Merge backend dspace8.3 into UoEMainLibrary-dspace-8_x#10
Merged
dspeed2 merged 1553 commits intoUoEMainLibrary-dspace-8_xfrom Mar 16, 2026
Merged
Merge backend dspace8.3 into UoEMainLibrary-dspace-8_x#10dspeed2 merged 1553 commits intoUoEMainLibrary-dspace-8_xfrom
dspeed2 merged 1553 commits intoUoEMainLibrary-dspace-8_xfrom
Conversation
Avoid injection vulnerability in controlled vocabulary lookup 8_x
Bumps the build-tools group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) | `2.38.0` | `2.39.0` | | [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) | `2.38.0` | `2.39.0` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.5.0` | `3.6.0` | | [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.2.7` | `3.2.8` | | [org.codehaus.mojo:license-maven-plugin](https://github.com/mojohaus/license-maven-plugin) | `2.5.0` | `2.6.0` | Updates `com.google.errorprone:error_prone_core` from 2.38.0 to 2.39.0 - [Release notes](https://github.com/google/error-prone/releases) - [Commits](google/error-prone@v2.38.0...v2.39.0) Updates `com.google.errorprone:error_prone_annotations` from 2.38.0 to 2.39.0 - [Release notes](https://github.com/google/error-prone/releases) - [Commits](google/error-prone@v2.38.0...v2.39.0) Updates `com.google.errorprone:error_prone_annotations` from 2.38.0 to 2.39.0 - [Release notes](https://github.com/google/error-prone/releases) - [Commits](google/error-prone@v2.38.0...v2.39.0) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.0) Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.2.7 to 3.2.8 - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8) Updates `org.codehaus.mojo:license-maven-plugin` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/mojohaus/license-maven-plugin/releases) - [Commits](mojohaus/license-maven-plugin@2.5.0...2.6.0) --- updated-dependencies: - dependency-name: com.google.errorprone:error_prone_core dependency-version: 2.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: com.google.errorprone:error_prone_annotations dependency-version: 2.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: com.google.errorprone:error_prone_annotations dependency-version: 2.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-version: 3.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-tools - dependency-name: org.codehaus.mojo:license-maven-plugin dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools ... Signed-off-by: dependabot[bot] <support@github.com>
…tion. Once enabled, a broken test was found & fixed in WorkflowItemRestRepositoryIT.
…_x/build-tools-6b6491e6e1 Bump the build-tools group across 1 directory with 5 updates
…_x/test-tools-23e08ff3a5 Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 in the test-tools group
…_x/org.apache.james-apache-mime4j-core-0.8.13 Bump org.apache.james:apache-mime4j-core from 0.8.12 to 0.8.13
(cherry picked from commit 588c4ef)
[Port dspace-8_x] Add basic logging tests to our docker deployment script in GitHub actions
[Port dspace-8_x] Simple Log4j tests with in-memory log appender
…necessary so that Spring / Hibernate don't auto-switch timezones when reading from database.
…_x/spring-7f417dc251 Bump the spring group across 1 directory with 25 updates
Bumps the hibernate group with 3 updates: [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm), [org.hibernate.orm:hibernate-jpamodelgen](https://github.com/hibernate/hibernate-orm) and [org.hibernate.orm:hibernate-jcache](https://github.com/hibernate/hibernate-orm). Updates `org.hibernate.orm:hibernate-core` from 6.4.8.Final to 6.4.10.Final - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.4.10/changelog.txt) - [Commits](hibernate/hibernate-orm@6.4.8...6.4.10) Updates `org.hibernate.orm:hibernate-jpamodelgen` from 6.4.8.Final to 6.4.10.Final - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.4.10/changelog.txt) - [Commits](hibernate/hibernate-orm@6.4.8...6.4.10) Updates `org.hibernate.orm:hibernate-jcache` from 6.4.8.Final to 6.4.10.Final - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.4.10/changelog.txt) - [Commits](hibernate/hibernate-orm@6.4.8...6.4.10) Updates `org.hibernate.orm:hibernate-jpamodelgen` from 6.4.8.Final to 6.4.10.Final - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.4.10/changelog.txt) - [Commits](hibernate/hibernate-orm@6.4.8...6.4.10) Updates `org.hibernate.orm:hibernate-jcache` from 6.4.8.Final to 6.4.10.Final - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.4.10/changelog.txt) - [Commits](hibernate/hibernate-orm@6.4.8...6.4.10) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.4.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: hibernate - dependency-name: org.hibernate.orm:hibernate-jpamodelgen dependency-version: 6.4.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: hibernate - dependency-name: org.hibernate.orm:hibernate-jcache dependency-version: 6.4.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: hibernate - dependency-name: org.hibernate.orm:hibernate-jpamodelgen dependency-version: 6.4.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: hibernate - dependency-name: org.hibernate.orm:hibernate-jcache dependency-version: 6.4.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: hibernate ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the apache-commons group with 2 updates: [org.apache.commons:commons-compress](https://github.com/apache/commons-compress) and [org.apache.commons:commons-csv](https://github.com/apache/commons-csv). Updates `org.apache.commons:commons-compress` from 1.27.1 to 1.28.0 - [Changelog](https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-compress@rel/commons-compress-1.27.1...rel/commons-compress-1.28.0) Updates `org.apache.commons:commons-csv` from 1.14.0 to 1.14.1 - [Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-csv@rel/commons-csv-1.14.0...rel/commons-csv-1.14.1) --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: apache-commons - dependency-name: org.apache.commons:commons-csv dependency-version: 1.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: apache-commons ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.9.3.0 to 4.9.3.2. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.3.0...spotbugs-maven-plugin-4.9.3.2) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-version: 4.9.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…_x/hibernate-09226aa1fb Bump the hibernate group with 3 updates
