Dear DSpace Community:

On behalf of the DSpace developers, I would like to formally announce that DSpace 5.3 is now available. DSpace 5.3 is a bug-fix and (minor) security release and contains no new features.

DSpace 5.3 can be downloaded immediately from: 5.3 Release notes are available at:<>

(Please note that the 5.3 release is NOT available from SourceForge. SourceForge has had recent service issues and does not support uploading new releases at this time.)

In addition, you are welcome to try out DSpace 5.3 on and continue to provide any early feedback you may have.

     5.3 Bug Fixes

 * Security fixes:
     o /[LOW SEVERITY]/ /Possible to access files attached to
       "in-progress" submissions via a direct link /(DS-2614
       <> - requires a JIRA
       account to access for two weeks, and then will be public)/.
       /This vulnerability could allow anyone in the world to download
       a file attached to an "in-progress" submission if they are
       provided with a direct link to that file (from either UI). While
       a direct file link would be very hard to "guess" or stumble
       upon, this could allow an individual with deposit rights to make
       available content which has not been approved by local DSpace
       administrators. This vulnerability has at least existed since
       5.0, but may effect versions as old as 3.0.
         + Discovered by Pascal-Nicolas Becker of Technische
           Universität Berlin
 * Search and browse fixes:
     o Solr and Lucene special characters no longer cause search errors
       (DS-2339 <>, DS-2461
       <>, DS-2472
     o Resolved issues jumping to values when browsing by title or date
       (DS-2571 <>, DS-2602
 * OAI fixes:
     o Performing a full OAI import now also cleans the OAI cache
       (DS-2543 <>)
     o Harvested items are now properly imported in OAI (DS-2554
     o Tombstones (deleted item status) are now properly applied for
       withdrawn items (DS-2593
       (note: this requires 'import' to be run, the OAI event consumer
       will not create tombstones automatically)
     o is now properly exposed when using the mets
       metadata format (DS-2598
 * Authorization policy fixes:
     o Custom policies for items in workspace or workflow (eg. embargo
       lifts) are now ignored by AuthorizeManager (DS-2614
     o ||NULL Resource Policy types (commonly found when upgrading from
       DSpace < 3.0) are now handled correctly by AuthorizeManager
       (DS-2587 <>)
     o Item-level versioning now carries across all custom policies in
       new item versions (eg. embargos) (DS-2358
 * Other notable fixes:
     o Optimized "Select Collection" query is now disabled by default
       as a workaround to ensure special group lookups (LDAP,
       Shibboleth) work out-of-the-box (DS-2673
     o Resolved issue where citation_pdf_url metadata was NULL for
       items with multiple bitstreams but no primary bitstream (DS-2603
     o ||dc.rights metadata is now properly exposed in embedded XHTML
       head DC (DS-2568 <>)

For much more information on each of these and other fixes, please visit our 5.x Release Notes:

     5.3 Documentation

The DSpace 5.x documentation is available online at:

A PDF copy of the documentation can also be downloaded from:

     5.3 Acknowledgments

The DSpace application would not exist without the hard work and support of the community. Thank you to the many developers who have worked very hard to deliver all the new features and improvements. Also thanks to the users who provided input and feedback on the development, as well those who participated in the testathons.

The 5.3 release was led by Kim Shepherd (University of Auckland Library) and the Committers.

The following individuals provided code or bug fixes to the 5.3 release: Tim Donohue (tdonohue), Ondřej Košarko (kosarko), Bram Luyten (bram-atmire), Pascal-Nicolas Becker (pnbecker), Pablo Buenaposada (pablobuenaposada), Nicolas Schwab (nicolasschwab), Andrea Schweer (aschweer), Àlex Magaz Graça (rivaldi8), Roeland Dillen (rradillen), junwei1229, and Claudia Juergen (cjuergen).

A detailed listing of all known people/institutions who contributed directly to DSpace 5.x is available in the Release Notes. If you contributed and were accidentally not listed, please let us know so that we can correct it!

     More Information

More information on this release is also available in the DSpace 5.x Release Notes at:<>

As always, we are happy to hear back from the community about DSpace. Please let us know what you think of 5.3!

Tim Donohue, on behalf of the DSpace 5.3 Release Team, and all the DSpace developers.

Tim Donohue
Technical Lead for DSpace & DSpaceDirect | |

DSpace-tech mailing list
List Etiquette:

Reply via email to