Bump org.postgresql:postgresql from 42.7.7 to 42.7.8

Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.7 to 42.7.8. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](https://github.com/pgjdbc/pgjdbc/compare/REL42.7.7...REL42.7.8) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-version: 42.7.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #11365 from DSpace/dependabot/maven/spring-268f5d34da
2025-10-07 10:04:21 +00:00 · 2025-10-06 19:56:30 +00:00 · 2025-10-06 13:36:57 -05:00 · 2025-10-06 13:32:22 -05:00 · 2025-10-06 13:30:16 -05:00 · 2025-10-06 13:26:29 -05:00
1049 changed files with 38180 additions and 10466 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,7 +4,6 @@
 */target/
 dspace/modules/*/target/
 Dockerfile.*
-dspace/src/main/docker/dspace-postgres-pgcrypto
-dspace/src/main/docker/dspace-postgres-pgcrypto-curl
+dspace/src/main/docker/dspace-postgres-loadsql
 dspace/src/main/docker/README.md
 dspace/src/main/docker-compose/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,16 +7,16 @@ assignees: ''

 ---

-**Describe the bug**
+## Describe the bug
 A clear and concise description of what the bug is.  Include the version(s) of DSpace where you've seen this problem. Link to examples if they are public.

-**To Reproduce**
+## To Reproduce
 Steps to reproduce the behavior:
 1. Do this
 2. Then this...

-**Expected behavior**
+## Expected behavior
 A clear and concise description of what you expected to happen.

-**Related work**
+## Related work
 Link to any related tickets or PRs here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -7,14 +7,14 @@ assignees: ''

 ---

-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+## Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem or use case is. For example, I'm always frustrated when [...]

-**Describe the solution you'd like**
+## Describe the solution you'd like
 A clear and concise description of what you want to happen.

-**Describe alternatives or workarounds you've considered**
+## Describe alternatives or workarounds you've considered
 A clear and concise description of any alternative solutions or features you've considered.

-**Additional context**
-Add any other context or screenshots about the feature request here.
+## Additional information
+Add any other information, related tickets or screenshots about the feature request here.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,511 @@
+#-------------------
+# DSpace's dependabot rules. Enables maven updates for all dependencies on a weekly basis
+# for main and any maintenance branches. Security updates only apply to main.
+#-------------------
+version: 2
+updates:
+  ###############
+  ## Main branch
+  ###############
+  # NOTE: At this time, "security-updates" rules only apply if "target-branch" is unspecified
+  # So, only this first section can include "applies-to: security-updates"
+  - package-ecosystem: "maven"
+    directory: "/"
+    # Monthly dependency updates (NOTE: "schedule" doesn't apply to security updates)
+    schedule:
+      interval: "monthly"
+      time: "02:00"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together some upgrades in a single PR
+    groups:
+      # Group together all Build Tools in a single PR
+      build-tools:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.maven.plugins:*"
+        - "*:*-maven-plugin"
+        - "*:maven-*-plugin"
+        - "com.github.spotbugs:spotbugs"
+        - "com.google.code.findbugs:*"
+        - "com.google.errorprone:*"
+        - "com.puppycrawl.tools:checkstyle"
+        - "org.sonatype.*:*"
+        exclude-patterns:
+        # Exclude anything from Spring, as that is in a separate group
+        - "org.springframework.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      test-tools:
+        applies-to: version-updates
+        patterns:
+        - "junit:*"
+        - "com.github.stefanbirker:system-rules"
+        - "com.h2database:*"
+        - "io.findify:s3mock*"
+        - "io.netty:*"
+        - "org.apache.httpcomponents.client5:*"
+        - "org.hamcrest:*"
+        - "org.mock-server:*"
+        - "org.mockito:*"
+        - "org.xmlunit:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Apache Commons deps in a single PR
+      apache-commons:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.commons:*"
+        - "commons-*:commons-*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all fasterxml deps in a single PR
+      fasterxml:
+        applies-to: version-updates
+        patterns:
+        - "com.fasterxml:*"
+        - "com.fasterxml.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+       # Group together all Hibernate deps in a single PR
+      hibernate:
+        applies-to: version-updates
+        patterns:
+        - "org.hibernate.*:*"
+        update-types:
+        - "patch"
+      # Group together all Jakarta deps in a single PR
+      jakarta:
+        applies-to: version-updates
+        patterns:
+        - "jakarta.*:*"
+        - "org.eclipse.angus:jakarta.mail"
+        - "org.glassfish.jaxb:jaxb-runtime"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Spring deps in a single PR
+      spring:
+        applies-to: version-updates
+        patterns:
+        - "org.springframework:*"
+        - "org.springframework.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all WebJARs deps in a single PR
+      webjars:
+        applies-to: version-updates
+        patterns:
+        - "org.webjars:*"
+        - "org.webjars.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group Tika, bouncycastle, and asm because they are tightly integrated
+      # and we theoretically want to keep them in sync.
+      tika:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.tika:*:*"
+        - "org.bouncycastle:*:*"
+        - "org.ow2.asm:*:*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Don't try to auto-update any DSpace dependencies
+      - dependency-name: "org.dspace:*"
+      - dependency-name: "org.dspace.*:*"
+      # Ignore major/minor updates for Hibernate. Only patch updates can be automated.
+      - dependency-name: "org.hibernate.*:*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+  ######################
+  ## dspace-9_x branch
+  ######################
+  - package-ecosystem: "maven"
+    directory: "/"
+    target-branch: dspace-9_x
+    schedule:
+      interval: "monthly"
+      time: "02:00"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together some upgrades in a single PR
+    groups:
+      # Group together all Build Tools in a single PR
+      build-tools:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "*:*-maven-plugin"
+          - "*:maven-*-plugin"
+          - "com.github.spotbugs:spotbugs"
+          - "com.google.code.findbugs:*"
+          - "com.google.errorprone:*"
+          - "com.puppycrawl.tools:checkstyle"
+          - "org.sonatype.*:*"
+        exclude-patterns:
+          # Exclude anything from Spring, as that is in a separate group
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      test-tools:
+        applies-to: version-updates
+        patterns:
+          - "junit:*"
+          - "com.github.stefanbirker:system-rules"
+          - "com.h2database:*"
+          - "io.findify:s3mock*"
+          - "io.netty:*"
+          - "org.apache.httpcomponents.client5:*"
+          - "org.hamcrest:*"
+          - "org.mock-server:*"
+          - "org.mockito:*"
+          - "org.xmlunit:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Apache Commons deps in a single PR
+      apache-commons:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.commons:*"
+          - "commons-*:commons-*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all fasterxml deps in a single PR
+      fasterxml:
+        applies-to: version-updates
+        patterns:
+          - "com.fasterxml:*"
+          - "com.fasterxml.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+        # Group together all Hibernate deps in a single PR
+      hibernate:
+        applies-to: version-updates
+        patterns:
+          - "org.hibernate.*:*"
+        update-types:
+          - "patch"
+      # Group together all Jakarta deps in a single PR
+      jakarta:
+        applies-to: version-updates
+        patterns:
+          - "jakarta.*:*"
+          - "org.eclipse.angus:jakarta.mail"
+          - "org.glassfish.jaxb:jaxb-runtime"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Spring deps in a single PR
+      spring:
+        applies-to: version-updates
+        patterns:
+          - "org.springframework:*"
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all WebJARs deps in a single PR
+      webjars:
+        applies-to: version-updates
+        patterns:
+          - "org.webjars:*"
+          - "org.webjars.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group Tika, bouncycastle, and asm because they are tightly integrated
+      # and we theoretically want to keep them in sync.
+      tika:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.tika:*:*"
+        - "org.bouncycastle:*:*"
+        - "org.ow2.asm:*:*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Don't try to auto-update any DSpace dependencies
+      - dependency-name: "org.dspace:*"
+      - dependency-name: "org.dspace.*:*"
+      # Ignore major/minor updates for Hibernate. Only patch updates can be automated.
+      - dependency-name: "org.hibernate.*:*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major" ]
+  ######################
+  ## dspace-8_x branch
+  ######################
+  - package-ecosystem: "maven"
+    directory: "/"
+    target-branch: dspace-8_x
+    schedule:
+      interval: "monthly"
+      time: "02:00"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together some upgrades in a single PR
+    groups:
+      # Group together all Build Tools in a single PR
+      build-tools:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "*:*-maven-plugin"
+          - "*:maven-*-plugin"
+          - "com.github.spotbugs:spotbugs"
+          - "com.google.code.findbugs:*"
+          - "com.google.errorprone:*"
+          - "com.puppycrawl.tools:checkstyle"
+          - "org.sonatype.*:*"
+        exclude-patterns:
+          # Exclude anything from Spring, as that is in a separate group
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      test-tools:
+        applies-to: version-updates
+        patterns:
+          - "junit:*"
+          - "com.github.stefanbirker:system-rules"
+          - "com.h2database:*"
+          - "io.findify:s3mock*"
+          - "io.netty:*"
+          - "org.apache.httpcomponents.client5:*"
+          - "org.hamcrest:*"
+          - "org.mock-server:*"
+          - "org.mockito:*"
+          - "org.xmlunit:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Apache Commons deps in a single PR
+      apache-commons:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.commons:*"
+          - "commons-*:commons-*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all fasterxml deps in a single PR
+      fasterxml:
+        applies-to: version-updates
+        patterns:
+          - "com.fasterxml:*"
+          - "com.fasterxml.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+        # Group together all Hibernate deps in a single PR
+      hibernate:
+        applies-to: version-updates
+        patterns:
+          - "org.hibernate.*:*"
+        update-types:
+          - "patch"
+      # Group together all Jakarta deps in a single PR
+      jakarta:
+        applies-to: version-updates
+        patterns:
+          - "jakarta.*:*"
+          - "org.eclipse.angus:jakarta.mail"
+          - "org.glassfish.jaxb:jaxb-runtime"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Spring deps in a single PR
+      spring:
+        applies-to: version-updates
+        patterns:
+          - "org.springframework:*"
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all WebJARs deps in a single PR
+      webjars:
+        applies-to: version-updates
+        patterns:
+          - "org.webjars:*"
+          - "org.webjars.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group Tika, bouncycastle, and asm because they are tightly integrated
+      # and we theoretically want to keep them in sync.
+      tika:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.tika:*:*"
+        - "org.bouncycastle:*:*"
+        - "org.ow2.asm:*:*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Don't try to auto-update any DSpace dependencies
+      - dependency-name: "org.dspace:*"
+      - dependency-name: "org.dspace.*:*"
+      # Ignore major/minor updates for Hibernate. Only patch updates can be automated.
+      - dependency-name: "org.hibernate.*:*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major" ]
+  ######################
+  ## dspace-7_x branch
+  ######################
+  - package-ecosystem: "maven"
+    directory: "/"
+    target-branch: dspace-7_x
+    schedule:
+      interval: "monthly"
+      time: "02:00"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together some upgrades in a single PR
+    groups:
+      # Group together all Build Tools in a single PR
+      build-tools:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.maven.plugins:*"
+          - "*:*-maven-plugin"
+          - "*:maven-*-plugin"
+          - "com.github.spotbugs:spotbugs"
+          - "com.google.code.findbugs:*"
+          - "com.google.errorprone:*"
+          - "com.puppycrawl.tools:checkstyle"
+          - "org.sonatype.*:*"
+        exclude-patterns:
+          # Exclude anything from Spring, as that is in a separate group
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      test-tools:
+        applies-to: version-updates
+        patterns:
+          - "junit:*"
+          - "com.github.stefanbirker:system-rules"
+          - "com.h2database:*"
+          - "io.findify:s3mock*"
+          - "io.netty:*"
+          - "org.hamcrest:*"
+          - "org.mock-server:*"
+          - "org.mockito:*"
+          - "org.xmlunit:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Apache Commons deps in a single PR
+      apache-commons:
+        applies-to: version-updates
+        patterns:
+          - "org.apache.commons:*"
+          - "commons-*:commons-*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all fasterxml deps in a single PR
+      fasterxml:
+        applies-to: version-updates
+        patterns:
+          - "com.fasterxml:*"
+          - "com.fasterxml.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+        # Group together all Hibernate deps in a single PR
+      hibernate:
+        applies-to: version-updates
+        patterns:
+          - "org.hibernate.*:*"
+        update-types:
+          - "patch"
+      # Group together all Javax deps in a single PR
+      # NOTE: Javax is only used in 7.x and has been replaced by Jakarta in 8.x and later
+      jakarta:
+        applies-to: version-updates
+        patterns:
+          - "javax.*:*"
+          - "*:javax.mail"
+          - "org.glassfish.jaxb:jaxb-runtime"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Google deps in a single PR
+      # NOTE: These Google deps are only used in 7.x and have been removed in 8.x and later
+      google-apis:
+        applies-to: version-updates
+        patterns:
+          - "com.google.apis:*"
+          - "com.google.api-client:*"
+          - "com.google.http-client:*"
+          - "com.google.oauth-client:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all Spring deps in a single PR
+      spring:
+        applies-to: version-updates
+        patterns:
+          - "org.springframework:*"
+          - "org.springframework.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group together all WebJARs deps in a single PR
+      webjars:
+        applies-to: version-updates
+        patterns:
+          - "org.webjars:*"
+          - "org.webjars.*:*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group Tika, bouncycastle, and asm because they are tightly integrated
+      # and we theoretically want to keep them in sync.
+      tika:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.tika:*:*"
+        - "org.bouncycastle:*:*"
+        - "org.ow2.asm:*:*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Don't try to auto-update any DSpace dependencies
+      - dependency-name: "org.dspace:*"
+      - dependency-name: "org.dspace.*:*"
+      # Last version of errorprone to support JDK 11 is 2.31.0
+      - dependency-name: "com.google.errorprone:*"
+        versions: [">=2.32.0"]
+      # Spring Security 5.8 changes the behavior of CSRF Tokens in a way which is incompatible with DSpace 7
+      # See https://github.com/DSpace/DSpace/pull/9888#issuecomment-2408165545
+      - dependency-name: "org.springframework.security:*"
+        versions: [">=5.8.0"]
+      # Ignore major/minor updates for Hibernate. Only patch updates can be automated.
+      - dependency-name: "org.hibernate.*:*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: [ "version-update:semver-major" ]
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,7 +1,7 @@
 ## References
 _Add references/links to any related issues or PRs. These may include:_
-* Fixes #`issue-number` (if this fixes an issue ticket)
-* Related to DSpace/RestContract#`pr-number`  (if a corresponding REST Contract PR exists)
+* Fixes #issue-number (if this fixes an issue ticket)
+* Related to DSpace/RestContract#pr-number  (if a corresponding REST Contract PR exists)

 ## Description
 Short summary of changes (1-2 sentences).
@@ -16,12 +16,15 @@ List of changes in this PR:
 **Include guidance for how to test or review your PR.** This may include: steps to reproduce a bug, screenshots or description of a new feature, or reasons behind specific changes. 

 ## Checklist
-_This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome). If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!_
+_This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome).
+However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!_

- [ ] My PR is small in size (e.g. less than 1,000 lines of code, not including comments & integration tests). Exceptions may be made if previously agreed upon.
- [ ] My PR passes Checkstyle validation based on the [Code Style Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Style+Guide).
- [ ] My PR includes Javadoc for _all new (or modified) public methods and classes_. It also includes Javadoc for large or complex private methods.
- [ ] My PR passes all tests and includes new/updated Unit or Integration Tests based on the [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
+- [ ] My PR is **created against the `main` branch** of code (unless it is a backport or is fixing an issue specific to an older branch).
+- [ ] My PR is **small in size** (e.g. less than 1,000 lines of code, not including comments & integration tests). Exceptions may be made if previously agreed upon.
+- [ ] My PR **passes Checkstyle** validation based on the [Code Style Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Style+Guide).
+- [ ] My PR **includes Javadoc** for _all new (or modified) public methods and classes_. It also includes Javadoc for large or complex private methods.
+- [ ] My PR **passes all tests and includes new/updated Unit or Integration Tests** based on the [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
+- [ ] My PR **includes details on how to test it**. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
 - [ ] If my PR includes new libraries/dependencies (in any `pom.xml`), I've made sure their licenses align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.
 - [ ] If my PR modifies REST API endpoints, I've opened a separate [REST Contract](https://github.com/DSpace/RestContract/blob/main/README.md) PR related to this change.
 - [ ] If my PR includes new configurations, I've provided basic technical documentation in the PR itself.
--- a/.github/workflows/codescan.yml
+++ b/.github/workflows/codescan.yml
@@ -47,7 +47,7 @@ jobs:
      # Initializes the CodeQL tools for scanning.
      # https://github.com/github/codeql-action
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
        with:
          # Codescan Javascript as well since a few JS files exist in REST API's interface
          languages: java, javascript
@@ -56,8 +56,8 @@ jobs:
      # NOTE: Based on testing, this autobuild process works well for DSpace. A custom
      # DSpace build w/caching (like in build.yml) was about the same speed as autobuild.
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3

      # Perform GitHub Code Scanning.
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -113,39 +113,19 @@ jobs:
      REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }}
      REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }}

-  ###########################################################
-  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image
-  ###########################################################
-  dspace-postgres-pgcrypto:
+  ########################################################
+  # Build/Push the 'dspace/dspace-postgres-loadsql' image
+  ########################################################
+  dspace-postgres-loadsql:
    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
    if: github.repository == 'dspace/dspace'
    uses: ./.github/workflows/reusable-docker-build.yml
    with:
-      build_id: dspace-postgres-pgcrypto-prod
-      image_name: dspace/dspace-postgres-pgcrypto
-      # Must build out of subdirectory to have access to install script for pgcrypto.
+      build_id: dspace-postgres-loadsql
+      image_name: dspace/dspace-postgres-loadsql
+      # Must build out of subdirectory to have access to install script.
      # NOTE: this context will build the image based on the Dockerfile in the specified directory
-      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
-    secrets:
-      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-
-  ########################################################################
-  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image (-loadsql tag)
-  ########################################################################
-  dspace-postgres-pgcrypto-loadsql:
-    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
-    if: github.repository == 'dspace/dspace'
-    uses: ./.github/workflows/reusable-docker-build.yml
-    with:
-      build_id: dspace-postgres-pgcrypto-loadsql
-      image_name: dspace/dspace-postgres-pgcrypto
-      # Must build out of subdirectory to have access to install script for pgcrypto.
-      # NOTE: this context will build the image based on the Dockerfile in the specified directory
-      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/
-      # Suffix all tags with "-loadsql". Otherwise, it uses the same
-      # tagging logic as the primary 'dspace/dspace-postgres-pgcrypto' image above.
-      tags_flavor: suffix=-loadsql
+      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-loadsql/
    secrets:
      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -158,7 +138,7 @@ jobs:
    if: github.repository == 'dspace/dspace'
    runs-on: ubuntu-latest
    # Must run after all major images are built
-    needs: [dspace, dspace-test, dspace-cli, dspace-postgres-pgcrypto, dspace-solr]
+    needs: [dspace, dspace-test, dspace-cli, dspace-solr]
    env:
      # Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080
      dspace__P__server__P__url: http://127.0.0.1:8080/server
@@ -220,6 +200,19 @@ jobs:
          result=$(wget -O- -q http://127.0.0.1:8080/server/api/core/collections)
          echo "$result"
          echo "$result" |  grep -oE "\"Dog in Yard\","
+      # Verify basic backend logging is working.
+      # 1. Access the top communities list. Verify that the "Before request" INFO statement is logged
+      # 2. Access an invalid endpoint (and ignore 404 response). Verify that a "status:404" WARN statement is logged
+      - name: Verify backend is logging properly
+        run: |
+          wget -O/dev/null -q http://127.0.0.1:8080/server/api/core/communities/search/top
+          logs=$(docker compose -f docker-compose.yml logs -n 5 dspace)
+          echo "$logs"
+          echo "$logs" | grep -o "Before request \[GET /server/api/core/communities/search/top\]"
+          wget -O/dev/null -q http://127.0.0.1:8080/server/api/does/not/exist || true
+          logs=$(docker compose -f docker-compose.yml logs -n 5 dspace)
+          echo "$logs"
+          echo "$logs" | grep -o "status:404 exception: The repository type does.not was not found"
      # Verify Handle Server can be stared and is working properly
      # 1. First generate the "[dspace]/handle-server" folder with the sitebndl.zip
      # 2. Start the Handle Server (and wait 20 seconds to let it start up)
--- a/.github/workflows/reusable-docker-build.yml
+++ b/.github/workflows/reusable-docker-build.yml
@@ -164,7 +164,7 @@ jobs:
          # Use GitHub cache to load cached Docker images and cache the results of this build
          # This decreases the number of images we need to fetch from DockerHub
          cache-from: type=gha,scope=${{ inputs.build_id }}
-          cache-to: type=gha,scope=${{ inputs.build_id }},mode=max
+          cache-to: type=gha,scope=${{ inputs.build_id }},mode=min

      # Export the digest of Docker build locally
      - name: Export Docker build digest
@@ -216,7 +216,7 @@ jobs:
          # Use GitHub cache to load cached Docker images and cache the results of this build
          # This decreases the number of images we need to fetch from DockerHub
          cache-from: type=gha,scope=${{ inputs.build_id }}
-          cache-to: type=gha,scope=${{ inputs.build_id }},mode=max
+          cache-to: type=gha,scope=${{ inputs.build_id }},mode=min
          # Export image to a local TAR file
          outputs: type=docker,dest=/tmp/${{ inputs.build_id }}.tar

--- a/.gitignore
+++ b/.gitignore
@@ -28,6 +28,9 @@ nbdist/
 nbactions.xml
 nb-configuration.xml

+## Ignore project files created by Visual Studio Code
+.vscode/
+
 ## Ignore all *.properties file in root folder, EXCEPT build.properties (the default)
 ## KEPT FOR BACKWARDS COMPATIBILITY WITH 5.x (build.properties is now replaced with local.cfg)
 /*.properties
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,13 +10,14 @@ DSpace is a community built and supported project. We do not have a centralized
 ## Contribute new code via a Pull Request

 We accept [GitHub Pull Requests (PRs)](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) at any time from anyone.
-Contributors to each release are recognized in our [Release Notes](https://wiki.lyrasis.org/display/DSDOC7x/Release+Notes).
+Contributors to each release are recognized in our [Release Notes](https://wiki.lyrasis.org/display/DSDOC9x/Release+Notes).

