DSpace 1.7.1 is available now! Resolves security issue & several bugs in 1.7.0

Thu, 2011-03-31 12:18 -- Anonymous (not verified)

Today we’d like to announce the official release of DSpace 1.7.1!

DSpace 1.7.1 is a bug-fix release of DSpace. This latest update resolves several key issues, along with a medium-level SECURITY ISSUE in our 1.7.0 release. DSpace 1.7.1 does not introduce any new features, it just resolves issues found in 1.7.0.

SECURITY ADVISORY: If you are currently using DSpace 1.7.0, we strongly recommend that you upgrade to 1.7.1 or patch your system as soon as possible. See: https://jira.duraspace.org/browse/DS-858 for details of the problem and steps to remedy your DSpace instance. Users of other versions of DSpace (1.6, 1.5, etc.) are unaffected by this. Additional information regarding this security advisory is provided below.

DSpace 1.7.1 can be downloaded immediately at either of the following locations:

• SourceForge (Zip file): https://sourceforge.net/projects/dspace/files/

• SVN: http://scm.dspace.org/svn/repo/dspace/tags/dspace-1.7.1/

 

Other Key Issues Resolved in 1.7.1

Other key issues resolved in DSpace 1.7.1 include:

• DSpace 1.7.1 now fully supports Oracle databases (resolves issues with 1.7.0 and Oracle)

• Several SWORD-related bugs in DSpace 1.7.0 were resolved

• Many other minor issues were resolved

The full details of all issues resolved in 1.7.1 are available at:
https://wiki.duraspace.org/display/DSDOC/History
DSpace Documentation on installing or upgrading is available at: https://wiki.duraspace.org/display/DSDOC/DSpace+Documentation

 

SECURITY ADVISORY: Why 1.7.0 users should upgrade to 1.7.1

In the past few weeks, it came to our attention that there was an issue around the security of the Solr web application ([dspace]/webapps/solr) in DSpace 1.7.0.

• Who does this issue affect? - All DSpace 1.7.0 users who are running Solr, this includes DSpace Statistics (based on Solr) OR DSpace Discovery (also based on Solr). Previous versions of DSpace (1.6, 1.5, …) are unaffected by this issue.

• Severity: Medium. The bug would allow a remote user to view, edit, or delete Solr statistics or Solr discovery search and browse results. This does not in any way affect the integrity of your DSpace archive of Items, Bitstreams, metadata, Collections or Communities. All contents of your DSpace archive are still secure, and cannot be tampered with. If a malicious user did tamper with the discovery search and browse results, they can be easily regenerated from the data in your database.

• What is the recommended fix? Upgrade to DSpace 1.7.1, or apply the fix detailed in https://jira.duraspace.org/browse/DS-858.

 

Acknowledgments

DSpace would not exist without the hard work and support of the community!

Thanks to our early adopters of 1.7.0, who helped us to discover the above issues and resolve them for 1.7.1. Thanks also to our team of DSpace developers who helped resolve the reported issues in 1.7.0.

Special thanks to Kim Shepherd who discovered and first reported the Solr security issue in DSpace 1.7.0, as well as to Mark Diggory who helped in the resolution of that security issue, and Tim Donohue who kept things moving along. Thanks also to Peter Dietz, who coordinated the release of 1.7.1 and kept the release on track!

Thanks again! Enjoy DSpace 1.7.1, and let us know what you think!

preserve