We are pleased to announce the release of DSpace 9.2! This release provides security fixes, performance improvements and bug fixes to the 9.x platform. No new features are provided. As such, this release should be an easier upgrade for sites already running 9.x.
Download DSpace 9.2 <https://wiki.lyrasis.org/display/DSDOC9x/Release+Notes#ReleaseNotes-9.2ReleaseNotes> Security Fixes - Patch for CVE-2025-66516 <https://github.com/advisories/GHSA-f58c-gq56-vjjf> / CVE-2025-54988 <https://github.com/advisories/GHSA-p72g-pv48-7w9x> in Apache Tika (critical severity). All versions of Apache Tika prior to version 3.2.2 contain a critical XML External Entity (XXE) vulnerability. This XXE vulnerability may be possible to exploit in DSpace if an attacker has submitter privileges. See #11678 <https://github.com/DSpace/DSpace/issues/11678> for more details. - Fix for potential XPath Injection in Controlled Vocabulary lookup. This vulnerability only allows an attacker access to the controlled vocabulary XML file(s), which are already public in source code. So, this vulnerability poses no security risk but it has been patched for future code safety. Breaking Changes: - User Interface is upgraded to Angular 20. This upgrade is mostly backwards compatible, but may require minor updates to your custom themes. - Node v20.19+ is now required. Because of the upgrade to Angular 20, you must use Node v20.19+, v22.x or v24.x to build and run the DSpace frontend (UI). - Solr "search" core needs to be cleared and reindexed. In order to resolve an error in Solr 9, we've had to update DSpace’s schema.xml for the "search" core. This minor update unfortunately requires a full reindex as it’s incompatible with prior indexes. Major Bug fixes / improvements include: - General user enhancements and fixes - Fixed bug where HTML tags in some metadata fields were wrongly evaluated in administrative workflow and search results. (Donated by Atmire) - Fixed bug where bitstreams with embargo lift date in metadata were not appearing on Item Page. (Donated by Vir Softech) - Fixed bug where Item Page could throw an error when signposting is enabled and the item has a large number of bitstreams. (Donated by Nicholas Woodward) - Fixed bug in "Browse by Title" where searching for a title beginning with certain articles (e.g. A, As, O, Os) did not return accurate results.(Donated by 4Science) - Fixed bug on "Browse by" pages where the search box no longer worked after clicking on a value on the page. (Donated by Atmire) - Fixed bug where exporting search results didn't work if the search contained quotation marks. (Donated by Vir Softech) - Fixed issues with downloading bitstreams whose filenames contained non-ASCII characters using the Safari browser. (Donated by Neki-IT) - Submission / Workflow enhancements and fixes - Fixed bug where dynamic tag input field was wrongly splitting values on unexpected characters (like "<"). (Donated by The Library Code) - Fixed bug where a newly created Researcher Profile could not be selected as an author of a new Publication Entity. (Donated by Jesiel Viana) - Fixed bug where file uploads would fail if the "assetstore.dir" was set to a location using a symbolic link.(Donated by 4Science) - Fixed memory leak in submission form which could occur if you closed and reopened the form several times in a row. (Donated by Jukka Lipka) - Statistics enhancements and fixes - Add several "usage-statistics.*" configurations to make it easier to quickly customize the statistical reports. (Donated by Nicholas Woodward) - Updated Solr-based internal statistics to only track downloads of bitstreams that are in a bundle listed in the existing "solr-statistics.query.filter.bundles" configuration. (Donated by Neki-IT) - Authentication fixes - Fixed database connection leak that could occur via many unsuccessful logins using password login or ORCID login. (Donated by Atmire) - Fixed issues with correctly populating special groups for several authentication methods. (Donated by 4Science) - Support for X.509 certificate authentication has been removed as it appears to be unused and non-functional. - Integration fixes - Fixed several bugs related to ORCID integration (Donated by 4Science, The Library Code and Pierre Lasou) - Fixed bugs in OAI-PMH, SWORDv1 and SWORDv2 (Donated by Neki-IT, Lucas Varone, Marsa Haoua and fribeiro-fccn) - Fixed several bugs in administrative tools and command-line scripts. See Release Notes <https://wiki.lyrasis.org/display/DSDOC9x/Release+Notes#ReleaseNotes-9.2ReleaseNotes> for details. - For a full list of changes and contributors in 9.2, see our Release Notes <https://wiki.lyrasis.org/display/DSDOC9x/Release+Notes#ReleaseNotes-9.2ReleaseNotes> New and improved Language support - Arabic (العربية) language updates donated by Laith Rastanawi - Bengali (বাংলা) language updates donated by Md. Topu Raihan - Czech (Čeština) language updates donated by dataquest - French (Français) language updates donated by Pierre Lasou - Hungarian (Magyar) language updates donated by Nagy Akos - Persian (فارسی) language added & donated by Shafi Habibi - Spanish (Español) language updates donated by Arvo Consultores y Tecnología. S.L - Tamil (தமிழ்) language added & donated by DSquare Technologies - Ukrainian (Yкраї́нська) language updates donated by Olexandr Shaposhnyk A total of 52 individuals contributed to 9.2. For a full list of changes and contributors in 9.2, see our Release Notes <https://wiki.lyrasis.org/display/DSDOC9x/Release+Notes#ReleaseNotes-9.2ReleaseNotes> . Would you like to contribute to a future DSpace release? DSpace is built and supported by community volunteers. We have no centralized development team. Therefore, we welcome contributions from anyone! Contributions may take the form of: - Contributing money to our DSpace Development Fund <https://wiki.lyrasis.org/display/DSPACE/Announcement%3A+DSpace+Development+Fund> - All funds go directly towards development in the next release(s), and you will be acknowledged on our DSpace Development Fund <https://wiki.lyrasis.org/display/DSPACE/Announcement%3A+DSpace+Development+Fund> page. - Contributing code - As a volunteer developer you can determine which issue ticket you’d like to work on. Join our weekly developer meetings <https://wiki.lyrasis.org/display/DSPACE/Developer+Meetings> or get in touch with Tim Donohue <https://wiki.lyrasis.org/display/~tdonohue> if you have any questions. Our next major release will be DSpace 10.0 <https://wiki.lyrasis.org/display/DSPACE/DSpace+Release+10.0+Status> (due in May/June 2026). But, we also continue to support our last three major releases (currently 7.6.x, 8.x and 9.x). If you’d like more information on ongoing development, please consider joining our weekly developer meetings <https://wiki.lyrasis.org/display/DSPACE/Developer+Meetings>, or follow along by reading the public notes of past meetings. -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/c50750f0-5e69-490a-89cd-e39fe8c7ed9fn%40googlegroups.com.
