Developers Meeting on Thurs, September 11, 2025

Time/Location

11 Sep 2025 from 14:00-15:00 UTC

Location: https://lyrasis.zoom.us/my/dspace?pwd=RTk4QUhISnhPRi9YenVrTFJKbDllQT09 (Meeting ID: 502 527 3040).  Passcode: dspace

• More connection options available at DSpace Meeting Room

Agenda

• Discussion Topics - If you have a topic you'd like to have added to the agenda, please just add it. 
  1. DSpace & DSpace-CRIS potential merger discussions
     1. DSpace and DSpace-CRIS Planning Groups - wiki pages to follow along with ongoing discussions.
     2. DSpace-CRIS and DSpace Differences  - List of known feature/architectural differences between DSpace 8 and latest version of DSpace-CRIS
  2. Other topics
     1. How should DSpace display / not display HTML embedded in metadata fields? Currently, there's still inconsistency between how it's treated in the Submission / Workflow versus on Public pages: https://github.com/DSpace/dspace-angular/issues/1495  (In Submission/Workflow, embedded HTML is sanitized and rendered.  In public pages, it's only rendered for abstract field.)
     2. Add your topic here or PR / issue ticket to discuss.
• Board Review:
  • 10.0 Project Board - Review PRs collaboratively or Assign new PRs to volunteers to code review and/or test.
  • Backlog Board - Are there any tickets here stuck in the "Triage" column?  We'd like to keep this column as small as possible.
  • Maintenance Board (9.x, 8.x, 7.6.x) - Known bugs can be found here, along with any backported bug fixes.
• Upcoming Topics: (Let us know if there are topics you want to discuss in future weeks)
  
  • September 25: Demo / Overview of the new "Audit Trail" feature submitted by 4Science (Stephano).  REST PR: https://github.com/DSpace/DSpace/pull/11072 , Angular PR: https://github.com/DSpace/dspace-angular/pull/4576
  • Updates on Nx / modularization discussion. Prototyping Nx vs Angular CLI Workspaces?
    • Preparation PR (preparing for possible Nx migration): https://github.com/DSpace/dspace-angular/pull/4629
    • Original PR (example full migration): https://github.com/DSpace/dspace-angular/pull/4019
  • Restore Angular dynamic decorators: https://github.com/DSpace/dspace-angular/pull/4528  (somewhat dependent on Nx / modularization discussions)
  • Follow-up on "aggressive bot" discussion:  https://github.com/DSpace/dspace-angular/issues/4565
    • PR to update our built-in "rate limiter": https://github.com/DSpace/dspace-angular/pull/4620

Attendees

• Tim Donohue 
• Holger Lenz 

• Art Lowel (Atmire) 

• Andrea Bollini (4Science)

• Giuseppe Digilio (4Science) 
• Paulo Graça
• Mark H. Wood 
• Grazia Quercia (4Science)
• Julian Timal (eScire) 
• Martin Walk 
• Melissa Anez 
• Oliver Goldschmidt 
• Pascal-Nicolas Becker 
• Pierre Lasou 
• Kim Shepherd 
• Nicholas Woodward 
• Sascha Szott 
• Marsa Haoua 
• Jesiel Viana 
• Scholaris Team

Current Work

Project Boards

• DSpace 10.0 board: https://github.com/orgs/DSpace/projects/32
• DSpace 9.x, 8.x and 7.6.x maintenance board: https://github.com/orgs/DSpace/projects/29

To quickly find PRs assigned to you for review, visit https://github.com/pulls/review-requested  (This is also available in the GitHub header under "Pull Requests → Review Requests")

Goals for 10.0

To be decided by DSpace Steering Group with feedback from Leadership Group. 

Priorities listed at DSpace Release 10.0 Status. 

Goals for 9.2 / 8.3 / 7.6.5

Deadline is TBD for 9.2, 8.3 and7.6.5.  Bug fix releases do not have fixed/scheduled deadlines. Instead, the developer team will determine when to create a release based on the significance of the issues to solve. (e.g. If major issues are fixed, then a bug fix release will occur more rapidly.  If minor issues are found, then a bug fix release may be delayed until sufficient fixes have been made to warrant a release)

• Bug/security fixes only.  These minor releases will not include any new features.
  • New "themeable components" (for dspace-angular) are allowed in bug fix releases, provided that they don't significantly modify component behavior or similar.
  • Accessibility fixes are also allowed in bug fix releases, provided they don't significantly modify component behavior or similar.
• Bug fix PRs should be created against "main" branch where possible. The "main" branch has the most strict code style rules. (i.e. PRs created against dspace-7_x  are becoming more difficult to port forward.)
• Per our support policy, bug fixes are only guaranteed to be ported back to 9.x.  That said, where possible, we'll try to backport bug fixes (especially significant ones) to 8. x and 7.6.x.

Try "Pull Request Trading" for a quicker review

Do you have a PR stuck in "under review" that you really want to see move forward?  Or maybe it's someone else's PR but you want to get it more attention?

