Hi Priscilla, DSpace 7.6.2 is nearly finished and is likely to arrive in about one week's time (assuming all goes as planned). Keep an eye out for the release announcement on or around July 10th.
Tim On Wednesday, July 3, 2024 at 12:14:23 PM UTC-5 [email protected] wrote: > Hi Tim, > > Is there a timeline for the release of 7.6.2? My institution is looking to > upgrade to 7.6, but we would prefer to migrate to a secure version of > DSpace. > > Kind regards, > > Priscilla > > On Tuesday, June 25, 2024 at 9:41:20 AM UTC-4 Tim Donohue wrote: > >> All, >> >> A new DSpace 7 security advisory has been released. >> >> *CVE-2024-38364 : Cross Site Scripting (XSS) possible via a deposited >> HTML/XML document with embedded JavaScript* >> https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf >> >> >> - *Severity: Low* >> - *Impacts versions 7.0 through 7.6.1* only (1.x - 6.x are not >> affected) >> - *Fixed in 8.0 and 7.6.2* *(coming soon)* >> - Workarounds / patches are available for all 7.x releases (see >> linked advisory above for all the details) >> >> >> *We recommend that all DSpace 7.x sites immediately apply patches or >> upgrade. * Sites which allow for unmonitored submissions (i.e. allowing >> items to go public * without* any workflow approval) are more likely to >> be vulnerable. The attacker *must already have submitter privileges *in >> your DSpace repository. CORS and CSRF protections built into DSpace 7 help >> limit the impact of the attack. >> >> If you have any questions about this security advisory, please email >> [email protected]. This email address sends a private email to all >> DSpace Committers. >> >> Sincerely, >> >> Tim Donohue, on behalf of the DSpace Committers >> >> *--* >> >> *Tim Donohue* (he/him) >> >> Technical Lead, DSpace >> >> [email protected] >> >> Lyrasis.org <https://www.lyrasis.org/> | DSpace.org <http://dspace.org> >> >> [image: Lyrasis logo] >> > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/671730e3-7a0f-45ff-943a-2b3006c3cf4fn%40googlegroups.com.
