Page History
Version 6.1
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Warning |
---|
Support for DSpace 6 will be ending on July 1, 2023. See Support for DSpace 5 and 6 is ending in 2023 |
Tip | ||
---|---|---|
| ||
DSpace 6.2 can be downloaded immediately from: | ||
Info | ||
DSpace 6.1 is still a work in progress and is not yet publicly released. However, the latest work/code is available on the dspace-6_x branch in GitHub: treeMore information on the _x 6.1 |
...
release |
...
(and |
...
the 6.x platform in general) can be found in the 6.x Release Notes. Upgrade instructions can be found at Upgrading DSpace |
Note | ||
---|---|---|
| ||
DSpace 6.1 contains security fixes for the XMLUI, JSPUI and REST API. To ensure your 6.x site is secure, we highly recommend ALL DSpace 6.x users upgrade to DSpace 6.1. DSpace 6.1 upgrade instructions are available at: Upgrading DSpace |
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
- Test and Merge (or reschedule) all outstanding High Priority fixes for 6.1
- Review the following smaller bug fix PRs for possible inclusion. If they are ready to be included, merge immediately. If not (or you have concerns about merger), please reschedule PR for 6.2. After the PR has either been merged or rescheduled, please check it off on this list.
- DS-3584 Edit eperson e-mail address : https://github.com/DSpace/DSpace/pull/1732
- DS-2675 Browse by page Jump to value : https://github.com/DSpace/DSpace/pull/1730
- DS-3579 Context mode and cache management for CLI : https://github.com/DSpace/DSpace/pull/1727
- DS-2359 Error when depositing large files via browser : https://github.com/DSpace/DSpace/pull/1723
- DS-3568 UTF-8 characters in configuration files : https://github.com/DSpace/DSpace/pull/1708
- DS-2852 Discovery label fix for authority display value : https://github.com/DSpace/DSpace/pull/1701
- DS-2748 Do not throw an exception in the PageNotFoundTransformer : https://github.com/DSpace/DSpace/pull/1696
- DS-3522 Ensure Submission Policies are removed in XMLWorkflow : https://github.com/DSpace/DSpace/pull/1672
- DS-3571 Log hibernate validation errors : https://github.com/DSpace/DSpace/pull/1772
- DS-3245 CSV linebreaks not supported by Bulkedit : https://github.com/DSpace/DSpace/pull/1757
- DS-3127 Whitelist of formats allowable in citation pdf url for google scholar : https://github.com/DSpace/DSpace/pull/1777
- DS-3601 Fix NPE when accessing feedback page without "Referer" header: https://github.com/DSpace/DSpace/pull/1752
- DS-3598 Allow localization of input-forms.xml with XMLUI: https://github.com/DSpace/DSpace/pull/1747
- As necessary, per tickets merged above, please update the 6.1 Release Notes with a high level description of the fix (in "Summary" section below). NOTE: The content of this section will be copied into the official Release Notes on the day of release.
Summary
DSpace 6.1 is a security & bug fix release to release to resolve several issues located in previous 6.x releases. As it only provides only bug/security fixes, DSpace 6.1 should constitute an easy upgrade from DSpace 6.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 6.x to 6.1.
Major bug fixes include:
Security fixes for both JSPUI and XMLUI:
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.(https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Security fixes for REST API:
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- Discovered by Emilio Lorenzo.
- [LOW SEVERITY] The "find-by-metadata" path publicly exposes metadata from access-restricted items.(https://jira.duraspace.org/browse/DS-3628 - requires a JIRA account to access.)
- Reported by Bram Luyten (Atmire).
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- General bug fixes (to all UIs):
- Performance improvements at API layer: DS-3558, DS-3552
- Submitters (who are not Admins) could not remove bitstreams from their in progress submission: DS-3446
- Full text searching was only possible in the first bitstream (file): DS-2952
- Configurable Workflow was throwing "Authorization is Denied" errors: DS-3367
- IP Authorization range restrictions were not working properly: DS-3463
- Item Versioning was not saving properly: DS-3381
- Improve the text of database migration errors: DS-3571
- Improve cache management for command line processes: DS-3579
- Resolve CSV line break issue in bulk edit: DS-3245
- Resolve error with null referrer to feedback page: DS-3601
- Support all UTF-8 characters in configuration files: DS-3568
- Fix update-handle-prefix script to no longer update handle suffix: DS-3632
- XMLUI bug fixes:
- /handleresolver path was no longer working: DS-3366
- Display a restricted image thumbnail for access restricted bitstreams: DS-2789
- Fix broken images when running Mirage 2 on Jetty: DS-3289
- Archived submissions were being displayed chronologically instead of reverse chronologically: DS-3334
- On Move Item page, the list of Collections was sorted by Collection name, instead of being first grouped by Community: DS-3336
- ORCID / Authority Lookup button was no longer working in Mirage 2: DS-3387
- Improve error message when user attempts to update an e-mail address to an existing address: DS-3584
- Allow localization of input-forms.xml with XMLUI: DS-3598
- Fix error when uploading large files (>2GB) via a web browser: DS-2359
- Various other minor bug fixes
- JSPUI bug fixes
- Oracle support bug fixes:
- OAI-PMH bug fixes:
- DIM crosswalks repeated authority information: DS-2947
- REST API bug fixes:
- Support for Shibboleth added: DS-3108
- Solr Statistics fixes:
- AIP Backup and Restore fixes:
- Failed AIP imports left files in assetstore: DS-2227
- Could not restore items from AIP if embargo lift date was in the past: hDS-3348
- Replication Task Suite plugin was not working with 6.0: DS-3389
Minor improvements include:
- SEO improvement: Add configurable support for whitelisting specific file formats for Google Scholar citation_pdf_url tag: DS-3127
- Add support for *.docx files (newer MS Word) to indexing process (via media filters). See DS-1140
- Add ability to multi-select options in XMLUI's My Submission page. See DS-3448
- Filter labels were missing in XMLUI's search screen. See DS-3573
- Minor improvements to logging and error reporting.
...
Release Timeline:
- Release Date: June July 13 2017?