Dear DSpace Community:
On behalf of the DSpace developers, I would like to formally announce
that DSpace 5.5 is now available.
DSpace 5.5 provides security fixes to both the XMLUI and JSPUI, along
with bug fixes to the DSpace 5.x platform.
DSpace 5.5 can be downloaded immediately from:
https://github.com/DSpace/DSpace/releases/tag/dspace-5.5
5.5 Release notes are available at:
https://wiki.duraspace.org/display/DSDOC5x/Release+Notes
<https://wiki.duraspace.org/display/DSDOC5x/Release+Notes>
In addition, you are welcome to try out DSpace 5.5 on
http://demo.dspace.org/
5.5 Bug Fixes
* XMLUI security fixes
o /[HIGH SEVERITY] The XMLUI "themes" path is vulnerable to a full
directory traversal. (DS-3094
<https://jira.duraspace.org/browse/DS-3094> - requires a
JIRA/Wiki account to access.) This means that ANY files on your
system which are readable to the Tomcat user account may be
publicly accessed via your DSpace site. /This XMLUI
vulnerability has existed since DSpace 1.5.x, and was discovered
by Virginia Tech.
* JSPUI security fixes
o /[MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to
Administrators) can be used to view/edit ANY files which are
readable to the Tomcat user account (DS-3063
<https://jira.duraspace.org/browse/DS-3063> - requires a
JIRA/Wiki account to access.) ///This JSPUI vulnerability has
existed since DSpace 4.0, and was discovered byCINECA.
* REST fixes
o Fixed the "/handle" endpoint (DS-2936
<https://jira.duraspace.org/browse/DS-2936>)
o REST webapp wasn't registering itself on startup (DS-2946
<https://jira.duraspace.org/browse/DS-2946>)
* OAI fixes
o Fixed a few incorrect URL encoding issue (DS-3050
<https://jira.duraspace.org/browse/DS-3050>)
o Fixed the broken "NOT" filter (DS-2820
<https://jira.duraspace.org/browse/DS-2820>)
* Configuration fixes
o Fixed misspelling in dcterms registry (conformsTo) (DS-2998
<https://jira.duraspace.org/browse/DS-2998>)
o Updated our default DataCite configurations to point at the
updated DataCite test server (DS-2923
<https://jira.duraspace.org/browse/DS-2923>)
* Other minor fixes
o Broken SQL query in Item.findByMetadataFieldAuthority API method
(DS-2517 <https://jira.duraspace.org/browse/DS-2517>)
o Mirage2: Ensured printing the item page from doesn't include
bitstream URLs (DS-2893 <https://jira.duraspace.org/browse/DS-2893>)
For much more information on each of these and other fixes, please visit
our 5.x Release Notes:
https://wiki.duraspace.org/display/DSDOC5x/Release+Notes
<https://wiki.duraspace.org/display/DSDOC5x/Release+Notes>
5.5 Documentation
The DSpace 5.x documentation is available online at:
https://wiki.duraspace.org/display/DSDOC5x/
<https://wiki.duraspace.org/display/DSDOC5x/>
A PDF copy of the documentation can also be downloaded from:
https://github.com/DSpace/DSpace/releases/download/dspace-5.5/DSpace-Manual.pdf<https://github.com/DSpace/DSpace/releases/download/dspace-5.4/DSpace-Manual.pdf>
5.5 Acknowledgments
The DSpace application would not exist without the hard work and support
of the community. Thank you to the many developers who have worked very
hard to deliver all the new features and improvements. Also thanks to
the users who provided input and feedback on the development.
The 5.5 release was led by the Committers.
The following individuals provided code or bug fixes to the 5.5 release:
Pascal-Nicolas Becker (pnbecker), Andrea Bollini (abollini), Tim Donohue
(tdonohue), Claudia Juergen (cjuergen), Bram Luyten (bram-atmire), Ivan
Masar (helix84), Dylan Meeus (DylanMeeus), AmberPoo1, Christian Scheible
(christian-scheible), Tim Van de Langenbergh (tim-atmire), Mark Wood
(mwoodiupui)
A detailed listing of all known people/institutions who contributed
directly to DSpace 5.x is available in the Release Notes. If you
contributed and were accidentally not listed, please let us know so that
we can correct it!
As always, we are happy to hear back from the community about DSpace.
Please let us know what you think of 5.5!
Sincerely,
Tim Donohue (on behalf of the DSpace Committers)
--
Tim Donohue
Technical Lead for DSpace & DSpaceDirect
DuraSpace.org | DSpace.org | DSpaceDirect.org
--
You received this message because you are subscribed to the Google Groups "DSpace
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/dspace-community.
For more options, visit https://groups.google.com/d/optout.
