Dear all,

I am pleased to announce the release of djehuty v25.5. The May release of 2025 consists of 14 commits made by 3 authors.

This release contains a security fix for a SPARQL injection found by Thomas Thelen and a a security fix for a HTML injection found by Anass Ksiber. Many thanks to both for reporting and assisting in resolving these vulnerabilities.

UI revisions - Introduce an “Interoperability” section with links to the RO-Crate metadata API and the IIIF manifest (2a49687d0).

Security - Properly escape session cookie value (da1cbf2b1). - Avoid possibility of HTML injection in the search page (4f479f686).

Bugfixes - Avoid re-creating the Handle configuration (80f1f2e3e). - Ensure the v2 API respects the depositing-domains property (45941d2d9). - Don’t show file metadata for restricted datasets in RO-Crate output (b81c730ec). - Improve render quality of PDF files in the IIIF Image API (6556bf2ff, ffb35961a). - Document acceptable parameters for various API endpoints (b5dea019b). - Distribute missing files in the release tarball (76b29514e).

Technical debt - Simplify the dist-docker target (7b08aae0f).

Kind regards, Roel Janssen

Open Source Project Lead at 4TU.ResearchData.