...
- JSPUI security fix:
- [MEDIUM SEVERITY] Any registered user can modify inprogress submission. (DS-2895 - requires a JIRA account to access)
- JSPUI, XMLUI, REST security fix:
- [HIGH SEVERITY] XML External Entity (XXE) vulnerability in pdfbox. (DS-3309 - requires a JIRA account to access) (NOTE: this issue was actually fixed in an earlier, unannounced 4.6 release, but it is also included in 4.7)
- [MEDIUM SEVERITY] Bitstreams of embargoed and/or withdrawn items can be accessed by anyone (DS-3097 - requires a JIRA account to access)
- Reported by Franziska Ackermann
...
{"serverDuration": 127, "requestCorrelationId": "ce05bc217958eeb2"}