Our custom "MultipartFileSender" appears to bypass all of Spring Security (CORS, CSRF, etc) and implements Range headers and ETags in a completely custom manner. This results in CORS issues in Angular for downloads through Angular: https://github.com/DSpace/DSpace/issues/2962
We'd either need to fix this to use Spring tooling, or maybe find a way to proxy downloads (for Scripts & Processes output) to get around CORS.
Finalize / approve the initial list of all authorization features which we should implement for the/api/authz/features REST endpoint. This list of features should be limited to only features which are required to enable/disable User Interface functionality.(In other words, we can always add more features in the future. We just need to approve the list necessary for 7.0)
Delayed. General agreement (in meeting on March 21, 2019) that storing HTML in metadata fields is not really ideal behavior. Metadata (from a librarian standpoint) tends to be free of format-related markup (as that allows for easier sharing, understanding of metadata. Currently Community & Collection homepage information is HTML-based and is stored in metadata that is appropriate for a minor subset of information (like the title) but it is better to move large/rich text to bitstreams.
Proposal here is to consider storing HTML-based markup (for Site, Community & Collection homepages) in Bitstream(s) associated with the object in question. May allow for more CMS-lite behavior in the future
Timeline for this is uncertain. Possibly in 7 or 8. May depend on how/whether it can be scoped.