- Version(s) Supported
- The DSpace Committers provide security updates/support for themost recent three (3) major releases of the platform. (For example, as of October 20162019, DSpace 6.x, 5.x and 4.x are all still supported for security updates.)
- Depending on the severity of a particular security issue, the DSpace Committers may make an effort to provide a security patch or recommendation for prior versions. This is decided on a case by case basis.
- Reporting Security Issues
- If you have located a possible security issue within DSpace, we ask that you report it to email@example.com (this emails all the DSpace Committers). We strive to provide a 7-day (or less) turnaround in investigating the reported issue, and will work towards resolution as soon as possible. Once a fix has been created and any necessary security releases are performed, we will then report the security issue and resolution to the general public. You will be publicly credited with discovering/reporting the security issue.
- We strongly encourage you to report security issues in private, before disclosing them in a public forum. We take DSpace security issues very seriously and will work quickly to eliminate them once reported.