XNAT 1.7.4 was primarily devoted to addressing critical security issues. We strongly recommend all XNAT Admins upgrade to the latest version of XNAT to maintain their security compliance.
A number of data accessibility issues and other system performance issues were addressed as well.
You can view a full list of publicly-viewable JIRA issues that were addressed in this release here: https://issues.xnat.org/secure/Dashboard.jspa?selectPageId=11900. Please note that we are not yet making security issues publicly viewable.
A number of high-severity security vulnerabilities in XNAT were addressed, including but not limited to:
Intended functionality was restored to the guest account for public-access XNAT accounts, including data downloading and site navigation.
Additionally, all intended functionality was restored for project owners who are supporting Custom User Groups. Custom User Groups were found to be largely non-functional in XNAT 1.7.x until this release.
Core components were upgraded, including Spring, and configurations for LDAP and tasks were improved.
Several fixes were made to ensure proper REST / XAPI functionality. Additionally, fixes to support DicomEdit 6 anonymization methods were added, as well as other DICOM communication improvements.
Several fixes related to XNAT's XFT model were made to improve the queryablity of shared data, and properly represent data types in searches and reports.