Page History

DSpace 3.6 contains security fixes for the XMLUI. To ensure your XMLUI 3.x site is secure, we highly recommend XMLUI DSpace 3.x users upgrade to DSpace 3.6. See the DSpace Release 3.6 Notes for further details. DSpace 3.6 upgrade instructions are available at: Upgrading From 3.0 to 3.xa DSpace Installation

DSpace 3.5 contains security fixes for the JSPUI. To ensure your JSPUI 3.x site is secure, we highly recommend JSPUI DSpace 3.x users upgrade to DSpace 3.5 (or above).  See the DSpace Release 3.5 Notes for further details.

DSpace 3.4 contained security fixes for both the XMLUI and JSPUI. See the DSpace Release 3.4 Notes for further details.

We also highly recommend removing any  "allowLinking=true" settings from your Tomcat <Context> settings. Previously our installation documentation erroneously listed examples which included "allowLinking=true", while the Tomcat documentation lists it as a possible security concern.