Security fixes for both JSPUI and XMLUI:
- [HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.(https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).
- [LOW SEVERITY] DSpace shipped with a version of Apache Commons Configuration that was vulnerable to COLLECTIONS-580 (Deserialization Vulnerability). (https://jira.duraspace.org/browse/DS-3520 - requires a JIRA account to access.)
- [LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.(https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.)
- Discovered by Pascal Becker (The Library Code / TU Berlin).