 Code Contribution Checklist
 - [ ] PRs _should_ be smaller in size (ideally less than 1,000 lines of code, not including comments & tests)
 - [ ] PRs **must** pass Checkstyle validation based on our [Code Style Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Style+Guide).
 - [ ] PRs **must** include Javadoc for _all new/modified public methods and classes_. Larger private methods should also have Javadoc
 - [ ] PRs **must** pass all automated tests and include new/updated Unit or Integration tests based on our [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
+- [ ] Details on how to test the PR **must** be provided. Reviewers must be aware of any steps they need to take to successfully test your fix or feature.
 - [ ] If a PR includes new libraries/dependencies (in any `pom.xml`), then their software licenses **must** align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.
 - [ ] Basic technical documentation _should_ be provided for any new features or changes to the REST API. REST API changes should be documented in our [Rest Contract](https://github.com/DSpace/RestContract).
 - [ ] If a PR fixes an issue ticket, please [link them together](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).
@@ -25,7 +26,7 @@ Additional details on the code contribution process can be found in our [Code Co

 ## Contribute documentation

-DSpace Documentation is a collaborative effort in a shared Wiki. The latest documentation is at https://wiki.lyrasis.org/display/DSDOC7x 
+DSpace Documentation is a collaborative effort in a shared Wiki. The latest documentation is at https://wiki.lyrasis.org/display/DSDOC 

 If you find areas of the DSpace Documentation which you wish to improve, please request a Wiki account by emailing wikihelp@lyrasis.org.
 Once you have an account setup, contact @tdonohue (via [Slack](https://wiki.lyrasis.org/display/DSPACE/Slack) or email) for access to edit our Documentation.
@@ -33,7 +34,7 @@ Once you have an account setup, contact @tdonohue (via [Slack](https://wiki.lyra
 ## Help others on mailing lists or Slack

 DSpace has our own [Slack](https://wiki.lyrasis.org/display/DSPACE/Slack) community and [Mailing Lists](https://wiki.lyrasis.org/display/DSPACE/Mailing+Lists) where discussions take place and questions are answered.
-Anyone is welcome to join and help others. We just ask you to follow our [Code of Conduct](https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx) (adopted via LYRASIS).
+Anyone is welcome to join and help others. We just ask you to follow our [Code of Conduct](https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx) (adopted via Lyrasis).

 ## Join a working or interest group

@@ -41,5 +42,5 @@ Most of the work in building/improving DSpace comes via [Working Groups](https:/

 All working/interest groups are open to anyone to join and participate.  A few key groups to be aware of include:

-* [DSpace 7 Working Group](https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Working+Group) - This is the main (mostly volunteer) development team. We meet weekly to review our current development [project board](https://github.com/orgs/DSpace/projects), assigning tickets and/or PRs.
-* [DSpace Community Advisory Team (DCAT)](https://wiki.lyrasis.org/display/cmtygp/DSpace+Community+Advisory+Team) - This is an interest group for repository managers/administrators. We meet monthly to discuss DSpace, share tips & provide feedback back to developers.
+* [DSpace Developer Team](https://wiki.lyrasis.org/display/DSPACE/Developer+Meetings) - This is the primary, volunteer development team. We meet weekly to review our current development [project board](https://github.com/orgs/DSpace/projects), assigning tickets and/or PRs. This is also were discussions of the next release or major issues occur. Anyone is welcome to attend.
+* [DSpace Community Advisory Team (DCAT)](https://wiki.lyrasis.org/display/cmtygp/DSpace+Community+Advisory+Team) - This is an interest group for repository managers/administrators. We meet monthly to discuss DSpace, share tips & provide feedback back to developers. Anyone is welcome to attend.
--- a/4
+++ b/4
@@ -1,13 +1,13 @@
 # This image will be published as dspace/dspace
 # See https://github.com/DSpace/DSpace/tree/main/dspace/src/main/docker for usage details
 #
-# - note: default tag for branch: dspace/dspace: dspace/dspace:dspace-8_x
+# - note: default tag for branch: dspace/dspace: dspace/dspace:latest

 # This Dockerfile uses JDK17 by default.
 # To build with other versions, use "--build-arg JDK_VERSION=[value]"
 ARG JDK_VERSION=17
 # The Docker version tag to build from
-ARG DSPACE_VERSION=dspace-8_x
+ARG DSPACE_VERSION=latest
 # The Docker registry to use for DSpace images. Defaults to "docker.io"
 # NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
 ARG DOCKER_REGISTRY=docker.io
--- a/Dockerfile.cli
+++ b/Dockerfile.cli
@@ -1,13 +1,13 @@
 # This image will be published as dspace/dspace-cli
 # See https://github.com/DSpace/DSpace/tree/main/dspace/src/main/docker for usage details
 #
-# - note: default tag for branch: dspace/dspace-cli: dspace/dspace-cli:dspace-8_x
+# - note: default tag for branch: dspace/dspace-cli: dspace/dspace-cli:latest

 # This Dockerfile uses JDK17 by default.
 # To build with other versions, use "--build-arg JDK_VERSION=[value]"
 ARG JDK_VERSION=17
 # The Docker version tag to build from
-ARG DSPACE_VERSION=dspace-8_x
+ARG DSPACE_VERSION=latest
 # The Docker registry to use for DSpace images. Defaults to "docker.io"
 # NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
 ARG DOCKER_REGISTRY=docker.io
--- a/Dockerfile.dependencies
+++ b/Dockerfile.dependencies
@@ -50,6 +50,10 @@ ADD --chown=dspace dspace-oai/pom.xml /app/dspace-oai/
 RUN mkdir -p /app/dspace-rdf
 ADD --chown=dspace dspace-rdf/pom.xml /app/dspace-rdf/

+# 'dspace-saml2' module POM
+RUN mkdir -p /app/dspace-saml2
+ADD --chown=dspace dspace-saml2/pom.xml /app/dspace-saml2/
+
 # 'dspace-server-webapp' module POM
 RUN mkdir -p /app/dspace-server-webapp
 ADD --chown=dspace dspace-server-webapp/pom.xml /app/dspace-server-webapp/
--- a/Dockerfile.test
+++ b/Dockerfile.test
@@ -1,7 +1,7 @@
 # This image will be published as dspace/dspace
 # See https://github.com/DSpace/DSpace/tree/main/dspace/src/main/docker for usage details
 #
-# - note: default tag for branch: dspace/dspace: dspace/dspace:8_x-test
+# - note: default tag for branch: dspace/dspace: dspace/dspace:latest-test
 #
 # This image is meant for TESTING/DEVELOPMENT ONLY as it deploys the old v6 REST API under HTTP (not HTTPS)

@@ -9,7 +9,7 @@
 # To build with other versions, use "--build-arg JDK_VERSION=[value]"
 ARG JDK_VERSION=17
 # The Docker version tag to build from
-ARG DSPACE_VERSION=dspace-8_x
+ARG DSPACE_VERSION=latest
 # The Docker registry to use for DSpace images. Defaults to "docker.io"
 # NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
 ARG DOCKER_REGISTRY=docker.io
--- a/189
+++ b/189
@@ -21,29 +21,29 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
    Apache Software License, Version 2.0:

