Versions Compared

Old Version 20

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 21

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleWe highly recommend any users of DSpace 4.x upgrade to 4.3

DSpace 4.3 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend all DSpace 4.x users upgrade to DSpace 4.3.

We also highly recommend removing any  "allowLinking=true" settings from your Tomcat <Context> settings. Previously our installation documentation erroneous listed added "allowLinking=true", while the Tomcat documentation lists it as a possible security concern. The XMLUI Directory Traversal Vulnerability (see below) was also exacerbated by this setting.

DSpace 4.3 is a security fix release to resolve several issues located in DSpace 4.x. As it only provides security-fixes, DSpace 4.3 should constitute an easy upgrade from DSpace 4.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 4.x to 4.3.

...