Release Notes

9.2 Release Notes

DSpace 9.2 provides security patches, bug fixes, accessibility & performance improvements to the 9.x platform. No new features are provided.  As such this release should be an easier upgrade for sites already running 9.x.

9.2 Security Fixes

• Patch for CVE-2025-66516 / CVE-2025-54988 in Apache Tika  (critical severity). All versions of Apache Tika prior to version 3.2.2 contain a critical XML External Entity (XXE) vulnerability.  This XXE vulnerability may be possible to exploit in DSpace if an attacker has submitter privileges. See #11678 for more details.
  • After upgrading, we recommend all sites recreate text extracted files.  This is a safety measure to ensure that none of those text extracted files contain unexpected information because of a prior exploit of this XXE vulnerability.  To recreate your text extracted files, run:

    # This command will force all current text-extracted files to be deleted and recreated.
    ./dspace filter-media -f -p "Text Extractor"

• Fix for potential XPath Injection in Controlled Vocabulary lookup. This vulnerability only allows an attacker access to the controlled vocabulary XML file(s), which are already public in source code. So, this vulnerability poses no security risk but it has been patched for future code safety. See #11042 and #11075 (Reported by odaysec. Fixed by odaysec and Mark Wood)
• This release also contains many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities have been confirmed in DSpace.

9.2 Breaking Changes

Some accessibility and bug fixes in 9.2 required major code or configuration changes. The following changes  may  negatively impact or "break" your local customizations to prior versions of DSpace.  Please be aware of them before upgrading.

• User Interface is upgraded to Angular 20.  This release upgrades the user interface to Angular 20 (as Angular 18 is now end-of-life).  While this is a major upgrade of Angular, this update is mostly backwards compatible.  Nonetheless, this upgrade may require updating to your custom themes. #4870 (Donated by Atmire)
  • Make sure to run "npm run lint" as new formatting rules have been added with this upgrade.  Running "npm run lint-fix" may be able to fix some of the errors that lint finds.
• Node v20.19+ is now required. Because of the upgrade to Angular 20, you must use Node v20.19+, v22.x or v24.x to build and run the DSpace frontend (UI).
• Solr "search" core needs to be cleared and reindexed. In order to resolve an error in Solr 9 (see #11475), we've had to update the Solr schema.xml for the "search" core (see #10526).  This minor update to the schema is unfortunately incompatible with prior "search" core indexes.  In testing, we've found this requires destroying all data in the current index, and reindexing via a process like this:
  • First, destroy all data in the current "search" core by running this command-line tool (using the "-d" flag):  ./dspace index-discovery -d
  • Next, restart Solr
  • Finally, perform a full reindex/rebuild (using the "-b" flag): ./dspace index-discovery -b
  • WARNING: If you skip these steps, you may see errors like this on your next reindex or Item submission:

    • Exception writing document id Item-[uuid] to the index; possible analysis error: 
      cannot change field "admin" from index options=DOCS_AND_FREQS_AND_POSITIONS to inconsistent index options=DOCS

9.2 Major Bug Fixes and Improvements

• General user enhancements and fixes
  • Fixed bug where HTML tags in some metadata fields were wrongly evaluated in administrative workflow and search results. #1495 (Donated by Atmire)
  • Fixed bug where bitstreams with embargo lift date in metadata were not appearing on Item Page. #8640 (Donated by Vir Softech)
  • Fixed bug where Item Page could throw an error when signposting is enabled and the item has a large number of bitstreams. #8943 (Donated by Nicholas Woodward)
  • Fixed bug in "Browse by Title" where searching for a title beginning with certain articles (e.g. A, As, O, Os) did not return accurate results. #4166 (Donated by 4Science)
  • Fixed bug on "Browse by" pages where the search box no longer worked after clicking on a value on the page. #2739 (Donated by Atmire)
  • Fixed bug where exporting search results didn't work if the search contained quotation marks. #9589 (Donated by Vir Softech)
  • When an Entity's Item Page displays tabbed search, switching tabs no longer retains the query parameters from the prior tab.  #2729   (Donated by Atmire)
  • Fixed issues with downloading bitstreams whose filenames contained non-ASCII characters using the Safari browser. #11191 (Donated by Neki-IT)
  • The language selected in a user's profile is now the default language displayed by DSpace unless a different language is selected via the header. #4241 (Donated by Atmire)
  • Fixed bug where embargo status badge would disappear from Item page if the page was reloaded. #4811 (Donated by Atmire)
• Submission / Workflow enhancements and fixes
  
