[dspace-devel] SECURITY NOTICE: DSpace 7 sites are vulnerable to XSS attacks via deposited HTML/XML bitstreams (low severity)

All, A new DSpace 7 security advisory has been released. CVE-2024-38364 : Cross Site Scripting (XSS) possible via a deposited HTML/XML document with embedded JavaScript https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf * Severity: Low * Impacts versions 7.0 through 7

[dspace-devel] DSpace Program Coordinator Position Announcement (remote)

Forwarding this message to other DSpace lists on behalf of Laurie. If you have questions about the role, please get in touch with Laurie. Tim From: dspace-commun...@googlegroups.com on behalf of Laurie Arp Sent: Tuesday, January 16, 2024 10:30 AM To: DSpace C

[dspace-devel] Need someone to look at your PR quickly? See how to "Trade reviews on Pull Requests"

DSpace Developers, Based on recent discussions in Slack (#dev channel) and in Developer Meetings, I'd like to announce that we (DSpace Developers Team) are encouraging all developers to t

[dspace-devel] Announcing the new https://demo.dspace.org running on Docker!

All, As of today, our public demo site for DSpace (v7) has moved to https://demo.dspace.org . The REST API backend is now available at https://demo.dspace.org/server/ This demo site auto-updates itself every time a new change is pushed out to the DSpace v7 maintenance branches (dspace-7_x bran

Re: [dspace-devel] Developing Add-On (Plugin)

Hi Tohid, Apologies for the delay in response. The quick answer here is that we do not currently have any guidelines or best practices for developing add-ons or plugins for DSpace 7. However, we did have a general "Developing with DSpace 7" online workshop last November which provides general

[dspace-devel] Re: NOTICE: Closing all old v6.x issues/PRs in GitHub

ch. I'll be glad to help it find reviewers for the next release. Tim ________________ From: 'Tim Donohue' via DSpace Developers Sent: Thursday, July 6, 2023 2:03 PM To: DSpace Developers Subject: [dspace-devel] NOTICE: Closing all old v6.x issues/PRs in GitHub DSpa

[dspace-devel] NOTICE: Closing all old v6.x issues/PRs in GitHub

DSpace Developers, Because v6.x is now end-of-life, I will be closing all issues/PRs related to 6.x. Apologies if this causes GitHub to "spam" you with notifications in any way. If you find that I've closed something which is still applicable to 7.x (or later), please either reopen the issue/

[dspace-devel] General DSpace Developer Meetings starting again this Thurs

DSpace Developers, With the release of 7.6 and the announcement that 7.x will be moving into maintenance, the "DSpace 7 Working Group

[dspace-devel] Re: Autocomplete field in a submission form - dspace 7.5

Hi Aroldo, The example screenshot you are showing is not actually an "autocomplete". It's a search to locate a Collection where you want to add the new Item. At this time, we don't have a similar feature in the DSpace submission fields except in two scenarios: 1) When you use Configurable En

[dspace-devel] Re: discovery.xml (dspace 7.5)

Hi Aroldo, As far as I'm aware, adding filters in DSpace 7 should be the same as in DSpace 6. While there have been new sections added to the discovery.xml, the structure of that file is unchanged. So, the existing documentation *should still be accurate* for DSpace 7. If you are finding it

[dspace-devel] Re: Media viewer for non-public files

Hi, It sounds like there may be a bug here. I think it should support the use case of providing streaming to the group it's access restricted to. However, there isn't any way to only allow for streaming without the ability to also download the file (just for clarity). The basic media-viewe

[dspace-devel] Re: "Calculated" Metadata field

Hi Steve, In case you are still looking for an answer, I'm not recalling a way to do this "out-of-the-box" in DSpace. I think it'd require custom code (I'm not even aware of what you are referencing in ItemServiceImpl... but that's a very large class, so I might be overlooking it). Tim On Th

Re: [dspace-devel] Theaming Dynamic Components DSpace 7.1

Hi Gabriel, A quick answer for you is that you won't be able to use instructions for DSpace 7.4 on a DSpace 7.1 site. There were major changes between 7.1 -> 7.4 in terms of the User Interface theming & customization. Your best options would be to either upgrade to 7.4, or maybe look at the ol