        * Ant-Contrib Tasks (ant-contrib:ant-contrib:1.0b3 - http://ant-contrib.sourceforge.net)
-        * AWS SDK for Java - Core (com.amazonaws:aws-java-sdk-core:1.12.785 - https://aws.amazon.com/sdkforjava)
-        * AWS Java SDK for AWS KMS (com.amazonaws:aws-java-sdk-kms:1.12.785 - https://aws.amazon.com/sdkforjava)
-        * AWS Java SDK for Amazon S3 (com.amazonaws:aws-java-sdk-s3:1.12.785 - https://aws.amazon.com/sdkforjava)
-        * JMES Path Query library (com.amazonaws:jmespath-java:1.12.785 - https://aws.amazon.com/sdkforjava)
+        * AWS SDK for Java - Core (com.amazonaws:aws-java-sdk-core:1.12.783 - https://aws.amazon.com/sdkforjava)
+        * AWS Java SDK for AWS KMS (com.amazonaws:aws-java-sdk-kms:1.12.783 - https://aws.amazon.com/sdkforjava)
+        * AWS Java SDK for Amazon S3 (com.amazonaws:aws-java-sdk-s3:1.12.783 - https://aws.amazon.com/sdkforjava)
+        * JMES Path Query library (com.amazonaws:jmespath-java:1.12.783 - https://aws.amazon.com/sdkforjava)
        * Titanium JSON-LD 1.1 (JRE11) (com.apicatalog:titanium-json-ld:1.3.2 - https://github.com/filip26/titanium-json-ld)
        * HPPC Collections (com.carrotsearch:hppc:0.8.1 - http://labs.carrotsearch.com/hppc.html/hppc)
        * com.drewnoakes:metadata-extractor (com.drewnoakes:metadata-extractor:2.19.0 - https://drewnoakes.com/code/exif/)
        * parso (com.epam:parso:2.0.14 - https://github.com/epam/parso)
        * Internet Time Utility (com.ethlo.time:itu:1.7.0 - https://github.com/ethlo/itu)
-        * ClassMate (com.fasterxml:classmate:1.7.0 - https://github.com/FasterXML/java-classmate)
-        * Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.19.1 - https://github.com/FasterXML/jackson)
-        * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.19.1 - https://github.com/FasterXML/jackson-core)
-        * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.19.1 - https://github.com/FasterXML/jackson)
+        * ClassMate (com.fasterxml:classmate:1.5.1 - https://github.com/FasterXML/java-classmate)
+        * Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.19.0 - https://github.com/FasterXML/jackson)
+        * Jackson-core (com.fasterxml.jackson.core:jackson-core:2.19.0 - https://github.com/FasterXML/jackson-core)
+        * jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.19.0 - https://github.com/FasterXML/jackson)
        * Jackson dataformat: CBOR (com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.17.2 - https://github.com/FasterXML/jackson-dataformats-binary)
        * Jackson dataformat: Smile (com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.15.2 - https://github.com/FasterXML/jackson-dataformats-binary)
        * Jackson-dataformat-TOML (com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.15.2 - https://github.com/FasterXML/jackson-dataformats-text)
        * Jackson-dataformat-YAML (com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.16.2 - https://github.com/FasterXML/jackson-dataformats-text)
-        * Jackson datatype: jdk8 (com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.19.1 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
-        * Jackson datatype: JSR310 (com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.1 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
+        * Jackson datatype: jdk8 (com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.18.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
+        * Jackson datatype: JSR310 (com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.0 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
        * Jackson Jakarta-RS: base (com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base:2.16.2 - https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-base)
        * Jackson Jakarta-RS: JSON (com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider:2.16.2 - https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-json-provider)
        * Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind) (com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations:2.16.2 - https://github.com/FasterXML/jackson-modules-base)
-        * Jackson-module-parameter-names (com.fasterxml.jackson.module:jackson-module-parameter-names:2.19.1 - https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
+        * Jackson-module-parameter-names (com.fasterxml.jackson.module:jackson-module-parameter-names:2.18.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
        * Java UUID Generator (com.fasterxml.uuid:java-uuid-generator:4.1.0 - https://github.com/cowtowncoder/java-uuid-generator)
        * Woodstox (com.fasterxml.woodstox:woodstox-core:6.5.1 - https://github.com/FasterXML/woodstox)
        * zjsonpatch (com.flipkart.zjsonpatch:zjsonpatch:0.4.16 - https://github.com/flipkart-incubator/zjsonpatch/)
@@ -65,6 +65,8 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
        * Guava: Google Core Libraries for Java (com.google.guava:guava:32.1.3-jre - https://github.com/google/guava)
        * Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
+        * Google Guice - Core Library (com.google.inject:guice:7.0.0 - https://github.com/google/guice/guice)
+        * Google Guice - Extensions - AssistedInject (com.google.inject.extensions:guice-assistedinject:7.0.0 - https://github.com/google/guice/extensions-parent/guice-assistedinject)
        * J2ObjC Annotations (com.google.j2objc:j2objc-annotations:1.3 - https://github.com/google/j2objc/)
        * J2ObjC Annotations (com.google.j2objc:j2objc-annotations:2.8 - https://github.com/google/j2objc/)
        * libphonenumber (com.googlecode.libphonenumber:libphonenumber:8.11.1 - https://github.com/google/libphonenumber/)
@@ -78,7 +80,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * JsonSchemaValidator (com.networknt:json-schema-validator:1.0.76 - https://github.com/networknt/json-schema-validator)
        * Nimbus JOSE+JWT (com.nimbusds:nimbus-jose-jwt:9.28 - https://bitbucket.org/connect2id/nimbus-jose-jwt)
        * Nimbus JOSE+JWT (com.nimbusds:nimbus-jose-jwt:9.48 - https://bitbucket.org/connect2id/nimbus-jose-jwt)
-        * opencsv (com.opencsv:opencsv:5.11.1 - http://opencsv.sf.net)
+        * opencsv (com.opencsv:opencsv:5.11 - http://opencsv.sf.net)
        * java-libpst (com.pff:java-libpst:0.9.3 - https://github.com/rjohnsondev/java-libpst)
        * rome (com.rometools:rome:1.19.0 - http://rometools.com/rome)
        * rome-modules (com.rometools:rome-modules:1.19.0 - http://rometools.com/rome-modules)
@@ -99,7 +101,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * scala-logging (com.typesafe.scala-logging:scala-logging_2.13:3.9.2 - https://github.com/lightbend/scala-logging)
        * JSON library from Android SDK (com.vaadin.external.google:android-json:0.0.20131108.vaadin1 - http://developer.android.com/sdk)
        * SparseBitSet (com.zaxxer:SparseBitSet:1.3 - https://github.com/brettwooldridge/SparseBitSet)
-        * Apache Commons BeanUtils (commons-beanutils:commons-beanutils:1.11.0 - https://commons.apache.org/proper/commons-beanutils)
+        * Apache Commons BeanUtils (commons-beanutils:commons-beanutils:1.10.1 - https://commons.apache.org/proper/commons-beanutils)
        * Apache Commons CLI (commons-cli:commons-cli:1.9.0 - https://commons.apache.org/proper/commons-cli/)
        * Apache Commons Codec (commons-codec:commons-codec:1.18.0 - https://commons.apache.org/proper/commons-codec/)
        * Apache Commons Collections (commons-collections:commons-collections:3.2.2 - http://commons.apache.org/collections/)
@@ -112,15 +114,18 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * broker-client (eu.openaire:broker-client:1.1.2 - http://api.openaire.eu/broker/broker-client)
        * OpenAIRE Funders Model (eu.openaire:funders-model:2.0.0 - https://api.openaire.eu)
        * Metrics Core (io.dropwizard.metrics:metrics-core:4.1.5 - https://metrics.dropwizard.io/metrics-core)
+        * Metrics Core (io.dropwizard.metrics:metrics-core:4.2.25 - https://metrics.dropwizard.io/metrics-core)
        * Graphite Integration for Metrics (io.dropwizard.metrics:metrics-graphite:4.1.5 - https://metrics.dropwizard.io/metrics-graphite)
        * Metrics Integration for Jetty 9.3 and higher (io.dropwizard.metrics:metrics-jetty9:4.1.5 - https://metrics.dropwizard.io/metrics-jetty9)
        * Metrics Integration with JMX (io.dropwizard.metrics:metrics-jmx:4.1.5 - https://metrics.dropwizard.io/metrics-jmx)
        * JVM Integration for Metrics (io.dropwizard.metrics:metrics-jvm:4.1.5 - https://metrics.dropwizard.io/metrics-jvm)
        * SWORD v2 Common Server Library (forked) (io.gdcc:sword2-server:2.0.0 - https://github.com/gdcc/sword2-server)
-        * micrometer-commons (io.micrometer:micrometer-commons:1.14.8 - https://github.com/micrometer-metrics/micrometer)
-        * micrometer-core (io.micrometer:micrometer-core:1.15.1 - https://github.com/micrometer-metrics/micrometer)
-        * micrometer-jakarta9 (io.micrometer:micrometer-jakarta9:1.15.1 - https://github.com/micrometer-metrics/micrometer)
-        * micrometer-observation (io.micrometer:micrometer-observation:1.14.8 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-commons (io.micrometer:micrometer-commons:1.14.6 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-commons (io.micrometer:micrometer-commons:1.14.7 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-core (io.micrometer:micrometer-core:1.14.6 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-jakarta9 (io.micrometer:micrometer-jakarta9:1.14.6 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-observation (io.micrometer:micrometer-observation:1.14.6 - https://github.com/micrometer-metrics/micrometer)
+        * micrometer-observation (io.micrometer:micrometer-observation:1.14.7 - https://github.com/micrometer-metrics/micrometer)
        * Netty/Buffer (io.netty:netty-buffer:4.1.99.Final - https://netty.io/netty-buffer/)
        * Netty/Codec (io.netty:netty-codec:4.1.99.Final - https://netty.io/netty-codec/)
        * Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.86.Final - https://netty.io/netty-codec-http/)
@@ -179,6 +184,8 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * ASM based accessors helper used by json-smart (net.minidev:accessors-smart:2.5.2 - https://urielch.github.io/)
        * JSON Small and Fast Parser (net.minidev:json-smart:2.5.0 - https://urielch.github.io/)
        * JSON Small and Fast Parser (net.minidev:json-smart:2.5.2 - https://urielch.github.io/)
+        * java-support (net.shibboleth.utilities:java-support:8.4.2 - http://shibboleth.net/java-support/)
+        * OGNL - Object Graph Navigation Library (ognl:ognl:3.3.4 - https://github.com/jkuhnert/ognl/)
        * Abdera Core (org.apache.abdera:abdera-core:1.1.3 - http://abdera.apache.org/abdera-core)
        * I18N Libraries (org.apache.abdera:abdera-i18n:1.1.3 - http://abdera.apache.org)
        * Abdera Parser (org.apache.abdera:abdera-parser:1.1.3 - http://abdera.apache.org/abdera-parser)
@@ -214,13 +221,19 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.16 - http://hc.apache.org/httpcomponents-core-ga)
        * Apache HttpClient Mime (org.apache.httpcomponents:httpmime:4.5.14 - http://hc.apache.org/httpcomponents-client-ga)
        * Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.1.3 - https://hc.apache.org/httpcomponents-client-5.0.x/5.1.3/httpclient5/)
-        * Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.5 - https://hc.apache.org/httpcomponents-client-5.5.x/5.5/httpclient5/)
+        * Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.4.4 - https://hc.apache.org/httpcomponents-client-5.4.x/5.4.4/httpclient5/)
        * Apache HttpComponents Core HTTP/1.1 (org.apache.httpcomponents.core5:httpcore5:5.1.3 - https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5/)
        * Apache HttpComponents Core HTTP/1.1 (org.apache.httpcomponents.core5:httpcore5:5.3.4 - https://hc.apache.org/httpcomponents-core-5.3.x/5.3.4/httpcore5/)
        * Apache HttpComponents Core HTTP/2 (org.apache.httpcomponents.core5:httpcore5-h2:5.1.3 - https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5-h2/)
        * Apache HttpComponents Core HTTP/2 (org.apache.httpcomponents.core5:httpcore5-h2:5.3.4 - https://hc.apache.org/httpcomponents-core-5.3.x/5.3.4/httpcore5-h2/)
        * Apache James :: Mime4j :: Core (org.apache.james:apache-mime4j-core:0.8.12 - http://james.apache.org/mime4j/apache-mime4j-core)
        * Apache James :: Mime4j :: DOM (org.apache.james:apache-mime4j-dom:0.8.12 - http://james.apache.org/mime4j/apache-mime4j-dom)
+        * jclouds blobstore core (org.apache.jclouds:jclouds-blobstore:2.7.0 - https://jclouds.apache.org/jclouds-blobstore/)
+        * jclouds Components Core (org.apache.jclouds:jclouds-core:2.7.0 - https://jclouds.apache.org/jclouds-core/)
+        * jclouds filesystem core (org.apache.jclouds.api:filesystem:2.7.0 - https://jclouds.apache.org/filesystem/)
+        * jclouds s3 api (org.apache.jclouds.api:s3:2.7.0 - https://jclouds.apache.org/s3/)
+        * jclouds sts api (org.apache.jclouds.api:sts:2.7.0 - https://jclouds.apache.org/sts/)
+        * jclouds Amazon Simple Storage Service (S3) provider (org.apache.jclouds.provider:aws-s3:2.7.0 - https://jclouds.apache.org/aws-s3/)
        * Apache Jena - Libraries POM (org.apache.jena:apache-jena-libs:4.10.0 - https://jena.apache.org/apache-jena-libs/)
        * Apache Jena - ARQ (org.apache.jena:jena-arq:4.10.0 - https://jena.apache.org/jena-arq/)
        * Apache Jena - Base (org.apache.jena:jena-base:4.10.0 - https://jena.apache.org/jena-base/)
@@ -282,6 +295,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * Apache POI - API based on OPC and OOXML schemas (org.apache.poi:poi-ooxml:5.4.1 - https://poi.apache.org/)
        * Apache POI (org.apache.poi:poi-ooxml-lite:5.4.1 - https://poi.apache.org/)
        * Apache POI (org.apache.poi:poi-scratchpad:5.4.1 - https://poi.apache.org/)
+        * Apache XML Security for Java (org.apache.santuario:xmlsec:2.3.4 - https://santuario.apache.org/)
        * Apache Solr Core (org.apache.solr:solr-core:8.11.4 - https://lucene.apache.org/solr-parent/solr-core)
        * Apache Solr Solrj (org.apache.solr:solr-solrj:8.11.4 - https://lucene.apache.org/solr-parent/solr-solrj)
        * Apache Standard Taglib Implementation (org.apache.taglibs:taglibs-standard-impl:1.2.5 - http://tomcat.apache.org/taglibs/standard-1.2.5/taglibs-standard-impl)
@@ -311,9 +325,9 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * Apache Tika XMP commons (org.apache.tika:tika-parser-xmp-commons:2.9.4 - https://tika.apache.org/tika-parser-xmp-commons/)
        * Apache Tika ZIP commons (org.apache.tika:tika-parser-zip-commons:2.9.4 - https://tika.apache.org/tika-parser-zip-commons/)
        * Apache Tika standard parser package (org.apache.tika:tika-parsers-standard-package:2.9.4 - https://tika.apache.org/tika-parsers/tika-parsers-standard/tika-parsers-standard-package/)
-        * tomcat-embed-core (org.apache.tomcat.embed:tomcat-embed-core:10.1.42 - https://tomcat.apache.org/)
-        * tomcat-embed-el (org.apache.tomcat.embed:tomcat-embed-el:10.1.42 - https://tomcat.apache.org/)
-        * tomcat-embed-websocket (org.apache.tomcat.embed:tomcat-embed-websocket:10.1.42 - https://tomcat.apache.org/)
+        * tomcat-embed-core (org.apache.tomcat.embed:tomcat-embed-core:10.1.40 - https://tomcat.apache.org/)
+        * tomcat-embed-el (org.apache.tomcat.embed:tomcat-embed-el:10.1.40 - https://tomcat.apache.org/)
+        * tomcat-embed-websocket (org.apache.tomcat.embed:tomcat-embed-websocket:10.1.40 - https://tomcat.apache.org/)
        * Apache Velocity - Engine (org.apache.velocity:velocity-engine-core:2.4.1 - http://velocity.apache.org/engine/devel/velocity-engine-core/)
        * Apache Velocity - JSR 223 Scripting (org.apache.velocity:velocity-engine-scripting:2.3 - http://velocity.apache.org/engine/devel/velocity-engine-scripting/)
        * Apache Velocity Tools - Generic tools (org.apache.velocity.tools:velocity-tools-generic:3.1 - https://velocity.apache.org/tools/devel/velocity-tools-generic/)
@@ -323,13 +337,14 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * Apache ZooKeeper - Server (org.apache.zookeeper:zookeeper:3.6.2 - http://zookeeper.apache.org/zookeeper)
        * Apache ZooKeeper - Jute (org.apache.zookeeper:zookeeper-jute:3.6.2 - http://zookeeper.apache.org/zookeeper-jute)
        * org.apiguardian:apiguardian-api (org.apiguardian:apiguardian-api:1.1.2 - https://github.com/apiguardian-team/apiguardian)
-        * AssertJ Core (org.assertj:assertj-core:3.27.3 - https://assertj.github.io/doc/#assertj-core)
+        * AssertJ Core (org.assertj:assertj-core:3.26.3 - https://assertj.github.io/doc/#assertj-core)
        * Evo Inflector (org.atteo:evo-inflector:1.3 - http://atteo.org/static/evo-inflector)
        * attoparser (org.attoparser:attoparser:2.0.7.RELEASE - https://www.attoparser.org)
        * Awaitility (org.awaitility:awaitility:4.2.2 - http://awaitility.org)
        * jose4j (org.bitbucket.b_c:jose4j:0.6.5 - https://bitbucket.org/b_c/jose4j/)
        * TagSoup (org.ccil.cowan.tagsoup:tagsoup:1.2.1 - http://home.ccil.org/~cowan/XML/tagsoup/)
        * Woodstox (org.codehaus.woodstox:wstx-asl:3.2.6 - http://woodstox.codehaus.org)
+        * Cryptacular Library (org.cryptacular:cryptacular:1.2.5 - http://www.cryptacular.org)
        * jems (org.dmfs:jems:1.18 - https://github.com/dmfs/jems)
        * rfc3986-uri (org.dmfs:rfc3986-uri:0.8.1 - https://github.com/dmfs/uri-toolkit)
        * Jetty :: Apache JSP Implementation (org.eclipse.jetty:apache-jsp:9.4.15.v20190215 - http://www.eclipse.org/jetty)
@@ -379,8 +394,8 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * jersey-core-common (org.glassfish.jersey.core:jersey-common:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/jersey-common)
        * jersey-inject-hk2 (org.glassfish.jersey.inject:jersey-hk2:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2)
        * jersey-media-multipart (org.glassfish.jersey.media:jersey-media-multipart:3.1.3 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-media-multipart)
-        * Hibernate Validator Engine (org.hibernate.validator:hibernate-validator:8.0.2.Final - http://hibernate.org/validator/hibernate-validator)
-        * Hibernate Validator Portable Extension (org.hibernate.validator:hibernate-validator-cdi:8.0.2.Final - http://hibernate.org/validator/hibernate-validator-cdi)
+        * Hibernate Validator Engine (org.hibernate.validator:hibernate-validator:8.0.1.Final - http://hibernate.org/validator/hibernate-validator)
+        * Hibernate Validator Portable Extension (org.hibernate.validator:hibernate-validator-cdi:8.0.1.Final - http://hibernate.org/validator/hibernate-validator-cdi)
        * org.immutables.value-annotations (org.immutables:value-annotations:2.9.2 - http://immutables.org/value-annotations)
        * leveldb (org.iq80.leveldb:leveldb:0.12 - http://github.com/dain/leveldb/leveldb)
        * leveldb-api (org.iq80.leveldb:leveldb-api:0.12 - http://github.com/dain/leveldb/leveldb-api)
@@ -400,7 +415,18 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * MockServer & Proxy Netty (org.mock-server:mockserver-netty:5.15.0 - https://www.mock-server.com)
        * jwarc (org.netpreserve:jwarc:0.31.1 - https://github.com/iipc/jwarc)
        * Objenesis (org.objenesis:objenesis:3.2 - http://objenesis.org/objenesis)
-        * org.opentest4j:opentest4j (org.opentest4j:opentest4j:1.3.0 - https://github.com/ota4j-team/opentest4j)
+        * OpenSAML :: Core (org.opensaml:opensaml-core:4.3.2 - http://shibboleth.net/opensaml-core/)
+        * OpenSAML :: Messaging API (org.opensaml:opensaml-messaging-api:4.3.2 - http://shibboleth.net/opensaml-messaging-api/)
+        * OpenSAML :: Profile API (org.opensaml:opensaml-profile-api:4.3.2 - http://shibboleth.net/opensaml-profile-api/)
+        * OpenSAML :: SAML Provider API (org.opensaml:opensaml-saml-api:4.3.2 - http://shibboleth.net/opensaml-saml-api/)
+        * OpenSAML :: SAML Provider Implementations (org.opensaml:opensaml-saml-impl:4.3.2 - http://shibboleth.net/opensaml-saml-impl/)
+        * OpenSAML :: Security API (org.opensaml:opensaml-security-api:4.3.2 - http://shibboleth.net/opensaml-security-api/)
+        * OpenSAML :: Security Implementation (org.opensaml:opensaml-security-impl:4.3.2 - http://shibboleth.net/opensaml-security-impl/)
+        * OpenSAML :: SOAP Provider API (org.opensaml:opensaml-soap-api:4.3.2 - http://shibboleth.net/opensaml-soap-api/)
+        * OpenSAML :: SOAP Provider Implementations (org.opensaml:opensaml-soap-impl:4.3.2 - http://shibboleth.net/opensaml-soap-impl/)
+        * OpenSAML :: Storage API (org.opensaml:opensaml-storage-api:4.3.2 - http://shibboleth.net/opensaml-storage-api/)
+        * OpenSAML :: XML Security API (org.opensaml:opensaml-xmlsec-api:4.3.2 - http://shibboleth.net/opensaml-xmlsec-api/)
+        * OpenSAML :: XML Security Implementation (org.opensaml:opensaml-xmlsec-impl:4.3.2 - http://shibboleth.net/opensaml-xmlsec-impl/)
        * org.roaringbitmap:RoaringBitmap (org.roaringbitmap:RoaringBitmap:1.0.0 - https://github.com/RoaringBitmap/RoaringBitmap)
        * RRD4J (org.rrd4j:rrd4j:3.5 - https://github.com/rrd4j/rrd4j/)
        * Scala Library (org.scala-lang:scala-library:2.13.2 - https://www.scala-lang.org/)
@@ -411,55 +437,56 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * scala-xml (org.scala-lang.modules:scala-xml_2.13:1.3.0 - http://www.scala-lang.org/)
        * JSONassert (org.skyscreamer:jsonassert:1.5.3 - https://github.com/skyscreamer/JSONassert)
        * JCL 1.2 implemented over SLF4J (org.slf4j:jcl-over-slf4j:2.0.17 - http://www.slf4j.org)
-        * Spring AOP (org.springframework:spring-aop:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Beans (org.springframework:spring-beans:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Context (org.springframework:spring-context:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Context Support (org.springframework:spring-context-support:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Core (org.springframework:spring-core:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Expression Language (SpEL) (org.springframework:spring-expression:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Commons Logging Bridge (org.springframework:spring-jcl:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring JDBC (org.springframework:spring-jdbc:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Object/Relational Mapping (org.springframework:spring-orm:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring TestContext Framework (org.springframework:spring-test:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Transaction (org.springframework:spring-tx:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Web (org.springframework:spring-web:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * Spring Web MVC (org.springframework:spring-webmvc:6.2.8 - https://github.com/spring-projects/spring-framework)
-        * spring-boot (org.springframework.boot:spring-boot:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-actuator (org.springframework.boot:spring-boot-actuator:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-actuator-autoconfigure (org.springframework.boot:spring-boot-actuator-autoconfigure:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-autoconfigure (org.springframework.boot:spring-boot-autoconfigure:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter (org.springframework.boot:spring-boot-starter:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-actuator (org.springframework.boot:spring-boot-starter-actuator:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-aop (org.springframework.boot:spring-boot-starter-aop:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-cache (org.springframework.boot:spring-boot-starter-cache:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-data-rest (org.springframework.boot:spring-boot-starter-data-rest:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-json (org.springframework.boot:spring-boot-starter-json:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-log4j2 (org.springframework.boot:spring-boot-starter-log4j2:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-security (org.springframework.boot:spring-boot-starter-security:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-test (org.springframework.boot:spring-boot-starter-test:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-test (org.springframework.boot:spring-boot-test:3.5.3 - https://spring.io/projects/spring-boot)
-        * spring-boot-test-autoconfigure (org.springframework.boot:spring-boot-test-autoconfigure:3.5.3 - https://spring.io/projects/spring-boot)
-        * Spring Data Core (org.springframework.data:spring-data-commons:3.5.1 - https://spring.io/projects/spring-data)
-        * Spring Data REST - Core (org.springframework.data:spring-data-rest-core:4.5.1 - https://www.spring.io/spring-data/spring-data-rest-parent/spring-data-rest-core)
-        * Spring Data REST - WebMVC (org.springframework.data:spring-data-rest-webmvc:4.5.1 - https://www.spring.io/spring-data/spring-data-rest-parent/spring-data-rest-webmvc)
-        * Spring HATEOAS (org.springframework.hateoas:spring-hateoas:2.5.1 - https://github.com/spring-projects/spring-hateoas)
+        * Spring AOP (org.springframework:spring-aop:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Beans (org.springframework:spring-beans:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Context (org.springframework:spring-context:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Context Support (org.springframework:spring-context-support:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Core (org.springframework:spring-core:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Expression Language (SpEL) (org.springframework:spring-expression:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Commons Logging Bridge (org.springframework:spring-jcl:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring JDBC (org.springframework:spring-jdbc:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Object/Relational Mapping (org.springframework:spring-orm:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring TestContext Framework (org.springframework:spring-test:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Transaction (org.springframework:spring-tx:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Web (org.springframework:spring-web:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * Spring Web MVC (org.springframework:spring-webmvc:6.2.7 - https://github.com/spring-projects/spring-framework)
+        * spring-boot (org.springframework.boot:spring-boot:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-actuator (org.springframework.boot:spring-boot-actuator:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-actuator-autoconfigure (org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-autoconfigure (org.springframework.boot:spring-boot-autoconfigure:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter (org.springframework.boot:spring-boot-starter:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-actuator (org.springframework.boot:spring-boot-starter-actuator:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-aop (org.springframework.boot:spring-boot-starter-aop:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-cache (org.springframework.boot:spring-boot-starter-cache:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-data-rest (org.springframework.boot:spring-boot-starter-data-rest:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-json (org.springframework.boot:spring-boot-starter-json:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-log4j2 (org.springframework.boot:spring-boot-starter-log4j2:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-security (org.springframework.boot:spring-boot-starter-security:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-test (org.springframework.boot:spring-boot-starter-test:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-test (org.springframework.boot:spring-boot-test:3.4.5 - https://spring.io/projects/spring-boot)
+        * spring-boot-test-autoconfigure (org.springframework.boot:spring-boot-test-autoconfigure:3.4.5 - https://spring.io/projects/spring-boot)
+        * Spring Data Core (org.springframework.data:spring-data-commons:3.4.5 - https://spring.io/projects/spring-data)
+        * Spring Data REST - Core (org.springframework.data:spring-data-rest-core:4.4.5 - https://www.spring.io/spring-data/spring-data-rest-parent/spring-data-rest-core)
+        * Spring Data REST - WebMVC (org.springframework.data:spring-data-rest-webmvc:4.4.5 - https://www.spring.io/spring-data/spring-data-rest-parent/spring-data-rest-webmvc)
+        * Spring HATEOAS (org.springframework.hateoas:spring-hateoas:2.4.1 - https://github.com/spring-projects/spring-hateoas)
        * Spring Plugin - Core (org.springframework.plugin:spring-plugin-core:3.0.0 - https://github.com/spring-projects/spring-plugin/spring-plugin-core)
-        * spring-security-config (org.springframework.security:spring-security-config:6.5.1 - https://spring.io/projects/spring-security)
-        * spring-security-core (org.springframework.security:spring-security-core:6.5.1 - https://spring.io/projects/spring-security)
-        * spring-security-crypto (org.springframework.security:spring-security-crypto:6.5.1 - https://spring.io/projects/spring-security)
-        * spring-security-test (org.springframework.security:spring-security-test:6.5.1 - https://spring.io/projects/spring-security)
-        * spring-security-web (org.springframework.security:spring-security-web:6.5.1 - https://spring.io/projects/spring-security)
+        * spring-security-config (org.springframework.security:spring-security-config:6.4.5 - https://spring.io/projects/spring-security)
+        * spring-security-core (org.springframework.security:spring-security-core:6.4.5 - https://spring.io/projects/spring-security)
+        * spring-security-crypto (org.springframework.security:spring-security-crypto:6.4.5 - https://spring.io/projects/spring-security)
+        * spring-security-saml2-service-provider (org.springframework.security:spring-security-saml2-service-provider:6.4.5 - https://spring.io/projects/spring-security)
+        * spring-security-test (org.springframework.security:spring-security-test:6.4.5 - https://spring.io/projects/spring-security)
+        * spring-security-web (org.springframework.security:spring-security-web:6.4.5 - https://spring.io/projects/spring-security)
        * thymeleaf (org.thymeleaf:thymeleaf:3.1.3.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf)
        * thymeleaf-spring6 (org.thymeleaf:thymeleaf-spring6:3.1.3.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-spring6)
        * unbescape (org.unbescape:unbescape:1.1.6.RELEASE - http://www.unbescape.org)
        * snappy-java (org.xerial.snappy:snappy-java:1.1.10.1 - https://github.com/xerial/snappy-java)
        * xml-matchers (org.xmlmatchers:xml-matchers:0.10 - http://code.google.com/p/xml-matchers/)
-        * org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.10.2 - https://www.xmlunit.org/)
+        * org.xmlunit:xmlunit-core (org.xmlunit:xmlunit-core:2.10.0 - https://www.xmlunit.org/)
        * org.xmlunit:xmlunit-placeholders (org.xmlunit:xmlunit-placeholders:2.9.1 - https://www.xmlunit.org/xmlunit-placeholders/)
-        * SnakeYAML (org.yaml:snakeyaml:2.4 - https://bitbucket.org/snakeyaml/snakeyaml)
+        * SnakeYAML (org.yaml:snakeyaml:2.3 - https://bitbucket.org/snakeyaml/snakeyaml)
        * Xerces2-j (xerces:xercesImpl:2.12.2 - https://xerces.apache.org/xerces2-j/)

    BSD License:
@@ -491,7 +518,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * asm-analysis (org.ow2.asm:asm-analysis:8.0.1 - http://asm.ow2.io/)
        * asm-commons (org.ow2.asm:asm-commons:8.0.1 - http://asm.ow2.io/)
        * asm-tree (org.ow2.asm:asm-tree:8.0.1 - http://asm.ow2.io/)
-        * PostgreSQL JDBC Driver (org.postgresql:postgresql:42.7.7 - https://jdbc.postgresql.org)
+        * PostgreSQL JDBC Driver (org.postgresql:postgresql:42.7.5 - https://jdbc.postgresql.org)
        * Reflections (org.reflections:reflections:0.9.12 - http://github.com/ronmamo/reflections)
        * JMatIO (org.tallison:jmatio:1.5 - https://github.com/tballison/jmatio)
        * XZ for Java (org.tukaani:xz:1.10 - https://tukaani.org/xz/java.html)
@@ -615,9 +642,6 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * jersey-core-common (org.glassfish.jersey.core:jersey-common:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/jersey-common)
        * jersey-inject-hk2 (org.glassfish.jersey.inject:jersey-hk2:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2)
        * jersey-media-multipart (org.glassfish.jersey.media:jersey-media-multipart:3.1.3 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-media-multipart)
-        * JUnit Platform Commons (org.junit.platform:junit-platform-commons:1.11.4 - https://junit.org/junit5/)
-        * JUnit Platform Engine API (org.junit.platform:junit-platform-engine:1.11.4 - https://junit.org/junit5/)
-        * JUnit Vintage Engine (org.junit.vintage:junit-vintage-engine:5.11.4 - https://junit.org/junit5/)
        * org.locationtech.jts:jts-core (org.locationtech.jts:jts-core:1.19.0 - https://www.locationtech.org/projects/technology.jts/jts-modules/jts-core)
        * org.locationtech.jts.io:jts-io-common (org.locationtech.jts.io:jts-io-common:1.19.0 - https://www.locationtech.org/projects/technology.jts/jts-modules/jts-io/jts-io-common)

@@ -625,12 +649,9 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines

        * juniversalchardet (com.github.albfernandez:juniversalchardet:2.5.0 - https://github.com/albfernandez/juniversalchardet)