  • Fixed bug where dynamic tag input field was wrongly splitting values on unexpected characters (like "<").  Now it only splits on pressing Enter or adding a comma. #4664 (Donated by The Library Code)
  • Fixed bug where a newly created Researcher Profile could not be selected as an author of a new Publication Entity. #4648 (Donated by Jesiel Viana)
  • Fixed bug where submission form status icons didn't update properly when type-bind was used with a required field. #2572 and #2742 (Donated by The Library Code)
  • Fixed bug where file uploads would fail if the "assetstore.dir" was set to a location using a symbolic link. #11169 (Donated by 4Science)
  • Fixed memory leak in submission form which could occur if you closed and reopened the form several times in a row. #4645 (Donated by Jukka Lipka)
  • Fixed bug where output of "submission-forms-migrate" script was an invalid submission configuration. #8443 (Donated by Neki-IT)
• Statistics enhancements and fixes
  • Add several "usage-statistics.*" configurations to make it easier to quickly customize the statistical reports. #10142 (Donated by Nicholas Woodward)
  • Updated Solr-based internal statistics to only track downloads of bitstreams that are in a bundle listed in the existing "solr-statistics.query.filter.bundles" configuration. This defaults to only tracking downloads of bitstreams in the "ORIGINAL" bundle. #11033 (Donated by Neki-IT)
  • Fixed bug where IRUS statistics event processor used the wrong OAI-PMH url. #8852 (Donated by Neki-IT)
• Authentication fixes
  • Fixed database connection leak that could occur via many unsuccessful logins using password login or ORCID login. #11202 (Donated by Atmire)
  • Fixed issues with correctly populating special groups for several authentication methods. #11633 (Donated by 4Science)
  • Fixed bug in Shibboleth authentication where EPerson metadata was not being updated after login. #11568 (Donated by Neki-IT)
  • Fixed bug where the registration page and forgot password page were accessible to authenticated users. #4592 (Donated by 4Science)
  • Support for X.509 certificate authentication has been removed as it appears to be unused and non-functional. #11334
• Integration fixes
  • Fixed bug where import of a Person Entity from ORCID was not working. #11674 (Donated by 4Science)
  • Fixed bug where ORCID Integration would reject a work if it referenced an ISSN that already exists (e.g. an article referencing a journal via SSN). #10738 (Donated by The Library Code)
  • Fixed bug where ORCID queue list would include items that are still in workspace or workflow. #4654 (Donated by Pierre Lasou)
  • Improved mappings between ORCID document type and DSpace's dc.type field #11253 (Donated by Pierre Lasou)
  • Import from PubMed now supports adding your PubMed API Key via a new "pubmed.apiKey" configuration in "external-providers.cfg". #10356 (Donated by Atmire)
  • Fixed bug where OAI-PMH could crash if it encountered forbidden XML characters in metadata. #10721 (Donated by Neki-IT)
  • Fixed OAI-PMH validation errors because of an invalid responseDate. #11129 (Donated by LucasVaroneW)
  • Updated to use version 2 of the ROR (Research Organization Registry) API. #11019 (Donated by Jesiel Viana)
  • Fixed performance of SWORDv2 servicedocument when you have a large number of collections. #10740 (Donated by fribeiro-fccn)
  • Fixed bug where SWORDv2 read/update/delete actions were failing with a 500 error. #11547 (Donated by Marsa Haoua) 
  • Fixed bug where SWORDv1 submission failed if the user was not an Administrator. #8647
  • REST API has been updated to eager load CSRF tokens again, similar to DSpace 7.x. #11154 (Donated by Neki-IT)
• Search Engine Optimization (SEO) fixes
  • Fixed bug where private (non-discoverable) item pages were missing the "noindex" meta tag that tells crawlers to avoid indexing the item. #4835 (Donated by Atmire)
  • Added 'rel="nofollow"' to all search facets on the search page to tell well-behaved bots not to follow those links. #4785 (Donated by Alan Orth)
• Administrative enhancements and fixes
  • Fixed several bugs where Community Administrators would see objects they didn't have permissions on when using the "edit" or "new" sidebar menus. #8916, #8917, #8918 (Donated by Vir Softech)
  • Fixed bug where Item Versioning could fail if special characters were added to the "Summary" field. #4327 (Donated by Jukka Lipka)
  • When creating a new Bundle all custom, non-admin policies are now inherited from the parent Item. #9212 (Donated by The Library Code)
  • Fixed bug where client-side rendering (CSR) of the user interface could fail if the "ui.nameSpace" configuration was customized in "config.*.yml". #4637 (Donated by Milan Majchrak)
  • Fixed bug where backend would fail to startup when "citation-page.enabled_communities" configuration was enabled. #11167 (Donated by Miika Nurminen)
  • Fixed bug where "checker" and "bitstore-migrate" command-line scripts would not save updates / current status if the script was interrupted. #10507 and #10489 (Donated by David Steelman)
  • Fixed bug where "subscription-send" command-line script was not sending updates about restricted items when the user has permissions on those restricted items. #10506 (Donated by dataquest)
  • Fixed bug where "filter-media" command-line script did not understand orientation metadata in jpeg images. #10534 (Donated by 4Science)
  • Fixed bug where running "export" command-line script on an Item in workspace or workflow would return an error even though the export succeeds. #11074 (Donated by Martin Walk)
  • Fixed bug where "solr-export-statistics" command-line script was throwing date-based errors. #11192 (Donated by Daniel Coelho)
  • Fixed open connection leak in "import" command-line script. #10886 (Donated by Atmire)
  • Fixed bug where "cleanup" command-line script would fail if a request-for-copy existed in the database for the deleted bitstream. #9674 (Donated by Atmire)
  • Amazon S3 integration has been updated to use AWS SDK v2. #10819 (Donated by Mark Patton)
  • Removed automated checks for the "pgcrypto" plugin in PostgreSQL. As of PostgreSQL v13, this plugin is supported out-of-the-box and no longer needs to be installed separately. #10853 (Donated by Francisco Carvalho)
  • Fixed issue where some Solr 9 queries would throw a "Query contains too many nested clauses" error. #11475 (Donated by Sascha Szott)
• Fixed other small bugs.  See Changes in 9.x for a list of all changes.

