DSpace-CRIS 7 release 2021.02.02

The key changes in this version, released on the 14th Dec 2021, relate to alignment with DSpace 7.1.1

This is an updated version of the dspace-cris-2021.02.01, aligned with DSpace 7.1.1 release, which includes a security update for CVE-2021-44228 (log4j v2 critical vulnerability). It is fully compatible with the DSpace-CRIS 7 Frontend dspace-cris-2021.02.01 release.

We highly recommend ALL users of DSpace-CRIS 2021.01.x or 2021.02.x upgrade to dspace-cris-2021.02.02 to resolve CVE-2021-44228.

To fully protect your DSpace-CRIS 2021.x site from CVE-2021-44228, three steps are required:

1. Upgrade your DSpace-CRIS backend to dspace-cris-2021.02.02 OR manually install #8065, rebuild and redeploy your DSpace-CRIS backend. Make sure to restart your Tomcat after the update.

2. Upgrade to Apache Solr v8.11.1 (or above), OR ensure that -Dlog4j2.formatMsgNoLookups=true is specified in your SOLR_OPTS environment variable. For more information, see Solr™ Security News

3. If you use the Handle.Net Registry Support in DSpace-CRIS 2021.x, make sure to restart your Handle Server (after performing step 1), so that it uses the new (secure) version of log4j as well.

For the technical documentation please refer to the dspace-cris 2021.02.01 release notes