Dear DSpace Community: On behalf of the DSpace developers, I would like to formally announce that DSpace 6.1 is now available. DSpace 6.1 provides security fixes to the XMLUI, JSPUI and REST API, along with bug fixes to the DSpace 6.x platform.
- DSpace 6.1 can be downloaded immediately from: https://github.com/DSpace/DSpace/releases/tag/dspace-6.1 - 6.1 Release notes are available at: https://wiki.duraspace.org/display/DSDOC6x/Release+Notes 6.1 Security / Bug Fixes - General security fixes for both JSPUI and XMLUI - *[HIGH SEVERITY] Basic (Traditional) Workflow approval process is vulnerable to unauthorized manipulations.* ( https://jira.duraspace.org/browse/DS-3647 - requires a JIRA account to access.) - Discovered by Pascal Becker (The Library Code / TU Berlin). - *[LOW SEVERITY] DSpace failed to check if policies had valid dates when checking access permissions.* ( https://jira.duraspace.org/browse/DS-3619 - requires a JIRA account to access.) - Discovered by Pascal Becker (The Library Code / TU Berlin). - Security fixes for REST API: - *[HIGH SEVERITY] A user with submit permissions can bypass workflow approvals by depositing via REST API.* ( https://jira.duraspace.org/browse/DS-3281 - requires a JIRA account to access.) - Discovered by Emilio Lorenzo. - *[LOW SEVERITY] The "find-by-metadata" path publicly exposes metadata from access-restricted items.* ( https://jira.duraspace.org/browse/DS-3628 - requires a JIRA account to access.) - Reported by Bram Luyten (Atmire). - General bug fixes (to all UIs): - Performance improvements at API layer: DS-3558 <https://jira.duraspace.org/browse/DS-3558>, DS-3552 <https://jira.duraspace.org/browse/DS-3552> - Submitters (who are not Admins) could not remove bitstreams from their in progress submission: DS-3446 <https://jira.duraspace.org/browse/DS-3446> - Full text searching was only possible in the first bitstream (file): DS-2952 <https://jira.duraspace.org/browse/DS-2952> - Configurable Workflow was throwing "Authorization is Denied" errors: DS-3367 <https://jira.duraspace.org/browse/DS-3367?src=confmacro> - IP Authorization range restrictions were not working properly: DS-3463 <https://jira.duraspace.org/browse/DS-3463> - Item Versioning was not saving properly: DS-3381 <https://jira.duraspace.org/browse/DS-3381?src=confmacro> - Improve the text of database migration errors: DS-3571 <https://jira.duraspace.org/browse/DS-3571> - Improve cache management for command line processes: DS-3579 <https://jira.duraspace.org/browse/DS-3579> - Resolve CSV line break issue in bulk edit: DS-3245 <https://jira.duraspace.org/browse/DS-3245> - Resolve error with null referrer to feedback page: DS-3601 <https://jira.duraspace.org/browse/DS-3601> - Support all UTF-8 characters in configuration files: DS-3568 <https://jira.duraspace.org/browse/DS-3568> - Fix update-handle-prefix script to no longer update handle suffix: DS-3632 <https://jira.duraspace.org/browse/DS-3632> - XMLUI bug fixes: - /handleresolver path was no longer working: DS-3366 <https://jira.duraspace.org/browse/DS-3366> - Display a restricted image thumbnail for access restricted bitstreams: DS-2789 <https://jira.duraspace.org/browse/DS-2789> - Fix broken images when running Mirage 2 on Jetty: DS-3289 <https://jira.duraspace.org/browse/DS-3289> - Archived submissions were being displayed chronologically instead of reverse chronologically: DS-3334 <https://jira.duraspace.org/browse/DS-3334> - On Move Item page, the list of Collections was sorted by Collection name, instead of being first grouped by Community: DS-3336 <https://jira.duraspace.org/browse/DS-3336> - ORCID / Authority Lookup button was no longer working in Mirage 2: DS-3387 <https://jira.duraspace.org/browse/DS-3387> - Improve error message when user attempts to update an e-mail address to an existing address: DS-3584 <https://jira.duraspace.org/browse/DS-3584> - Allow localization of input-forms.xml with XMLUI: DS-3598 <https://jira.duraspace.org/browse/DS-3598> - Fix error when uploading large files (>2GB) via a web browser: DS-2359 <https://jira.duraspace.org/browse/DS-2359> - Various other