9.2 New/Updated Language support

• Arabic (العربية) language updates donated by Laith Rastanawi (LaisRast)
• Bengali (বাংলা) language updates donated by Md. Topu Raihan (raihantopu)
• Czech (Čeština) language updates donated by dataquest
• French (Français) language updates donated by Pierre Lasou (pilasou)
• Hungarian (Magyar) language updates donated by Nagy Akos (akoscomp)
• Persian (فارسی) language added & donated by Shafi Habibi (sh-habibi)
• Spanish (Español) language updates donated by Arvo Consultores y Tecnología. S.L
• Tamil (தமிழ்) language added & donated by DSquare Technologies
• Ukrainian (Yкраї́нська) language updates donated by Olexandr Shaposhnyk (oshaposhnyk)

9.2 Acknowledgments

The DSpace application would not exist without the hard work and support of its community. Thank you to the many developers who have worked very hard to deliver all the bug fixes and improvements. This release was  entirely volunteer driven!

Development Acknowledgments

A total of 52 unique individuals contributed to 9.2.

Frontend / User Interface Acknowledgments 

The following 27 individuals have contributed directly to the new DSpace (Angular) User Interface in this release  (ordered by number of GitHub commits): Alan Orth (alanorth), Alexandre Vryghem (alexandrevryghem), Tim Donohue (tdonohue), Jesiel Viana (jesielviana), Kim Shepherd (kshepherd), Abhinav Sidharthan (AbhinavS96), Pierre Lasou (pilasou), im-shubham-vish, Francesco Molinaro (FrancescoMolinaro), Jukka Lipka (jlipka), Md. Topu Raihan (raihantopu), Sergio Fernández Celorio (sergius02), Kristof De Langhe (Atmire-Kristof), Daniel Coelho (danielcoelhocgu), Eike Löhden (Leano1998), John Abrahams (jabrah), Kasinhou, Laith Rastanawi (LaisRast), Matus Kasak, Toni Prieto (toniprieto), Zahraa Chreim (ZahraaChreim-Atmire), Nagy Akos (akoscomp), Bram Maegerman (bram-maegerman), Milan Majchrak (milanmajcrak), Nicholas Woodward (nwoodward), William Welling (tamu-sad-iii), Olexandr Shaposhnyk (oshaposhnyk)

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 9.1 (after July 14, 2025) and 9.2 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-07-14

Backend / REST API Acknowledgments 

The following 38 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc.) in this release ( ordered by number of GitHub commits): Tim Donohue (tdonohue), Johnny Mendes do Carmo (JohnnyMendesC), Vincenzo Mecca (vins01-4science), Jesiel Viana (jesielviana), Nicholas Woodward (nwoodward), Alan Orth (alanorth), Miika Nurminen (minurmin), Kim Shepherd (kshepherd), Lucas Varone (LucasVaroneW), Sascha Szott (saschaszott), Alexandre Vryghem (alexandrevryghem), David Steelman (dsteelma-umd), Mark Wood (mwoodiupui), Michele Boychuk (Micheleboychuk), Stefano Maffei (steph-ieffam), Daniel Coelho (danielcoelhocgu), Elios Buzo (eliosbz), Joran De Braekeleer (gingyx), Kristof De Langhe (Atmire-Kristof), Mark Patton (markpatton), Pierre Lasou (pilasou), Zahraa Chreim (ZahraaChreim-Atmire), Abhinav Sidharthan (AbhinavS96), Andreas Czerniak (ACz-UniBi), Francisco Carvalho (ciscocarvalho), Marie Verdonck (MarieVerdonck), Marsa Haoua (marsaoua), Martin Walk (MW3000), Nathan Buckingham (ConfusionOrb221), Paulo Graça (paulo-graca), Piaget Bouaka Donfack (PiagetBouaka), Toni Prieto (toniprieto), Zeroday BYTE (odaysec), fribeiro-fccn, Igor Baptista da Costa (IgorBaptist4), im-shivamb, im-shubham-vish, Jozef Misutka (vidiecan).

The above contributor list was determined based on contributions to the "DSpace" project in GitHub between 9.1 (after July 14, 2025) and 9.2 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-07-14

9.1 Release Notes

DSpace 9.1 provides bug fixes, accessibility & performance improvements to the 9.x platform. No new features are provided.  As such this release should be an easier upgrade for sites already running 9.x.

