Versions Compared

Old Version 59

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 60

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleOnline Version of Documentation also available

This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 5.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC5x

 
Welcome to Release 5.67, a bug-fix release for the DSpace 5.x platform. For information on upgrading to DSpace 5, please see Upgrading DSpace.

5.

...

7 Release Notes 

Note
titleWe highly recommend ALL users of DSpace 5.x upgrade to 5.67

DSpace 5.6 7 contains security fixes for the XMLUI and JSPUI and REST. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.67.

DSpace 5.6 7 upgrade instructions are available at: Upgrading DSpace

DSpace 5.7 is a security & bug fix release to resolve several issues located in previous 5.x releases. As it only provides bug/security fixes, DSpace 5.6 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.7.
 

Major bug fixes include:

  • Security fixes for both JSPUI and XMLUI:

    • [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.) 
      • Discovered by Pascal Becker (The Library Code / TU Berlin).
    • [LOW SEVERITY] DSpace shipped with a version of Apache Commons Configuration that was vulnerable to COLLECTIONS-580 (Deserialization Vulnerability). (https://jira.duraspace.org/browse/DS-3520 - requires a JIRA account to access.)
      • Discovered by Alan Orth.
    • [LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.(https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.) 
      • Discovered by Pascal Becker (The Library Code / TU Berlin).
  • Security fixes for REST API:
    • [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.) 
      • Discovered by Emilio Lorenzo.
  • XMLUI bug fixes:
    • /handleresolver path was no longer working: DS-3366
    • Fix broken images when running Mirage 2 on Jetty: DS-3289
    • Improve error message when user attempts to update an e-mail address to an existing address: DS-3584
    • Fix error when uploading large files (>2GB) via a web browser: DS-2359
  • JSPUI bug fixes
    • READ access rights not being respected on Collection homepage: DS-3441
  • Solr Statistics fixes:
    • Sharding statistics corrupted some fields and was unstable: DS-3436DS-3458
  • AIP Backup and Restore fixes:
    • Failed AIP imports left files in assetstore: DS-2227

5.7 Acknowledgments 

The 5.7 release was led by the DSpace Committers.

The following individuals provided code or bug fixes to the 5.7 release:

5.6 Release Notes

Note
titleWe highly recommend ALL users of DSpace 5.x upgrade to 5.6

DSpace 5.6 contains security fixes for the XMLUI and JSPUI and REST. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.6.

DSpace 5.6 upgrade instructions are available at: Upgrading DSpace

DSpace 5.6 is a security & bug fix release to resolve several issues located in previous 5.x releases. As it only provides bug/security fixes, DSpace 5.6 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.6.
 

...