See Trading reviews on Pull Requests for how to get immediate attention to that PR!

Notes

Announcements

• No meeting next week (Sept 18)

  • Tim and Holger will attend a LYRASIS staff retreat.

  • Next scheduled meeting: Sept 25.

• Upcoming Q&A webinar on Sept 30 (DSpace–DSpace-CRIS merger update).

Updates

• Merger planning

  • Technical Planning Group: working on accelerating merging of DSpace-CRIS code into DSpace (creating/merging PRs). Still early, brainstorming stage.

  • Strategic Planning Group: preparing the Sept 30 Q&A webinar; broader updates will be shared there.

Discussion Topics

• HTML in metadata fields

  • Issue: HTML behaves inconsistently:

    • In My Submissions and search results, HTML tags like <a> links are rendered.

    • On item pages, HTML is escaped (except for abstracts).

  • Concerns:

    • Unexpected/misleading links in titles and search results.

    • Inconsistent user experience.

    • Possible issues for OAI-PMH and external apps that assume plain text metadata.

  • Views shared:

    • Pascal: not a major security risk since JavaScript is blocked; links can be acceptable in abstracts.

    • Art: root cause is Solr hit highlighting returning HTML. Proposed adding a sanitizer to allow only <i> and <b> tags. Suggested long-term solution: store plain text metadata alongside optional HTML versions.

    • Tim: prefers consistency — only process HTML/Markdown in abstracts, display plain text elsewhere.

    • Mark: suggested validation to block HTML in certain fields (like titles).

  • Decision/Next Steps:

    • Quick fix: sanitize Solr results to remove links in search results.

    • Assigned to Art Lowel.

    • Longer-term: explore plain text + HTML dual-field approach.

• Angular modularization (NX vs Angular CLI)
  • Update by Art Lowel:

    • Modularized code into core/config/util modules. Build works, but:

      • Tree-shaking issues: unnecessary services bundled, leading to crashes.

      • Modules don’t rebuild automatically; need scripts (e.g., nodemon) to watch/rebuild.

      • Config library problem: used by Angular, Webpack, and Node scripts → currently bypassing library boundaries.

    • NX may solve these problems automatically but has its own complexities.

  • Next Steps:

    • Art will continue documenting pros/cons of both approaches.

    • Discussion postponed until Giuseppe returns from holiday.

    • Notes may be collected in wiki/GitHub tickets for group review.

• Session/logout inconsistency across tabs/browsers

  • Issue raised by Sasha:

    • User logs in across multiple tabs.

    • Logging out in one tab invalidates the session but doesn’t update other tabs immediately.

    • Leads to inconsistent state until user interacts (see GitHub ticket).

  • Discussion:

    • Backend limitation: REST API doesn’t support multiple independent sessions.

    • Art: not necessarily a bug — expected behavior in same browser, but frontend error handling is poor.

    • Suggestion: extend authentication interceptor to catch invalid sessions and redirect user to login.

    • Kim: problem is similar to backend downtime → needs a global UI handler.

  • Consensus:

    • Short-term: improve frontend to catch errors and redirect/log out gracefully.

    • Long-term: backend session handling more complex and unresolved.

  • Next Steps:

    • No volunteer yet; Art may pick up in a few weeks if unclaimed.

• ORCID document type mapping (PR by Pierre Lasou)

  • Small PR: improves mapping precision between DSpace document types and ORCID types.

  • Straightforward and non-controversial.

  • Approved during meeting with quick thumbs-up.

  • Action: Tim will merge PR after applying proper tags.

• Project board & pull requests

  • Tim highlighted:

    • Many PRs in under review with merge conflicts → need cleanup by authors.

    • Encouraged developers to review/test each other’s PRs.

    • Merge backlog is shrinking but still large; needs broader participation.

  • Reminder:

    • Easy, obvious PRs should be approved quickly.

    • Tag Tim if something is stuck but trivial.

Code reviews (time-permitting)

• Reviewed PRs:

  • Required relation fields validation → backend fix and integration tests look correct; Tim to test in UI and port to 9.x.

  • Sort order fix in Hibernate DOI findBy methods → adds deterministic ordering; straightforward change.

Decisions & Agreements

• HTML in metadata: Only render HTML/Markdown in abstracts; sanitize elsewhere.

• ORCID PR approved for merge.

• Frontend should handle session invalidation gracefully (interceptor solution).

• Angular modularization: continue analysis; revisit with Giuseppe.

Action Items

• Art Lowel →

  • Quick fix: sanitize Solr search results to remove unexpected HTML.

  • Continue Angular CLI modularization testing; document pros/cons.

• Tim Donohue →

  • Merge Pierre’s ORCID PR (with version tags).

  • Test “required relation field” PR in UI, port to 9.x.

• All developers →

  • Review/test PRs, especially those with conflicts.

  • Raise visibility for small, obvious PRs.

• Future →

  • UI improvement for logout/session invalidation handling.

  • Longer-term solution for plain text + HTML metadata fields.