9.1 Security Fixes

• Fix for CVE-2025-53621 (moderate severity). XML External Entity (XXE) injection possible in import via Simple Archive Format (SAF) or import from external sources. See security advisory or mailing list “security notice” for details.
• Fix for  CVE-2025-53622 (moderate severity). Path traversal vulnerability in Simple Archive Format (SAF) package import via “contents” file. See security advisory or mailing list “security notice” for details.
• This release also many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities have been confirmed in DSpace.

9.1 Major Bug Fixes and Improvements

• Submission / Workflow enhancements and fixes
  • Fixed bug where importing a multi-paragraph abstract from PubMed would result in it being split into many abstracts in DSpace. #10559 (Donated by Atmire)
  • ArXiv importer began failing because its configuration didn't use the HTTPS URL.   #10999  (Donated by Atmire)
  • Alphabetized all external sources in the import dropdown by source name. #10806
• Administrative enhancements and fixes
  • Fixed bug where community/collection subscription emails were not working as an error occurred when running "./subscription-send" #11001 (Donated by Alan Orth)
  • Deleting a Group now requires confirmation (via a confirmation popup). #4389 (Donated by Jukka Lipka)
• Fixed several CSS / style issues found since upgrading to Bootstrap 5. #4538 (Donated by Atmire)
• Fixed a REST API bug where sending a PATCH request for an unknown metadata field could clear all object metadata. (This only impacts REST API and not the UI.) #10961 ( Donated by Atmire)
• Fixed bug where Geospatial Map javascript code was loaded even when it was not used. #4447 (Donated by Atmire)
• Fixed other small bugs.  See Changes in 9.x for a list of all changes.

9.1 New/Updated Language support

• German (Deutsch) language updates donated by Sascha Szott (saschaszott)
• Gujarati (ગુજરાતી) language translations donated by DSquare Technologies
• Hungarian (Magyar) language updates donated by Zoltán Kanász-Nagy (kanasznagyzoltan)
• Marathi (मराठी) language translations donated by DSquare Technologies
• Portuguese (Português) language updates donated by Ricardo Saraiva (rsaraivac)
• Russian (Русский) language translations donated by Arvo Consultores

9.1 Acknowledgments

The DSpace application would not exist without the hard work and support of its community. Thank you to the many developers who have worked very hard to deliver all the bug fixes and improvements. This release was  entirely volunteer driven!

Development Acknowledgments

A total of 19 unique individuals contributed to 9.1.

Frontend / User Interface Acknowledgments 

The following 9 individuals have contributed directly to the new DSpace (Angular) User Interface in this release  (ordered by number of GitHub commits):  Jukka Lipka (jlipka), Alexandre Vryghem (alexandrevryghem), Yury Bondarenko (ybnd), Sergio Fernández Celorio (sergius02), Gaurav Patel (GauravD2t), Kim Shepherd (kshepherd), Ricardo Saraiva (rsaraivac), Sascha Szott (saschaszott), Zoltán Kanász-Nagy (kanasznagyzoltan).

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

Backend / REST API Acknowledgments 

The following 14 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc.) in this release ( ordered by number of GitHub commits): Kim Shepherd (kshepherd), Tim Donohue (tdonohue), Alan Orth (alanorth), Michele Boychuk (Micheleboychuk), Max Nuding (max-nuding), Abhinav Sidharthan (AbhinavS96), Sascha Szott (saschaszott), Jens Vannerum (jensvannerum), Marcin Miłosz (MMilosz), Mark Wood (mwoodiupui), Yury Bondarenko (ybnd), Adamo Fapohunda (AdamF42),  Alexandre Vryghem (alexandrevryghem), Francisco Carvalho (ciscocarvalho), Jens Vannerum (jensvannerum).

The above contributor list was determined based on contributions to the "DSpace" project in GitHub between 9.0 (after May 23, 2025) and 9.1 using "git shortlog" on the dspace-9_x branch and excluding all merge commits: git shortlog -s -n -e --no-merges --since 2025-05-23

9.0 Release Notes

DSpace 9.0 is a major release of the DSpace platform.  It provides new features and improvements, along with bug fixes.  You should be aware that all major releases may provide some "breaking changes" (major changes that may impact your local customizations).

Security Fixes

• Fix possible "Zip Slip" in SWORDv2 ingest process. This potential issue was found via an automated code scan and no exploit has been confirmed. See #10725
• This release also includes many dependency updates in order to keep all DSpace sites secure. Some of these updates patch vulnerabilities that have been reported by those dependencies. But no exploits of these vulnerabilities have been confirmed in DSpace.

