Page History

DSpace 4.3 contains security fixes for both the XMLUI and JSPUI. To ensure your 4.x site is secure, we highly recommend all DSpace 4.x users upgrade to DSpace 4.3.

We also highly recommend removing any  "allowLinking=true" settings from your Tomcat <Context> settings. Previously our installation documentation erroneous erroneously listed added examples which included "allowLinking=true", while the Tomcat documentation lists it as a possible security concern. The XMLUI Directory Traversal Vulnerability (see below) was is also exacerbated by this setting.