-
## Change Request
The (publicly available) REST endpoint `/server/api` reveals the number of the deployed DSpace version, e.g.
```
$ curl -sS 'https://demo.dspace.org/server/api' 2>&1 | grep 'd…
-
**Describe the feature:**
As a security engineer who maintains Elastic Agents, integrations and everything in between, I would like to perform upgrades for anything that might not require a change to…
-
## Problem description
DSpace 8 comes with an update of **Spring Security** (from version 5 to 6). Spring Security 6 contains some changes in the CSRF handling that are listed here: https://docs.sp…
-
as {{I-D.draft-taddei-smart-cless-introduction}} as well as {{MAGECART}} {{MITB}} {{MITB-MITRE}} {{MALVERTISING}} showed that in some cases, the only way to detect an attack is through the use of netw…
-
Description: Implement a RESTful API for accessing CMS content and functionality.
Tasks to Accomplish:
Design and implement RESTful API endpoints for content access
Create authentication and au…
-
Hello.
I noticed that validation always happens bo matter what. Then the security is checked and if security rails the request is rejected.
This opens a attack vector because request validation is c…
-
I'm using spring boot 3.3.1/spring security with oauth2. My Oauth2 / OIDC Provider is behind an Http Proxy. I need to customize the WebClient, in order to configure the HttpProxy.
Following the […
-
@ilyavf what are the security requirements for the `/companies` endpoint? Which users should be able to access/create/remove records, etc.?
-
## Description
Implement a backend endpoint that allows users to initiate a password reset process by providing their registered email. The endpoint should generate a secure token and send it to th…
-
## Issue Description
When we had a production tester examine the submission request in the dev console, he informed us that his social security number as the BIRLS ID was viewable in the response. (Fo…