-    GNU LESSER GENERAL PUBLIC LICENSE, version 3 (LGPL-3.0):
-
-        * juniversalchardet (com.github.albfernandez:juniversalchardet:2.5.0 - https://github.com/albfernandez/juniversalchardet)
-
    GNU Lesser General Public License (LGPL):

+        * juniversalchardet (com.github.albfernandez:juniversalchardet:2.5.0 - https://github.com/albfernandez/juniversalchardet)
        * btf (com.github.java-json-tools:btf:1.3 - https://github.com/java-json-tools/btf)
        * jackson-coreutils (com.github.java-json-tools:jackson-coreutils:2.0 - https://github.com/java-json-tools/jackson-coreutils)
        * jackson-coreutils-equivalence (com.github.java-json-tools:jackson-coreutils-equivalence:1.0 - https://github.com/java-json-tools/jackson-coreutils)
@@ -639,23 +660,27 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * json-schema-validator (com.github.java-json-tools:json-schema-validator:2.2.14 - https://github.com/java-json-tools/json-schema-validator)
        * msg-simple (com.github.java-json-tools:msg-simple:1.2 - https://github.com/java-json-tools/msg-simple)
        * uri-template (com.github.java-json-tools:uri-template:0.10 - https://github.com/java-json-tools/uri-template)
+        * openpdf (com.github.librepdf:openpdf:2.0.3 - https://github.com/LibrePDF/OpenPDF/openpdf)
        * FindBugs-Annotations (com.google.code.findbugs:annotations:3.0.1u2 - http://findbugs.sourceforge.net/)
        * JHighlight (org.codelibs:jhighlight:1.1.0 - https://github.com/codelibs/jhighlight)
+        * Cryptacular Library (org.cryptacular:cryptacular:1.2.5 - http://www.cryptacular.org)
        * Hibernate Commons Annotations (org.hibernate.common:hibernate-commons-annotations:6.0.6.Final - http://hibernate.org)
        * Hibernate ORM - hibernate-core (org.hibernate.orm:hibernate-core:6.4.8.Final - https://hibernate.org/orm)
        * Hibernate ORM - hibernate-jcache (org.hibernate.orm:hibernate-jcache:6.4.8.Final - https://hibernate.org/orm)
        * Hibernate ORM - hibernate-jpamodelgen (org.hibernate.orm:hibernate-jpamodelgen:6.4.8.Final - https://hibernate.org/orm)
        * im4java (org.im4java:im4java:1.4.0 - http://sourceforge.net/projects/im4java/)
        * Javassist (org.javassist:javassist:3.30.2-GA - https://www.javassist.org/)
+        * Flying Saucer Core Renderer (org.xhtmlrenderer:flying-saucer-core:9.12.0 - http://code.google.com/p/flying-saucer/flying-saucer-core/)
+        * Flying Saucer PDF Rendering (org.xhtmlrenderer:flying-saucer-pdf:9.12.0 - http://code.google.com/p/flying-saucer/flying-saucer-pdf/)
        * XOM (xom:xom:1.3.9 - https://xom.nu)

    Go License:

        * RE2/J (com.google.re2j:re2j:1.2 - http://github.com/google/re2j)

-    Handle.Net Public License Agreement (Ver.3):
+    Handle.Net Public License Agreement (Ver.2):

-        * Handle Server (net.handle:handle:9.3.2 - https://www.handle.net)
+        * Handle Server (net.handle:handle:9.3.1 - https://www.handle.net)

    ISC License:

@@ -672,11 +697,11 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
        * ClassGraph (io.github.classgraph:classgraph:4.8.165 - https://github.com/classgraph/classgraph)
        * JOpt Simple (net.sf.jopt-simple:jopt-simple:5.0.4 - http://jopt-simple.github.io/jopt-simple)
        * Bouncy Castle JavaMail S/MIME APIs (org.bouncycastle:bcmail-jdk18on:1.80 - https://www.bouncycastle.org/download/bouncy-castle-java/)
-        * Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (org.bouncycastle:bcpkix-jdk18on:1.81 - https://www.bouncycastle.org/download/bouncy-castle-java/)
-        * Bouncy Castle Provider (org.bouncycastle:bcprov-jdk18on:1.81 - https://www.bouncycastle.org/download/bouncy-castle-java/)
-        * Bouncy Castle ASN.1 Extension and Utility APIs (org.bouncycastle:bcutil-jdk18on:1.81 - https://www.bouncycastle.org/download/bouncy-castle-java/)
+        * Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (org.bouncycastle:bcpkix-jdk18on:1.80 - https://www.bouncycastle.org/download/bouncy-castle-java/)
+        * Bouncy Castle Provider (org.bouncycastle:bcprov-jdk18on:1.80 - https://www.bouncycastle.org/download/bouncy-castle-java/)
+        * Bouncy Castle ASN.1 Extension and Utility APIs (org.bouncycastle:bcutil-jdk18on:1.80 - https://www.bouncycastle.org/download/bouncy-castle-java/)
        * org.brotli:dec (org.brotli:dec:0.1.2 - http://brotli.org/dec)
-        * Checker Qual (org.checkerframework:checker-qual:3.49.5 - https://checkerframework.org/)
+        * Checker Qual (org.checkerframework:checker-qual:3.49.3 - https://checkerframework.org/)
        * jersey-core-client (org.glassfish.jersey.core:jersey-client:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/jersey-client)
        * jersey-inject-hk2 (org.glassfish.jersey.inject:jersey-hk2:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2)
        * jersey-media-multipart (org.glassfish.jersey.media:jersey-media-multipart:3.1.3 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-media-multipart)
@@ -696,6 +721,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines
    Mozilla Public License:

        * juniversalchardet (com.github.albfernandez:juniversalchardet:2.5.0 - https://github.com/albfernandez/juniversalchardet)
+        * openpdf (com.github.librepdf:openpdf:2.0.3 - https://github.com/LibrePDF/OpenPDF/openpdf)
        * H2 Database Engine (com.h2database:h2:2.3.232 - https://h2database.com)
        * Saxon-HE (net.sf.saxon:Saxon-HE:9.9.1-8 - http://www.saxonica.com/)
        * Javassist (org.javassist:javassist:3.30.2-GA - https://www.javassist.org/)
@@ -703,6 +729,7 @@ https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines

    Public Domain:

+        * AOP alliance (aopalliance:aopalliance:1.0 - http://aopalliance.sourceforge.net)
        * jersey-core-client (org.glassfish.jersey.core:jersey-client:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/jersey-client)
        * jersey-core-common (org.glassfish.jersey.core:jersey-common:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/jersey-common)
        * jersey-inject-hk2 (org.glassfish.jersey.inject:jersey-hk2:3.1.10 - https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2)
--- a/README.md
+++ b/README.md
@@ -33,18 +33,18 @@ Prior versions of DSpace (v6.x and below) used two different UIs (XMLUI and JSPU
 Documentation for each release may be viewed online or downloaded via our [Documentation Wiki](https://wiki.lyrasis.org/display/DSDOC/).

 The latest DSpace Installation instructions are available at:
-https://wiki.lyrasis.org/display/DSDOC8x/Installing+DSpace
+https://wiki.lyrasis.org/display/DSDOC9x/Installing+DSpace

 Please be aware that, as a Java web application, DSpace requires a database (PostgreSQL)
 and a servlet container (usually Tomcat) in order to function.
 More information about these and all other prerequisites can be found in the Installation instructions above.

-## Running DSpace 8 in Docker
+## Running DSpace 9 in Docker

 NOTE: At this time, we do not have production-ready Docker images for DSpace.
 That said, we do have quick-start Docker Compose scripts for development or testing purposes.

-See [Running DSpace 8 with Docker Compose](dspace/src/main/docker-compose/README.md)
+See [Running DSpace 9 with Docker Compose](dspace/src/main/docker-compose/README.md)

 ## Contributing

--- a/checkstyle.xml
+++ b/checkstyle.xml
@@ -106,6 +106,9 @@ For more information on CheckStyle configurations below, see: http://checkstyle.
        <!-- Right braces should be on start of a new line (default value) -->
        <module name="RightCurly"/>

+        <!-- Enforce Java-style array declaration instead of C-style -->
+        <module name="ArrayTypeStyle"/>
+
        <!-- ##### Indentation / Whitespace requirements ##### -->
        <!-- Require 4-space indentation (default value) -->
        <module name="Indentation"/>
--- a/docker-compose-cli.yml
+++ b/docker-compose-cli.yml
@@ -6,7 +6,7 @@ networks:
    external: true
 services:
  dspace-cli:
-    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-cli:${DSPACE_VER:-dspace-8_x}"
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-cli:${DSPACE_VER:-latest}"
    container_name: dspace-cli
    build:
      context: .
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,11 +24,13 @@ services:
      db__P__url: 'jdbc:postgresql://dspacedb:5432/dspace'
      # solr.server: Ensure we are using the 'dspacesolr' image for Solr
      solr__P__server: http://dspacesolr:8983/solr
+      # matomo.tracker.url: Ensure we are using the 'matomo' image for Matomo
+      matomo__P__tracker__P__url: http://matomo
      # proxies.trusted.ipranges: This setting is required for a REST API running in Docker to trust requests
      # from the host machine. This IP range MUST correspond to the 'dspacenet' subnet defined above.
      proxies__P__trusted__P__ipranges: '172.23.0'
      LOGGING_CONFIG: /dspace/config/log4j2-container.xml
-    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace:${DSPACE_VER:-dspace-8_x-test}"
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace:${DSPACE_VER:-latest-test}"
    build:
      context: .
      dockerfile: Dockerfile.test
@@ -63,13 +65,12 @@ services:
  # DSpace PostgreSQL database container
  dspacedb:
    container_name: dspacedb
-    # Uses a custom Postgres image with pgcrypto installed
-    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-postgres-pgcrypto:${DSPACE_VER:-dspace-8_x}"
-    build:
-      # Must build out of subdirectory to have access to install script for pgcrypto
-      context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
+    # Uses the base PostgreSQL image
+    image: "docker.io/postgres:${POSTGRES_VERSION:-15}"
    environment:
      PGDATA: /pgdata
+      POSTGRES_DB: dspace
+      POSTGRES_USER: dspace
      POSTGRES_PASSWORD: dspace
    networks:
      dspacenet:
@@ -84,14 +85,14 @@ services:
  # DSpace Solr container
  dspacesolr:
    container_name: dspacesolr
-    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-solr:${DSPACE_VER:-dspace-8_x}"
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-solr:${DSPACE_VER:-latest}"
    build:
      context: ./dspace/src/main/docker/dspace-solr/
      # Provide path to Solr configs necessary to build Docker image
      additional_contexts:
        solrconfigs: ./dspace/solr/
      args:
-        SOLR_VERSION: "${SOLR_VER:-8.11}"
+        SOLR_VERSION: "${SOLR_VER:-9.8}"
    networks:
      dspacenet:
    ports:
@@ -103,10 +104,15 @@ services:
    volumes:
    # Keep Solr data directory between reboots
    - solr_data:/var/solr/data
+    # NOTE: We are not running Solr as "root", but we need root permissions to copy our cores to the mounted
+    # /var/solr/data directory. Then we start Solr as the "solr" user.
+    user: root
    # Initialize all DSpace Solr cores then start Solr:
    # * First, run precreate-core to create the core (if it doesn't yet exist). If exists already, this is a no-op
    # * Second, copy configsets to this core:
    #   Updates to Solr configs require the container to be rebuilt/restarted: `docker compose -p d7 up -d --build dspacesolr`
+    # * Third, ensure all new folders are owned by "solr" user
+    # * Finally, start Solr as the "solr" user via the provided solr-foreground script
    entrypoint:
    - /bin/bash
    - '-c'
@@ -124,7 +130,8 @@ services:
      cp -r /opt/solr/server/solr/configsets/qaevent/* qaevent
      precreate-core suggestion /opt/solr/server/solr/configsets/suggestion
      cp -r /opt/solr/server/solr/configsets/suggestion/* suggestion
-      exec solr -f
+      chown -R solr:solr /var/solr
+      runuser -u solr -- solr-foreground
 volumes:
  assetstore:
  pgdata:
--- a/dspace-api/pom.xml
+++ b/dspace-api/pom.xml
@@ -12,7 +12,7 @@
    <parent>
        <groupId>org.dspace</groupId>
        <artifactId>dspace-parent</artifactId>
-        <version>8.2</version>
+        <version>10.0-SNAPSHOT</version>
        <relativePath>..</relativePath>
    </parent>

@@ -99,20 +99,6 @@
                </executions>
            </plugin>

-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>build-helper-maven-plugin</artifactId>
-                <version>3.6.1</version>
-                <executions>
-                    <execution>
-                        <phase>validate</phase>
-                        <goals>
-                            <goal>maven-version</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>buildnumber-maven-plugin</artifactId>
@@ -512,10 +498,6 @@
            <groupId>org.apache.pdfbox</groupId>
            <artifactId>pdfbox</artifactId>
        </dependency>
-        <dependency>
-            <groupId>org.apache.pdfbox</groupId>
-            <artifactId>fontbox</artifactId>
-        </dependency>
        <dependency>
            <groupId>com.ibm.icu</groupId>
            <artifactId>icu4j</artifactId>
@@ -653,11 +635,18 @@
            <version>1.1.1</version>
        </dependency>

+        <!-- guava is needed by OAuth, Guice, Mockserver, ORCID, s3mock, Solr, JClouds -->
        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
        </dependency>

+        <!-- Gson is needed by JENA, borker-client, OAuth, Handle and JClouds -->
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+        </dependency>
+
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
@@ -731,7 +720,7 @@
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-s3</artifactId>
-            <version>1.12.785</version>
+            <version>1.12.791</version>
        </dependency>

        <!-- TODO: This may need to be replaced with the "orcid-model" artifact once this ticket is resolved:
@@ -772,7 +761,7 @@
        <dependency>
            <groupId>com.opencsv</groupId>
            <artifactId>opencsv</artifactId>
-            <version>5.11.1</version>
+            <version>5.12.0</version>
        </dependency>

        <!-- Email templating -->
@@ -785,7 +774,7 @@
        <dependency>
            <groupId>org.xmlunit</groupId>
            <artifactId>xmlunit-core</artifactId>
-            <version>2.10.2</version>
+            <version>2.10.4</version>
            <scope>test</scope>
        </dependency>

@@ -861,6 +850,81 @@
            </exclusions>
        </dependency>

+        <!-- JClouds Assetstorage Support -->
+        <dependency>
+            <groupId>org.apache.jclouds</groupId>
+            <artifactId>jclouds-core</artifactId>
+            <version>${jclouds.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.xml.bind</groupId>
+                    <artifactId>jaxb-impl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.annotation</groupId>
+                    <artifactId>javax.annotation-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>jakarta.ws.rs</groupId>
+                    <artifactId>jakarta.ws.rs-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.jclouds</groupId>
+            <artifactId>jclouds-blobstore</artifactId>
+            <version>${jclouds.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>jakarta.ws.rs</groupId>
+                    <artifactId>jakarta.ws.rs-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.jclouds.api</groupId>
+            <artifactId>filesystem</artifactId>
+            <version>${jclouds.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.jclouds.provider</groupId>
+            <artifactId>aws-s3</artifactId>
+            <version>${jclouds.version}</version>
+        </dependency>
+
+        <!-- required frontpage generation -->
+        <dependency>
+            <groupId>org.thymeleaf</groupId>
+            <artifactId>thymeleaf</artifactId>
+            <version>3.1.3.RELEASE</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.javassist</groupId>
+                    <artifactId>javassist</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.xhtmlrenderer</groupId>
+            <artifactId>flying-saucer-pdf</artifactId>
+            <version>9.13.3</version>
+            <exclusions>
+                <!-- Conflicts with Hibernate. Use version that is brought in via Hibernate -->
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
        <dependency>
            <groupId>com.squareup.okhttp3</groupId>
            <artifactId>mockwebserver</artifactId>
--- a/dspace-api/src/main/java/org/dspace/access/status/AccessStatusHelper.java
+++ b/dspace-api/src/main/java/org/dspace/access/status/AccessStatusHelper.java
@@ -8,8 +8,10 @@
 package org.dspace.access.status;

 import java.sql.SQLException;
-import java.util.Date;
+import java.time.LocalDate;

+import org.dspace.content.AccessStatus;
+import org.dspace.content.Bitstream;
 import org.dspace.content.Item;
 import org.dspace.core.Context;

@@ -21,22 +23,37 @@ public interface AccessStatusHelper {
     * Calculate the access status for the item.
     *
     * @param context the DSpace context
-     * @param item    the item
+     * @param item the item
     * @param threshold the embargo threshold date
-     * @return an access status value
+     * @param type the type of calculation
+     * @return the access status
     * @throws SQLException An exception that provides information on a database access error or other errors.
     */
-    public String getAccessStatusFromItem(Context context, Item item, Date threshold)
-        throws SQLException;
+    public AccessStatus getAccessStatusFromItem(Context context,
+        Item item, LocalDate threshold, String type) throws SQLException;

    /**
-     * Retrieve embargo information for the item
+     * Calculate the anonymous access status for the item.
     *
     * @param context the DSpace context
     * @param item the item to check for embargo information
     * @param threshold the embargo threshold date
-     * @return an embargo date
+     * @return the access status
     * @throws SQLException An exception that provides information on a database access error or other errors.
     */
-    public String getEmbargoFromItem(Context context, Item item, Date threshold) throws SQLException;
+    public AccessStatus getAnonymousAccessStatusFromItem(Context context,
+        Item item, LocalDate threshold) throws SQLException;
+
+    /**
+     * Calculate the access status for the bitstream.
+     *
+     * @param context the DSpace context
+     * @param bitstream the bitstream
+     * @param threshold the embargo threshold date
+     * @param type the type of calculation
+     * @return the access status
+     * @throws SQLException An exception that provides information on a database access error or other errors.
+     */
+    public AccessStatus getAccessStatusFromBitstream(Context context,
+        Bitstream bitstream, LocalDate threshold, String type) throws SQLException;
 }
--- a/dspace-api/src/main/java/org/dspace/access/status/AccessStatusServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/access/status/AccessStatusServiceImpl.java
@@ -10,9 +10,13 @@ package org.dspace.access.status;
 import java.sql.SQLException;
 import java.time.LocalDate;
 import java.time.ZoneId;
-import java.util.Date;

+import org.apache.commons.lang3.StringUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.dspace.access.status.service.AccessStatusService;
+import org.dspace.content.AccessStatus;
+import org.dspace.content.Bitstream;
 import org.dspace.content.Item;
 import org.dspace.core.Context;
 import org.dspace.core.service.PluginService;
@@ -23,10 +27,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 * Implementation for the access status calculation service.
 */
 public class AccessStatusServiceImpl implements AccessStatusService {
+    private static final Logger log = LogManager.getLogger(AccessStatusServiceImpl.class);
+
    // Plugin implementation, set from the DSpace configuration by init().
    protected AccessStatusHelper helper = null;

-    protected Date forever_date = null;
+    protected LocalDate forever_date = null;
+
+    protected String itemCalculationType = null;
+    protected String bitstreamCalculationType = null;

    @Autowired(required = true)
    protected ConfigurationService configurationService;
@@ -56,20 +65,39 @@ public class AccessStatusServiceImpl implements AccessStatusService {
            int month = configurationService.getIntProperty("access.status.embargo.forever.month");
            int day = configurationService.getIntProperty("access.status.embargo.forever.day");

-            forever_date = Date.from(LocalDate.of(year, month, day)
+            forever_date = LocalDate.of(year, month, day)
                    .atStartOfDay()
                    .atZone(ZoneId.systemDefault())
-                    .toInstant());
+                    .toLocalDate();
+
+            itemCalculationType = getAccessStatusCalculationType("access.status.for-user.item");
+            bitstreamCalculationType = getAccessStatusCalculationType("access.status.for-user.bitstream");
        }
    }

    @Override
-    public String getAccessStatus(Context context, Item item) throws SQLException {
-        return helper.getAccessStatusFromItem(context, item, forever_date);
+    public AccessStatus getAccessStatus(Context context, Item item) throws SQLException {
+        return helper.getAccessStatusFromItem(context, item, forever_date, itemCalculationType);
    }

