Support for DSpace 6 will be ending on July 1, 2023. See Support for DSpace 5 and 6 is ending in 2023 |
DSpace 6.3 can be downloaded immediately from: More information on the 6.3 release (and the 6.x platform in general) can be found in the 6.x Release Notes. Upgrade instructions can be found at Upgrading DSpace |
DSpace 6.3 contains security fixes for the JSPUI (only). To ensure your 6.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 6.x users upgrade to DSpace 6.3 DSpace 6.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well. DSpace 6.3 upgrade instructions are available at: Upgrading DSpace |
DSpace 6.3 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.3 should constitute an easy upgrade from DSpace 6.x for most users. No database changes should be necessary when upgrading from DSpace 6.x to 6.3. One configuration addition (orcid.api.url
property) has been made to the default dspace.cfg to support the new ORCID API v2, for ORCID Authority Control users.
[HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.)
Reported by Julio Brafman
[MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.)
Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)
For more information, see the Changes section below.
6.3 is a bug-fix only release. This means it includes no new features and only includes the below listed fixes. For a list of all new 6.x Features, please visit the 6.x Release Notes. |
The following bug fixes were released in 6.3.