Page History
...
- JSPUI security fix:
- [MEDIUM SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- Reported by Andrea Bollini (4Science)
- Reported by Andrea Bollini (4Science)
- [MEDIUM SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- JSPUI, XMLUI, REST security fix:
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access) (NOTE: this ticket was actually fixed in an earlier, unannounced 4.6 release, but it is also included in 4.7)
- Reported by Seth Robbins
- [MEDIUM SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access) (NOTE: this ticket was actually fixed in an earlier, unannounced 4.6 release, but it is also included in 4.7)
Upgrade Instructions
- For upgrade instructions for 4.x to 4.7, please see Upgrading From 4.0 to 4.x.
- If you are upgrading from 3.x to 4.7, please see Upgrading From 3.x to 4.x.
- For general upgrade instructions, please see Upgrading DSpace.
...
Note |
---|
4.7 is a security-fix release. This means it includes no new features and only includes the above listed security fixes. For a list of all new 4.x Features, please visit the 4.x Release Notes. |
...
Overview
Content Tools