Versions Compared

Old Version 70

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 71

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleOnline Version of Documentation also available

This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 5.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC5x

 
Welcome to Release 5.89, a bug-fix release for the DSpace 5.x platform. For information on upgrading to DSpace 5, please see Upgrading DSpace.

5.9 Release Notes 

Note
titleWe highly recommend ALL JSPUI users of DSpace 5.x upgrade to 5.9

DSpace 5.9 contains security fixes for the JSPUI (only). To ensure your 5.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 4.x users upgrade to DSpace 5.9.

DSpace 5.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well.

DSpace 5.9 upgrade instructions are available at: Upgrading DSpace

DSpace 5.9 is a security & bug fix release to resolve several issues located in previous 5.x releases. As it only provides bug/security fixes, DSpace 5.9 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.9.

JSPUI security fixes include

  • [HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.) 

    • Reported by Julio Brafman

  • [MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.) 

    • Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)

Major bug fixes include

  • Update DSpace ORCID Integration to use ORCID API v2 (instead of now obsolete ORCID v1): DS-3447
  • Update DSpace Statistics to use GeoIP API v2 (instead of now discontinued GeoIP API v1): DS-3832
  • Other API-level fixes (affecting all UIs)
    • PostgreSQL JDBC driver upgraded to latest version (to allow for full compatibility with PostgreSQL v10): DS-3854
    • Ensure ImageMagick thumbnails respect the orientation of original file: DS-3839
  • OAI-PMH Fixes
    • Enhanced "oai import" command to report on items that cause indexing issues: DS-3852
    • Fix 500 error when no Community or Collection: DS-3853
  • XMLUI Fixes
    • Fixed Mirage v2 build issues caused by Bower Registry URL change: DS-3936
    • Fixed performance issues for Items with 100+ bitstreams: DS-3883
    • Fix issue where search results lose Community/Collection context when sorting: DS-3835
    • Update Mirage to use recommended MathJax inline delimiters (DS-3087) and to use new CDN location (DS-3560)

In addition, this release fixes minor bugs in the 5.x releases. For more information, see the Changes in 5.x page.

5.9 Acknowledgments 

The 5.9 release was led by the DSpace Committers.

The following individuals provided code or bug fixes to the 5.9 release: Pascal-Nicolas Becker, Terry Brady, Tim Donohue, Alex Magaz Graça, Lotte Hofstede, Ivan Masár, Hardy Pottinger, Kim Shepherd, and Mark H. Wood.

5.8 Release Notes 

Note
titleWe recommend users of DSpace 5.x who use the ImageMagick Thumbnail filter process to upgrade to 5.8

DSpace 5.8 contains a fix to the ImageMagick thumbnail creation process. We highly recommend ALL DSpace 5.x users upgrade to DSpace 5.8.

DSpace 5.8 upgrade instructions are available at: Upgrading DSpace

...