Page History
...
Major bug fixes include:
Security fixes for both JSPUI and XMLUI:
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [LOW SEVERITY] DSpace shipped with a version of Apache Commons Configuration that was vulnerable to COLLECTIONS-580 (Deserialization Vulnerability). (https://jira.duraspace.org/browse/DS-3520 - requires a JIRA account to access.)
- Discovered by Alan Orth.
- [LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.(https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Security fixes for REST API:
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- Discovered by Emilio Lorenzo.
- [HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.(https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.)
- XMLUI bug fixes:
- JSPUI bug fixes
- READ access rights not being respected on Collection homepage: DS-3441
- Solr Statistics fixes:
- AIP Backup and Restore fixes:
- Failed AIP imports left files in assetstore: DS-2227
...
Overview
Content Tools