Dear DSpace Community,
On behalf of the DSpace developers, I would like to formally announce that DSpace 6.3 is now available. DSpace 6.3 provides bug fixes and improvements to the DSpace 6.x platform.
DSpace 6.3 can be downloaded immediately from: https://github.com/DSpace/DSpace/releases/tag/dspace-6.3
6.3 Release notes are available at: https://wiki.duraspace.org/display/DSDOC6x/Release+Notes
DSpace 6.3 is a bug fix release to resolve several issues located in previous 6.x releases. As it only provides only bug fixes, DSpace 6.3 should constitute an easy upgrade from DSpace 6.x for most users. No database changes should be necessary when upgrading from DSpace 6.x to 6.3. There is one (orcid.api.url) configuration addition for ORCID Authority Users.
DSpace 6.3 contains two security fixes for JSPUI users. If you use JSPUI we recommend that you test and upgrade this release as soon as possible.
JSPUI security fixes include
[HIGH SEVERITY] A user can inject malicious Javascript into the names of EPeople or Groups. This is most severe in sites which allow anyone to register for a new account. (https://jira.duraspace.org/browse/DS-3866 - requires a JIRA account to access.)
Reported by Julio Brafman
[MEDIUM SEVERITY] Any user was able to export metadata to CSV format if they knew the correct JSPUI path/parameters. Additionally, the exported CSV included metadata fields which are flagged as hidden in configuration. (https://jira.duraspace.org/browse/DS-3840 - requires a JIRA account to access.)
Reported by Eike Kleiner (ZHAW, Zurich University of Applied Sciences)
For more information, see the Changes section in the DuraSpace wiki.
6.3 Acknowledgments
The DSpace 6.3 release was led by Kim Shepherd with a lot of help from Tim Donohue, Terry Brady, Mark Wood and the DSpace Committers. A whopping 37 people (including 18 new contributors!) contributed to this release. Thanks to everybody who gave their time to improve DSpace.
The following individuals provided code, bug fixes, or reviews to the 6.3 release:
Saiful Amin, Pascal-Nicolas Becker, Ben Bosman, Terry Brady, Per Broman, Jacob Brown, James Creel, Tom Desair, Tim Donohue, Stefan Fritzsche, Hendrik Geßner, Werner Greßhoff, Marsa Haoua, Iris Hausmann, Chris Herron, Lotte Hofstede, Eike Kleiner, Ivan Masár, Dinesh Mendhe, Philip Münch, Sébastien Nadeau, Miika Nurminen, Alan Orth, Hardy Pottinger, Jakub Řihák, J. Savell, Christian Scheible, Kim Shepherd, Ilja Sidoroff, Sven Soliman, Eduardo Speroni, Alexander Sulfrian, Jonas Van Goolen, Philip Vissenaekens, Martin Walk, Andrew Wood, Mark Wood
A detailed listing of all known people/institutions who contributed directly to DSpace 6.x is available in the Release Notes. If you contributed and were not listed, please let us know so that we can correct it!
As always, we are happy to hear back from the community about DSpace. Please let us know what you think of 6.3!
Sincerely,
Kim Shepherd (on behalf of the DSpace Committers)