DSpace 1.7.3 includes a security fix for the JSPUI. Although there are no known exploits, we recommend all 1.7.x JSPUI users upgrade to 1.7.3 (or 1.8.3 or 3.2) in order to fix this vulnerability.
DSpace 1.7.3 is a security fix release to resolve a JSPUI security vulnerability in the 1.7.x platform.
This security release includes the following fixes:
- Resolved security issue in JSPUI (DS-1603 - requires a JIRA account to access). This fix has been backported from the DSpace 3.2 release.
- Minor cleanup of the 1.7.x codebase so that it is Git/GitHub friendly. This means that 1.7.3 can now be forked or checked out from GitHub, using either Git or Subversion
- Updated 1.7.x codebase to build properly when using Maven 3
We highly recommend all 1.7.x JSPUI users upgrade to 1.7.3.
No new features in DSpace 1.7.3
1.7.3 is a security fix release. This means it includes no new features.
For a list of all new 1.7 Features, please visit the DSpace Release 1.7.0 Notes.
The following fixes were released in 1.7.3.
This release also included a security fix (which requires a JIRA account to view):
- DS-1603 - Resolves a security issue in JSPUI
- Release Coordinator: Committers Team (shared coordination) led by Hardy Pottinger
Timeline and Proceeding
- Release Date: July 25, 2013.
Release Process will proceed according to the following Maven release process: Release Procedure