Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
Version 5.4
Summary
DSpace 5.4 is a bug fix release to resolve several issues located in DSpace 5.0, 5.1, 5.2 or 5.3. As it only provides only bug fixes, DSpace 5.4 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.4.
Major bug fixes include:
- Google Scholar fix:
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Discovered by Pascal-Nicolas Becker of Technische Universität Berlin
- Discovered by Pascal-Nicolas Becker of Technische Universität Berlin
- [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link (DS-2614 - requires a JIRA account to access for two weeks, and then will be public). This vulnerability could allow anyone in the world to download a file attached to an "in-progress" submission if they are provided with a direct link to that file (from either UI). While a direct file link would be very hard to "guess" or stumble upon, this could allow an individual with deposit rights to make available content which has not been approved by local DSpace administrators. This vulnerability has at least existed since 5.0, but may effect versions as old as 3.0.
- Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
- Discovery / Solr fixes:
- Solr logging was broken. It did not properly log to the "
[dspace]/log/solr.log
" files (DS-2790)
- Solr logging was broken. It did not properly log to the "
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 5.4, please see Upgrading DSpace
No new features in DSpace 5.4
5.4 is a bug-fix release. This means it includes no new features and only includes the above listed fixes.
For a list of all new 5.x Features, please visit the 5.x Release Notes.
Changes
The following bug fixes were released in 5.4.
Organizational Details
Release Coordination
- Release Coordinator: Committers Team (shared coordination) led by Andrea Schweer
Timeline and Proceeding
Release Timeline:
- Release Date: TBA (tentative for early November)