Skip to content

DSpace-CRIS release 2023.02.07.02

Choose a tag to compare

View all tags
@atarix83 atarix83 released this 24 Dec 15:09
· 5904 commits to main-cris since this release
dspace-cris-2023.02.07.02
d069ba9

DSpace-CRIS 2023.02.07.02 December, 24th (REST)

⚠️ This is an updated version of the DSpace-CRIS release 2023.02.07.01 release which includes the following security fixes:

  • Patch for CVE-2025-66516 / CVE-2025-54988 in Apache Tika (critical severity). All versions of Apache Tika prior to version 3.2.2 contain a critical XML External Entity (XXE) vulnerability. This XXE vulnerability may be possible to exploit in DSpace if an attacker has submitter privileges. See #11678 for more details.

    After upgrading, we recommend all sites recreate text extracted files. This is a safety measure to ensure that none of those text extracted files contain unexpected information because of a prior exploit of this XXE vulnerability. To recreate your text extracted files, run:

# This command will force all current text-extracted files to be deleted and recreated.
./dspace filter-media -f -p "Text Extractor"
Assets 2
Loading