Hi Tim, Is there a timeline for the release of 7.6.2? My institution is looking to upgrade to 7.6, but we would prefer to migrate to a secure version of DSpace.
Kind regards, Priscilla On Tuesday, June 25, 2024 at 9:41:20 AM UTC-4 Tim Donohue wrote: > All, > > A new DSpace 7 security advisory has been released. > > *CVE-2024-38364 : Cross Site Scripting (XSS) possible via a deposited > HTML/XML document with embedded JavaScript* > https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf > > > - *Severity: Low* > - *Impacts versions 7.0 through 7.6.1* only (1.x - 6.x are not > affected) > - *Fixed in 8.0 and 7.6.2* *(coming soon)* > - Workarounds / patches are available for all 7.x releases (see linked > advisory above for all the details) > > > *We recommend that all DSpace 7.x sites immediately apply patches or > upgrade. * Sites which allow for unmonitored submissions (i.e. allowing > items to go public * without* any workflow approval) are more likely to > be vulnerable. The attacker *must already have submitter privileges *in > your DSpace repository. CORS and CSRF protections built into DSpace 7 help > limit the impact of the attack. > > If you have any questions about this security advisory, please email > [email protected]. This email address sends a private email to all > DSpace Committers. > > Sincerely, > > Tim Donohue, on behalf of the DSpace Committers > > *--* > > *Tim Donohue* (he/him) > > Technical Lead, DSpace > > [email protected] > > Lyrasis.org <https://www.lyrasis.org/> | DSpace.org <http://dspace.org> > > [image: Lyrasis logo] > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/bb998069-8222-4a80-9c79-235544c13196n%40googlegroups.com.
