This is an updated version of the 7.1 release which includes a security update for CVE-2021-44228 (log4j v2 critical vulnerability). It is fully compatible with the DSpace 7 Frontend dspace-7.1 release.
⚠️ We highly recommend ALL users of DSpace 7.0 or 7.1 upgrade to 7.1.1 (or above) to resolve CVE-2021-44228.
To fully protect your DSpace 7.x site from CVE-2021-44228, three steps are required:
- Upgrade your DSpace backend to 7.1.1 (or above) OR manually install #8065, rebuild and redeploy your 7.x backend. Make sure to restart your Tomcat after the update.
- Upgrade to Apache Solr v8.11.1 (or above), OR ensure that
-Dlog4j2.formatMsgNoLookups=trueis specified in yourSOLR_OPTSenvironment variable. For more information, see https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - If you use the Handle.Net Registry Support in DSpace 7.x, make sure to restart your Handle Server (after performing step 1), so that it uses the new (secure) version of log4j as well.
This DSpace Backend does not have a user friendly interface. Therefore, we highly recommend installing the DSpace 7 Frontend dspace-7.1 release to use with this Backend. Please note that the Frontend and Backend do not need to be installed on the same machine. (Note: it is also possible to run this Backend "headless" if you only want to use the DSpace REST API)
Download links for the Backend are available below (see Assets). You may alternatively choose to checkout the code via GitHub, using the dspace-7.1.1 tag.
Additional Information on the 7.1 release:
- Release Notes
- Try out DSpace 7 via a Docker quick-install or public demo sites
- Installation Instructions for both Frontend and Backend
- Upgrade Instructions from any past release of DSpace
- REST API Contract
Full Changelog of 7.1.1: dspace-7.1...dspace-7.1.1