New User Features

• OpenAlex integration. DSpace now supports importing content (via MyDSpace) from OpenAlex.org.  The DSpace Publication Claim feature also now supports importing Publications related to a Researcher Profiles, provided that the profile has an OpenAlex ID.  Additional screenshots & examples at #10433 (Donated by 4Science and University of Cambridge with additional funding from the Vietsch Foundation)
• Support for tracking usage statistics via Matomo (a Google Analytics alternative). DSpace can now integrate with Matomo Analytics, in order to track usage statistics, search statistics and downloads. This integration requires an existing Matomo account or instance.  See screenshots at #10435 (Donated by 4Science with additional funding from University of Maryland  )
• ORCID Login flow is improved. Users logging in via ORCID can now merge their ORCID login with an existing DSpace login.  Users can also login via ORCID without sharing their email from their ORCID account to DSpace.  See #9849 for more details (Donated by 4Science and Lyrasis with additional funding from ORCID's Global Participation Fund)
• Support for SAML authentication. DSpace now includes a SAML Authentication Plugin, which can be configured to allow your DSpace site to use an external SAML IdP. See also #9470 and #9438 for more details (Donated by DSpaceDirect)
• Request a Copy now supports sending a secure download link for larger files.  Files under a (configurable) size threshold are still attached in requests.  But, larger files now send a secure (auto-expiring) link to allow the requester to download the file.  See also #3984 (Built by The Library Code, funded by Technische Universität Berlin)
• ALTCHA captcha protection is now supported.  At this time, ALTCHA is only used by the (updated) Request a Copy feature.  It may be extended to other features in the future.  See CAPTCHA Verification. (Donated by The Library Code)
• Health page now includes an "SEO" validation check. A basic check of your DSpace site's Search Engine Optimization is now available on your Health page (/health) in the Admin sidebar.  This SEO report checks that your sitemap is visible, your robots.txt is visible and that you have SSR (Server Side Rendering) enabled. #10485 (Donated by Atmire)
• Embargo release dates for embargoed files are now displayed on the Item page. The user interface includes a new "showAccessStatuses" configuration for bitstreams on the Item page.  When enabled, all embargoed files will display a badge (on the Item page) which contains the date the embargo expires. Screenshots can be found in the comments of #3882 (Donated by  Université Laval)
• Support for Geospatial maps, including browsing and searching. If any Items/Entities include geospatial data in the "dcterms.spatial" metadata field (or similar), then new "geospatialMapViewer" settings now provide ways to interact with this data via maps. This includes options to display a map of the location on the Item page, view search results on a map, or browse geospatial data via a map. See #3540 (Donated by The Library Code)
• The default tab on Community/Collection pages is now configurable. By default it will still be the "Search" tab, but it can be modified using the new "defaultBrowseTab" setting under the "community" or "collection" configurations in your config.*.yml. See also #3164 (Donated by Abel Gomez)
• Accessibility Settings can be customized by users. Basic accessibility settings like Notification (popup) timeouts and ARIA Live Region timeouts can now be customized by each user of your site via the "Accessibility Settings" link in the footer.  This allows users more control over how long confirmation and error messages are displayed. (Donated by Atmire)
• The "Edit Item → Metadata" tab now supports a dropdown for "dspace.entity.type" field. In previous versions, this field was free-text, but now only valid Entity types can be selected.  Metadata field code was also refactored on this page. See #3722 (Donated by Atmire)
• CSV Export from Admin Report.  The Administrator Reports (Beta feature) now supports CSV export.  After running a report, next to the results is export button that allows you to export those results to a CSV.  See  #4071 (Donated by  Université Laval)
• Bitstream Storage (assetstore) now supports Apache JClouds, supporting many cloud providers. See Configuring JCloudstore for Asset Storage documentation and #9915 (Donated by Atmire)  WARNING: Unfortunately, just after the 9.0 release, Apache JClouds was retired by Apache and will no longer be supported.  We do not recommend using it for DSpace as we'll have to remove it in a future version.
• Creative Commons license display now uses the backend configuration. The existing "cc.license.name" and "cc.license.url" configurations on the backend are now used by the frontend to determine which metadata field(s) to use for display of the CC license on the Item page. See #3165 (Donated by Abel Gomez)

Breaking Changes

The following major changes may negatively impact or "break" your local customizations to prior versions of DSpace.  Please be aware of them before upgrading.

