- Version(s) Supported
- The DSpace Committers provide security updates/support for themost recent three (3) major releases of the platform. (For example, as of October 2016, DSpace 6.x, 5.x and 4.x are all still supported for security updates.)
- Depending on the severity of a particular security issue, the DSpace Committers may make an effort to provide a security patch or recommendation for prior versions. This is decided on a case by case basis.
- Reporting Security Issues
- If you have located a possible security issue within DSpace, we ask that you report it to email@example.com (this emails all the DSpace Committers). We strive to provide a 7-day (or less) turnaround in investigating the reported issue, and will work towards resolution as soon as possible. Once a fix has been created and any necessary security releases are performed, we will then report the security issue and resolution to the general public.
- We strongly encourage you to report security issues in private, before disclosing them in a public forum. We take DSpace security issues very seriously and will work quickly to eliminate them once reported.