Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info
titleOnline Version of Documentation also available

This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 6.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC6x

 
Welcome to Release 6.3, a bug-fix release for the DSpace 6.x platform. Any previous version of DSpace may be upgraded to DSpace 6 directly. For more information, please see Upgrading DSpace.

6.3 Release Notes

Note
titleWe highly recommend ALL JSPUI users of DSpace 6.x upgrade to 6.3

DSpace 6.3 contains security fixes for the JSPUI (only). To ensure your 6.x JSPUI site is secure, we highly recommend ALL JSPUI DSpace 6.x users upgrade to DSpace 6.3

DSpace 6.x XMLUI users may also wish to upgrade as several major bugs have been fixed in the XMLUI as well.

DSpace 6.3 upgrade instructions are available at: Upgrading DSpace

DSpace 6.3 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.3 should constitute an easy upgrade from DSpace 6.x for most users. No database changes should be necessary when upgrading from DSpace 6.x to 6.3. One configuration addition (orcid.api.url property) has been made to the default dspace.cfg to support the new ORCID API v2, for ORCID Authority Control users.


JSPUI security fixes include

  • [HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.) 

    • Reported by Julio Brafman

  • [MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.) 

    • Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)

Major bug fixes include:

  • Update DSpace ORCID Integration to use ORCID API v2 (instead of now obsolete ORCID v1): DS-3447
  • Update DSpace Statistics to use GeoIP API v2 (instead of now discontinued GeoIP API v1): DS-3832
  • Database specific fixes
    • Oracle database migration fix. Configurable Workflow migration threw errors: DS-3788
    • PostgreSQL JDBC driver upgraded to latest version (to allow for full compatibility with PostgreSQL v10): DS-3854
    • Fix issue where DSpace wasn't starting if it used a database connection pool supplied through JNDI: DS-3434
  • Bitstream deletion issues ("dspace cleanup" command)
    • Fixed issues where Bitstreams were not being flagged for deletion when an Item was deleted: DS-3729
    • Fixed issues where Bitstreams were not being removed from assetstore even when flagged as deleted: DS-3627 and DS-3461
      • Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically occurred when Item Level Versioning was NOT enabled (which is the default setting) or when Item Level Versioning was first enabled on DSpace version 6.0, 6.1 or 6.2
    • Fixed issues where Bitstreams were removed from all versions of an Item (resulting in inaccurate versioning) when deleted from the latest version of an Item: DS-3627
      • Note: This issue was limited to 6.0, 6.1 or 6.2, and specifically ONLY occurred when Item Level Versioning was first enabled on DSpace version 4.x or 5.x (and that old versioning data had since been migrated to 6.x).
  • Other API-level fixes (affecting all UIs)
    • Fixed issues where Item Level Versioning accidentally duplicated both metadata (DS-3703) and bitstreams (DS-3702)
    • Fixed issue where Shibboleth authentication plugin appeared to login when no password provided: DS-3662
    • Fixed issues with Solr Search Query escaping in both UIs: DS-3507
    • Update last modified timestamp (on Item) when a new bitstream is added: DS-3734
    • Ensure ImageMagick thumbnails respect the orientation of original file: DS-3839
    • Fix MediaFilter "too many open files" issues (where it forgot to close an input stream): DS-3700
    • Fix PubMed Import submission step (StartSubmissionLookupStep) to use updated URL of PubMed API:  DS-3933
    • Cleanup EHCache configuration: DS-3694 and DS-3710
  • JSPUI fixes
    • Fixed issues with authority control popup: DS-3404
    • Fixed issues with pausing HTML5 uploads: DS-3865
  • XMLUI fixes
    • Fixed Mirage v2 build issues caused by Bower Registry URL change: DS-3936
    • Fixed performance issues for Items with 100+ bitstreams: DS-3883
    • Fixed occasional Hibernate LazyInitializationException when completing submissions: DS-3775
    • Fixed Unicode character issues in metadata: DS-3733
    • Fix issue where search results lose Community/Collection context when sorting: DS-3835
    • Fixed bitstream download issues which could leave AWS connections open when using S3 storage backendDS-3870
    • Update Mirage to use recommended MathJax inline delimiters (DS-3087) and to use new CDN location (DS-3560)
  • OAI-PMH Fixes
    • Ensure OAI-PMH updates harvestable items when an item is made private (DS-3707) or an embargo expires (DS-3715)
    • Fixed Unicode character issues in metadata: DS-3733 and DS-3556
    • Fix content type of OAI-PMH response: DS-3889
    • Enhanced "oai import" command to report on items that cause indexing issues: DS-3852
  • REST API fixes and minor improvements
    • Fixed issue where REST API was no longer able to return JSON responses: DS-3903
    • Fixed update bitstream data returning 500 response: DS-3511
    • Improvements to REST Based Quality Control Reports:
      • Enable login via Shibboleth: DS-3811
      • Add bitstream field data to item listing: DS-3704
      • Fix bug filtering for bitstream permissions: DS-3713
      • Improve ability to find withdrawn items: DS-3714

For more information, see the Changes section below.