• Migration from Yarn to NPM. The DSpace User Interface MUST now be built using "npm" commands instead of "yarn".  In most situations the command is the same with "npm" replacing "yarn". All DSpace documentation, including the Upgrading DSpace and Installing DSpace guides now provide the appropriate "npm" commands. Yarn can be uninstalled completely as it is no longer necessary. #3173 (Donated by Alan Orth)
• Frontend configuration "ssr > paths" has been replaced by "ssr > excludePathPatterns".  In DSpace 7.6.3 and 8.1, it was possible to only enable SSR (server-side rendering) for specific User Interface paths (configured by the "ssr > paths" configuration in your "config.*.yml" file.  This setting has been replaced by the inverse configuration, which allows you to exclude specific paths from SSR.  See "excludePathPatterns" in the "ssr" section of the User Interface Configuration and #4227 (Donated by 4Science)
  • This change was necessary to fix an SEO bug where error pages and Handle redirects would return "200 OK" responses when the prior configuration ("ssr > paths") was used.  See #4132 and #4042
• HTML Templates now require "Control Flow" syntax. The user interface now uses Angular Control Flow syntax in all HTML Templates ("*.component.html" files).  This means that all usages of "ngIf" and "ngFor" are now replaced with their equivalent "control flow" syntax (e.g. "@if" and "@for").  This may impact your site during your upgrade if you've customized the HTML of DSpace (either in the source code directly or in custom themes). During your upgrade you will need to migrate your custom HTML files to use "control flow" syntax. You may be able to perform this migration via automated migration tools provided by Angular.  See #3997 (Donated by 4Science) 
• Bootstrap 5 is now used by all themes.  As Bootstrap 4 is now end-of-life, all DSpace themes (including default) have been updated to use Bootstrap 5.  If you have done custom theming, you may need to migrate your themes to Bootstrap 5.  For example changes made to DSpace themes see #3506  (Donated by Atmire)
• Apache Solr 9.x is now required on the backend. As Apache Solr version 8.x is now end-of-life, the DSpace backend now requires using Solr 9.x. See the Upgrading DSpace guide or Installing DSpace guide for more about Solr 9 requirements. #10627
• PDF Citation Cover Page has been updated to use a Thymeleaf HTML Template. If you have this feature enabled in your DSpace, you may wish to modify the default HTML template.  This template will give you more control over the look of your cover pages. (Donated by The Library Code)
• Backend Java code no longer uses "java.util.Date" or "java.util.Calendar".  This is less likely to impact most institutions, but if you've heavily customized the backend  (Java code), you may need to update any customized code that previously used java.util.Date  or java.util.Calendar to instead use the modern java.time.*  Date classes.  See #10432
• Corrected spelling of two "reinstate" configurations in dspace.cfg.  In prior versions of DSpace, two configurations had an incorrect spelling of "reinstate": "core.authorization.community-admin.item.reinstatiate" and "core.authorization.collection-admin.item.reinstatiate".  These are now correctly spelled as "core.authorization.community-admin.item.reinstate" and "core.authorization.collection-admin.item.reinstate".  If you are using these configurations in your local.cfg, you must also correct their spelling.
• (Also included in v8.1 and v7.6.3) DSpace has a new, separate command-line log file ([dspace]/log/dspace-cli.log-[date]) for logging the output/results of any scripts that are started from the command-line.  The DSpace backend web application still logs to dspace.log-[date] in the same directory.  You may need to update any local/custom log management scripts to include this new log file.
  • This change was necessary to fix a major bug where the backend webapp would sometimes stop logging if a "logrotate" was triggered. See #9832 

