![]() ![]() ![]() Implement GDPR-compliant statistics anonymization for Solr: DS-4440 (#2693).Note: t his may impact custom modules pulled into your poms if they pull in log4j v1.Requires some action on sites with heavily customized JavaScript or stylesheets, see Mirage 2's readme.md.Fix Mirage 2 build broken by disappearance of JRuby gems mirror: #8292.CVE-2022-31190(impacts XMLUI only) Metadata of withdrawn Items is exposed to anonymous users in XMLUI.Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. CVE-2022-31189(impacts JSPUI only) When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available.CVE-2022-31192 (impacts JSPUI only) : The JSPUI "Request a Copy" feature is vulnerable to Cross Site Scripting (XSS) attacks.Reported by Hassan Bhuiyan, Brunel University London.Both are vulnerable to Cross Site Scripting (XSS). Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. CVE-2022-31191(impacts JSPUI only) : The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text.When that URL is clicked by the target, it redirects them to a site of the attacker's choice. CVE-2022-31193(impacts JSPUI only) : The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL.This path traversal can only be executed by a user with submitter rights. CVE-2022-31194(impacts JSPUI only) : The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, just by modifying some request parameters during submission.Reported by Johannes Moritz of Ripstech.This path traversal is only possible by a user with special privileges (Administrators or someone with command-line access to the server). This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. CVE-2022-31195 (impacts XMLUI and JSPUI): Path traversal vulnerability in Simple Archive Format package import (ItemImportService API).No database changes should be necessary when upgrading from DSpace 6.x to 6.4. ![]() As it only provides only bug fixes, DSpace 6.4 should constitute an easy upgrade from DSpace 6.x for most users. To ensure your 6.x site is secure, we highly recommend ALL DSpace 6.x users upgrade to DSpace 6.4l.ĭSpace 6.4 upgrade instructions are available at: Upgrading DSpaceĭSpace 6.4 is a bug fix release to resolve several issues located in previous 6.x releases. If the item you need is not in the list, either choose Open Image Browser to search in the image browser, or Insert Other Media to open the macro browser and use the multimedia macro to display your file.DSpace 6.4 contains security fixes for both the JSPUI and XMLUI. Type the first few characters of the name of the image, file, or document (or select relevant text) and then press ctrl+shift+m.Ĭhoose the relevant file from the list of suggestions. Type ! and then the first few characters of the image, file, or document name. Use autocomplete for images, videos, audio files, and documents If the item you need is not in the list, either choose Search for 'xxx' to continue looking for the page within Confluence, or Insert Web Link to link to an external page. Type the first few characters of the page title, user's name, image name, or file name (or select relevant text) and then press ctrl+shift+k.Ĭlick the relevant link from the list of suggestions. Type [ and then the first few characters of the page title, user's name, image name or file name. When you edit a page or comment, you can use autocomplete to add links, images, and macros to your page as you go. This section provides the following details for using autocomplete in the legacy editor. Some of the shortcut combinations require a space to be added afterward, like Action item and Decision. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |