Thanks for the announcement of this vulnerability, Tim. I found the plugin addition in dspace.cfg under plugin.named.org.dspace.app.mediafilter.FormatFilter = ... org.dspace.app.mediafilter.ImageMagickImageThumbnailFilter = ImageMagick Image Thumbnail, \ org.dspace.app.mediafilter.ImageMagickPdfThumbnailFilter = ImageMagick PDF Thumbnail
but this line is still commented out: # org.dspace.app.mediafilter.ImageMagickThumbnailFilter.ProcessStarter = /usr/bin (which is how I found it in our Windows server) I'm assuming that means we aren't using this plugin (and therefore not vulnerable). I also tried to find the software installed in our Windows "Program Files" directories but didn't see it. I realize I may be overthinking things but just wanted to make sure. Thank you for confirming! Lastly, should I delete / comment out the ImageMagick lines under the FormatFilter I mentioned above? Thanks -- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-community. For more options, visit https://groups.google.com/d/optout.