[dspace-devel] Re: "Release" Metadata Schema changes

Hi Steve, By "Release" are you asking how we perform these updates in DSpace releases themselves? Or are you talking about strategies for doing this in your own site (like pushing these changes from dev to production locally)? I'm going to guess the latter. Not sure if it helps here, but the

Re: [dspace-devel] Digest for dspace-devel@googlegroups.com - 2 updates in 2 topics

Hi Pauline, The workshops are on Tues, Weds, Thurs (same time each day). There was a minor typo in the initial email, but the dates are correct in all the registration links. You can also find the correct dates on the workshop announcement on our website at https://dspace.lyrasis.org/2022/10/

Re: [dspace-devel] DSpace 7 Version numbrring

Hi David, DSpace 7 is a temporary departure from those rules. We broke those rules only for DSpace 7​ because otherwise DSpace 7 would never be "backwards compatible" with DSpace 6 and prior. We made this decision prior to the release of 7.0, as we realized that if we require 7.0 to have all

[dspace-devel] Re: submission-forms.xml

Hi Stevenson, Currently, there's a known issue that the submission-forms.xml doesn't support dynamic translations (at least not well). See this bug ticket https://github.com/DSpace/dspace-angular/issues/646 and specifically this comment: https://github.com/DSpace/dspace-angular/issues/646#is

[dspace-devel] Major update to DSpace Wiki on Sunday, Sept 25. Password resets will be REQUIRED on Monday, Sept 26

All, On Sunday, September 25 at 7:00pm ET (23:00 UTC), the DSpace Wiki (hosted at wiki.lyrasis.org) will be undergoing a major update. It will be unavailable for at least 1-2 hours. After this upgrade is complete, all wiki users will need to reset their password on Monday, September 26. You

Re: [dspace-devel] Re: Dspace 7.2.1

Hi, A 500 error just means "there was an error on the backend", but it gives us no information about what the error may be. Please see our Troubleshooting guide for hints on locating the underlying error: https://wiki.lyrasis.org/display/DSPACE/Troubleshoot+an+error#Troubleshootanerror-DSpace7

[dspace-devel] Re: New field in create Collection form

Hi, I am able to successfully get "hint" settings to work. But, you are correct, it doesn't appear that "labelTooltip" or "controlTooltip" options work. I don't see anywhere in DSpace 7 where we use those tooltip options though. So, it's very possible that is either a bug in the ng-dynamic-

[dspace-devel] Re: TestConsumer

Hi Marwa, Yes, you need to enable it by adding "test" to the list of default consumers here: https://github.com/DSpace/DSpace/blob/main/dspace/config/dspace.cfg#L762 You also might need to restart the backend (i.e. restart Tomcat), as I don't recall if this automatically reloads. Tim On Monda

Re: [dspace-devel] aws application load balancer

Hi Stevenson, If the REST API URL is changing in your next request, it might​ be a configuration issue in your backend's local.cfg. I'd recommend checking the "_links" URLs that the REST API returns after the first request. If you see the port 3500 listed there, then it could be that your "ds

[dspace-devel] Re: authentication

Hi Stevenson, Yes, creating a ticket is a good way to get started. Especially since that allows us to track who is doing this work (as we don't want two developers accidentally working on the same thing). And I do agree these sound like worthwhile improvements to the default authentication.

[dspace-devel] Re: authentication

Hi Stevenson, No these features are not yet available in the default DSpace authentication system. Obviously they are available in many of the external authentication systems (if you integrate DSpace with LDAP or Shib or OIDC, etc). That said, I think many would be interested in these featur

[dspace-devel] Welcome Natalie Baur to the DSpace team!

