Page History
...
Major bug fixes include:
- XMLUI security fixes:
- [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- JSPUI security fixes:
- [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
- [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
- REST fixes
- Fixed the "/handle" endpoint (DS-2936)
- Configuration Fixes
- Minor fixes to the Mirage 2 XMLUI theme
- Ensured printing the item page doesn't include bitstream URLs (DS-2893)
- Ensured printing the item page doesn't include bitstream URLs (DS-2893)
...
Overview
Content Tools