DSpace Users, Today we’d like to announce the official release of DSpace 1.7.1!
DSpace 1.7.1 is a bug-fix release of DSpace. This latest update resolves several key issues, along with a medium-level SECURITY ISSUE in our 1.7.0 release. DSpace 1.7.1 does not introduce any new features, it just resolves issues found in 1.7.0. SECURITY ADVISORY: If you are currently using DSpace 1.7.0, we strongly recommend that you upgrade to 1.7.1 or patch your system as soon as possible. See: https://jira.duraspace.org/browse/DS-858 for details of the problem and steps to remedy your DSpace instance. Users of other versions of DSpace (1.6, 1.5, …) are unaffected by this. Additional information regarding this security advisory is provided below. DSpace 1.7.1 can be downloaded immediately at either of the following locations: - ZIP: https://sourceforge.net/projects/dspace/files/ - SVN: http://scm.dspace.org/svn/repo/dspace/tags/dspace-1.7.1/ Key issues resolved in DSpace 1.7.1 include: - DSpace 1.7.1 now fully supports Oracle databases (resolves issues with 1.7.0 and Oracle) - Several SWORD-related bugs in DSpace 1.7.0 were resolved - Many other minor issues were resolved The full details of all resolved issues are available at: https://wiki.duraspace.org/display/DSDOC/History DSpace documentation on installing and upgrading is available at: https://wiki.duraspace.org/display/DSDOC/DSpace+Documentation == Security Advisory: Why 1.7.0 users should upgrade to 1.7.1 == In the past few weeks, it came to our attention that there was an issue around the security of the Solr web application ([dspace]/webapps/solr) in DSpace 1.7.0. * *Who does this issue affect?* - All DSpace 1.7.0 users who are running Solr, this includes DSpace Statistics (based on Solr) OR DSpace Discovery (also based on Solr). Previous versions of DSpace (1.6, 1.5, …) are unaffected by this issue. * *Severity*: Medium. The bug would allow a remote user to view, edit, or delete Solr statistics or Solr discovery search and browse results. This does not in any way affect the integrity of your DSpace archive of Items, Bitstreams, metadata, Collections or Communities. If a malicious user did tamper with the discovery search and browse results, they can be easily regenerated from the data in your database. * *What is the recommended fix?* Upgrade to DSpace 1.7.1, or apply the fix detailed in https://jira.duraspace.org/browse/DS-858 == Acknowledgements == DSpace would not exist without the hard work and support of the community! Thanks to our early adopters of 1.7.0, who helped us to discover the above issues and resolve them for 1.7.1. Thanks also to our team of DSpace developers who helped resolve the reported issues in 1.7.0. Special thanks to Kim Shepherd for discovering the Solr security issue in DSpace 1.7.0, and to Mark Diggory for quickly resolving it. Additionally Tim Donohue kept everything moving along. Peter Dietz was the release coordinator for 1.7.1. Thanks again! Enjoy DSpace 1.7.1, and let us know what you think! Sincerely, The DSpace Developers -- Peter Dietz Systems Developer/Engineer Ohio State University Libraries
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