…_x/com.github.spotbugs-spotbugs-maven-plugin-4.9.3.2 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.2
…_x/apache-commons-592043e7a6 Bump the apache-commons group with 2 updates
Fixes the checkpointing for bitstore migration by actually committing the changes to the database. Replacing "dispatchEvents" with "commit" as testing has shown that this is necessary to ensure that the status of bitstreams is properly updated when the bitstore migration is interrupted. The provided integration tests fail if bitstreams successfully migrated before the interruption are not properly recorded in the database as being in the destination assetstore. (cherry picked from commit 3d7c458)
[Port dspace-8_x] Fix checkpointing for bitstore migration
Also shifted some resource policy methods from ItemService to AuthorizeService as they seemed better suited there. (cherry picked from commit 924678a)
[Port dspace-8_x] Inherit custom, non-admin policies when creating new bundles
Handle SELF and PART_OF identifiers properly based on configuration, work type, and identifier type (cherry picked from commit ad82b31)
(cherry picked from commit 1b864e6)
[Port dspace-8_x] ORCID Push: Fix SELF and PART_OF external identifier handling
…v2 test. (cherry picked from commit 0589011)
…pdateDSpaceObject" after calling "finishCreateItem" as the latter saves the object and removes submitter privileges from it. (cherry picked from commit c2d0589)
[Port dspace-8_x] Enhance SWORDv1 Integration Tests & fix WRITE Permissions error for submitters
…dates Bumps the build-tools group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) | `4.9.6` | `4.9.8` | | [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) | `3.4.2` | `3.5.0` | | [org.apache.maven.plugins:maven-war-plugin](https://github.com/apache/maven-war-plugin) | `3.4.0` | `3.5.0` | | [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.6.0` | `4.9.8.2` | | [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) | `3.7.1` | `3.8.0` | | [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) | `3.3.1` | `3.4.0` | | [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.1` | `3.4.0` | | [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.13` | `0.8.14` | | [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `3.1.1` | `3.2.0` | | [org.codehaus.mojo:xml-maven-plugin](https://github.com/mojohaus/xml-maven-plugin) | `1.1.0` | `1.2.0` | Updates `com.github.spotbugs:spotbugs` from 4.9.6 to 4.9.8 - [Release notes](https://github.com/spotbugs/spotbugs/releases) - [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md) - [Commits](spotbugs/spotbugs@4.9.6...4.9.8) Updates `org.apache.maven.plugins:maven-jar-plugin` from 3.4.2 to 3.5.0 - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.4.2...maven-jar-plugin-3.5.0) Updates `org.apache.maven.plugins:maven-war-plugin` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/apache/maven-war-plugin/releases) - [Commits](apache/maven-war-plugin@maven-war-plugin-3.4.0...maven-war-plugin-3.5.0) Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.6.0 to 4.9.8.2 - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.6.0...spotbugs-maven-plugin-4.9.8.2) Updates `org.apache.maven.plugins:maven-assembly-plugin` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.7.1...v3.8.0) Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...v3.4.0) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) Updates `org.jacoco:jacoco-maven-plugin` from 0.8.13 to 0.8.14 - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.13...v0.8.14) Updates `org.apache.maven.plugins:maven-release-plugin` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](apache/maven-release@maven-release-3.1.1...maven-release-3.2.0) Updates `org.codehaus.mojo:xml-maven-plugin` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/mojohaus/xml-maven-plugin/releases) - [Commits](mojohaus/xml-maven-plugin@1.1.0...1.2.0) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs dependency-version: 4.9.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-war-plugin dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-version: 4.9.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.jacoco:jacoco-maven-plugin dependency-version: 0.8.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-tools - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools - dependency-name: org.codehaus.mojo:xml-maven-plugin dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-tools ... Signed-off-by: dependabot[bot] <support@github.com>
…_x/spring-251f058fd5 build(deps): bump the spring group across 1 directory with 25 updates
…_x/build-tools-06585a521d build(deps): bump the build-tools group across 1 directory with 10 updates
[Port dspace-8_x] Escape HTML tags in hit highlights DSpace#11345
…_x/apache-commons-3c73bbf823 build(deps): bump the apache-commons group across 1 directory with 6 updates
…_x/amazon-s3-a77a9a8c6e build(deps): bump the amazon-s3 group with 2 updates
…_x/org.checkerframework-checker-qual-3.52.0 build(deps): bump org.checkerframework:checker-qual from 3.51.1 to 3.52.0
Use latest pdfbox 3.0.5 and tika 3.2.2. See: https://pdfbox.apache.org/3.0/migration.html See: https://dist.apache.org/repos/dist/release/tika/3.2.2/CHANGES-3.2.2.txt
Conflicts resolved with CitationDocumentServiceImpl to satisfy the older implementation.
