Latest Release

Try it out! If you'd just like to try out the latest version of DSpace, visit  This demo installation provides a sandbox where you can try out DSpace at any account level, from administrator to depositor. Login details are available on the homepage of either the XMLUI or JSPUI of this sandbox instance.

DSpace 5.4 can be downloaded from GitHub (dspace-5.4 release).  Release Notes are available at DSpace 5.x Release Notes. Documentation is available at DSpace 5.x Documentation.

DSpace 5.4 is a bug fix release to the 5.x platform. Beginning with DSpace 5.x, we now provide an easier upgrade process from any prior version of DSpace (1.x.x, 3.x or 4.x).

5.4 Security and Bug Fixes

The 5.4 Release provides security fixes to the JSPUI, along with significant bug fixes and memory usage enhancements to the 5.x platform in general.

Major bug fixes include:

  • JSPUI security fixes
    • [MEDIUM SEVERITY] Cross-site scripting (XSS injection) is possible in JSPUI search interface (in Firefox web browser).
    • [LOW SEVERITY] Expression language injection (EL Injection) is possible in JSPUI search interface.
  • Google Scholar fix:
    • Google Scholar metadata did not guarantee proper ordering of authors (DS-2679)
  • Search / Browse fixes (Discovery/Solr) for both JSPUI and XMLUI:
    • Resolved a significant memory leak when searching/browsing (gradual leak) (DS-2869)
    • Resolved a significant memory spike when reindexing (only triggered when running "index-discovery" with no arguments) (DS-2832)
    • Fixes to allow fielded or boolean searches to work once again (DS-2699, DS-2803)
    • Solr logging was broken. It did not properly log to the "[dspace]/log/solr.log" files (DS-2790)
  • OAI-PMH fixes:
    • Upgraded the XOAI library to 3.2.10 to resolve several issues
    • OAI did not support harvesting by date (YYYY-MM-DD) without a time (DS-2524, DS-2542
    • OAI getRecord was wrongly including all virtual sets (DS-2573)
    • OAI was ignoring the "dspace.oai.url" setting in "oai.cfg" (DS-2744)
  • REST API fixes:
    • /handle not reflecting updates (DS-2692)
    • /collections/<id>/items ignores offset parameter (DS-2719)
    • login/logout thread safety (DS-2830)
  • Deposit/Submission fixes:
    • Fix issue where if PubMed server is down submission lookup fails (DS-2813)
    • JSPUI: Allow reviewers to upload files (DS-2814)
  • Minor fixes to XMLUI Mirage2 theme

For much more information on each of these and other fixes, please visit our DSpace 5.x Release Notes.

5.3 Security and Bug Fixes

The 5.3 Release provides security and bug fixes to the 5.x platform for Search/Browse, OAI-PMH, Authorization, and other general fixes.

Major bug fixes include:

  • Security fixes:
    • [LOW SEVERITY] Possible to access files attached to "in-progress" submissions via a direct link.
  • OAI fixes:
    • Performing a full OAI import now also cleans the OAI cache (DS-2543)
    • Harvested items are now properly imported in OAI (DS-2554)
    • Tombstones (deleted item status) are now properly applied for withdrawn items (DS-2593)
      (note: this requires 'import' to be run, the OAI event consumer will not create tombstones automatically)
    • is now properly exposed when using the mets metadata format (DS-2598)
  • Search and browse fixes:
    • Solr and Lucene special characters no longer cause search errors (DS-2339DS-2461DS-2472
    • Resolved issues jumping to values when browsing by item or date (DS-2571DS-2602)
  • Authorization policy fixes:
    • Custom policies for items in workspace or workflow (eg. embargo lifts) are now ignored by AuthorizeManager (DS-2614)
    • NULL Resource Policy types (commonly found when upgrading from DSpace < 3.0) are now handled correctly by AuthorizeManager (DS-2587)
    • Item-level versioning now carries across all custom policies in new item versions (eg. embargos) (DS-2358)
  • Other notable fixes:
    • Optimized "Select Collection" query is now disabled by default as a workaround to ensure special group lookups (LDAP, Shibboleth) work out-of-the-box (DS-2673)
    • Resolved issue where citation_pdf_url metadata was NULL for items with multiple bitstreams but no primary bitstream (DS-2603)
    • dc.rights metadata is now properly exposed in embedded XHTML head DC (DS-2568)

For much more information on each of these and other fixes, please visit our DSpace 5.x Release Notes.