Major Updates and Improvements

• General user enhancements and fixes
  • Search filters now include "Access Type" filter, which allows you to filter by open access, metadata only, etc. #10434 (Donated by Paulo Graça)
  • RSS/Atom feeds are now available for search results, allowing you to subscribe to a search via RSS. #2489 (Donated by Atmire)
  • Added ability for users to reject the "Correlation ID" cookie, tracked in the backend's logs for debugging purposes. #3889 (Donated by 4Science)
  • Fixed search bug where stale data could sometimes be returned. #3888 (Donated by Atmire)
  • Fixed bug where access restricted thumbnails were not shown to users who have proper access rights. #4165 (Donated by Atmire)
  • Fixed statistics bug where "view" events could be sent twice when using scoped themes. #4099 (Donated by Atmire)
  • Fixed bug where sorting in descending order on Browse by Author may result in an error. #10519 (Donated by Toni Prieto)
• Submission / Workflow enhancements and fixes
  • Project Entities can now be imported from DataCite #9636 (Donated by Florian Gantner)
  • Fixed caching issues that could occur on MyDspace page when switching between views. #4205 (Donated by 4Science)
  • Fixed issue where search filters could disappear from MyDSpace page. #4097 (Donated by Arvo Consultores)
  • Fixed infinite loading issue that could occur on submission forms. #4060 (Donated by Atmire)
  • Fixed bug where an admin could not upload a bitstream to an item in workflow when impersonating a user. #4288 (Donated by 4Science)
  • Fixed bug where fields of type "name" in submission forms could not be deleted properly. #4073 (Donated by Atmire)
  • Improved proxy support for all external sources/APIs. All external connections should now use the DSpace Proxy Configuration. See also #10639 (Donated by 4Science)
• Administrative enhancements and fixes
  • Edit menus on all community, collection, item pages are now dropdowns. #3994 (Donated by Atmire)
  • Fixed bug where CSV import (Batch Metadata Import) was not compatible with Controlled Vocabularies. #9749 (Donated by Atmire)
  • Fixed bug where Processes page wasn't properly supporting integer parameters. #4273 (Donated by 4Science)
  • Fixed bug where list of bitstreams on "Edit Item > Bitstreams" tab would be duplicated when using pagination. #4015 (Donated by Atmire)
  • COAR Notify was not fully adhering to the "Request Endorsement" pattern supported by PCI (https://peercommunityin.org/). #10053 (Donated by Agustina Martinez)
  • Fixed issued where Collection Admins could not add new policies to bitstreams. #10688 (Donated by 4Science)
  • Fixed issued where Collection Admins could not view metadata of withdrawn items. #10668 (Donated by 4Science)
  • Fixed pagination issue with Bulk Access Control script/page which could cause duplicate policies to be created. #10697 (Donated by 4Science)
  • Fixed issue where Handles were not stored for communities & collections when `VersionedHandleIdentifierProviderWithCanonicalHandles` provider was enabled. #10240 (Donated by Atmire)
• Performance/stability improvements:
  • Limited the number of Items that can be exported at once to 500.  This limit is configurable on backend via "bulkedit.export.max.items " #10030 (Donated by Atmire)
  • Fixed issue where login endpoints to REST API didn't always close their database connection after login action was completed. #10598 (Donated by Atmire)
  • OpenSearch now limits its results per page to 100, though it is configurable via "websvc.opensearch.max_num_of_items_per_request" setting. #10549 (Donated by Sascha Szott)
  • Fixed performance issue with "import-loader-suggestions" script when run on a large repository. #10719 (Donated by 4Science)
  • Indexing improvements to the "index-discovery" script when your site has a larger number of relationships (between entities). #10351 (Donated by Atmire)
  • Fix bug when DSpace could fail to startup when ORCID connections failed (if ORCID is enabled). #9876 (Donated by The Library Code)
• Accessibility improvements:
  • Truncated abstracts now use ellipsis for truncation instead of fading out. #4341 (Donated by 4Science)
  • Improved screen reader accessibility for header and recent submissions. #4335 (Donated by Atmire)
  • Enhanced keyboard navigation on several pages. #4244 (Donated by eScire)
  • Fixed small screen display issues in footer and full item page. #4218 (Donated by Jesiel Viana)
• OpenAIRE v4 compliance improvements to both the OpenAIRE submission forms and the OAI-PMH "oai_openaire" metadata format. #10128 (Built by Atmire, funded from Ireland's National Open Research Forum (NORF) under the 2022 Open Research Fund))
• Klaro cookie settings popup was replaced with Orejime.  Orejime provides better accessibility and is better maintained. #2718 (Donated by 4Science)
• OAI-PMH templating has moved from using JTwig to Thymeleaf.  This also fixes errors thrown by the root page (/server/oai) since 8.x. See #10563 (Donated by Kim Shepherd)
• Includes all bug fixes and accessibility fixes also included in the 8.1 release.
• Fixed a large number of other small bugs.  See Changes in 9.x for a list of all changes.
• Major dependency updates: Frontend updated to Angular 18 and Bootstrap 5. (Both donated by Atmire)

New/Updated Language support

• Catalan (Català) language updates donated by Toni Prieto
• French (Français)   language updates donated by Pierre Lasou (pilasou) and Carolyn Sullivan (Peredwel)
• German (Deutsch) language updates donated by The Library Code
• Hindi ( हिंदी) language updates donated by DSquare Technologies
• Polish (Polski) language updates donated by PCG Academia
• Portuguese (Português) language updates donated by Ricardo Saraiva (rsaraivac) and Paulo Graça (paulo-graca)

9.0 Acknowledgments

DSpace 9.0 had 404,852 lines of code changed and 89 unique individuals contributing to either the frontend or backend.

Frontend / User Interface Acknowledgments

The following 66 individuals have contributed directly to the new DSpace (Angular) User Interface in this release (ordered by number of GitHub commits): Alexandre Vryghem (alexandrevryghem), Andreas Awouters (AAwouters), Tim Donohue (tdonohue), Francesco Molinaro (FrancescoMolinaro), Sascha Szott (saschaszott), Andrea Barbasso (AndreaBarbasso), Kim Shepherd (kshepherd), Andrea Guevara (Andrea-Guevara), Alan Orth (alanorth), Jens Vannerum (jensvannerum), Giuseppe Digilio (atarix83), Yana De Pauw (YanaDePauw), Pierre Lasou (pilasou), Milan Majchrak (milanmajchrak), Alisa Ismailati (alisaismailati), Vincenzo Mecca (vins01-4science), Dan Gastardelli (DanGastardelli), Abel Gómez (abelgomez), Art Lowel (artlowel), Yury Bondarenko (ybnd), Adamo Fapohunda (AdamF42), Ricardo Saraiva (rsaraivac), Simone Ramundi (Simone-Ramundi), Michał Dykas (michdyk), Toni Prieto (toniprieto), Victor Hugo Duran Santiago (VictorHugoDuranS), Paulo Graça (paulo-graca), Nicolas Boulay (nibou230), Emmanuel Pastor (pastr), Jesiel Viana (jesielviana), Zahraa Chreim (ZahraaChreim-Atmire), Julia Gilmore (alphapetjg), Kristof De Langhe (Atmire-Kristof),  Igor Baptista (IgorBaptist4), Krzysztof Kubiak (pcg-kk), Koen Pauwels (KoenP), Joran De Braekeleer (gingyx), Zoltán Kanász-Nagy (kanasznagyzoltan), Mohana Sarmiento (msarmie), Yannick Paulsen (YPaulsen-TLC), Lotte Hofstede (LotteHofstede), Nicholas Woodward (nwoodward), Arta Seyedian (aseyedia), Elvi Nemiz (eulereadgbe), Miika Nurminen (minurmin), Oscar Chacón (oscar-escire), Sergio Fernández Celorio (sergius02), Vladzislav Novski (vNovski), Alfeu Tavares (autavares-dev), Gaurav Patel (GauravD2t), Agustina Martinez (amgciadev), Bridget Almas (balmas), Carolyn Sullivan (Peredwel), Florian Gantner (floriangantner), Michael Spalti (mspalti), Mohamed Ali (mohamedali654321), Nima Behfourouz (nimabehforouz), Nona Luypaert (nona-luypaert), Abhinav Sidharthan ( AbhinavS96), Jean-François Morin (jeffmorin), Christian Clauss (cclauss), Drew Heles (dheles), Mattia Vianelli (Sondissimo), Nathan Buckingham (ConfusionOrb221), Ray Lee (ray-lee), Escalante Guillermo (guillermo2519).