    @Override
-    public String getEmbargoFromItem(Context context, Item item) throws SQLException {
-        return helper.getEmbargoFromItem(context, item, forever_date);
+    public AccessStatus getAnonymousAccessStatus(Context context, Item item) throws SQLException {
+        return helper.getAnonymousAccessStatusFromItem(context, item, forever_date);
+    }
+
+    @Override
+    public AccessStatus getAccessStatus(Context context, Bitstream bitstream) throws SQLException {
+        return helper.getAccessStatusFromBitstream(context, bitstream, forever_date, bitstreamCalculationType);
+    }
+
+    private String getAccessStatusCalculationType(String key) {
+        String value = configurationService.getProperty(key, DefaultAccessStatusHelper.STATUS_FOR_ANONYMOUS);
+        if (!StringUtils.equalsIgnoreCase(value, DefaultAccessStatusHelper.STATUS_FOR_ANONYMOUS) &&
+            !StringUtils.equalsIgnoreCase(value, DefaultAccessStatusHelper.STATUS_FOR_CURRENT_USER)) {
+            log.warn("The configuration parameter \"" + key
+                + "\" contains an invalid value. Valid values include: 'anonymous' and 'current'.");
+            value = DefaultAccessStatusHelper.STATUS_FOR_ANONYMOUS;
+        }
+        return value;
    }
 }
--- a/dspace-api/src/main/java/org/dspace/access/status/DefaultAccessStatusHelper.java
+++ b/dspace-api/src/main/java/org/dspace/access/status/DefaultAccessStatusHelper.java
@@ -8,16 +8,18 @@
 package org.dspace.access.status;

 import java.sql.SQLException;
-import java.time.Instant;
-import java.util.Date;
+import java.time.LocalDate;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
+import java.util.stream.Collectors;

 import org.apache.commons.lang3.StringUtils;
 import org.dspace.authorize.ResourcePolicy;
 import org.dspace.authorize.factory.AuthorizeServiceFactory;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.authorize.service.ResourcePolicyService;
+import org.dspace.content.AccessStatus;
 import org.dspace.content.Bitstream;
 import org.dspace.content.Bundle;
 import org.dspace.content.DSpaceObject;
@@ -26,21 +28,23 @@ import org.dspace.content.factory.ContentServiceFactory;
 import org.dspace.content.service.ItemService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
 import org.dspace.eperson.Group;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.GroupService;

 /**
 * Default plugin implementation of the access status helper.
- * The getAccessStatusFromItem method provides a simple logic to
- * calculate the access status of an item based on the policies of
- * the primary or the first bitstream in the original bundle.
- * Users can override this method for enhanced functionality.
- *
- * The getEmbargoInformationFromItem method provides a simple logic to
- *  * retrieve embargo information of bitstreams from an item based on the policies of
- *  * the primary or the first bitstream in the original bundle.
- *  * Users can override this method for enhanced functionality.
+ * 
+ * The methods provides a simple logic to calculate the access status
+ * of an item based on the policies of the primary or the first bitstream
+ * in the original bundle. Users can override those methods for
+ * enhanced functionality.
 */
 public class DefaultAccessStatusHelper implements AccessStatusHelper {
+    public static final String STATUS_FOR_CURRENT_USER  = "current";
+    public static final String STATUS_FOR_ANONYMOUS  = "anonymous";
+
    public static final String EMBARGO = "embargo";
    public static final String METADATA_ONLY = "metadata.only";
    public static final String OPEN_ACCESS = "open.access";
@@ -53,13 +57,15 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
            AuthorizeServiceFactory.getInstance().getResourcePolicyService();
    protected AuthorizeService authorizeService =
            AuthorizeServiceFactory.getInstance().getAuthorizeService();
+    protected GroupService groupService =
+            EPersonServiceFactory.getInstance().getGroupService();

    public DefaultAccessStatusHelper() {
        super();
    }

    /**
-     * Look at the item's policies to determine an access status value.
+     * Look at the item's primary or first bitstream policies to determine an access status value.
     * It is also considering a date threshold for embargoes and restrictions.
     *
     * If the item is null, simply returns the "unknown" value.
@@ -67,14 +73,70 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
     * @param context     the DSpace context
     * @param item        the item to check for embargoes
     * @param threshold   the embargo threshold date
-     * @return an access status value
+     * @param type        the type of calculation
+     * @return the access status
     */
    @Override
-    public String getAccessStatusFromItem(Context context, Item item, Date threshold)
+    public AccessStatus getAccessStatusFromItem(Context context, Item item, LocalDate threshold, String type)
            throws SQLException {
        if (item == null) {
-            return UNKNOWN;
+            return new AccessStatus(UNKNOWN, null);
        }
+        Bitstream bitstream = getPrimaryOrFirstBitstreamInOriginalBundle(item);
+        if (bitstream == null) {
+            return new AccessStatus(METADATA_ONLY, null);
+        }
+        return getAccessStatusFromBitstream(context, bitstream, threshold, type);
+    }
+
+    /**
+     * Look at the bitstream policies to determine an access status value.
+     * It is also considering a date threshold for embargoes and restrictions.
+     *
+     * If the bitstream is null, simply returns the "unknown" value.
+     *
+     * @param context     the DSpace context
+     * @param bitstream   the bitstream to check for embargoes
+     * @param threshold   the embargo threshold date
+     * @param type        the type of calculation
+     * @return the access status
+     */
+    @Override
+    public AccessStatus getAccessStatusFromBitstream(Context context,
+        Bitstream bitstream, LocalDate threshold, String type) throws SQLException {
+        if (bitstream == null) {
+            return new AccessStatus(UNKNOWN, null);
+        }
+        List<ResourcePolicy> policies = getReadPolicies(context, bitstream, type);
+        LocalDate availabilityDate = findAvailabilityDate(policies, threshold);
+        // Get the access status based on the availability date
+        String accessStatus = getAccessStatusFromAvailabilityDate(availabilityDate, threshold);
+        return new AccessStatus(accessStatus, availabilityDate);
+    }
+
+    /**
+     * Look at the anonymous policies of the primary (or first)
+     * bitstream of the item to retrieve its embargo.
+     *
+     * @param context       the DSpace context
+     * @param item          the item
+     * @param threshold     the embargo threshold date
+     * @return the access status
+     */
+    @Override
+    public AccessStatus getAnonymousAccessStatusFromItem(Context context, Item item, LocalDate threshold)
+            throws SQLException {
+        return getAccessStatusFromItem(context, item, threshold, STATUS_FOR_ANONYMOUS);
+    }
+
+    /**
+     * Look in the item's original bundle. First, try to get the primary bitstream.
+     * If the bitstream is null, simply returns the first one.
+     *
+     * @param item      the DSpace item
+     * @return the bitstream
+     */
+    private Bitstream getPrimaryOrFirstBitstreamInOriginalBundle(Item item) {
        // Consider only the original bundles.
        List<Bundle> bundles = item.getBundles(Constants.DEFAULT_BUNDLE_NAME);
        // Check for primary bitstreams first.
@@ -92,157 +154,159 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
                .findFirst()
                .orElse(null);
        }
-        return calculateAccessStatusForDso(context, bitstream, threshold);
+        return bitstream;
    }

    /**
-     * Look at the DSpace object's policies to determine an access status value.
+     * Retrieves the anonymous read policies for a DSpace object
+     *
+     * @param context   the DSpace context
+     * @param dso       the DSpace object
+     * @return a list of policies
+     */
+    private List<ResourcePolicy> getAnonymousReadPolicies(Context context, DSpaceObject dso)
+            throws SQLException {
+        // Only consider read policies. Use the find without a group
+        // as it's not returning all expected values
+        List<ResourcePolicy> readPolicies = resourcePolicyService.find(context, dso, Constants.READ);
+        // Filter the policies with the anonymous group
+        List<ResourcePolicy> filteredPolicies = readPolicies.stream()
+            .filter(p -> p.getGroup() != null && StringUtils.equals(p.getGroup().getName(), Group.ANONYMOUS))
+            .collect(Collectors.toList());
+        return filteredPolicies;
+    }
+
+    /**
+     * Retrieves the current user read policies for a DSpace object
+     *
+     * @param context   the DSpace context
+     * @param dso       the DSpace object
+     * @return a list of policies
+     */
+    private List<ResourcePolicy> getCurrentUserReadPolicies(Context context, DSpaceObject dso)
+            throws SQLException {
+        // First, look if the current user can read the object
+        boolean canRead = authorizeService.authorizeActionBoolean(context, dso, Constants.READ);
+        // If it's true, it can't be an embargo or a restriction, shortcircuit the process
+        // and return a null value (indicating an open access)
+        if (canRead) {
+            return null;
+        }
+        // Only consider read policies
+        List<ResourcePolicy> policies = resourcePolicyService.find(context, dso, Constants.READ);
+        // Only calculate the embargo date for the current user
+        EPerson currentUser = context.getCurrentUser();
+        List<ResourcePolicy> readPolicies = new ArrayList<ResourcePolicy>();
+        for (ResourcePolicy policy : policies) {
+            EPerson eperson = policy.getEPerson();
+            if (eperson != null && currentUser != null && eperson.getID() == currentUser.getID()) {
+                readPolicies.add(policy);
+                continue;
+            }
+            Group group = policy.getGroup();
+            if (group != null && groupService.isMember(context, currentUser, group)) {
+                readPolicies.add(policy);
+            }
+        }
+        return readPolicies;
+    }
+
+    /**
+     * Retrieves the read policies for a DSpace object based on the type
+     * 
+     * If the type is current, consider the current logged in user
+     * If the type is anonymous, only consider the anonymous group
+     *
+     * @param context   the DSpace context
+     * @param dso       the DSpace object
+     * @param type      the type of calculation
+     * @return a list of policies
+     */
+    private List<ResourcePolicy> getReadPolicies(Context context, DSpaceObject dso, String type)
+            throws SQLException {
+        if (StringUtils.equalsIgnoreCase(type, STATUS_FOR_CURRENT_USER)) {
+            return getCurrentUserReadPolicies(context, dso);
+        } else {
+            // Only calculate the status for the anonymous group read policies
+            return getAnonymousReadPolicies(context, dso);
+        }
+    }
+
+    /**
+     * Look at the read policies to retrieve the access status availability date.
+     *
+     * @param readPolicies  the read policies
+     * @param threshold     the embargo threshold date
+     * @return an availability date
+     */
+    private LocalDate findAvailabilityDate(List<ResourcePolicy> readPolicies, LocalDate threshold) {
+        // If the list is null, the object is readable
+        if (readPolicies == null) {
+            return null;
+        }
+        // If there's no policies, return the threshold date (restriction)
+        if (readPolicies.size() == 0) {
+            return threshold;
+        }
+        LocalDate availabilityDate = null;
+        LocalDate currentDate = LocalDate.now();
+        boolean takeMostRecentDate = true;
+        // Looks at all read policies
+        for (ResourcePolicy policy : readPolicies) {
+            boolean isValid = resourcePolicyService.isDateValid(policy);
+            // If any policy is valid, the object is accessible
+            if (isValid) {
+                return null;
+            }
+            // There may be an active embargo
+            LocalDate startDate = policy.getStartDate();
+            // Ignore policy with no start date or which is expired
+            if (startDate == null || startDate.isBefore(currentDate)) {
+                continue;
+            }
+            // Policy with a start date over the threshold (restriction)
+            // overrides the embargos
+            if (!startDate.isBefore(threshold)) {
+                takeMostRecentDate = false;
+            }
+            // Take the most recent embargo date if there is no restriction, otherwise
+            // take the highest date (account for rare cases where more than one resource
+            // policy exists)
+            if (availabilityDate == null) {
+                availabilityDate = startDate;
+            } else if (takeMostRecentDate) {
+                availabilityDate = startDate.isBefore(availabilityDate) ? startDate : availabilityDate;
+            } else {
+                availabilityDate = startDate.isAfter(availabilityDate) ? startDate : availabilityDate;
+            }
+        }
+        return availabilityDate;
+    }
+
+    /**
+     * Look at the DSpace object availability date to determine an access status value.
     *
     * If the object is null, returns the "metadata.only" value.
-     * If any policy attached to the object is valid for the anonymous group,
-     * returns the "open.access" value.
-     * Otherwise, if the policy start date is before the embargo threshold date,
-     * returns the "embargo" value.
-     * Every other cases return the "restricted" value.
+     * If there's no availability date, returns the "open.access" value.
+     * If the availability date is after or equal to the embargo
+     * threshold date, returns the "restricted" value.
+     * Every other cases return the "embargo" value.
     *
-     * @param context     the DSpace context
-     * @param dso         the DSpace object
-     * @param threshold   the embargo threshold date
+     * @param availabilityDate  the DSpace object availability date
+     * @param threshold         the embargo threshold date
     * @return an access status value
     */
-    private String calculateAccessStatusForDso(Context context, DSpaceObject dso, Date threshold)
-            throws SQLException {
-        if (dso == null) {
-            return METADATA_ONLY;
-        }
-        // Only consider read policies.
-        List<ResourcePolicy> policies = authorizeService
-            .getPoliciesActionFilter(context, dso, Constants.READ);
-        int openAccessCount = 0;
-        int embargoCount = 0;
-        int restrictedCount = 0;
-        int unknownCount = 0;
-        // Looks at all read policies.
-        for (ResourcePolicy policy : policies) {
-            boolean isValid = resourcePolicyService.isDateValid(policy);
-            Group group = policy.getGroup();
-            // The group must not be null here. However,
-            // if it is, consider this as an unexpected case.
-            if (group == null) {
-                unknownCount++;
-            } else if (StringUtils.equals(group.getName(), Group.ANONYMOUS)) {
-                // Only calculate the status for the anonymous group.
-                if (isValid) {
-                    // If the policy is valid, the anonymous group have access
-                    // to the bitstream.
-                    openAccessCount++;
-                } else {
-                    Date startDate = policy.getStartDate();
-                    if (startDate != null && !startDate.before(threshold)) {
-                        // If the policy start date have a value and if this value
-                        // is equal or superior to the configured forever date, the
-                        // access status is also restricted.
-                        restrictedCount++;
-                    } else {
-                        // If the current date is not between the policy start date
-                        // and end date, the access status is embargo.
-                        embargoCount++;
-                    }
-                }
-            }
-        }
-        if (openAccessCount > 0) {
+    private String getAccessStatusFromAvailabilityDate(LocalDate availabilityDate, LocalDate threshold) {
+        // If there is no availability date, it's an open access.
+        if (availabilityDate == null) {
            return OPEN_ACCESS;
        }
-        if (embargoCount > 0 && restrictedCount == 0) {
-            return EMBARGO;
+        // If the policy start date have a value and if this value
+        // is equal or superior to the configured forever date, the
+        // access status is also restricted.
+        if (!availabilityDate.isBefore(threshold)) {
+            return RESTRICTED;
        }
-        if (unknownCount > 0) {
-            return UNKNOWN;
-        }
-        return RESTRICTED;
-    }
-
-    /**
-     * Look at the policies of the primary (or first) bitstream of the item to retrieve its embargo.
-     *
-     * If the item is null, simply returns an empty map with no embargo information.
-     *
-     * @param context     the DSpace context
-     * @param item        the item to embargo
-     * @return an access status value
-     */
-    @Override
-    public String getEmbargoFromItem(Context context, Item item, Date threshold)
-            throws SQLException {
-        Date embargoDate;
-
-        // If Item status is not "embargo" then return a null embargo date.
-        String accessStatus = getAccessStatusFromItem(context, item, threshold);
-
-        if (item == null || !accessStatus.equals(EMBARGO)) {
-            return null;
-        }
-        // Consider only the original bundles.
-        List<Bundle> bundles = item.getBundles(Constants.DEFAULT_BUNDLE_NAME);
-        // Check for primary bitstreams first.
-        Bitstream bitstream = bundles.stream()
-                .map(bundle -> bundle.getPrimaryBitstream())
-                .filter(Objects::nonNull)
-                .findFirst()
-                .orElse(null);
-        if (bitstream == null) {
-            // If there is no primary bitstream,
-            // take the first bitstream in the bundles.
-            bitstream = bundles.stream()
-                    .map(bundle -> bundle.getBitstreams())
-                    .flatMap(List::stream)
-                    .findFirst()
-                    .orElse(null);
-        }
-
-        if (bitstream == null) {
-            return null;
-        }
-
-        embargoDate = this.retrieveShortestEmbargo(context, bitstream);
-
-        return embargoDate != null ? embargoDate.toString() : null;
-    }
-
-    /**
-     *
-     */
-    private Date retrieveShortestEmbargo(Context context, Bitstream bitstream) throws SQLException {
-        Date embargoDate = null;
-        // Only consider read policies.
-        List<ResourcePolicy> policies = authorizeService
-                .getPoliciesActionFilter(context, bitstream, Constants.READ);
-
-        // Looks at all read policies.
-        for (ResourcePolicy policy : policies) {
-            boolean isValid = resourcePolicyService.isDateValid(policy);
-            Group group = policy.getGroup();
-
-            if (group != null && StringUtils.equals(group.getName(), Group.ANONYMOUS)) {
-                // Only calculate the status for the anonymous group.
-                if (!isValid) {
-                    // If the policy is not valid there is an active embargo
-                    Date startDate = policy.getStartDate();
-
-                    if (startDate != null && !startDate.before(Date.from(Instant.now()))) {
-                        // There is an active embargo: aim to take the shortest embargo (account for rare cases where
-                        // more than one resource policy exists)
-                        if (embargoDate == null) {
-                            embargoDate = startDate;
-                        } else {
-                            embargoDate = startDate.before(embargoDate) ? startDate : embargoDate;
-                        }
-                    }
-                }
-            }
-        }
-
-        return embargoDate;
+        return EMBARGO;
    }
 }
--- a/dspace-api/src/main/java/org/dspace/access/status/service/AccessStatusService.java
+++ b/dspace-api/src/main/java/org/dspace/access/status/service/AccessStatusService.java
@@ -9,6 +9,8 @@ package org.dspace.access.status.service;

 import java.sql.SQLException;

+import org.dspace.content.AccessStatus;
+import org.dspace.content.Bitstream;
 import org.dspace.content.Item;
 import org.dspace.core.Context;

@@ -18,7 +20,7 @@ import org.dspace.core.Context;
 * Configuration properties: (with examples)
 * {@code
 * # values for the forever embargo date threshold
- * # This threshold date is used in the default access status helper to dermine if an item is
+ * # This threshold date is used in the default access status helper to determine if an item is
 * # restricted or embargoed based on the start date of the primary (or first) file policies.
 * # In this case, if the policy start date is inferior to the threshold date, the status will
 * # be embargo, else it will be restricted.
@@ -39,19 +41,29 @@ public interface AccessStatusService {
     * Calculate the access status for an Item while considering the forever embargo date threshold.
     *
     * @param context the DSpace context
-     * @param item    the item
-     * @return an access status value
+     * @param item the item
+     * @return the access status
     * @throws SQLException An exception that provides information on a database access error or other errors.
     */
-    public String getAccessStatus(Context context, Item item) throws SQLException;
+    public AccessStatus getAccessStatus(Context context, Item item) throws SQLException;

    /**
-     * Retrieve embargo information for the item
+     * Calculate the anonymous access status for an Item while considering the forever embargo date threshold.
     *
     * @param context the DSpace context
     * @param item the item to check for embargo information
-     * @return an embargo date
+     * @return the access status
     * @throws SQLException An exception that provides information on a database access error or other errors.
     */
-    public String getEmbargoFromItem(Context context, Item item) throws SQLException;
+    public AccessStatus getAnonymousAccessStatus(Context context, Item item) throws SQLException;
+
+    /**
+     * Calculate the access status for a bitstream while considering the forever embargo date threshold.
+     *
+     * @param context the DSpace context
+     * @param bitstream the bitstream
+     * @return the access status
+     * @throws SQLException An exception that provides information on a database access error or other errors.
+     */
+    public AccessStatus getAccessStatus(Context context, Bitstream bitstream) throws SQLException;
 }
--- a/dspace-api/src/main/java/org/dspace/administer/ProcessCleaner.java
+++ b/dspace-api/src/main/java/org/dspace/administer/ProcessCleaner.java
@@ -9,12 +9,12 @@ package org.dspace.administer;

 import java.io.IOException;
 import java.sql.SQLException;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;

 import org.apache.commons.cli.ParseException;
-import org.apache.commons.lang.time.DateUtils;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.ProcessStatus;
 import org.dspace.core.Context;
@@ -96,7 +96,7 @@ public class ProcessCleaner extends DSpaceRunnable<ProcessCleanerConfiguration<P
    private void performDeletion(Context context) throws SQLException, IOException, AuthorizeException {

        List<ProcessStatus> statuses = getProcessToDeleteStatuses();
-        Date creationDate = calculateCreationDate();
+        Instant creationDate = calculateCreationDate();

        handler.logInfo("Searching for processes with status: " + statuses);
        List<Process> processes = processService.findByStatusAndCreationTimeOlderThan(context, statuses, creationDate);
@@ -126,8 +126,8 @@ public class ProcessCleaner extends DSpaceRunnable<ProcessCleanerConfiguration<P
        return statuses;
    }

-    private Date calculateCreationDate() {
-        return DateUtils.addDays(new Date(), -days);
+    private Instant calculateCreationDate() {
+        return Instant.now().minus(days, ChronoUnit.DAYS);
    }