Bumps `tika.version` from 3.2.2 to 3.2.3. Updates `org.apache.tika:tika-core` from 3.2.2 to 3.2.3 - [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt) - [Commits](apache/tika@3.2.2...3.2.3) Updates `org.apache.tika:tika-parsers-standard-package` from 3.2.2 to 3.2.3 --- updated-dependencies: - dependency-name: org.apache.tika:tika-core dependency-version: 3.2.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.tika:tika-parsers-standard-package dependency-version: 3.2.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bump tika.version from 2.9.4 to 3.2.3, pdfbox to 3.0.5 (8.x)
(cherry picked from commit 5ac1c4a)
(cherry picked from commit 768c669)
(cherry picked from commit e3187bf)
[Port dspace-8_x] Import of Person from external ORCID source is broken
… the login has been concluded successfully ref: DURACOM-401 (cherry picked from commit 008998b)
…onMethod.java Adds some IT to verify the correctness of the authentication. ref: DURACOM-401 (cherry picked from commit cf8e7f3)
ref: DURACOM-401 (cherry picked from commit 40cc61b)
[Port dspace-8_x] Fixes authentication issues involving Special Groups and various Authentication Methods
…ssociated resource policy (fixes DSpace#11325) (cherry picked from commit fbddb06)
[Port dspace-8_x] Trigger object reindex when updating eperson or group of associated resource policy
Revert `bouncycastle` to version that is compatible with `maven-gpg-plugin`.
…ace8x [maven-release-plugin] copy for tag dspace-8.3 # Conflicts: # .github/workflows/docker.yml # .github/workflows/reusable-docker-build.yml # LICENSES_THIRD_PARTY # dspace-api/pom.xml # dspace-api/src/main/java/org/dspace/authority/orcid/Orcidv3SolrAuthorityImpl.java # dspace-api/src/main/java/org/dspace/external/OrcidRestConnector.java # dspace-api/src/main/java/org/dspace/external/provider/impl/OrcidV3AuthorDataProvider.java # dspace-api/src/main/java/org/dspace/importer/external/epo/service/EpoImportMetadataSourceServiceImpl.java # dspace-api/src/main/java/org/dspace/orcid/model/factory/OrcidFactoryUtils.java # dspace-api/src/main/java/org/dspace/storage/bitstore/DSBitStoreService.java # dspace-api/src/test/java/org/dspace/app/client/DSpaceHttpClientFactoryTest.java # dspace-api/src/test/java/org/dspace/authority/orcid/MockOrcid.java # dspace-iiif/pom.xml # dspace-oai/pom.xml # dspace-rdf/pom.xml # dspace-server-webapp/pom.xml # dspace-server-webapp/src/main/java/org/dspace/app/rest/signposting/service/impl/LinksetServiceImpl.java # dspace-server-webapp/src/test/java/org/dspace/app/rest/RequestItemRepositoryIT.java # dspace-server-webapp/src/test/java/org/dspace/curate/CurationScriptIT.java # dspace-services/pom.xml # dspace-sword/pom.xml # dspace-swordv2/pom.xml # dspace/config/crosswalks/oai/metadataFormats/oai_openaire.xsl # dspace/config/modules/discovery.cfg # dspace/config/modules/signposting.cfg # dspace/modules/additions/pom.xml # dspace/modules/pom.xml # dspace/modules/server-boot/pom.xml # dspace/modules/server/pom.xml # dspace/pom.xml # pom.xml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
References
Add references/links to any related issues or PRs. These may include:
Description
Short summary of changes (1-2 sentences).
Instructions for Reviewers
Please add a more detailed description of the changes made by your PR. At a minimum, providing a bulleted list of changes in your PR is helpful to reviewers.
List of changes in this PR:
Include guidance for how to test or review your PR. This may include: steps to reproduce a bug, screenshots or description of a new feature, or reasons behind specific changes.
Checklist
This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!
mainbranch of code (unless it is a backport or is fixing an issue specific to an older branch).pom.xml), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.