minor bug fixes - JSPUI bug fixes - READ access rights not being respected on Collection homepage: DS-3441 <https://jira.duraspace.org/browse/DS-3441> - Fix issue where database connections were being kept open on some JSPUI pages: DS-3582 <https://jira.duraspace.org/browse/DS-3582> - Oracle support bug fixes: - Oracle migrations took forever because of missing indexes: DS-3378 <https://jira.duraspace.org/browse/DS-3378> - Community and Collection handles were not properly migrated between 5.x and 6.x: DS-3409 <https://jira.duraspace.org/browse/DS-3409> - OAI-PMH bug fixes: - DIM crosswalks repeated authority information: DS-2947 <https://jira.duraspace.org/browse/DS-2947> - REST API bug fixes: - Support for Shibboleth added: DS-3108 <https://jira.duraspace.org/browse/DS-3108> - Solr Statistics fixes: - Item Statistics displayed UUID instead of file name: DS-3164 <https://jira.duraspace.org/browse/DS-3164> - Sharding statistics corrupted some fields and was unstable: DS-3436 <https://jira.duraspace.org/browse/DS-3436>, DS-3457 <https://jira.duraspace.org/browse/DS-3457>, DS-3458 <https://jira.duraspace.org/browse/DS-3458> - AIP Backup and Restore fixes: - Failed AIP imports left files in assetstore: DS-2227 <https://jira.duraspace.org/browse/DS-2227> - Could not restore items from AIP if embargo lift date was in the past: hDS-3348 <https://jira.duraspace.org/browse/DS-3348?src=confmacro> - Replication Task Suite <https://wiki.duraspace.org/display/DSPACE/ReplicationTaskSuite> plugin was not working with 6.0: DS-3389 <https://jira.duraspace.org/browse/DS-3389?src=confmacro> 6.1 Minor Improvements - - SEO improvement: Add configurable support for whitelisting specific file formats for Google Scholar citation_pdf_url tag: DS-3127 <https://jira.duraspace.org/browse/DS-3127> - Add support for *.docx files (newer MS Word) to indexing process (via media filters). See DS-1140 <https://jira.duraspace.org/browse/DS-1140> - Add ability to multi-select options in XMLUI's My Submission page. See DS-3448 <https://jira.duraspace.org/browse/DS-3448> - Filter labels were missing in XMLUI's search screen. See DS-3573 <https://jira.duraspace.org/browse/DS-3573> - Minor improvements to logging and error reporting. In addition, this release fixes a variety of minor bugs in the 6.x releases. For more information, see the Changes in 6.x <https://wiki.duraspace.org/display/DSDOC6x/Changes+in+6.x> section. 6.1 AcknowledgmentsThe DSpace application would not exist without the hard work and support of the community. Thank you to the many developers who have worked very hard to deliver all the new features and improvements. Also thanks to the users who provided input and feedback on the development. The 6.1 release was led by the DSpace Committers. The following individuals provided code or bug fixes to the 6.1 release: Pascal-Nicolas Becker (pnbecker), Andrew Bennet (AndrewBennet), Andrea Bollini (abollini), Terry Brady (terrywbrady), Per Broman (pbroman), Samuel Cambien (samuelcambien), Yana De Pauw, Tom Desair (tomdesair), Peter Dietz (peterdietz), Roeland Dillen, Tim Donohue (tdonohue), edusperoni, Frederic-Atmire, Generalelektrix, Claudia Juergen (cjuergen), Bram Luyten (bram-atmire), Enrique Martínez Zúñiga (enrique), Ivan Masar (helix84), Miika Nurminen (minurmin), Alan Orth (alanorth), Andrea Pascarelli (lap82), Hardy Pottinger (hardyoyo), Toni Prieto (toniprieto). Christian Scheible (christian-scheible), Andrea Schweer (aschweer), Kim Shepherd (kshepherd), Alexander Sulfrian (AlexanderS), Jonas Van Goolen (jonas-atmire), Philip Vissenaekens (PhilipVis), and Mark Wood (mwoodiupui). A detailed listing of all known people/institutions who contributed directly to DSpace 6.x is available in the Release Notes. If you contributed and were accidentally not listed, please let us know so that we can correct it! As always, we are happy to hear back from the community about DSpace. Please let us know what you think of 6.1! Sincerely, Tim Donohue (on behalf of the DSpace Committers) -- Tim Donohue Technical Lead for DSpace & DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