    @Override
--- a/dspace-api/src/main/java/org/dspace/administer/StructBuilder.java
+++ b/dspace-api/src/main/java/org/dspace/administer/StructBuilder.java
@@ -46,6 +46,7 @@ import org.dspace.app.util.XMLUtils;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Collection;
 import org.dspace.content.Community;
+import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
 import org.dspace.content.MetadataFieldName;
 import org.dspace.content.MetadataSchemaEnum;
@@ -53,6 +54,7 @@ import org.dspace.content.MetadataValue;
 import org.dspace.content.factory.ContentServiceFactory;
 import org.dspace.content.service.CollectionService;
 import org.dspace.content.service.CommunityService;
+import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.eperson.factory.EPersonServiceFactory;
 import org.dspace.eperson.service.EPersonService;
@@ -169,6 +171,10 @@ public class StructBuilder {
                .desc("File to receive the structure map ('-' for standard out).")
                .hasArg().argName("output").required().build());

+        options.addOption(Option.builder("p").longOpt("parent")
+                .desc("Parent community or handle (optional)")
+                .hasArg().argName("parent").required(false).build());
+
        // Parse the command line.
        CommandLineParser parser = new DefaultParser();
        CommandLine line = null;
@@ -202,6 +208,11 @@ public class StructBuilder {
            outputStream = new FileOutputStream(output);
        }

+        String parentID = null;
+        if (line.hasOption('p')) {
+            parentID = line.getOptionValue('p');
+        }
+
        // create a context
        Context context = new Context();

@@ -214,6 +225,30 @@ public class StructBuilder {
            System.exit(1);
        }

+        // Resolve optional "parent community" ID or handle to a community
+        Community parent = null;
+        if (parentID != null) {
+            DSpaceObject dso = handleService.resolveToObject(context, parentID);
+            if (dso != null) {
+                if (dso.getType() == Constants.COMMUNITY) {
+                    parent = (Community) dso;
+                } else {
+                    System.out.println("The handle provided for the -p option does not resolve to a community. " +
+                        parentID + " is an object of type: " + Constants.typeText[dso.getType()]);
+                    System.exit(0);
+                }
+            } else {
+                // Not a handle, see if it is an ID
+                Community community = communityService.findByIdOrLegacyId(context, parentID);
+                if (community != null) {
+                    parent = community;
+                } else {
+                    System.out.println("The value provided for -p is not a valid community ID or handle: " + parentID);
+                    System.exit(0);
+                }
+            }
+        }
+
        // Export? Import?
        if (line.hasOption('x')) { // export
            exportStructure(context, outputStream);
@@ -233,7 +268,7 @@ public class StructBuilder {
            }

            boolean keepHandles = options.hasOption("k");
-            importStructure(context, inputStream, outputStream, keepHandles);
+            importStructure(context, inputStream, outputStream, parent, keepHandles);

            inputStream.close();
            outputStream.close();
@@ -250,6 +285,7 @@ public class StructBuilder {
     * @param context
     * @param input XML which describes the new communities and collections.
     * @param output input, annotated with the new objects' identifiers.
+     * @param parent Community beneath which to attach this structure
     * @param keepHandles true if Handles should be set from input.
     * @throws IOException
     * @throws ParserConfigurationException
@@ -258,7 +294,7 @@ public class StructBuilder {
     * @throws SQLException
     */
    static void importStructure(Context context, InputStream input,
-            OutputStream output, boolean keepHandles)
+            OutputStream output, Community parent, boolean keepHandles)
            throws IOException, ParserConfigurationException, SQLException,
            TransformerException, XPathExpressionException {

@@ -325,7 +361,7 @@ public class StructBuilder {
                                             .evaluate(document, XPathConstants.NODESET);

            // run the import starting with the top level communities
-            elements = handleCommunities(context, first, null, keepHandles);
+            elements = handleCommunities(context, first, parent, keepHandles);
        } catch (TransformerException ex) {
            System.err.format("Input content not understood:  %s%n", ex.getMessage());
            System.exit(1);
--- a/dspace-api/src/main/java/org/dspace/alerts/SystemWideAlert.java
+++ b/dspace-api/src/main/java/org/dspace/alerts/SystemWideAlert.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.alerts;

-import java.util.Date;
+import java.time.ZonedDateTime;

 import jakarta.persistence.Cacheable;
 import jakarta.persistence.Column;
@@ -17,8 +17,6 @@ import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.SequenceGenerator;
 import jakarta.persistence.Table;
-import jakarta.persistence.Temporal;
-import jakarta.persistence.TemporalType;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 import org.dspace.core.ReloadableEntity;
@@ -46,8 +44,7 @@ public class SystemWideAlert implements ReloadableEntity<Integer> {
    private String allowSessions;

    @Column(name = "countdown_to")
-    @Temporal(TemporalType.TIMESTAMP)
-    private Date countdownTo;
+    private ZonedDateTime countdownTo;

    @Column(name = "active")
    private boolean active;
@@ -115,7 +112,7 @@ public class SystemWideAlert implements ReloadableEntity<Integer> {
     *
     * @return the date to which will be count down when the system-wide alert is active
     */
-    public Date getCountdownTo() {
+    public ZonedDateTime getCountdownTo() {
        return countdownTo;
    }

@@ -124,7 +121,7 @@ public class SystemWideAlert implements ReloadableEntity<Integer> {
     *
     * @param countdownTo The date to which will be count down
     */
-    public void setCountdownTo(final Date countdownTo) {
+    public void setCountdownTo(final ZonedDateTime countdownTo) {
        this.countdownTo = countdownTo;
    }

--- a/dspace-api/src/main/java/org/dspace/alerts/SystemWideAlertServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/alerts/SystemWideAlertServiceImpl.java
@@ -9,7 +9,7 @@ package org.dspace.alerts;

 import java.io.IOException;
 import java.sql.SQLException;
-import java.util.Date;
+import java.time.ZonedDateTime;
 import java.util.List;

 import org.apache.logging.log4j.Logger;
@@ -39,7 +39,7 @@ public class SystemWideAlertServiceImpl implements SystemWideAlertService {
    @Override
    public SystemWideAlert create(final Context context, final String message,
                                  final AllowSessionsEnum allowSessionsType,
-                                  final Date countdownTo, final boolean active) throws SQLException,
+                                  final ZonedDateTime countdownTo, final boolean active) throws SQLException,
            AuthorizeException {
        if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException(
--- a/dspace-api/src/main/java/org/dspace/alerts/service/SystemWideAlertService.java
+++ b/dspace-api/src/main/java/org/dspace/alerts/service/SystemWideAlertService.java
@@ -9,7 +9,7 @@ package org.dspace.alerts.service;

 import java.io.IOException;
 import java.sql.SQLException;
-import java.util.Date;
+import java.time.ZonedDateTime;
 import java.util.List;

 import org.dspace.alerts.AllowSessionsEnum;
@@ -35,7 +35,7 @@ public interface SystemWideAlertService {
     * @throws SQLException If something goes wrong
     */
    SystemWideAlert create(Context context, String message, AllowSessionsEnum allowSessionsType,
-                           Date countdownTo, boolean active
+                           ZonedDateTime countdownTo, boolean active
    ) throws SQLException, AuthorizeException;

    /**
--- a/dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControl.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControl.java
@@ -16,10 +16,10 @@ import static org.dspace.core.Constants.CONTENT_BUNDLE_NAME;
 import java.io.IOException;
 import java.io.InputStream;
 import java.sql.SQLException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
+import java.time.LocalDate;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -154,7 +154,7 @@ public class BulkAccessControl extends DSpaceRunnable<BulkAccessControlScriptCon
        }

        ObjectMapper mapper = new ObjectMapper();
-        mapper.setTimeZone(TimeZone.getTimeZone("UTC"));
+        mapper.setTimeZone(TimeZone.getTimeZone(ZoneOffset.UTC));
        BulkAccessControlInput accessControl;
        context = new Context(Context.Mode.BATCH_EDIT);
        setEPerson(context);
@@ -312,7 +312,7 @@ public class BulkAccessControl extends DSpaceRunnable<BulkAccessControlScriptCon
     * check the validation of access condition,
     * the access condition name must equal to one of configured access conditions,
     * then call {@link AccessConditionOption#validateResourcePolicy(
-     * Context, String, Date, Date)} if exception happens so, it's invalid.
+     * Context, String, LocalDate, LocalDate)} if exception happens so, it's invalid.
     *
     * @param accessCondition the accessCondition
     * @throws BulkAccessControlException if the accessCondition is invalid
@@ -596,8 +596,8 @@ public class BulkAccessControl extends DSpaceRunnable<BulkAccessControlScriptCon

        String name = accessCondition.getName();
        String description = accessCondition.getDescription();
-        Date startDate = accessCondition.getStartDate();
-        Date endDate = accessCondition.getEndDate();
+        LocalDate startDate = accessCondition.getStartDate();
+        LocalDate endDate = accessCondition.getEndDate();

        try {
            accessConditionOption.createResourcePolicy(context, obj, name, description, startDate, endDate);
@@ -651,7 +651,7 @@ public class BulkAccessControl extends DSpaceRunnable<BulkAccessControlScriptCon
    }

    private void AppendAccessConditionsInfo(StringBuilder message, List<AccessCondition> accessConditions) {
-        DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
+        DateTimeFormatter dateFormat = DateTimeFormatter.ISO_LOCAL_DATE;
        message.append("{");

        for (int i = 0; i <  accessConditions.size(); i++) {
--- a/dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/AccessCondition.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/AccessCondition.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.app.bulkaccesscontrol.model;

-import java.util.Date;
+import java.time.LocalDate;

 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.dspace.app.bulkaccesscontrol.BulkAccessControl;
@@ -25,15 +25,15 @@ public class AccessCondition {
    private  String description;

    @JsonDeserialize(using = MultiFormatDateDeserializer.class)
-    private  Date startDate;
+    private LocalDate startDate;

    @JsonDeserialize(using = MultiFormatDateDeserializer.class)
-    private  Date endDate;
+    private LocalDate endDate;

    public AccessCondition() {
    }

-    public AccessCondition(String name, String description, Date startDate, Date endDate) {
+    public AccessCondition(String name, String description, LocalDate startDate, LocalDate endDate) {
        this.name = name;
        this.description = description;
        this.startDate = startDate;
@@ -48,11 +48,11 @@ public class AccessCondition {
        return description;
    }

-    public Date getStartDate() {
+    public LocalDate getStartDate() {
        return startDate;
    }

-    public Date getEndDate() {
+    public LocalDate getEndDate() {
        return endDate;
    }

--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/DSpaceCSV.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/DSpaceCSV.java
@@ -19,6 +19,7 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -457,7 +458,7 @@ public class DSpaceCSV implements Serializable {
        List<Collection> collections = i.getCollections();
        for (Collection c : collections) {
            // Only add if it is not the owning collection
-            if (!c.getHandle().equals(owningCollectionHandle)) {
+            if (!Objects.equals(c.getHandle(), owningCollectionHandle)) {
                line.add("collection", c.getHandle());
            }
        }
@@ -475,7 +476,7 @@ public class DSpaceCSV implements Serializable {
                key = key + "." + metadataField.getQualifier();
            }

-            // Add the language if there is one (schema.element.qualifier[langauge])
+            // Add the language if there is one (schema.element.qualifier[language])
            //if ((value.language != null) && (!"".equals(value.language)))
            if (value.getLanguage() != null) {
                key = key + "[" + value.getLanguage() + "]";
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReport.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReport.java
@@ -0,0 +1,182 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.app.bulkedit;
+
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.content.MetadataDSpaceCsvExportServiceImpl;
+import org.dspace.content.MetadataField;
+import org.dspace.content.factory.ContentReportServiceFactory;
+import org.dspace.content.service.MetadataDSpaceCsvExportService;
+import org.dspace.contentreport.Filter;
+import org.dspace.contentreport.FilteredItems;
+import org.dspace.contentreport.FilteredItemsQuery;
+import org.dspace.contentreport.QueryOperator;
+import org.dspace.contentreport.QueryPredicate;
+import org.dspace.contentreport.service.ContentReportService;
+import org.dspace.core.Context;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.EPersonService;
+import org.dspace.kernel.ServiceManager;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.services.ConfigurationService;
+import org.dspace.utils.DSpace;
+
+/**
+ * Metadata exporter to allow the batch export of metadata from a Filtered Items content report execution into a file
+ *
+ * @author Jean-François Morin (Université Laval)
+ */
+public class MetadataExportFilteredItemsReport extends DSpaceRunnable
+        <MetadataExportFilteredItemsReportScriptConfiguration<MetadataExportFilteredItemsReport>> {
+
+    private static final String EXPORT_CSV = "exportCSV";
+    public static final String DEFAULT_FILENAME = "metadataExportFilteredItems.csv";
+    private boolean help = false;
+    private String[] collectionUuids;
+    private String[] queryPredicates;
+    private String[] queryFilters;
+
+    private ConfigurationService configurationService;
+    private ContentReportService contentReportService;
+    private EPersonService ePersonService;
+    private MetadataDSpaceCsvExportService metadataDSpaceCsvExportService;
+
+    @SuppressWarnings("unchecked")
+    @Override
+    public MetadataExportFilteredItemsReportScriptConfiguration<MetadataExportFilteredItemsReport>
+            getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+            .getServiceByName("metadata-export-filtered-items-report",
+                    MetadataExportFilteredItemsReportScriptConfiguration.class);
+    }
+
+    @Override
+    public void setup() throws ParseException {
+        ServiceManager serviceManager = new DSpace().getServiceManager();
+        configurationService = serviceManager.getServicesByType(ConfigurationService.class).get(0);
+        contentReportService = ContentReportServiceFactory.getInstance().getContentReportService();
+        ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
+        metadataDSpaceCsvExportService = serviceManager.getServiceByName(
+                MetadataDSpaceCsvExportServiceImpl.class.getCanonicalName(),
+                MetadataDSpaceCsvExportService.class);
+
+        if (commandLine.hasOption('h')) {
+            help = true;
+            return;
+        }
+
+        if (commandLine.hasOption('c')) {
+            collectionUuids = commandLine.getOptionValues('c');
+        }
+
+        if (commandLine.hasOption("qp")) {
+            queryPredicates = commandLine.getOptionValues("qp");
+        }
+
+        if (commandLine.hasOption('f')) {
+            queryFilters = commandLine.getOptionValues('f');
+        }
+    }
+
+    @Override
+    public void internalRun() throws Exception {
+        if (help) {
+            loghelpinfo();
+            printHelp();
+            return;
+        }
+        handler.logDebug("starting content report export");
+
+        Context context = new Context();
+        context.setCurrentUser(ePersonService.find(context, getEpersonIdentifier()));
+
+        List<String> collUuids = List.of();
+        if (collectionUuids != null) {
+            // Using a temporary Set to eliminate duplicates, if any
+            Set<String> setUuids = arrayToStream(collectionUuids)
+                    .map(uuids -> uuids.split("[^0-9A-Fa-f\\-]+"))
+                    .flatMap(Arrays::stream)
+                    .filter(StringUtils::isNotBlank)
+                    .collect(Collectors.toSet());
+            collUuids = new ArrayList<>(setUuids);
+        }
+
+        List<QueryPredicate> predicates = List.of();
+        if (queryPredicates != null) {
+            predicates = arrayToStream(queryPredicates)
+                    .filter(StringUtils::isNotBlank)
+                    .map(pred -> buildPredicate(context, pred))
+                    .collect(Collectors.toList());
+        }
+
+        Set<Filter> filters = EnumSet.noneOf(Filter.class);
+        if (queryFilters != null) {
+            Arrays.stream(queryFilters)
+                    .map(Filter::getFilters)
+                    .flatMap(Set::stream)
+                    .filter(f -> f != null)
+                    .forEach(filters::add);
+        }
+
+        handler.logDebug("building query");
+        FilteredItemsQuery query = FilteredItemsQuery.of(
+                collUuids, predicates, 0, Integer.MAX_VALUE, filters, List.of());
+        handler.logDebug("creating iterator");
+
+        FilteredItems items = contentReportService.findFilteredItems(context, query);
+        handler.logDebug("creating dspacecsv");
+        DSpaceCSV dSpaceCSV = metadataDSpaceCsvExportService.export(context, items.getItems().iterator(),
+                true, handler);
+        handler.logDebug("writing to file " + getFileNameOrExportFile());
+        handler.writeFilestream(context, getFileNameOrExportFile(), dSpaceCSV.getInputStream(), EXPORT_CSV);
+        context.restoreAuthSystemState();
+        context.complete();
+    }
+
+    protected void loghelpinfo() {
+        handler.logInfo("metadata-export-filtered-items-report");
+    }
+
+    protected String getFileNameOrExportFile() {
+        return configurationService.getProperty("contentreport.metadataquery.csv.filename.default", DEFAULT_FILENAME);
+    }
+
+    private static Stream<String> arrayToStream(String... array) {
+        return Optional.ofNullable(array)
+                .stream()
+                .flatMap(Arrays::stream)
+                .filter(StringUtils::isNotBlank);
+    }
+
+    private QueryPredicate buildPredicate(Context context, String exp) {
+        String[] tokens = exp.split("\\:");
+        String field = tokens.length > 0 ? tokens[0].trim() : "";
+        QueryOperator operator = tokens.length > 1 ? QueryOperator.get(tokens[1].trim()) : null;
+        String value = tokens.length > 2 ? StringUtils.trimToEmpty(tokens[2]) : "";
+
+        try {
+            List<MetadataField> fields = contentReportService.getMetadataFields(context, field);
+            return QueryPredicate.of(fields, operator, value);
+        } catch (SQLException e) {
+            throw new IllegalArgumentException(e.getMessage(), e);
+        }
+    }
+
+}
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportCli.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportCli.java
@@ -0,0 +1,29 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.app.bulkedit;
+
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * The CLI version of the {@link MetadataExportFilteredItemsReport} script
+ *
+ * @author Jean-François Morin (Université Laval)
+ */
+public class MetadataExportFilteredItemsReportCli extends MetadataExportFilteredItemsReport {
+
+    @Override
+    protected String getFileNameOrExportFile() {
+        return Optional.ofNullable(commandLine.getOptionValue('n'))
+                .filter(StringUtils::isNotBlank)
+                .orElseGet(() -> super.getFileNameOrExportFile());
+    }
+
+}
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportCliScriptConfiguration.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportCliScriptConfiguration.java
@@ -0,0 +1,36 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.app.bulkedit;
+
+import org.apache.commons.cli.Options;
+import org.dspace.services.ConfigurationService;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * This is the CLI version of the {@link MetadataExportFilteredItemsReportScriptConfiguration} class that handles the
+ * configuration for the {@link MetadataExportFilteredItemsReportCli} script
+ *
+ * @author Jean-François Morin (Université Laval)
+ */
+public class MetadataExportFilteredItemsReportCliScriptConfiguration
+    extends MetadataExportFilteredItemsReportScriptConfiguration<MetadataExportFilteredItemsReportCli> {
+
+    @Autowired
+    private ConfigurationService configurationService;
+
+    @Override
+    public Options getOptions() {
+        Options options = super.getOptions();
+        String filename = configurationService.getProperty("contentreport.metadataquery.csv.filename.default",
+                MetadataExportFilteredItemsReport.DEFAULT_FILENAME);
+        options.addOption("n", "filename", true, "the filename to export to (default: " + filename + ")");
+        return options;
+    }
+
+}
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportScriptConfiguration.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportFilteredItemsReportScriptConfiguration.java
@@ -0,0 +1,56 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.app.bulkedit;
+
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link MetadataExportFilteredItemsReport} script
+ *
+ * @author Jean-François Morin (Université Laval)
+ */
+public class MetadataExportFilteredItemsReportScriptConfiguration<T extends MetadataExportFilteredItemsReport>
+        extends ScriptConfiguration<T> {
+
+    private Class<T> dspaceRunnableclass;
+
+    @Override
+    public Class<T> getDspaceRunnableClass() {
+        return dspaceRunnableclass;
+    }
+
+    @Override
+    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
+        dspaceRunnableclass = dspaceRunnableClass;
+    }
+
+    @Override
+    public Options getOptions() {
+        if (options == null) {
+            Options options = new Options();
+            options.addOption("c", "collections", true,
+                "UUIDs of collections to search for eligible records");
+            options.getOption("c").setType(String.class);
+            options.addOption("qp", "queryPredicates", true,
+                "Predicates or field queries used as criteria to filter records");
+            options.getOption("qp").setType(String.class);
+            options.addOption("f", "filters", true, """
+                Filters from the org.dspace.contentreport.Filter enumeration
+                used to filter records. Any filtered included here is considered as being selected,
+                and is considered unselected otherwise.""");
+            options.getOption("f").setType(String.class);
+            options.addOption("h", "help", false, "help");
+
+            super.options =  options;
+        }
+        return options;
+    }
+
+}
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportSearch.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportSearch.java
@@ -14,6 +14,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.UUID;

