Changes in DSpace 3.4

This release includes the following security fixes. All of these tickets require a valid JIRA account to view the details:

DS-1702 - Cross-site scripting (XSS injection) is possible in JSPUI Recent Submissions listings
DS-2044 - Cross-site scripting (XSS injection) is possible in JSPUI Discovery search form
DS-2445 - XMLUI Directory Traversal Vulnerabilities
- Also resolves related, minor theme access issues DS-1896 and DS-2130.
DS-2448 - JSPUI Directory Traversal Vulnerability

...

Page tree