Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
Version 5.3
Support for DSpace 5 will be ending on January 1, 2023. See Support for DSpace 5 and 6 is ending in 2023
DSpace 5.3 was released to the public on July 29, 2015.
DSpace 5.3 can be downloaded immediately from:
More information on the 5.3 release (and the 5.x platform in general) can be found in the 5.x Release Notes.
Summary
DSpace 5.3 is a bug fix release to resolve several issues located in DSpace 5.0, 5.1 and 5.2. As it only provides only bug fixes, DSpace 5.3 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.3.
Major bug fixes include:
- Security fixes:
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Discovered by Pascal-Nicolas Becker of Technische Universität Berlin
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Search and browse fixes:
- OAI fixes:
- Performing a full OAI import now also cleans the OAI cache (DS-2543)
- Harvested items are now properly imported in OAI (DS-2554)
- Tombstones (deleted item status) are now properly applied for withdrawn items (DS-2593)
(note: this requires 'import' to be run, the OAI event consumer will not create tombstones automatically) dc.date.available
is now properly exposed when using the mets metadata format (DS-2598)
- Authorization policy fixes:
- Custom policies for items in workspace or workflow (eg. embargo lifts) are now ignored by AuthorizeManager (DS-2614)
NULL
Resource Policy types (commonly found when upgrading from DSpace < 3.0) are now handled correctly by AuthorizeManager (DS-2587)- Item-level versioning now carries across all custom policies in new item versions (eg. embargos) (DS-2358)
- Other notable fixes:
- Optimized "Select Collection" query is now disabled by default as a workaround to ensure special group lookups (LDAP, Shibboleth) work out-of-the-box (DS-2673)
- Resolved issue where citation_pdf_url metadata was NULL for items with multiple bitstreams but no primary bitstream (DS-2603)
dc.rights
metadata is now properly exposed in embedded XHTML head DC (DS-2568)
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 5.3, please see Upgrading DSpace
No new features in DSpace 5.3
5.3 is a bug-fix release. This means it includes no new features and only includes the above listed fixes.
For a list of all new 5.x Features, please visit the 5.x Release Notes.
Changes
The following bug fixes were released in 5.3.
Organizational Details
Release Coordination
- Release Coordinator: Committers Team (shared coordination) led by Kim Shepherd
Timeline and Proceeding
Release Timeline:
- Release Date: July 29, 2015