Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
Version 5.9
Support for DSpace 5 will be ending on January 1, 2023. See Support for DSpace 5 and 6 is ending in 2023
DSpace 5.9 was officially released to the public on June 25, 2018.
DSpace 5.9 can be downloaded immediately from:
More information on the 5.9 release (and the 5.x platform in general) can be found in the 5.x Release Notes.
Upgrade instructions can be found at Upgrading DSpace
We highly recommend ALL JSPUI users of DSpace 5.x upgrade to 5.9
DSpace 5.9 contains security fixes for the JSPUI (only). To ensure your 5.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 4.x users upgrade to DSpace 5.9.
DSpace 5.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well.
DSpace 5.9 upgrade instructions are available at: Upgrading DSpace
Summary
DSpace 5.9 is a security and bug fix release to resolve several issues located in previous 5.x releases. As it only provides only bug fixes, DSpace 5.9 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.9.
JSPUI security fixes include
[HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.)
Reported by Julio Brafman
[MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.)
Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)
Major bug fixes include
- Update DSpace ORCID Integration to use ORCID API v2 (instead of now obsolete ORCID v1): DS-3447
- Update DSpace Statistics to use GeoIP API v2 (instead of now discontinued GeoIP API v1): DS-3832
- Other API-level fixes (affecting all UIs)
- PostgreSQL JDBC driver upgraded to latest version (to allow for full compatibility with PostgreSQL v10): DS-3854
- Ensure ImageMagick thumbnails respect the orientation of original file: DS-3839
- OAI-PMH Fixes
- XMLUI Fixes
- Fixed Mirage v2 build issues caused by Bower Registry URL change: DS-3936
- Fixed performance issues for Items with 100+ bitstreams: DS-3883
- Fix issue where search results lose Community/Collection context when sorting: DS-3835
- Update Mirage to use recommended MathJax inline delimiters (DS-3087) and to use new CDN location (DS-3560)
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 5.9, please see Upgrading DSpace
- When upgrading from any 5.x version, if you're reusing your 5.x configuration, make sure to change all instances of Filter attribute "red" to "ref" (e.g. <Filter red="exampleFilter" /> to <Filter ref="exampleFilter" />) in [dspace]/config/crosswalks/oai/xoai.xml. "red" was a temporary workaround for a bug (xoai issue #32), which was first fixed in DSpace 5.4.
No new features in DSpace 5.9
5.9 is a bug-fix release. This means it includes no new features and only includes the above listed fixes.
For a list of all new 5.x Features, please visit the 5.x Release Notes.
Changes
The following bug fixes were released in 5.9.
Organizational Details
Release Coordination
- Release Coordinator: Committers Team (shared coordination)
Overview
Content Tools
All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license
, unless otherwise noted.