This documentation was produced with Confluence software. A PDF version was generated directly from Confluence. An online, updated version of this 5.x Documentation is also available at: https://wiki.duraspace.org/display/DSDOC5x |
Welcome to Release 5.3, a bug-fix release for the DSpace 5.x platform. For information on upgrading to DSpace 5, please see Upgrading DSpace.
DSpace 5.3 is a bug fix release to resolve several issues found in DSpace 5.2. As it only provides only bug fixes, DSpace 5.3 should constitute an easy upgrade from DSpace 5.0, 5.1 or 5.2 for most users. Beginning with DSpace 5.x, we also provide an easier upgrade process from any prior version of DSpace (1.x.x, 3.x or 4.x).
Major bug fixes include:
dc.date.available
is now properly exposed when using the mets metadata format (DS-2598)NULL
Resource Policy types (commonly found when upgrading from DSpace < 3.0) are now handled correctly by AuthorizeManager (DS-2587)dc.rights metadata
is now properly exposed in embedded XHTML head DC (DS-2568)In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes in 5.x page.
DSpace 5.2 is a bug fix release to resolve several issues found in DSpace 5.1. As it only provides only bug fixes, DSpace 5.2 should constitute an easy upgrade from DSpace 5.0 or 5.1 for most users. Beginning with DSpace 5.x, we also provide an easier upgrade process from any prior version of DSpace (1.x.x, 3.x or 4.x).
Major bug fixes include:
dspace update-handle-prefix
" failed when using Oracle DB. (DS-2218)In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes in 5.x page.
DSpace 5.1 contains security fixes for both the XMLUI and JSPUI. To ensure your 5.x site is secure, we highly recommend all DSpace 5.x users upgrade to DSpace 5.1. We also highly recommend removing any "allowLinking=true" settings from your Tomcat's <Context> configuration. Previously our installation documentation erroneously listed examples which included "allowLinking=true", while the Tomcat documentation lists it as a possible security concern. The XMLUI Directory Traversal Vulnerability (see below) is also exacerbated by this setting. |
Several of the security vulnerabilities patched in DSpace 5.1 (and backported to 4.3 and 3.4) also affect sites running unsupported DSpace 1.x.x releases. In order to ensure your site is patched, we highly recommend upgrading to DSpace 3.4, DSpace 4.3 or DSpace 5.1. If you are considering an upgrade from DSpace 1.x.x, note that, as of DSpace 5, your existing data (i.e. database contents, search/browse indexes) will now be automatically upgraded from ANY prior version of DSpace. Therefore, you may wish to consider upgrading directly to DSpace 5.1, as the 5.x upgrade process is simplified. |
DSpace 5.1 is a security and bug fix release to resolve several issues located in DSpace 5.0. As it only provides only bug fixes, DSpace 5.1 should constitute an easy upgrade from DSpace 5.0 for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.0 to 5.1.
This release addresses the following security issues discovered in DSpace 5.x and below:
[HIGH SEVERITY] XMLUI Directory Traversal Vulnerabilities (DS-2445 - requires a JIRA account to access for two weeks, and then will be public): These vulnerabilities allow someone to potentially access any file on your local filesystem which is readable to the Tomcat user account. This includes files which are unrelated to DSpace or Tomcat, but are readable to all users on the filesystem (e.g. /etc/passwd, /etc/hosts, etc.). This also includes Tomcat configuration files (which may or may not contain passwords). These vulnerabilities have existed since DSpace 1.5.2.
Discovered by: Khalil Shreateh, with additional (related) vulnerabilities discovered by the DSpace Committer Team
In addition, this release fixes a variety of minor bugs in the 5.0 release. For more information, see the Changes in 5.x page.
The following is a list of the new features included for the 5.x platform (not an exhaustive list):
A full list of all changes / bug fixes in 5.x is available in the Changes in 5.x section.
The following individuals have contributed directly to this release of DSpace: Adan Roman, Àlex Magaz Graça , Andrea Bollini, Andrea Schweer, Antoine Snyers, Art Lowel, Artur Konczak, Bavo Van Geit, Bram Luyten, Christian Scheible, Christian Völker, Christos Rhodosthenous, Claudia Jürgen , CTU Developers, Denis Fdz, Ed Goulet, Eliana de Mattos Pinto Coelho, Elvi S. Nemiz, Emilio Lorenzo, George Simeonov, Graham Triggs , Hardy Pottinger, Ivan Masár, James Halliday, João Melo, Jon Gibson , Jordan Piščanc, Jozef M. , Keiji Suzuki, Kevin Van de Velde, Kostas Stamatis, Luigi Andrea Pascarelli, Marina Muilwijk, Mark Diggory, Mark H. Wood, Mohamed Mohideen Abdul Rasheed, Monika Mevenkamp, Ondřej Košarko, Panagiotis Koutsourakis , Pascal-Nicolas Becker, Pauline Ward, Paulo Graça , Peter Dietz, Petya Kohts, Philip Vissenaekens, Robert Faling, Robin Taylor, Roeland Dillen, Royopa, Sonmez CELIK, Terry Brady, Thanos Kyritsis, Thomas Misilo, Tiago Murakami, Tim Donohue, and others who reviewed and commented on their work. Many of these could not do this work without the support (release time and financial) of their associated institutions. We offer thanks to those institutions for supporting their staff to take time to contribute to the DSpace project.
A big thank you also goes out to the DSpace Community Advisory Team (DCAT), who helped the developers to prioritize and plan out several of the new features that made it into this release. The current DCAT members include: Augustine Gitonga, Bram Luyten, Bharat Chaudhari, Claire Bundy, Dibyendra Hyoju, Elin Stangeland, Felicity A Dykas, Iryna Kuchma, James Evans, Jim Ottaviani, Kate Dohe, Kathleen Schweitzberger, Leonie Hayes, Lilly Li, Maureen Walsh, Pauline Ward, Roger Weaver, Sarah Molloy, Sarah Potvin, Sarah Shreeves, Steve Van Tuyl, Terry Brady, Valorie Hollister and Yan Han.
We apologize to any contributor accidentally left off this list. DSpace has such a large, active development community that we sometimes lose track of all our contributors. Our ongoing list of all known people/institutions that have contributed to DSpace software can be found on our DSpace Contributors page. Acknowledgments to those left off will be made in future releases.
Want to see your name appear in our list of contributors? All you have to do is report an issue, fix a bug, improve our documentation or help us determine the necessary requirements for a new feature! Visit our Issue Tracker to report a bug, or join dspace-devel mailing list to take part in development work. If you'd like to help improve our current documentation, please get in touch with one of our Committers with your ideas. You don't even need to be a developer! Repository managers can also get involved by volunteering to join the DSpace Community Advisory Team and helping our developers to plan new features.
The 5.0 Release Team consisted of:
The 5.1 release was led by Tim Donohue (DuraSpace) and the Committers.
The 5.2 release was led by Hardy Pottinger (University of Missouri Library Systems) and the Committers.
The 5.3 release was led by Kim Shepherd (University of Auckland Library) and the Committers.
Additional thanks to Tim Donohue from DuraSpace for keeping all of us focused on the work at hand, for calming us when we got excited, and for the general support for the DSpace project.