVE-2025-53622(moderate severity). Path traversal vulnerability in Simple Archive Format (SAF) package import via “contents” file. See security advisory or mailing list “security notice” for details.

...

• This release also many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities have been confirmed in DSpace.

...

• Submission / Workflow enhancements and fixes
  • Fixed bug where importing a multi-paragraph abstract from PubMed would result in it being split into many abstracts in DSpace. #10559 (Donated by Atmire)
  • ArXiv importer began failing because its configuration didn't use the HTTPS URL. #10999 (Donated by Atmire)
  • Alphabetized all external sources in the import dropdown by source name. #10806
• Administrative enhancements and fixes
  • Fixed bug where community/collection subscription emails were not working as an error occurred when running "./subscription-send" #11001 (Donated by Alan Orth)
  • Deleting a Group now requires confirmation (via a confirmation popup). #4389 (Donated by Jukka Lipka)
• Fixed several CSS / style issues found since upgrading to Bootstrap 5. #4538 (Donated by Atmire)
• Fixed a REST API bug where sending a PATCH request for an unknown metadata field could clear all object metadata. (This only impacts REST API and not the UI.) #10961 (Donated by Atmire)
• Fixed bug where Geospatial Map javascript code was loaded even when it was not used. #4447 (Donated by Atmire)
• Fixed other small bugs.  See Changes in 9.x for a list of all changes.

...

• German (Deutsch) language updates donated by Sascha Szott (saschaszott)
• Gujarati (ગુજરાતી) language translations donated by DSquare Technologies
• Hungarian (Magyar) language updates donated by Zoltán Kanász-Nagy (kanasznagyzoltan)
• Marathi (मराठी) language translations donated by DSquare Technologies
• Portuguese (Português) language updates donated by Ricardo Saraiva (rsaraivac) )
• Russian (Русский) language translations donated by Arvo Consultores

9.1 Acknowledgments

The DSpace application would not exist without the hard work and support of its community. Thank you to the many developers who have worked very hard to deliver all the bug fixes and improvements. This release was entirely volunteer driven!

Development Acknowledgments

A total of

...

19 unique individuals contributed to 9.1.

Frontend / User Interface Acknowledgments 

The following

...

9 individuals have contributed directly to the new DSpace (Angular) User Interface in this release (ordered by number of GitHub commits):  Jukka Lipka (jlipka), Alexandre Vryghem (alexandrevryghem), Yury Bondarenko (ybnd), Sergio Fernández Celorio (sergius02), Gaurav Patel (GauravD2t), Kim Shepherd (kshepherd), Ricardo Saraiva (rsaraivac), Sascha Szott (saschaszott), Zoltán Kanász-Nagy (kanasznagyzoltan).

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

Backend / REST API Acknowledgments 

The following

...

14 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc.) in this release (ordered by number of GitHub commits): Kim Shepherd (kshepherd), Tim Donohue (tdonohue), Alan Orth

...

(alanorth), Michele Boychuk (Micheleboychuk), Max Nuding (max-nuding),Abhinav Sidharthan (AbhinavS96), Sascha Szott (saschaszott), Jens Vannerum (jensvannerum), Marcin Miłosz (MMilosz), Mark Wood (mwoodiupui), Yury Bondarenko (ybnd), Adamo Fapohunda (AdamF42), Alexandre Vryghem (alexandrevryghem), Francisco Carvalho (ciscocarvalho), Jens Vannerum (jensvannerum

...

).

The above contributor list was determined based on contributions to the "DSpace" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

9.0 Release Notes

...

