Page History
...
Note | ||
---|---|---|
| ||
DSpace 3.4 contains security fixes for both the XMLUI and JSPUI. To ensure your 3.x site is secure, we highly recommend all DSpace 3.x users upgrade to DSpace 3.4. We also highly recommend removing any "allowLinking=true" settings from your Tomcat <Context> settings. Previously our installation documentation erroneous erroneously listed examples which included "allowLinking=true", while the Tomcat documentation lists it as a possible security concern. The XMLUI Directory Traversal Vulnerability (see below) is also exacerbated by this setting. |
...
Overview
Content Tools