I am pleased to announce the release of djehuty v25.5.
The May release of 2025 consists of 14 commits made by 3 authors.

This release contains a security fix for a SPARQL injection found by Thomas Thelen and a a security fix for a HTML injection found by Anass Ksiber. Many thanks to both for reporting and assisting in resolving these vulnerabilities.

UI revisions

- Introduce an “Interoperability” section with links to the RO-Crate metadata API and the IIIF manifest (2a49687d0).

Security

- Properly escape session cookie value (da1cbf2b1).

- Avoid possibility of HTML injection in the search page (4f479f686).

Bugfixes

- Avoid re-creating the Handle configuration (80f1f2e3e).

- Ensure the v2 API respects the depositing-domains property (45941d2d9).

- Don’t show file metadata for restricted datasets in RO-Crate output (b81c730ec).

- Improve render quality of PDF files in the IIIF Image API (6556bf2ff, ffb35961a).

- Document acceptable parameters for various API endpoints (b5dea019b).

- Distribute missing files in the release tarball (76b29514e).

Technical debt

- Simplify the dist-docker target (7b08aae0f).