6.3 Acknowledgments

The 6.3 release was led by Kim Shepherd

The following individuals provided tests, code or bug fixes or review to the 6.3 release: Saiful Amin, Pascal-Nicolas Becker, Ben Bosman, Terry Brady, Per Broman, Jacob Brown, James Creel, Tom Desair, Tim Donohue, Stefan Fritzsche, Hendrik Geßner, Werner Greßhoff, Marsa Haoua, Iris Hausmann, Chris Herron, Lotte Hofstede, Eike Kleiner, Ivan Masár, Dinesh Mendhe, Philip Münch, Sébastien Nadeau, Miika Nurminen, Alan Orth, Hardy Pottinger, Jakub Řihák, J. Savell, Christian Scheible, Kim Shepherd, Ilja Sidoroff, S. Solim, Eduardo Speroni, Alexander Sulfrian, Jonas Van Goolen, Philip Vissenaekens, Martin Walk, Andrew Wood, Mark Wood

6.2 Release Notes


DSpace 6.2 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.2 should constitute an easy upgrade from DSpace 6.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 6.x to 6.2.
 

Major bug fixes include:

  • Important bug fixes to DSpace database connection/caching management
    • Indexing: Items failed to be reindexed after metadata changes were made: DS-3660
    • Batch processing: XMLUI Batch Import Failure: DS-3648
    • Group creation: Database migrations sometimes failed to create initial groups (Administrator and Anonymous) in fresh_installs: DS-3659
    • Cache management: DOIOrganiser CLI does not change the database anymore: DS-3656
    • Cache Management: Database changes of consumers aren't persisted anymore: DS-3680
    • Cache Management: Slow batch operations due to Hibernate caching: DS-3286
  • General bug fixes (to all UIs):
    • Pre-6.x Bitstream statistics were not being displayed: DS-3602
    • ImageMagick PDF thumbnail should always create sRGB JPEG files: DS-3517
    • ImageMagick PDF Processing Degraded with Changes in 5.7 release: DS-3661

6.2 Acknowledgments

The 6.2 release was led by the DSpace Committers.

The following individuals provided code or bug fixes or review to the 6.2 release:  Pascal-Nicolas Becker, Terry Brady, Tom Desair, Tim Donohue, jawadmakki, Steve Michaels, Sébastien Nadeau, Alan Orth, Hardy Pottinger, Adan Roman, Sven Soliman, Alexander Sulfrian, Chris Wilper, Mark Wood.

6.1 Release Notes 

Note
titleWe highly recommend ALL users of DSpace 6.x upgrade to 6.1

DSpace 6.1 contains security fixes for the XMLUI and JSPUI and REST. To ensure your 6.x site is secure, we highly recommend ALL DSpace 6.x users upgrade to DSpace 6.1.

DSpace 6.1 upgrade instructions are available at: Upgrading DSpace

DSpace 6.1 is a security & bug fix release to resolve several issues located in previous 6.x releases. As it only provides bug/security fixes, DSpace 6.1 should constitute an easy upgrade from DSpace 6.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 6.x to 6.1.
 

Major bug fixes include:

  • Security fixes for both JSPUI and XMLUI:

    • [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.) 
      • Discovered by Pascal Becker (The Library Code / TU Berlin).
    • [LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.(https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.) 
      • Discovered by Pascal Becker (The Library Code / TU Berlin).
  • Security fixes for REST API:
    • [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.) 
      • Discovered by Emilio Lorenzo.
    • [LOW SEVERITY] The "find-by-metadata" path publicly exposes metadata from access-restricted items.(https://jira.duraspace.org/browse/DS-3628 - requires a JIRA account to access.) 
      • Reported by Bram Luyten (Atmire).
  • General bug fixes (to all UIs):
    • Performance improvements at API layer: DS-3558DS-3552
    • Submitters (who are not Admins) could not remove bitstreams from their in progress submission: DS-3446
    • Full text searching was only possible in the first bitstream (file): DS-2952
    • Configurable Workflow was throwing "Authorization is Denied" errors: DS-3367
    • IP Authorization range restrictions were not working properly: DS-3463
    • Item Versioning was not saving properly: DS-3381
    • Improve the text of database migration errors: DS-3571
    • Improve cache management for command line processes:  DS-3579
    • Resolve CSV line break issue in bulk edit: DS-3245
    • Resolve error with null referrer to feedback page: DS-3601
    • Support all UTF-8 characters in configuration files: DS-3568
    • Fix update-handle-prefix script to no longer update handle suffix: DS-3632
  • XMLUI bug fixes:
    • /handleresolver path was no longer working: DS-3366
    • Display a restricted image thumbnail for access restricted bitstreams: DS-2789
    • Fix broken images when running Mirage 2 on Jetty: DS-3289
    • Archived submissions were being displayed chronologically instead of reverse chronologically: DS-3334
    • On Move Item page, the list of Collections was sorted by Collection name, instead of being first grouped by Community: DS-3336
    • ORCID / Authority Lookup button was no longer working in Mirage 2: DS-3387
    • Improve error message when user attempts to update an e-mail address to an existing address: DS-3584
    • Allow localization of input-forms.xml with XMLUI: DS-3598
    • Fix error when uploading large files (>2GB) via a web browser: DS-2359
    • Various other minor bug fixes
  • JSPUI bug fixes
    • READ access rights not being respected on Collection homepage: DS-3441
    • Fix issue where database connections were being kept open on some JSPUI pages: DS-3582
  • Oracle support bug fixes:
    • Oracle migrations took forever because of missing indexes: DS-3378
    • Community and Collection handles were not properly migrated between 5.x and 6.x: DS-3409
  • OAI-PMH bug fixes:
    • DIM crosswalks repeated authority information: DS-2947
  • REST API bug fixes:
    • Support for Shibboleth added: DS-3108
  • Solr Statistics fixes:
    • Item Statistics displayed UUID instead of file name: DS-3164
    • Sharding statistics corrupted some fields and was unstable: DS-3436DS-3457DS-3458
  • AIP Backup and Restore fixes:

