All Versions
- DSpace 7.x (Current Release)
- DSpace 8.x (Unreleased)
- DSpace 6.x (EOL)
- DSpace 5.x (EOL)
- More Versions...
Table of Contents |
---|
Info | ||
---|---|---|
| ||
This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 4.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC4x |
Welcome to Release 4.2. DSpace 4 is the latest major release offering many new features, bug fixes and improvements. For information on upgrading to DSpace 4, please see Upgrading DSpace. 4.9, a security release for the DSpace 4.x platform. For information on upgrading to DSpace 4, please see Upgrading DSpace.
Note | ||
---|---|---|
| ||
DSpace 4.9 contain security fixes for the JSPUI (only). To ensure your 4.x site is secure, we highly recommend ALL JSPUI DSpace 4.x users upgrade to DSpace 4.9. DSpace 4.9 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.9 is a security fix release to resolve issues located in DSpace 4.x JSPUI (only). As it only provides security fixes, DSpace 4.9 should constitute an easy upgrade from DSpace 4.x for most users. No additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.8.
This release addresses the following security issues discovered in DSpace 4.x and below:
[HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.)
Reported by Julio Brafman
[MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.)
Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)
In addition, this release fixes minor bugs in the 4.x releases. For more information, see the Changes in 4.x page.
The 4.9 release was led by the Committers.
The following individuals provided code or bug fixes to the 4.9 release: Julio Brafman, Tim Donohue (tdonohue), Eike Kleiner, Kim Shepherd (kshepherd), Mark Wood (mwood).
Note | ||
---|---|---|
| ||
DSpace 4.8 contain security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.8. DSpace 4.8 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.8 is a security fix release to resolve issues located in DSpace 4.x XMLUI and JSPUI. As it only provides security and bug fixes, DSpace 4.8 should constitute an easy upgrade from DSpace 4.x for most users. No additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.8. It is necessary to run a database update script. See Upgrading From 4.0 to 4.x for details.
This release addresses the following security issues discovered in DSpace 4.x and below:
In addition, this release fixes minor bugs in the 4.x releases. For more information, see the Changes in 4.x page.
The 4.8 release was led by the Committers.
The following individuals provided code or bug fixes to the 4.8 release: Pascal-Nicolas Becker (pnbecker), Tim Donohue (tdonohue), Samuel Cambien (samuelcambien), Jonas Van Goolen (Jonas VG (atmire)), Mark Wood (mwood).
Note | ||
---|---|---|
| ||
DSpace 4.7 contain security fix for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.7. DSpace 4.7 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.7 is a security fix release to resolve an issue located in DSpace 4.x XMLUI and JSPUI. As it only provides a security-fix, DSpace 4.7 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.7.
This release addresses the following security issues discovered in DSpace 4.x and below:
In addition, this release fixes minor bugs in the 4.x releases. For more information, see the Changes in 4.x page.
The 4.7 release was led by Andrea Pascarelli (4Science) and the Committers.
The following individuals provided code or bug fixes to the 4.7 release: Pascal-Nicolas Becker (pnbecker), Andrea Bollini (abollini), Andrea Pascarelli (lap82)
Note | ||
---|---|---|
| ||
DSpace 4.6 contain security fix for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.6. DSpace 4.6 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.6 is a security fix release to resolve an issue located in DSpace 4.x XMLUI and JSPUI. As it only provides a security-fix, DSpace 4.6 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.6.
This release addresses the following security issues discovered in DSpace 4.x and below:
In addition, this release fixes minor bugs in the 4.x releases. For more information, see the Changes in 4.x page.
The 4.6 release was led by Andrea Pascarelli (4Science) and the Committers.
The following individuals provided code or bug fixes to the 4.6 release: Pascal-Nicolas Becker (pnbecker), Andrea Bollini (abollini), Roeland Dillen (rradillen), Tim Donohue (tdonohue), Bram Luyten (bram-atmire), Andrea Pascarelli (lap82), Mark Wood (mwoodiupui)
Note | ||
---|---|---|
| ||
DSpace 4.5 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend ALL DSpace 4.x users upgrade to DSpace 4.5. DSpace 4.5 upgrade instructions are available at: Upgrading DSpace |
DSpace 4.5 is a security fix release to resolve several issues located in DSpace 4.x XMLUI and JSPUI. As it only provides security-fixes, DSpace 4.5 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.5.
This release addresses the following security issues discovered in DSpace 4.x and below:
The 4.5 release was led by Tim Donohue (DuraSpace) and the Committers.
The following individuals provided code or bug fixes to the 4.5 release: Andrea Bollini (abollini), Tim Donohue (tdonohue), Ivan Masar (helix84), Mark Wood (mwoodiupui)
Note | ||
---|---|---|
| ||
DSpace 4.4 contains security fixes for the JSPUI only. To ensure your 4.x site is secure, we highly recommend JSPUI DSpace 4.x users upgrade to DSpace 4.4. |
DSpace 4.4 is a security fix release to resolve several issues located in DSpace 4.x JSPUI. As it only provides security-fixes, DSpace 4.4 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.4.
