Version 6.3
DSpace 6.3 can be downloaded immediately from: More information on the 5.9 release (and the 5.x platform in general) can be found in the 6.x Release Notes. Upgrade instructions can be found at Upgrading DSpace |
DSpace 6.3 contains security fixes for the JSPUI (only). To ensure your 6.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 6.x users upgrade to DSpace 6.3 DSpace 6.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well. DSpace 6.3 upgrade instructions are available at: Upgrading DSpace |
Summary
DSpace 6.3 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.3 should constitute an easy upgrade from DSpace 6.x for most users. No database changes should be necessary when upgrading from DSpace 6.x to 6.3. One configuration addition (orcid.api.url
property) has been made to the default dspace.cfg to support the new ORCID API v2, for ORCID Authority Control users.
JSPUI security fixes include
[HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.)
[MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.)
Major bug fixes include
- Update DSpace ORCID Integration to use ORCID API v2 (instead of now obsolete ORCID v1): DS-3447
- Update DSpace Statistics to use GeoIP API v2 (instead of now discontinued GeoIP API v1): DS-3832
- Database specific fixes
- Oracle database migration fix. Configurable Workflow migration threw errors: DS-3788
- PostgreSQL JDBC driver upgraded to latest version (to allow for full compatibility with PostgreSQL v10): DS-3854
- Fix issue where DSpace wasn't starting if it used a database connection pool supplied through JNDI: DS-3434
- Bitstream deletion issues ("dspace cleanup" command)
- Fixed issues where Bitstreams were not being flagged for deletion when an Item was deleted: DS-3729
- Fixed issues where Bitstreams were not being removed from assetstore even when flagged as deleted: DS-3627 and DS-3461
- Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically occurred when Item Level Versioning was NOT enabled (which is the default setting) or when Item Level Versioning was first enabled on DSpace version 6.0, 6.1 or 6.2
- Fixed issues where Bitstreams were removed from all versions of an Item (resulting in inaccurate versioning) when deleted from the latest version of an Item: DS-3627
- Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically ONLY occurred when Item Level Versioning was first enabled on DSpace version 4.x or 5.x (and that old versioning data had since been migrated to 6.x).
- Other API-level fixes (affecting all UIs)
- JSPUI fixes
- Fixed issues with authority control popup: DS-3404
- Fixed issues with pausing HTML5 uploads: DS-3865
- XMLUI fixes
- Fixed Mirage v2 build issues caused by Bower Registry URL change: DS-3936
- Fixed performance issues for Items with 100+ bitstreams: DS-3883
- Fixed occasional Hibernate LazyInitializationException when completing submissions: DS-3775
- Fixed Unicode character issues in metadata: DS-3733
- Fix issue where search results lose Community/Collection context when sorting: DS-3835
- Fixed bitstream download issues which could leave AWS connections open when using S3 storage backend: DS-3870
- Update Mirage to use recommended MathJax inline delimiters (DS-3087) and to use new CDN location (DS-3560)
- OAI-PMH Fixes
- Ensure OAI-PMH updates harvestable items when an item is made private (DS-3707) or an embargo expires (DS-3715)
- Fixed Unicode character issues in metadata: DS-3733 and DS-3556
- Fix content type of OAI-PMH response: DS-3889
- Enhanced "oai import" command to report on items that cause indexing issues: DS-3852
- REST API fixes and minor improvements
For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 6.3, please see Upgrading DSpace
No new features in DSpace 6.3
6.3 is a bug-fix only release. This means it includes no new features and only includes the below listed fixes. For a list of all new 6.x Features, please visit the 6.x Release Notes. |
Changes
The following bug fixes were released in 6.3.
Suggested pre-release application (usability, functional) tests for DSpace 6
The below cover most of the fixes and improvements in DSpace 6.3. If we can get volunteers pooled / assigned so that a couple of people are thoroughly testing each of the below functional areas, that'll help confidence in release stability and in catching any last minute problems:
- Discovery (Solr) searches, including browsing, pagination, filters, special characters and very long requests - Kim Shepherd
- General test of OAI-PMH (both ways)
- General test of REST API (aka Legacy REST) and REST Reports - Terrence W Brady
- Flyway upgrades, fresh installs, database migrations
- ORCID authority control - Kim Shepherd
- Subscriptions (with the sub-daily script)
- Statistics GeoIP (location) lookups and display - Kim Shepherd
- CSV metadata exporting
- General performance (and particularly: XMLUI + items with many bitstreams)
- MathJAX rendering - Kim Shepherd
Organizational Details
Release Coordination
TODO - Port to master branch and/or add documentation
All issues in this list are now merged for dspace-6.x, but need porting to master, or documentation added to the wiki, or both