Minor improvements include:

  • SEO improvement: Add configurable support for whitelisting specific file formats for Google Scholar citation_pdf_url tag: DS-3127
  • Add support for *.docx files (newer MS Word) to indexing process (via media filters). See DS-1140
  • Add ability to multi-select options in XMLUI's My Submission page. See DS-3448
  • Filter labels were missing in XMLUI's search screen. See DS-3573
  • Minor improvements to logging and error reporting.

In addition, this release fixes a variety of minor bugs in the 6.x releases. For more information, see the Changes in 6.x section.

6.1 Acknowledgments 

The 6.1 release was led by the DSpace Committers.

The following individuals provided code or bug fixes to the 6.1 release: Pascal-Nicolas Becker (pnbecker), Andrew Bennet (AndrewBennet), Andrea Bollini (abollini), Terry Brady (terrywbrady), Per Broman (pbroman), Samuel Cambien (samuelcambien),  Yana De Pauw, Tom Desair (tomdesair), Peter Dietz (peterdietz), Roeland Dillen, Tim Donohue (tdonohue), edusperoni, Frederic-Atmire, Generalelektrix, Claudia Juergen (cjuergen), Bram Luyten (bram-atmire),  Enrique Martínez Zúñiga ( enrique),  Ivan Masar (helix84),  Miika Nurminen ( minurmin), Alan Orth (alanorth), Andrea Pascarelli (lap82), Hardy Pottinger (hardyoyo),  Toni Prieto ( toniprieto).  Christian Scheible (christian-scheible), Andrea Schweer (aschweer),  Kim Shepherd (kshepherd),  Alexander Sulfrian ( AlexanderS), Jonas Van Goolen (jonas-atmire), Philip Vissenaekens (PhilipVis), and Mark Wood (mwoodiupui).


6.0 Release Notes

The following is a list of the new features included for the 6.x platform (not an exhaustive list):

Excerpt Include
DSPACE:DSpace Release 6.0 Status
DSPACE:DSpace Release 6.0 Status
nopaneltrue

Anchor
Contrib
Contrib

6.0 Acknowledgments

A big thank you also goes out to the DSpace Community Advisory Team (DCAT), who helped the developers to prioritize and plan out several of the new features that made it into this release. The current DCAT members include: Augustine Gitonga, Bram Luyten, Bharat Chaudhari, Claire Bundy, Dibyendra Hyoju, Elin Stangeland, Felicity A Dykas, Iryna Kuchma, James Evans, Jim Ottaviani, Kate Dohe, Kathleen Schweitzberger, Leonie Hayes, Lilly Li, Maureen Walsh, Pauline Ward, Roger Weaver, Sarah Molloy, Sarah Potvin, Steve Van Tuyl, Terry Brady, Yan Han and Valorie Hollister.

We apologize to any contributor accidentally left off this list. DSpace has such a large, active development community that we sometimes lose track of all our contributors. Our ongoing list of all known people/institutions that have contributed to DSpace software can be found on our DSpace Contributors page. Acknowledgments to those left off will be made in future releases.

Want to see your name appear in our list of contributors? All you have to do is report an issue, fix a bug, improve our documentation or help us determine the necessary requirements for a new feature! Visit our Issue Tracker to report a bug, or join dspace-devel mailing list to take part in development work. If you'd like to help improve our current documentation, please get in touch with one of our Committers with your ideas. You don't even need to be a developer! Repository managers can also get involved by volunteering to join the DSpace Community Advisory Team and helping our developers to plan new features.

The Release Team consisted of:

  • Tim Donohue (DuraSpace)
  • Kevin Van de Velde (@mire)
  • Pascal-Nicolas Becker (Technische Universität Berlin)

Additional thanks to Tim Donohue from DuraSpace for keeping all of us focused on the work at hand, for calming us when we got excited, and for the general support for the DSpace project.