The above contributor list was determined based on contributions to the "dspace-angular" project in GitHub between 8.0 (after June 21, 2024) and 9.0 using "git shortlog" on the main branch and excluding all merge commits: 
git shortlog -s -n -e --no-merges --since 2024-06-21

Backend / REST API Acknowledgments

The following 58 individuals have contributed directly to the DSpace backend (REST API, Java API, OAI-PMH, etc) in this release (ordered by number of commits): Tim Donohue (tdonohue), Kim Shepherd (kshepherd), Sascha Szott (saschaszott), Adamo Fapohunda (AdamF42), Vincenzo Mecca (vins01-4science), Jens Vannerum (jensvannerum), Mark Wood (mwoodiupui), Giuseppe Digilio (atarix83), Nona Luypaert (nona-luypaert), Ray Lee (ray-lee), Stefano Maffei (steph-ieffam), Agustina Martinez (amgciadev), Nathan Buckingham (ConfusionOrb221), Florian Gantner (floriangantner), Kristof De Langhe (Atmire-Kristof), Toni Prieto (toniprieto), Nicolas Boulay (nibou230), Alfeu Tavares (autavares-dev), Igor Baptista (IgorBaptist4), Andrei Alesik (AndrewAlesik), Elios Buzo, Alphonse Bendt (abendt), Paulo Graça (paulo-graca), Jukka Lipka (jlipka), Mark Diggory (mdiggory), Alexandre Vryghem (alexandrevryghem), Christian Clauss (cclauss), Marie Verdonck (MarieVerdonck), Michele Boychuk (Micheleboychuk), Jesiel Viana (jesielviana), Mikhail Schastlivtsev (schastlivcev), Pierre Lasou (pilasou), Yury Bondarenko (ybnd), Bram Luyten (bram-atmire), Brian Keese (bkeese), Eike Löhden (Leano1998), Kevin Van de Velde (KevinVdV), Koen Pauwels (KoenP), Oscar Chacón (oscar-escire), Mohamed Eskander (eskander17), Nicholas Woodward (nwoodward), Alan Orth (alanorth), Chris Wilper (cwilper), David Steelman (dsteelma-umd), Mark Cooper (mark-cooper), Pascal-Nicolas Becker (pnbecker), Yana De Pauw (YanaDePauw), James Sullivan (jameswsullivan), Abel Gómez (abelgomez), Andreas Awouters (AAwouters), Drew Heles (dheles), Martin Walk (MW3000), Mattia Vianelli (Sondissimo), Piaget Bouaka Donfack (PiagetBouaka), Zahraa Chreim (ZahraaChreim-Atmire), Abhinav Sidharthan (AbhinavS96), Jean-François Morin (jeffmorin), Max Nuding (hutattedonmyarm).

The above contributor list was determined based on contributions to the "DSpace" project in GitHub between 8.0 (after June 21, 2024) and 9.0 using "git shortlog" on the main branch and excluding all merge commits: 
git shortlog -s -n -e --no-merges --since 2024-06-21

Additional Thanks

Additional thanks to our DSpace Leadership Group and DSpace Steering Group for their ongoing DSpace support and advice.

Thanks also to the various developer & community Working Groups who have worked diligently to help make DSpace 9 a reality. These include:

• DSpace Developers Team - This volunteer-based team leads the development of new releases. Anyone is welcome to join the Developer Meetings
• DSpace Community Advisory Team (DCAT) - This team helped organize/lead the DSpace 9.0 Testathon (to bang on the system to find any last bugs), and they also provided us with advice on features, etc.

We apologize to any contributor accidentally left off this list. DSpace has such a large, active development community that we sometimes lose track of all our contributors. Acknowledgments to those left off will be made in future releases.