• OpenAlex integration. DSpace now supports importing content (via MyDSpace) from OpenAlex.org.  The DSpace Publication Claim feature also now supports importing Publications related to a Researcher Profiles, provided that the profile has an OpenAlex ID.  Additional screenshots & examples at #10433 (Donated by 4Science and University of Cambridge with additional funding from the Vietsch Foundation)
• Support for tracking usage statistics via Matomo (a Google Analytics alternative). DSpace can now integrate with Matomo Analytics, in order to track usage statistics, search statistics and downloads. This integration requires an existing Matomo account or instance.  See screenshots at #10435 (Donated by 4Science with additional funding from University of Maryland )
• ORCID Login flow is improved. Users logging in via ORCID can now merge their ORCID login with an existing DSpace login.  Users can also login via ORCID without sharing their email from their ORCID account to DSpace.  See #9849 for more details (Donated by 4Science and Lyrasis with additional funding from ORCID's Global Participation Fund)
• Support for SAML authentication. DSpace now includes a SAML Authentication Plugin, which can be configured to allow your DSpace site to use an external SAML IdP. See also #9470 and #9438 for more details (Donated by DSpaceDirect)
• Request a Copy now supports sending a secure download link for larger files.  Files under a (configurable) size threshold are still attached in requests.  But, larger files now send a secure (auto-expiring) link to allow the requester to download the file.  See also #3984 (Built by The Library Code, funded by Technische Universität Berlin)
• ALTCHA captcha protection is now supported.  At this time, ALTCHA is only used by the (updated) Request a Copy feature.  It may be extended to other features in the future.  See CAPTCHA Verification. (Donated by The Library Code)
• Health page now includes an "SEO" validation check. A basic check of your DSpace site's Search Engine Optimization is now available on your Health page (/health) in the Admin sidebar.  This SEO report checks that your sitemap is visible, your robots.txt is visible and that you have SSR (Server Side Rendering) enabled. #10485 (Donated by Atmire)
• Embargo release dates for embargoed files are now displayed on the Item page. The user interface includes a new "showAccessStatuses" configuration for bitstreams on the Item page.  When enabled, all embargoed files will display a badge (on the Item page) which contains the date the embargo expires. Screenshots can be found in the comments of #3882 (Donated by Université Laval)
• Support for Geospatial maps, including browsing and searching. If any Items/Entities include geospatial data in the "dcterms.spatial" metadata field (or similar), then new "geospatialMapViewer" settings now provide ways to interact with this data via maps. This includes options to display a map of the location on the Item page, view search results on a map, or browse geospatial data via a map. See #3540 (Donated by The Library Code)
• The default tab on Community/Collection pages is now configurable. By default it will still be the "Search" tab, but it can be modified using the new "defaultBrowseTab" setting under the "community" or "collection" configurations in your config.*.yml. See also #3164 (Donated by Abel Gomez)
• Accessibility Settings can be customized by users. Basic accessibility settings like Notification (popup) timeouts and ARIA Live Region timeouts can now be customized by each user of your site via the "Accessibility Settings" link in the footer.  This allows users more control over how long confirmation and error messages are displayed. (Donated by Atmire)
• The "Edit Item → Metadata" tab now supports a dropdown for "dspace.entity.type" field. In previous versions, this field was free-text, but now only valid Entity types can be selected.  Metadata field code was also refactored on this page. See #3722 (Donated by Atmire)
• CSV Export from Admin Report.  The Administrator Reports (Beta feature) now supports CSV export.  After running a report, next to the results is export button that allows you to export those results to a CSV.  See  #4071 (Donated by Université Laval)
• Bitstream Storage (assetstore) now supports Apache JClouds, supporting many cloud providers. See Configuring JCloudstore for Asset Storage documentation and #9915 (Donated by Atmire)  WARNING: Unfortunately, just after the 9.0 release, Apache JClouds was retired by Apache and will no longer be supported.  We do not recommend using it for DSpace as we'll have to remove it in a future version.
• Creative Commons license display now uses the backend configuration. The existing "cc.license.name" and "cc.license.url" configurations on the backend are now used by the frontend to determine which metadata field(s) to use for display of the CC license on the Item page. See #3165 (Donated by Abel Gomez)

...