+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.DefaultParser.Builder;
 import org.apache.commons.cli.ParseException;
 import org.dspace.content.Item;
 import org.dspace.content.MetadataDSpaceCsvExportServiceImpl;
@@ -167,4 +169,14 @@ public class MetadataExportSearch extends DSpaceRunnable<MetadataExportSearchScr
        }
        return scopeObj;
    }
+
+    @Override
+    protected StepResult parse(String[] args) throws ParseException {
+        commandLine = new DefaultParser().parse(getScriptConfiguration().getOptions(), args);
+        Builder builder = new DefaultParser().builder();
+        builder.setStripLeadingAndTrailingQuotes(false);
+        commandLine = builder.build().parse(getScriptConfiguration().getOptions(), args);
+        setup();
+        return StepResult.Continue;
+    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataImport.java
+++ b/dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataImport.java
@@ -23,6 +23,7 @@ import java.util.UUID;

 import jakarta.annotation.Nullable;
 import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
 import org.dspace.app.util.RelationshipUtils;
@@ -89,7 +90,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
    /**
     * The authority controlled fields
     */
-    protected static Set<String> authorityControlled;
+    protected Set<String> authorityControlled;

    /**
     * The prefix of the authority controlled field
@@ -253,7 +254,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                displayChanges(changes, true);
            }

-            // Finsh off and tidy up
+            // Finish off and tidy up
            c.restoreAuthSystemState();
            c.complete();
        } catch (Exception e) {
@@ -494,7 +495,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura

                // Check it has an owning collection
                List<String> collections = line.get("collection");
-                if (collections == null) {
+                if (collections == null || collections.isEmpty()) {
                    throw new MetadataImportException(
                        "New items must have a 'collection' assigned in the form of a handle");
                }
@@ -742,10 +743,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
            if (value == null || !value.contains(csv.getAuthoritySeparator())) {
                simplyCopyValue(value, dcv);
            } else {
-                String[] parts = value.split(csv.getAuthoritySeparator());
-                dcv.setValue(parts[0]);
-                dcv.setAuthority(parts[1]);
-                dcv.setConfidence((parts.length > 2 ? Integer.valueOf(parts[2]) : Choices.CF_ACCEPTED));
+                resolveValueAndAuthority(value, dcv);
            }

            // fromAuthority==null: with the current implementation metadata values from external authority sources
@@ -1145,12 +1143,12 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
            }

            // look up the value and authority in solr
-            List<AuthorityValue> byValue = authorityValueService.findByValue(c, schema, element, qualifier, value);
+            List<AuthorityValue> byValue = authorityValueService.findByValue(schema, element, qualifier, value);
            AuthorityValue authorityValue = null;
            if (byValue.isEmpty()) {
                String toGenerate = fromAuthority.generateString() + value;
                String field = schema + "_" + element + (StringUtils.isNotBlank(qualifier) ? "_" + qualifier : "");
-                authorityValue = authorityValueService.generate(c, toGenerate, value, field);
+                authorityValue = authorityValueService.generate(toGenerate, value, field);
                dcv.setAuthority(toGenerate);
            } else {
                authorityValue = byValue.get(0);
@@ -1162,10 +1160,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
        } else if (value == null || !value.contains(csv.getAuthoritySeparator())) {
            simplyCopyValue(value, dcv);
        } else {
-            String[] parts = value.split(csv.getEscapedAuthoritySeparator());
-            dcv.setValue(parts[0]);
-            dcv.setAuthority(parts[1]);
-            dcv.setConfidence((parts.length > 2 ? Integer.valueOf(parts[2]) : Choices.CF_ACCEPTED));
+            resolveValueAndAuthority(value, dcv);
        }
        return dcv;
    }
@@ -1176,6 +1171,35 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
        dcv.setConfidence(Choices.CF_UNSET);
    }

+    private void resolveValueAndAuthority(String value, BulkEditMetadataValue dcv) {
+        // Cells with valid authority are composed of three parts ~ <value>, <authority>, <confidence>
+        // The value itself may also include the authority separator though
+        String[] parts = value.split(csv.getEscapedAuthoritySeparator());
+
+        // If we don't have enough parts, assume the whole string is the value
+        if (parts.length < 3) {
+            simplyCopyValue(value, dcv);
+            return;
+        }
+
+        try {
+            // The last part of the cell must be a confidence value (integer)
+            int confidence = Integer.parseInt(parts[parts.length - 1]);
+            String authority = parts[parts.length - 2];
+            String plainValue = String.join(
+                csv.getAuthoritySeparator(),
+                ArrayUtils.subarray(parts, 0, parts.length - 2)
+            );
+
+            dcv.setValue(plainValue);
+            dcv.setAuthority(authority);
+            dcv.setConfidence(confidence);
+        } catch (NumberFormatException e) {
+            // Otherwise assume the whole string is the value
+            simplyCopyValue(value, dcv);
+        }
+    }
+
    /**
     * Method to find if a String occurs in an array of Strings
     *
@@ -1368,10 +1392,10 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
    /**
     * is the field is defined as authority controlled
     */
-    private static boolean isAuthorityControlledField(String md) {
+    private boolean isAuthorityControlledField(String md) {
        String mdf = md.contains(":") ? StringUtils.substringAfter(md, ":") : md;
        mdf = StringUtils.substringBefore(mdf, "[");
-        return authorityControlled.contains(mdf);
+        return authorityControlled.contains(mdf) || authorityControlled.contains(md);
    }

    /**
@@ -1536,7 +1560,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                ContentServiceFactory.getInstance().getMetadataFieldService();
            int i = reference.indexOf(":");
            String mfValue = reference.substring(i + 1);
-            String mf[] = reference.substring(0, i).split("\\.");
+            String[] mf = reference.substring(0, i).split("\\.");
            if (mf.length < 2) {
                throw new MetadataImportException("Error in CSV row " + rowCount + ":\n" +
                                                      "Bad metadata field in reference: '" + reference
@@ -1653,7 +1677,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                                                  .getLabel();
                } else {
                    // Target item may be archived; check there.
-                    // Add to errors if Realtionship.type cannot be derived
+                    // Add to errors if Relationship.type cannot be derived
                    Item targetItem = null;
                    if (itemService.find(c, UUID.fromString(targetUUID)) != null) {
                        targetItem = itemService.find(c, UUID.fromString(targetUUID));
@@ -1698,7 +1722,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                            validateTypesByTypeByTypeName(c, targetType, originType, typeName, originRow);
                        } else {
                            // Origin item may be archived; check there.
-                            // Add to errors if Realtionship.type cannot be derived.
+                            // Add to errors if Relationship.type cannot be derived.
                            Item originItem = null;
                            if (itemService.find(c, UUID.fromString(targetUUID)) != null) {
                                DSpaceCSVLine dSpaceCSVLine = this.csv.getCSVLines()
@@ -1802,5 +1826,4 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                                                   String targetType, String originType, String originTypeName) {
        return RelationshipUtils.matchRelationshipType(relTypes, targetType, originType, originTypeName);
    }
-
 }
--- a/dspace-api/src/main/java/org/dspace/app/checker/ChecksumChecker.java
+++ b/dspace-api/src/main/java/org/dspace/app/checker/ChecksumChecker.java
@@ -9,9 +9,8 @@ package org.dspace.app.checker;

 import java.io.FileNotFoundException;
 import java.sql.SQLException;
+import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
 import java.util.List;
 import java.util.UUID;

@@ -149,7 +148,7 @@ public final class ChecksumChecker {
                                       + " old results from the database.");
            }

-            Date processStart = Calendar.getInstance().getTime();
+            Instant processStart = Instant.now();

            BitstreamDispatcher dispatcher = null;

@@ -180,10 +179,8 @@ public final class ChecksumChecker {
                // run checker process for specified duration
                try {
                    dispatcher = new LimitedDurationDispatcher(
-                        new SimpleDispatcher(context, processStart, true), new Date(
-                        System.currentTimeMillis()
-                            + Utils.parseDuration(line
-                                                      .getOptionValue('d'))));
+                        new SimpleDispatcher(context, processStart, true), Instant.ofEpochMilli(
+                        Instant.now().toEpochMilli() + Utils.parseDuration(line.getOptionValue('d'))));
                } catch (Exception e) {
                    LOG.fatal("Couldn't parse " + line.getOptionValue('d')
                                  + " as a duration: ", e);
--- a/dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportServiceImpl.java
@@ -18,10 +18,11 @@ import java.io.InputStream;
 import java.io.PrintWriter;
 import java.nio.charset.StandardCharsets;
 import java.sql.SQLException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -352,7 +353,7 @@ public class ItemExportServiceImpl implements ItemExportService {

    /**
     * Create the 'collections' file.  List handles of all Collections which
-     * contain this Item.  The "owning" Collection is listed first.
+     * contain this Item. The "owning" Collection is listed first.
     *
     * @param item list collections holding this Item.
     * @param destDir write the file here.
@@ -363,12 +364,14 @@ public class ItemExportServiceImpl implements ItemExportService {
        File outFile = new File(destDir, "collections");
        if (outFile.createNewFile()) {
            try (PrintWriter out = new PrintWriter(new FileWriter(outFile))) {
-                String ownerHandle = item.getOwningCollection().getHandle();
-                out.println(ownerHandle);
+                Collection owningCollection = item.getOwningCollection();
+                // The owning collection is null for workspace and workflow items
+                if (owningCollection != null) {
+                    out.println(owningCollection.getHandle());
+                }
                for (Collection collection : item.getCollections()) {
-                    String collectionHandle = collection.getHandle();
-                    if (!collectionHandle.equals(ownerHandle)) {
-                        out.println(collectionHandle);
+                    if (!collection.equals(owningCollection)) {
+                        out.println(collection.getHandle());
                    }
                }
            }
@@ -678,7 +681,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                        context.turnOffAuthorisationSystem();

                        String fileName = assembleFileName("item", eperson,
-                                                           new Date());
+                                                           LocalDate.now());
                        String workParentDir = getExportWorkDirectory()
                            + System.getProperty("file.separator")
                            + fileName;
@@ -725,7 +728,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                        try {
                            emailErrorMessage(eperson, e1.getMessage());
                        } catch (Exception e) {
-                            // wont throw here
+                            // won't throw here
                        }
                        throw new IllegalStateException(e1);
                    } finally {
@@ -750,16 +753,16 @@ public class ItemExportServiceImpl implements ItemExportService {

    @Override
    public String assembleFileName(String type, EPerson eperson,
-                                   Date date) throws Exception {
+                                   LocalDate date) throws Exception {
        // to format the date
-        SimpleDateFormat sdf = new SimpleDateFormat("yyyy_MMM_dd");
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy_MMM_dd");
        String downloadDir = getExportDownloadDirectory(eperson);
        // used to avoid name collision
        int count = 1;
        boolean exists = true;
        String fileName = null;
        while (exists) {
-            fileName = type + "_export_" + sdf.format(date) + "_" + count + "_"
+            fileName = type + "_export_" + formatter.format(date) + "_" + count + "_"
                + eperson.getID();
            exists = new File(downloadDir
                                  + System.getProperty("file.separator") + fileName + ".zip")
@@ -915,14 +918,12 @@ public class ItemExportServiceImpl implements ItemExportService {
    public void deleteOldExportArchives(EPerson eperson) throws Exception {
        int hours = configurationService
            .getIntProperty("org.dspace.app.itemexport.life.span.hours");
-        Calendar now = Calendar.getInstance();
-        now.setTime(new Date());
-        now.add(Calendar.HOUR, -hours);
+        Instant modifiedTime = Instant.now().minus(hours, ChronoUnit.HOURS);
        File downloadDir = new File(getExportDownloadDirectory(eperson));
        if (downloadDir.exists()) {
            File[] files = downloadDir.listFiles();
            for (File file : files) {
-                if (file.lastModified() < now.getTimeInMillis()) {
+                if (file.lastModified() < modifiedTime.toEpochMilli()) {
                    if (!file.delete()) {
                        logError("Unable to delete export file");
                    }
@@ -935,9 +936,7 @@ public class ItemExportServiceImpl implements ItemExportService {
    @Override
    public void deleteOldExportArchives() throws Exception {
        int hours = configurationService.getIntProperty("org.dspace.app.itemexport.life.span.hours");
-        Calendar now = Calendar.getInstance();
-        now.setTime(new Date());
-        now.add(Calendar.HOUR, -hours);
+        Instant modifiedTime = Instant.now().minus(hours, ChronoUnit.HOURS);
        File downloadDir = new File(configurationService.getProperty("org.dspace.app.itemexport.download.dir"));
        if (downloadDir.exists()) {
            // Get a list of all the sub-directories, potentially one for each ePerson.
@@ -946,7 +945,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                // For each sub-directory delete any old files.
                File[] files = dir.listFiles();
                for (File file : files) {
-                    if (file.lastModified() < now.getTimeInMillis()) {
+                    if (file.lastModified() < modifiedTime.toEpochMilli()) {
                        if (!file.delete()) {
                            logError("Unable to delete old files");
                        }
--- a/dspace-api/src/main/java/org/dspace/app/itemexport/service/ItemExportService.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemexport/service/ItemExportService.java
@@ -8,7 +8,7 @@
 package org.dspace.app.itemexport.service;

 import java.io.InputStream;
-import java.util.Date;
+import java.time.LocalDate;
 import java.util.Iterator;
 import java.util.List;

@@ -69,7 +69,7 @@ public interface ItemExportService {
                            boolean excludeBitstreams) throws Exception;

    /**
-     * Convenience methot to create export a single Community, Collection, or
+     * Convenience method to create export a single Community, Collection, or
     * Item
     *
     * @param dso     - the dspace object to export
@@ -93,7 +93,7 @@ public interface ItemExportService {
                                         Context context, boolean migrate) throws Exception;

    /**
-     * Convenience methot to create export a single Community, Collection, or
+     * Convenience method to create export a single Community, Collection, or
     * Item
     *
     * @param dso             - the dspace object to export
@@ -130,7 +130,7 @@ public interface ItemExportService {
     * @throws Exception if error
     */
    public String assembleFileName(String type, EPerson eperson,
-                                   Date date) throws Exception;
+                                   LocalDate date) throws Exception;


    /**
@@ -156,7 +156,7 @@ public interface ItemExportService {
    public String getExportWorkDirectory() throws Exception;

    /**
-     * Used to read the export archived. Inteded for download.
+     * Used to read the export archived. Intended for download.
     *
     * @param fileName the name of the file to download
     * @param eperson  the eperson requesting the download
@@ -233,7 +233,7 @@ public interface ItemExportService {

    /**
     * Since the archive is created in a new thread we are unable to communicate
-     * with calling method about success or failure. We accomplis this
+     * with calling method about success or failure. We accomplish this
     * communication with email instead. Send a success email once the export
     * archive is complete and ready for download
     *
@@ -248,7 +248,7 @@ public interface ItemExportService {

    /**
     * Since the archive is created in a new thread we are unable to communicate
-     * with calling method about success or failure. We accomplis this
+     * with calling method about success or failure. We accomplish this
     * communication with email instead. Send an error email if the export
     * archive fails
     *
--- a/dspace-api/src/main/java/org/dspace/app/itemimport/BatchUpload.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemimport/BatchUpload.java
@@ -11,11 +11,9 @@ import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
 import java.io.LineNumberReader;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.List;

 /**
@@ -23,7 +21,7 @@ import java.util.List;
 */
 public class BatchUpload {

-    private Date date;
+    private Instant date;
    private File dir;
    private boolean successful;
    private int itemsImported;
@@ -65,9 +63,7 @@ public class BatchUpload {

        String dirName = dir.getName();
        long timeMillis = Long.parseLong(dirName);
-        Calendar calendar = new GregorianCalendar();
-        calendar.setTimeInMillis(timeMillis);
-        this.date = calendar.getTime();
+        this.date = Instant.ofEpochMilli(timeMillis);

        try {
            this.itemsImported = countLines(dir + File.separator + "mapfile");
@@ -149,7 +145,7 @@ public class BatchUpload {
     *
     * @return Date
     */
-    public Date getDate() {
+    public Instant getDate() {
        return date;
    }

@@ -190,14 +186,12 @@ public class BatchUpload {
    }

    /**
-     * Get formatted date (DD/MM/YY)
+     * Get formatted date (YYYY-MM-DDThh:mm:ssZ)
     *
     * @return date as string
     */
    public String getDateFormatted() {
-        SimpleDateFormat df = new SimpleDateFormat("dd/MM/yyyy - HH:mm");
-
-        return df.format(date);
+        return DateTimeFormatter.ISO_INSTANT.format(date);
    }

    /**
--- a/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImport.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImport.java
@@ -14,14 +14,16 @@ import java.io.InputStream;
 import java.net.URL;
 import java.nio.file.Files;
 import java.sql.SQLException;
+import java.time.Instant;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;

 import org.apache.commons.cli.ParseException;
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.tika.Tika;
 import org.dspace.app.itemimport.factory.ItemImportServiceFactory;
@@ -156,7 +158,7 @@ public class ItemImport extends DSpaceRunnable<ItemImportScriptConfiguration> {
            return;
        }

-        Date startTime = new Date();
+        Instant startTime = Instant.now();
        Context context = new Context(Context.Mode.BATCH_EDIT);

        setMapFile();
@@ -254,12 +256,12 @@ public class ItemImport extends DSpaceRunnable<ItemImportScriptConfiguration> {
                }
            }

-            Date endTime = new Date();
-            handler.logInfo("Started: " + startTime.getTime());
-            handler.logInfo("Ended: " + endTime.getTime());
+            Instant endTime = Instant.now();
+            handler.logInfo("Started: " + DateTimeFormatter.ISO_INSTANT.format(startTime));
+            handler.logInfo("Ended: " + DateTimeFormatter.ISO_INSTANT.format(endTime));
            handler.logInfo(
-                "Elapsed time: " + ((endTime.getTime() - startTime.getTime()) / 1000) + " secs (" + (endTime
-                    .getTime() - startTime.getTime()) + " msecs)");
+                "Elapsed time: " + ((endTime.toEpochMilli() - startTime.toEpochMilli()) / 1000) + " secs (" +
+                    (endTime.toEpochMilli() - startTime.toEpochMilli()) + " msecs)");
        }
    }

@@ -333,33 +335,38 @@ public class ItemImport extends DSpaceRunnable<ItemImportScriptConfiguration> {
    protected void readZip(Context context, ItemImportService itemImportService) throws Exception {
        Optional<InputStream> optionalFileStream = Optional.empty();
        Optional<InputStream> validationFileStream = Optional.empty();
-        if (!remoteUrl) {
-            // manage zip via upload
-            optionalFileStream = handler.getFileStream(context, zipfilename);
-            validationFileStream = handler.getFileStream(context, zipfilename);
-        } else {
-            // manage zip via remote url
-            optionalFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
-            validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
-        }
-
-        if (validationFileStream.isPresent()) {
-            // validate zip file
-            if (validationFileStream.isPresent()) {
-                validateZip(validationFileStream.get());
+        try {
+            if (!remoteUrl) {
+                // manage zip via upload
+                optionalFileStream = handler.getFileStream(context, zipfilename);
+                validationFileStream = handler.getFileStream(context, zipfilename);
+            } else {
+                // manage zip via remote url
+                optionalFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+                validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
            }

-            workFile = new File(itemImportService.getTempWorkDir() + File.separator
-                    + zipfilename + "-" + context.getCurrentUser().getID());
-            FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
-        } else {
-            throw new IllegalArgumentException(
-                    "Error reading file, the file couldn't be found for filename: " + zipfilename);
-        }
+            if (validationFileStream.isPresent()) {
+                // validate zip file
+                if (validationFileStream.isPresent()) {
+                    validateZip(validationFileStream.get());
+                }

-        workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
-                           + File.separator + context.getCurrentUser().getID());
-        sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
+                workFile = new File(itemImportService.getTempWorkDir() + File.separator
+                        + zipfilename + "-" + context.getCurrentUser().getID());
+                FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
+            } else {
+                throw new IllegalArgumentException(
+                        "Error reading file, the file couldn't be found for filename: " + zipfilename);
+            }
+
+            workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
+                    + File.separator + context.getCurrentUser().getID());
+            sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
+        } finally {
+            optionalFileStream.ifPresent(IOUtils::closeQuietly);
+            validationFileStream.ifPresent(IOUtils::closeQuietly);
+        }
    }

    /**
--- a/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportCLI.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportCLI.java
@@ -17,6 +17,7 @@ import java.util.Optional;
 import java.util.UUID;

 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.app.itemimport.service.ItemImportService;
 import org.dspace.content.Collection;
@@ -111,7 +112,11 @@ public class ItemImportCLI extends ItemImport {

