Page History
...
Major bug fixes include:
- JSPUI, XMLUI, REST security fixes:
- JSPUI and XMLUI
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access)
- Reported by Seth Robbins
- JSPUI, XMLUI and REST
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
- Reported by Franziska Ackermann
- [HIGH SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone. (DS-3097 - requires a JIRA account to access)
- JSPUI and XMLUI
- JSPUI security fix:
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- Reported by Andrea Bollini (4Science)
- Reported by Andrea Bollini (4Science)
- [HIGH SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- REST security fix:
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- Reported by Bram Luyten (Atmire)
- [HIGH SEVERITY] SQL Injection Vulnerability in 5.x REST API (DS-3250 - requires a JIRA account to access)
- Other minor fixes and improvements
- JSPUI: Creative Commons license fails with fetch directy the url (instead use the Creative Commons REST API) (DS-2604)
- JSPUI: Upload a file, multifile, with a description text during the submission process (DS-2623)
- XMLUI: Recyclable Cocoon components should clear local variables (DS-3246)
METSRightsCrosswalk NPE During AIP Restore - No Anonymous Read (DS-3140)
AIP Restore is not respecting access restrictions (on Items) (DS-3266)
- JSPUI: Creative Commons license fails with fetch directy the url (instead use the Creative Commons REST API) (DS-2604)
...
Overview
Content Tools