Page History
...
Major bug fixes include:
- JSPUI security fixes:
- [LOW SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser). (DS-2736 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to embed dangerous Javascript code into links to search results. If a user was emailed such a link and clicked it, the javascript would be run in their local browser. This vulnerability has existed since DSpace 3.x
- [LOW SEVERITY] Expression language injection (EL Injection) is possible in JSPUI search interface. (DS-2737 - requires a JIRA account to access for two weeks, and then will be public): This vulnerability could allow someone to obtain information from the site/server using JSP syntax. This vulnerability has existed since DSpace 3.x
- Google Scholar fix:
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- Discovery / Solr fixes:
- Resolved a significant memory leak when searching/browsing (gradual leak) (DS-2869)
- Resolved a significant memory spike when reindexing (only triggered when running "index-discovery" with no arguments) (DS-2832)
- Solr logging was broken. It did not properly log to the "
[dspace]/log/solr.log" files (DS-2790) - Fixes to allow fielded or boolean searches to work once again (DS-2699, DS-2803)
- OAI-PMH fixes:
- Upgraded the XOAI library to 3.2.10 to resolve several fixesissues
- OAI did not support harvesting by date (YYYY-MM-DD) without a time (DS-2524, DS-2542)
- OAI getRecord was wrongly including all virtual sets (DS-2573)
- OAI was ignoring the "dspace.oai.url" setting in "oai.cfg" (DS-2744)OAI getRecord was wrongly including all virtual sets (DS-2573)
- REST API fixes:
Deposit/Submission fixes:
Minor fixes to XMLUI Mirage2 theme
...
Overview
Content Tools