5.2 Bug Fixes

The 5.2 Release provides bug fixes to the 5.x platform for Solr Statistics, OAI-PMH, REST API, and both user interfaces (XMLUI and JSPUI).

Major bug fixes include:

  • Solr statistics upgrade fixes
    • Resolve issues where index data was not being properly upgraded (DS-2486, DS-2487, DS-2489)
    • Failure when "sharding" the Solr statistics index (DS-2212)
  • OAI fixes
    • Handle dates correctly in resumption tokens, so that harvesting captures the full specified range. (DS-2546, DS-2582)
    • List all authors in METS formatted metadata. (DS-2474)
    • Change the declared OAI deletion mode to "transient", which corresponds to what DSpace actually does. (DS-2491)
    • Restore the ability to create additional Filters for OAI-PMH interface. (DS-2423)
  • REST API fixes
    • Wrong SQL in REST /items/find-by-metadata-field. (DS-2501)
    • Listing collections would fail when using Oracle DB. (DS-2508)
    • Correctly apply bitstream policies.  (DS-2511)
  • Other notable fixes:
    • "dspace update-handle-prefix" failed when using Oracle DB. (DS-2218)
    • Do not index items that are still in a submitter's workspace. (DS-2403)
    • Remember the context (community, collection) during browsing. (DS-2482)
    • Better handle upload of file with a semicolon in its name. (DS-2513)
    • EZID DOI minting properly sets the URI of the identified item. (DS-2518)
    • Update of the list of robots recognized by DSpace. (DS-2531)

For much more information on each of these and other fixes, please visit our DSpace 5.x Release Notes.

5.1 Security and Bug Fixes

The 5.1 Release provided several security fixes to both the XMLUI and JSPUI.

The security fixes included:

  • [High Severity] XMLUI (since version 1.5.2) was vulnerable to full path/directory traversal attacks
  • [Medium Severity] JSPUI (all versions) was vulnerable to limited path/directory traversal attacks
  • [Low Severity] JSPUI (since version 1.5.x) was vulnerable to cross-site scripting (XSS injection) attacks in Recent Submissions.
  • [Low Severity] JSPUI (since version 3.x) was vulnerable to cross-site scripting (XSS injection) attacks in Discovery Search Results.

We recommend that all DSpace users consider upgrading to 3.4, 4.3 or 5.1 (or later) to ensure their DSpace site is secure.

Much more information on these security vulnerabilities is available in the DSpace 5.x Release Notes.  DSpace 5.1 also resolves several minor bugs in the 5.x platform.

5.x New Features and Improvements




For much more information on each of these features or improvements, please visit our 5.x Release Notes.

A detailed list of all changes in this release is also available in the 5.x Version History section of the online DSpace 5.x Documentation.


Latest online DSpace Documentation

Other Documentation:



The DSpace application would not exist without the hard work and support of the community. Thank you to the many developers who have worked very hard to deliver all the new features and improvements. Also thanks to the users who provided input and feedback on the development, as well those who participated in the testathons.

We especially would like to thank the 5.x Release Team.  For 5.0, the release team consisted of Peter Dietz (Longsight), Hardy Pottinger (University of Missouri Library Systems), Ivan Masár, Mark Wood (IUPUI), Robin Taylor (University of Edinburgh), and Pascal-Nicolas Becker (Technische Universität Berlin). The 5.1 release was led by Tim Donohue (DuraSpace) and the Committers. The 5.2 release was led by Hardy Pottinger (University of Missouri Library Systems) and the Committers. The 5.3 release was led by Kim Shepherd (University of Auckland Library) and the Committers.

A detailed listing of all known people/institutions who contributed directly to DSpace 5.x is available in the Release Notes. (If you contributed and were accidentally not listed, please let us know so that we can correct it!)

For DSpace 5.0, we had a total of 56 individuals contribute code, bug reports, and bug fixes. A big thanks goes out to everyone who participated. We hope you'll continue to be a valuable addition to the DSpace community for the next release and beyond!



YourKit is kindly supporting open source projects with its full-featured Java Profiler. YourKit, LLC is the creator of innovative and intelligent tools for profiling Java and .NET applications. Take a look at YourKit's leading software products: YourKit Java Profiler and YourKit .NET Profiler.