- Version(s) Supported
- The DSpace Committers provide security updates/support for themost recent three (3) major releases of the platform. (For example, as of January 2022, DSpace 7.x, 6.x and 5.x are all still supported for security updatesHowever, earlier end-of-life dates may be announced if major concerns arise over the stability or longevity of a specific release.(Please be aware that DSpace 5 and 6 have both had earlier end-of-life dates announced for 2023.)
- Depending on the severity of a particular security issue, the DSpace Committers may make an effort to provide a security patch or recommendation for prior versions. This is decided on a case by case basis.
- Reporting Security Issues
- If you have located a possible security issue within DSpace, we ask that you report it to email@example.com (this emails all the DSpace Committers). We strive to provide a 7-day (or less) turnaround in investigating the reported issue, and will work towards resolution as soon as possible. Once a fix has been created and any necessary security releases are performed, we will then report the security issue and resolution to the general public. You will be publicly credited with discovering/reporting the security issue.
- We strongly encourage you to report security issues in private, before disclosing them in a public forum. We take DSpace security issues very seriously and will work quickly to eliminate them once reported.
- Version(s) Supported
- The DSpace Committers only regularly provide bug fixes to the most recent major release of the platform. (For example, as of January 2022its initial release, DSpace 7.x is the only version where bug fixes and improvements will regularly occur.)
- Depending on the severity of a particular bug, DSpace Committers may backport it to prior versions of the software platform. This is decided on a case by case basis.
- Reporting Bugs / Issues
- If you have located a possible bug/issue within DSpace, we ask that you report it directly to our DSpace Issue Tracker (GitHub). We strive to investigate bugs as soon as we can after they are reported. However, based on the severity of the bug, the timeline of an actual fix may depend on how rapidly we can locate a volunteer developer (either a Committer or a community developer).
- If you are unsure if something you have found is a DSpace bug/issue, you are also welcome to ask about it on our DSpace Technology Mailing List (dspace-tech Google Group).