Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

DSpace Release 4.8 Status

Created by Tim Donohue, last modified on Jul 12, 2017

Version 4.8

DSpace 4.8 was officially released to the public on July 12, 2017.

DSpace 4.8 can be downloaded immediately from:

https://github.com/DSpace/DSpace/releases/tag/dspace-4.8

More information on the 4.8 release (and the 4.x platform in general) can be found in the 4.x Release Notes.

Upgrade instructions can be found at Upgrading DSpace

We highly recommend ALL users of DSpace 4.x upgrade to 4.8

DSpace 4.8 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.8.

DSpace 4.8 upgrade instructions are available at: Upgrading DSpace

Summary

DSpace 4.8 is a security and bug-fix release to resolve several issues located in previous 4.x releases. As such, DSpace 4.8 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.8.

This release addresses the following security issues discovered in DSpace 4.x and below:

DSpace API security fixes:

[HIGH SEVERITY] BasicWorkflow system is vulnerable to unauthorized manipulations (DS-3647 - requires a JIRA account to access)
- Reported by Pascal-Nicolas Becker
[LOW SEVERITY] Apache Commons Collections vulnerability (COLLECTIONS-580) (DS-3520 - requires a JIRA account to access)
- Reported by Alan Orth

In addition, this release fixes a few minor bugs in the 4.x releases. For more information, see the Changes section below.

Upgrade Instructions

For upgrade instructions for 4.x to 4.8, please see Upgrading From 4.0 to 4.x.
If you are upgrading from 3.x to 4.8, please see Upgrading From 3.x to 4.x.
For general upgrade instructions, please see Upgrading DSpace.

No new features in DSpace 4.8

4.8 is a security and bug-fix release. This means it includes no new features and only includes the above listed security fixes.

For a list of all new 4.x Features, please visit the 4.x Release Notes.

Changes

The following bug fixes were released in 4.8.

key	summary	type	created	updated	due	assignee	reporter	priority	status	resolution
Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Organizational Details

Release Coordination

Release Coordinator: Committers Team (shared coordination)

Timeline and Proceeding

Release Timeline:

Release Date: July 12, 2017

No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.

Page tree