This release addresses the following security issues discovered in DSpace 4.x and below:
The 4.4 release was led by Tim Donohue (DuraSpace), Andrea Schweer (U of Waikato) and the Committers.
The following individuals provided code or bug fixes to the 4.4 release: Pascal-Nicolas Becker (pnbecker), CTU Developers (ctu-developers), Roeland Dillen (rradillen), Tim Donohue (tdonohue), Àlex Magaz Graça (rivaldi8), Bram Luyten (bram-atmire), Ivan Masar (helix84), Christian Scheible (christian-scheible), Andrea Schweer (aschweer), Jonas Van Goolen (jonas-atmire), Mark Wood (mwoodiupui)
Note | ||
---|---|---|
| ||
DSpace 4.3 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend all DSpace 4.x users upgrade to DSpace 4.3. We also highly recommend removing any "allowLinking=true" settings from your Tomcat's <Context> configuration. Previously our installation documentation erroneously listed examples which included "allowLinking=true", while the Tomcat documentation lists it as a possible security concern. The XMLUI Directory Traversal Vulnerability (see below) is also exacerbated by this setting. |
DSpace 4.3 is a security fix release to resolve several issues located in DSpace 4.x. As it only provides security-fixes, DSpace 4.3 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.3.
This release addresses the following security issues discovered in DSpace 4.x and below:
[HIGH SEVERITY] XMLUI Directory Traversal Vulnerabilities (DS-2445 - requires a JIRA account to access for two weeks, and then will be public): These vulnerabilities allow someone to potentially access any file on your local filesystem which is readable to the Tomcat user account. This includes files which are unrelated to DSpace or Tomcat, but are readable to all users on the filesystem (e.g. /etc/passwd, /etc/hosts, etc.). This also includes Tomcat configuration files (which may or may not contain passwords). These vulnerabilities have existed since DSpace 1.5.2.
Discovered by: Khalil Shreateh, with additional (related) vulnerabilities discovered by the DSpace Committer Team
The 4.3 release was led by Tim Donohue (DuraSpace) and the Committers.
The following individuals provided code or bug fixes to the 4.3 release: Terry Brady (terrywbrady), Roeland Dillen (rradillen), Tim Donohue (tdonohue), Ivan Masar (helix84), Andrea Pascarelli (lap82), Avi Romanoff (aroman), Christian Scheible (christian-scheible), Robin Taylor (robintaylor)
DSpace 4.2 provides bug-fixes and minor improvements to the 4.x platform. As it only provides bug-fixes, DSpace 4.2 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.2 (except for DS-2036 which may affect some Oracle users ; see Fixing the effects of DS-2036 ).
...
Fixed occasional "Out of Memory" errors when indexing large bitstreams/files in Discovery (DS-1958)
Fixed issue where REST API was not releasing "context" and ignored database pooling (DS-1986)
Fixed Solr commit delays when "did you mean" functionality is enabled in Discovery (DS-2060)
Fixed the "dspace classpath" command (DS-1998)
Fixed issue where thumbnails were not displayed when using JSPUI + Oracle database (DS-2013)
The 4.2 release was led by Robin Taylor (U of Edinburgh) and the Committers.
The following individuals provided code or bug fixes to the 4.2 release: Pascal-Nicolas Becker (pnbecker), Peter Dietz (peterdietz), Roeland Dillen (rradillen), Tim Donohue (tdonohue), Denis Fdz, Keith Gilbertson (keithgee), Panagiotis Koutsourakis (kutsurak), Bram Luyten (bram-atmire), Mini-Pillai, Ivan Masar (helix84), Thomas Misilo (misilot), Hardy Pottinger (hardyoyo), Antoine Snyers (antoine-atmire), Robin Taylor (robintaylor), Kevin Van de Velde (KevinVdV), Mark Wood (mwoodiupui)
DSpace 4.1 provides bug-fixes and minor improvements to the 4.x platform. As it only provides bug-fixes, DSpace 4.1 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.1 (except for DS-1536; see Fixing the effects of DS-1536).
...
The 4.1 release was led by Mark Wood (IUPUI) and the Committers.
The following individuals provided code or bug fixes to the 4.1 release: Andrea Bollini (abollini), Roeland Dillen (rradillen), Tim Donohue (tdonohue), Àlex Magaz Graça (rivaldi8), Panagiotis Koutsourakis (kutsurak), marsaoua, Ivan Masar (helix84), João Melo (lyncodev), Thomas Misilo (misilot), Andrea Pascarelli (lap82), Adán Román Ruiz, Andrea Schweer (aschweer), Kim Shepherd (kshepherd), Kostas Stamatis (kstamatis), Kevin Van de Velde (KevinVdV), Mark Wood (mwoodiupui)
The following is a list of the new features included for the 4.x platform (not an exhaustive list):
...