Greetings, LYRASIS is excited to announce that Natalie Baur will be joining DSpace as the Program Coordinator. Natalie brings a depth of experience in project management, developing outreach avenues, and working with diverse communities. Natalie is currently the Program Director for the

[dspace-devel] Re: Dspace 7.2.1

Hi, In order to run your machine via your IP address, you'd need to open up port 4000 to the world, and ensure that your backend is running via HTTPS per the production setup instructions (see step 16 of backend install): https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSp

[dspace-devel] Now Available: DSpace 5.11 release, providing bug/security fixes to 5.x

Dear DSpace Community, On behalf of the DSpace developers, I would like to formally announce that DSpace 5.11 is now available. DSpace 5.11 provides security fixes, bug fixes and improvements to the DSpace 5.x platform. We highly recommend all DSpace 5.x users upgrade to 5.11, or manually patc

[dspace-devel] Now Available: DSpace 6.4 release, providing bug/security fixes to 6.x

Dear DSpace Community, On behalf of the DSpace developers, I would like to formally announce that DSpace 6.4 is now available. DSpace 6.4 provides security fixes, bug fixes and improvements to the DSpace 6.x platform. We highly recommend all DSpace 6.x users upgrade to 6.4, or manually patch t

[dspace-devel] DSpace 7.4 will arrive in October. Here's how you can contribute!

All, As announced in yesterday's "DSpace 7 Q&A Webinar", the 7.4 release is planned for October (tentatively Oct 10). For this release, the DSpace 7 Working Group will be concentrating on maintenance tasks (bug fixes, usability/accessibility improvements, and similar). However, we will accept d

[dspace-devel] Re: Disable End User Agreement in code

Hi, There is currently no "out of the box" way to disable the End User Agreement (e.g. via a configuration or similar). That said, it's code can be found at https://github.com/DSpace/dspace-angular/tree/main/src/app/core/end-user-agreement It might be possible for you to modify the end-user-

[dspace-devel] Fwd: DSpace Program Coordinator Position Announcement (remote)

Forwarding this new position announcement on behalf of Laurie Arp...see details below. -- Forwarded message - From: gemm...@gmail.com Date: Tuesday, June 14, 2022 at 3:22:26 PM UTC-5 Subject: DSpace Program Coordinator Position Announcement (remote) To: DSpace Community Greeti

[dspace-devel] Re: NOTICE: DSpace Wiki unavailable until (possibly) Monday

All, As of a few moments ago, the DSpace Wiki is back up: https://wiki.lyrasis.org/display/DSPACE/ My sincere apology for all affected by the downtime. As previously noted, I was also surprised when it was taken down by our wiki hosting provider. But I'm very glad to see we're back up and ru

[dspace-devel] NOTICE: DSpace Wiki unavailable until (possibly) Monday

All, As many have noticed, the DSpace Wiki (including all online Documentation) hosted at https://wiki.lyrasis.org/ is currently unavailable (returns a 403 error). LYRASIS has been informed by our wiki hosting provider that they have taken the wiki down until they are able to address severe se

[dspace-devel] NOTICE: Support for DSpace 5 and 6 is ending in 2023

Dear DSpace Community, The DSpace Steering Group announces that security support for DSpace 5.x and 6.x will end on the following dates: * DSpace 5.x: Support ends on January 1, 2023 * DSpace 6.x: Support ends on July 1, 2023 This means that after those dates: * That version o

[dspace-devel] Re: NOTICE: DSpace 7 is impacted by new "Spring4Shell" zero-day vulnerability. Does not impact DSpace 6 or below.

All, The DSpace 7.2.1 release of the backend is also now available. This is a quick upgrade for any sites already running 7.2. https://github.com/DSpace/DSpace/releases/tag/dspace-7.2.1 For the latest information on how to protect your site against Spring4Shell (CVE-2022-22965), see the list

[dspace-devel] NOTICE: DSpace 7 is impacted by new "Spring4Shell" zero-day vulnerability. Does not impact DSpace 6 or below.

All, You may have heard or been notified about a new significant vulnerability in the Java Spring Framework nicknamed Spring4Shell (CVE-2022-22965): https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement DSpace 7 is impacted by this vulnerability provided that you are running

[dspace-devel] Re: Who uses Oracle with DSpace? Anyone interested in helping retain/maintain Oracle support?

: https://github.com/DSpace/DSpace/issues/8214 If anyone has any questions, let us know, or add your questions to that ticket. Thanks, Tim Donohue From: 'Tim Donohue' via DSpace Developers Sent: Wednesday, November 17, 2021 5:25 PM To: DSpace Developer

[dspace-devel] Who has plugins/integrations that use SWORDv2 to interact with DSpace?

DSpace Developers, I'm looking for feedback on who is actively using SWORDv2 to interact with DSpace. As you may or may not be aware, unfortunately the SWORDv2 Java Library (https://github.com/swordapp/JavaServer2.0) has been unmaintained for 9 years. This library is depended on by DSpace for

[dspace-devel] SECURITY RELEASE: Version 7.1.1 of DSpace Backend patches log4j vulnerabilities in 7.x (CVE-2021-44228)

All, As with the rest of the world, over the last few days we've learned more about this critical vulnerability in log4j v2 (CVE-2021-44228) and its impact on DSpace. As of today, here's what we know (keep in mind, as more informat

[dspace-devel] Who uses Oracle with DSpace? Anyone interested in helping retain/maintain Oracle support?

All, I'm curious who on this developer list may use an Oracle database for their Production installation of DSpace. I've been noticing that it has become more difficult to locate any DSpace developers with decent Oracle experience to help us debug or fix Oracle-related issues (e.g. https://git

Re: [dspace-devel] Dspace 7 Kubernetes helmcharts

Hi Charlotte, I'm not aware of it. But, that said, hopefully someone will answer here if they've done this before. Tim From: dspace-devel@googlegroups.com on behalf of Charlotte Wee Teng Lim Sent: Monday, October 4, 2021 12:51 AM To: DSpace Developers Subjec

[dspace-devel] DSpace 6.4 bug-fix release is coming soon. Here's how you can help!

Developers, I'm working with a small group of volunteers to get a 6.4 bug-fix only release out the door. Timeline is TBD, but I'm hoping to get it out in Sept/Oct. This means that in the coming days/week, I'll be thoroughly reviewing the "6.4" milestone in GitHub: https://github.com/DSpace/DSp

[dspace-devel] Re: NOTICE: DSpace issue tracker is moving from JIRA to GitHub Issues on August 30

All, I wanted to report that the migration to GitHub Issues has completed. All historical JIRA tickets (dating back to 1.x.x) have been migrated into https://github.com/DSpace/DSpace/issues For those interested in taking a look, here's a few extra details: * All old JIRA issues were impor

[dspace-devel] NOTICE: DSpace issue tracker is moving from JIRA to GitHub Issues on August 30

All, Over a year ago, the DSpace 7 team moved all development activities into GitHub Projects and Issues. On August 30, we will finalize this migration by moving all historical DSpace tickets from JIRA to GitHub Issues.

[dspace-devel] Welcome to the latest DSpace Committer: Hrafn Malmquist (U of Edinburgh)

Dear DSpace Community, The DSpace Committers are delighted to announce a new member to the team: Hrafn Malmquist from The University of Edinburgh. Please join us in welcoming him! Hrafn is developer in the Digital Library development team at The University of Edinburgh wh

Re: [dspace-devel] We need more-robust XML parsing

Hi Mark, Just adding a quick note to say that I'd agree it'd be an improvement to avoid hand-built parsers, and instead use schemas + JAXB (which I'm assuming is what you are recommending, similar to https://github.com/DSpace/DSpace/pull/3157). So, I'd approve of that sort of enhancement to th

[dspace-devel] Graham Triggs (DSpace Committer Emeritus) passed away

All, Sadly, I wanted to pass along news that Graham Triggs passed away on Tuesday, May 25th. This unfortunate news came via the VIVO community (and via a family member on Facebook). Those who have been in the DSpace community

[dspace-devel] Welcome to the latest DSpace Committer: Giuseppe Digilio (4Science)

Dear DSpace Community, The DSpace Committers are delighted to announce a new member to the team: Giuseppe Digilio from 4Science. Please join us in welcoming him! Giuseppe is a Senior Software Engineer at 4Science with experience in the development and analysis of web appli