                // validate zip file
                InputStream validationFileStream = new FileInputStream(myZipFile);
-                validateZip(validationFileStream);
+                try {
+                    validateZip(validationFileStream);
+                } finally {
+                    IOUtils.closeQuietly(validationFileStream);
+                }

                workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
                        + File.separator + context.getCurrentUser().getID());
@@ -120,22 +125,28 @@ public class ItemImportCLI extends ItemImport {
            } else {
                // manage zip via remote url
                Optional<InputStream> optionalFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
-                if (optionalFileStream.isPresent()) {
-                    // validate zip file via url
-                    Optional<InputStream> validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
-                    if (validationFileStream.isPresent()) {
-                        validateZip(validationFileStream.get());
-                    }
+                Optional<InputStream> validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+                try {
+                    if (optionalFileStream.isPresent()) {
+                        // validate zip file via url

-                    workFile = new File(itemImportService.getTempWorkDir() + File.separator
-                            + zipfilename + "-" + context.getCurrentUser().getID());
-                    FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
-                    workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
-                                       + File.separator + context.getCurrentUser().getID());
-                    sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
-                } else {
-                    throw new IllegalArgumentException(
-                            "Error reading file, the file couldn't be found for filename: " + zipfilename);
+                        if (validationFileStream.isPresent()) {
+                            validateZip(validationFileStream.get());
+                        }
+
+                        workFile = new File(itemImportService.getTempWorkDir() + File.separator
+                                + zipfilename + "-" + context.getCurrentUser().getID());
+                        FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
+                        workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
+                                + File.separator + context.getCurrentUser().getID());
+                        sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
+                    } else {
+                        throw new IllegalArgumentException(
+                                "Error reading file, the file couldn't be found for filename: " + zipfilename);
+                    }
+                } finally {
+                    optionalFileStream.ifPresent(IOUtils::closeQuietly);
+                    validationFileStream.ifPresent(IOUtils::closeQuietly);
                }
            }
        }
--- a/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportServiceImpl.java
@@ -31,12 +31,13 @@ import java.io.PrintWriter;
 import java.net.URL;
 import java.nio.file.Path;
 import java.sql.SQLException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.Enumeration;
-import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -604,7 +605,7 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea

        Item item = null;

-        String mf[] = metaKey.split("\\.");
+        String[] mf = metaKey.split("\\.");
        if (mf.length < 2) {
            throw new Exception("Bad metadata field in reference: '" + metaKey +
                "' (expected syntax is schema.element[.qualifier])");
@@ -912,7 +913,7 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea

        // Load any additional metadata schemas
        File folder = new File(path);
-        File file[] = folder.listFiles(metadataFileFilter);
+        File[] file = folder.listFiles(metadataFileFilter);
        for (int i = 0; i < file.length; i++) {
            loadDublinCore(c, myitem, file[i].getAbsolutePath());
        }
@@ -1464,11 +1465,11 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea

        if (bundleName == null) {
            // is it license.txt?
-            if ("license.txt".equals(fileName)) {
-                newBundleName = "LICENSE";
+            if (Constants.LICENSE_BITSTREAM_NAME.equals(fileName)) {
+                newBundleName = Constants.LICENSE_BUNDLE_NAME;
            } else {
                // call it ORIGINAL
-                newBundleName = "ORIGINAL";
+                newBundleName = Constants.CONTENT_BUNDLE_NAME;
            }
        }

@@ -1532,11 +1533,11 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea

        if (StringUtils.isBlank(bundleName)) {
            // is it license.txt?
-            if (bitstreamPath.endsWith("license.txt")) {
-                newBundleName = "LICENSE";
+            if (bitstreamPath.endsWith(Constants.LICENSE_BITSTREAM_NAME)) {
+                newBundleName = Constants.LICENSE_BUNDLE_NAME;
            } else {
                // call it ORIGINAL
-                newBundleName = "ORIGINAL";
+                newBundleName = Constants.CONTENT_BUNDLE_NAME;
            }
        }

@@ -2076,8 +2077,8 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea
     */
    protected String generateRandomFilename(boolean hidden) {
        String filename = String.format("%s", RandomStringUtils.randomAlphanumeric(8));
-        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd_HHmm");
-        String datePart = sdf.format(new Date());
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd_HHmm");
+        String datePart = formatter.format(LocalDateTime.now(ZoneOffset.UTC));
        filename = datePart + "_" + filename;

        return filename;
@@ -2139,8 +2140,7 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea
                        "org.dspace.app.batchitemimport.work.dir") + File.separator + "batchuploads" + File.separator
                        + context
                        .getCurrentUser()
-                        .getID() + File.separator + (isResume ? theResumeDir : (new GregorianCalendar())
-                        .getTimeInMillis());
+                        .getID() + File.separator + (isResume ? theResumeDir : Instant.now().toEpochMilli());
                    File importDirFile = new File(importDir);
                    if (!importDirFile.exists()) {
                        boolean success = importDirFile.mkdirs();
@@ -2247,7 +2247,7 @@ public class ItemImportServiceImpl implements ItemImportService, InitializingBea
                        emailErrorMessage(eperson, exceptionString);
                        throw new Exception(e.getMessage());
                    } catch (Exception e2) {
-                        // wont throw here
+                        // won't throw here
                    }
                } finally {
                    // Make sure the database connection gets closed in all conditions.
--- a/dspace-api/src/main/java/org/dspace/app/itemimport/service/ItemImportService.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemimport/service/ItemImportService.java
@@ -121,7 +121,7 @@ public interface ItemImportService {

    /**
     * If a batch import is done in a new thread we are unable to communicate
-     * with calling method about success or failure. We accomplis this
+     * with calling method about success or failure. We accomplish this
     * communication with email instead. Send an error email if the batch
     * import fails
     *
--- a/dspace-api/src/main/java/org/dspace/app/itemupdate/AddBitstreamsAction.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemupdate/AddBitstreamsAction.java
@@ -27,6 +27,7 @@ import org.dspace.content.Item;
 import org.dspace.content.factory.ContentServiceFactory;
 import org.dspace.content.service.BitstreamFormatService;
 import org.dspace.content.service.InstallItemService;
+import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.eperson.Group;
 import org.dspace.eperson.factory.EPersonServiceFactory;
@@ -138,10 +139,10 @@ public class AddBitstreamsAction extends UpdateBitstreamsAction {
        String newBundleName = ce.bundlename;

        if (ce.bundlename == null) { // should be required but default convention established
-            if (ce.filename.equals("license.txt")) {
-                newBundleName = "LICENSE";
+            if (ce.filename.equals(Constants.LICENSE_BITSTREAM_NAME)) {
+                newBundleName = Constants.LICENSE_BUNDLE_NAME;
            } else {
-                newBundleName = "ORIGINAL";
+                newBundleName = Constants.CONTENT_BUNDLE_NAME;
            }
        }
        ItemUpdate.pr("  Bitstream " + ce.filename + " to be added to bundle: " + newBundleName);
--- a/dspace-api/src/main/java/org/dspace/app/itemupdate/ItemArchive.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemupdate/ItemArchive.java
@@ -97,7 +97,7 @@ public class ItemArchive {

            //The code to search for local schema files was copied from org.dspace.app.itemimport
            // .ItemImportServiceImpl.java
-            File file[] = dir.listFiles(new LocalSchemaFilenameFilter());
+            File[] file = dir.listFiles(new LocalSchemaFilenameFilter());
            for (int i = 0; i < file.length; i++) {
                is = new FileInputStream(file[i]);
                itarch.dtomList.addAll(MetadataUtilities.loadDublinCore(XMLUtils.getDocumentBuilder(), is));
@@ -207,7 +207,7 @@ public class ItemArchive {
        throws SQLException, Exception {
        DtoMetadata dtom = getMetadataField("dc.identifier.uri");
        if (dtom == null) {
-            throw new Exception("No dc.identier.uri field found for handle");
+            throw new Exception("No dc.identifier.uri field found for handle");
        }

        this.addUndoMetadataField(dtom);  //seed the undo list with the uri
--- a/dspace-api/src/main/java/org/dspace/app/itemupdate/ItemUpdate.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemupdate/ItemUpdate.java
@@ -14,9 +14,9 @@ import java.io.FileWriter;
 import java.io.FilenameFilter;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -332,7 +332,7 @@ public class ItemUpdate {
                }
            }

-            pr("ItemUpdate - initializing run on " + (new Date()).toString());
+            pr("ItemUpdate - initializing run on " + (Instant.now()).toString());

            context = new Context(Context.Mode.BATCH_EDIT);
            iu.setEPerson(context, iu.eperson);
--- a/dspace-api/src/main/java/org/dspace/app/itemupdate/ThumbnailBitstreamFilter.java
+++ b/dspace-api/src/main/java/org/dspace/app/itemupdate/ThumbnailBitstreamFilter.java
@@ -10,7 +10,7 @@ package org.dspace.app.itemupdate;
 import java.util.Properties;

 /**
- * Bitstream filter targetting the THUMBNAIL bundle
+ * Bitstream filter targeting the THUMBNAIL bundle
 */
 public class ThumbnailBitstreamFilter extends BitstreamFilterByBundleName {

--- a/dspace-api/src/main/java/org/dspace/app/ldn/LDNMessageConsumer.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/LDNMessageConsumer.java
@@ -11,9 +11,9 @@ import static java.lang.String.format;

 import java.io.IOException;
 import java.sql.SQLException;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
 import java.util.List;
 import java.util.Locale;
 import java.util.Objects;
@@ -175,13 +175,10 @@ public class LDNMessageConsumer implements Consumer {
        ldnMessage.setObject(item);
        ldnMessage.setTarget(service);
        ldnMessage.setQueueStatus(LDNMessageEntity.QUEUE_STATUS_QUEUED);
-        ldnMessage.setQueueTimeout(new Date());
+        ldnMessage.setQueueTimeout(Instant.now());

        String actorID = null;
-        boolean serviceUsesActorEmailId =
-                configurationService.getBooleanProperty(
-                        String.format("ldn.notification.supportsActorEmailId.%d", service.getID()), false);
-        if (serviceUsesActorEmailId) {
+        if (service.isUsesActorEmailId()) {
            // If the service has been configured to use actorEmailId, we use the submitter's email and name
            if (item.getSubmitter() != null) {
                actorID = item.getSubmitter().getEmail();
--- a/dspace-api/src/main/java/org/dspace/app/ldn/LDNMessageEntity.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/LDNMessageEntity.java
@@ -8,7 +8,7 @@
 package org.dspace.app.ldn;

 import java.lang.reflect.Field;
-import java.util.Date;
+import java.time.Instant;

 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
@@ -16,8 +16,6 @@ import jakarta.persistence.Id;
 import jakarta.persistence.JoinColumn;
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Table;
-import jakarta.persistence.Temporal;
-import jakarta.persistence.TemporalType;
 import org.dspace.content.DSpaceObject;
 import org.dspace.core.ReloadableEntity;
 import org.dspace.services.ConfigurationService;
@@ -102,13 +100,11 @@ public class LDNMessageEntity implements ReloadableEntity<String> {
    @Column(name = "queue_attempts")
    private Integer queueAttempts = 0;

-    @Temporal(TemporalType.TIMESTAMP)
    @Column(name = "queue_last_start_time")
-    private Date queueLastStartTime = null;
+    private Instant queueLastStartTime = null;

-    @Temporal(TemporalType.TIMESTAMP)
    @Column(name = "queue_timeout")
-    private Date queueTimeout = null;
+    private Instant queueTimeout = null;

    @ManyToOne
    @JoinColumn(name = "origin", referencedColumnName = "id")
@@ -261,19 +257,19 @@ public class LDNMessageEntity implements ReloadableEntity<String> {
        this.queueAttempts = queueAttempts;
    }

-    public Date getQueueLastStartTime() {
+    public Instant getQueueLastStartTime() {
        return queueLastStartTime;
    }

-    public void setQueueLastStartTime(Date queueLastStartTime) {
+    public void setQueueLastStartTime(Instant queueLastStartTime) {
        this.queueLastStartTime = queueLastStartTime;
    }

-    public Date getQueueTimeout() {
+    public Instant getQueueTimeout() {
        return queueTimeout;
    }

-    public void setQueueTimeout(Date queueTimeout) {
+    public void setQueueTimeout(Instant queueTimeout) {
        this.queueTimeout = queueTimeout;
    }

--- a/dspace-api/src/main/java/org/dspace/app/ldn/NotifyServiceEntity.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/NotifyServiceEntity.java
@@ -54,6 +54,9 @@ public class NotifyServiceEntity implements ReloadableEntity<Integer> {
    @Column(name = "enabled")
    private boolean enabled = false;

+    @Column(name = "uses_actor_email_id")
+    private boolean usesActorEmailId = false;
+
    @Column(name = "score")
    private BigDecimal score;

@@ -129,6 +132,14 @@ public class NotifyServiceEntity implements ReloadableEntity<Integer> {
        this.enabled = enabled;
    }

+    public boolean isUsesActorEmailId() {
+        return usesActorEmailId;
+    }
+
+    public void setUsesActorEmailId(boolean usesActorEmailId) {
+        this.usesActorEmailId = usesActorEmailId;
+    }
+
    public BigDecimal getScore() {
        return score;
    }
--- a/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNCorrectionAction.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNCorrectionAction.java
@@ -9,7 +9,7 @@ package org.dspace.app.ldn.action;

 import java.math.BigDecimal;
 import java.sql.SQLException;
-import java.util.Date;
+import java.time.Instant;

 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.logging.log4j.LogManager;
@@ -73,8 +73,7 @@ public class LDNCorrectionAction implements LDNAction {
            qaEvent = new QAEvent(QAEvent.COAR_NOTIFY_SOURCE,
                handleService.findHandle(context, item), item.getID().toString(), itemName,
                this.getQaEventTopic(), doubleScoreValue,
-                mapper.writeValueAsString(message),
-                new Date());
+                mapper.writeValueAsString(message), Instant.now());
            qaEventService.store(context, qaEvent);
            result = LDNActionStatus.CONTINUE;
        }
--- a/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNEmailAction.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNEmailAction.java
@@ -9,9 +9,8 @@ package org.dspace.app.ldn.action;

 import static java.lang.String.format;

-import java.text.SimpleDateFormat;
+import java.time.Instant;
 import java.util.Arrays;
-import java.util.Calendar;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@@ -34,8 +33,6 @@ public class LDNEmailAction implements LDNAction {

    private static final Logger log = LogManager.getLogger(LDNEmailAction.class);

-    private final static String DATE_PATTERN = "dd-MM-yyyy HH:mm:ss";
-
    @Autowired
    private ConfigurationService configurationService;

@@ -80,7 +77,7 @@ public class LDNEmailAction implements LDNAction {
                email.addRecipient(recipient);
            }

-            String date = new SimpleDateFormat(DATE_PATTERN).format(Calendar.getInstance().getTime());
+            String date = Instant.now().toString();

            email.addArgument(notification.getActor().getName());
            email.addArgument(item.getName());
--- a/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNRelationCorrectionAction.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/action/LDNRelationCorrectionAction.java
@@ -9,7 +9,7 @@ package org.dspace.app.ldn.action;

 import java.math.BigDecimal;
 import java.sql.SQLException;
-import java.util.Date;
+import java.time.Instant;
 import java.util.Set;

 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -75,8 +75,7 @@ public class LDNRelationCorrectionAction implements LDNAction {
            qaEvent = new QAEvent(QAEvent.COAR_NOTIFY_SOURCE,
                handleService.findHandle(context, item), item.getID().toString(), itemName,
                this.getQaEventTopic(), doubleScoreValue,
-                mapper.writeValueAsString(message),
-                new Date());
+                mapper.writeValueAsString(message), Instant.now());
            qaEventService.store(context, qaEvent);
            result = LDNActionStatus.CONTINUE;
        }
--- a/dspace-api/src/main/java/org/dspace/app/ldn/dao/impl/LDNMessageDaoImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/dao/impl/LDNMessageDaoImpl.java
@@ -8,8 +8,8 @@
 package org.dspace.app.ldn.dao.impl;

 import java.sql.SQLException;
+import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;

@@ -47,7 +47,7 @@ public class LDNMessageDaoImpl extends AbstractHibernateDAO<LDNMessageEntity> im
        andPredicates
            .add(criteriaBuilder.equal(root.get(LDNMessageEntity_.queueStatus), LDNMessageEntity.QUEUE_STATUS_QUEUED));
        andPredicates.add(criteriaBuilder.lessThan(root.get(LDNMessageEntity_.queueAttempts), max_attempts));
-        andPredicates.add(criteriaBuilder.lessThan(root.get(LDNMessageEntity_.queueTimeout), new Date()));
+        andPredicates.add(criteriaBuilder.lessThan(root.get(LDNMessageEntity_.queueTimeout), Instant.now()));
        criteriaQuery.where(criteriaBuilder.and(andPredicates.toArray(new Predicate[] {})));
        List<Order> orderList = new LinkedList<>();
        orderList.add(criteriaBuilder.desc(root.get(LDNMessageEntity_.queueAttempts)));
@@ -94,7 +94,7 @@ public class LDNMessageDaoImpl extends AbstractHibernateDAO<LDNMessageEntity> im
        andPredicates.add(
            criteriaBuilder.equal(root.get(LDNMessageEntity_.queueStatus), LDNMessageEntity.QUEUE_STATUS_PROCESSING));
        andPredicates.add(criteriaBuilder.lessThanOrEqualTo(root.get(LDNMessageEntity_.queueAttempts), max_attempts));
-        andPredicates.add(criteriaBuilder.lessThan(root.get(LDNMessageEntity_.queueTimeout), new Date()));
+        andPredicates.add(criteriaBuilder.lessThan(root.get(LDNMessageEntity_.queueTimeout), Instant.now()));
        criteriaQuery.where(criteriaBuilder.and(andPredicates.toArray(new Predicate[] {})));
        List<Order> orderList = new LinkedList<>();
        orderList.add(criteriaBuilder.desc(root.get(LDNMessageEntity_.queueAttempts)));
--- a/dspace-api/src/main/java/org/dspace/app/ldn/service/impl/LDNMessageServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/ldn/service/impl/LDNMessageServiceImpl.java
@@ -10,10 +10,11 @@ package org.dspace.app.ldn.service.impl;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.sql.SQLException;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Date;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@@ -22,7 +23,6 @@ import java.util.UUID;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.gson.JsonSyntaxException;
-import org.apache.commons.lang.time.DateUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
 import org.dspace.app.ldn.LDNMessageEntity;
@@ -163,7 +163,7 @@ public class LDNMessageServiceImpl implements LDNMessageService {
                ldnMessage.setQueueStatus(LDNMessageEntity.QUEUE_STATUS_UNTRUSTED_IP);
            }
        }
-        ldnMessage.setQueueTimeout(new Date());
+        ldnMessage.setQueueTimeout(Instant.now());

        update(context, ldnMessage);
        return ldnMessage;
@@ -288,9 +288,9 @@ public class LDNMessageServiceImpl implements LDNMessageService {
                    msg.setQueueAttempts(msg.getQueueAttempts() + 1);
                    update(context, msg);
                } else {
-                    msg.setQueueLastStartTime(new Date());
+                    msg.setQueueLastStartTime(Instant.now());
                    msg.setQueueStatus(LDNMessageEntity.QUEUE_STATUS_PROCESSING);
-                    msg.setQueueTimeout(DateUtils.addMinutes(new Date(), timeoutInMinutes));
+                    msg.setQueueTimeout(Instant.now().plus(timeoutInMinutes, ChronoUnit.MINUTES));
                    update(context, msg);
                    ObjectMapper mapper = new ObjectMapper();
                    Notification notification = mapper.readValue(msg.getMessage(), Notification.class);
--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/BrandedPreviewJPEGFilter.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/BrandedPreviewJPEGFilter.java
@@ -7,9 +7,7 @@
 */
 package org.dspace.app.mediafilter;

-import java.awt.image.BufferedImage;
 import java.io.InputStream;
-import javax.imageio.ImageIO;

 import org.dspace.content.Item;
 import org.dspace.services.ConfigurationService;
@@ -63,27 +61,20 @@ public class BrandedPreviewJPEGFilter extends MediaFilter {
    @Override
    public InputStream getDestinationStream(Item currentItem, InputStream source, boolean verbose)
        throws Exception {
-        // read in bitstream's image
-        BufferedImage buf = ImageIO.read(source);
-
        // get config params
        ConfigurationService configurationService
                = DSpaceServicesFactory.getInstance().getConfigurationService();
-        float xmax = (float) configurationService
-            .getIntProperty("webui.preview.maxwidth");
-        float ymax = (float) configurationService
-            .getIntProperty("webui.preview.maxheight");
-        boolean blurring = (boolean) configurationService
-            .getBooleanProperty("webui.preview.blurring");
-        boolean hqscaling = (boolean) configurationService
-            .getBooleanProperty("webui.preview.hqscaling");
+        int xmax = configurationService.getIntProperty("webui.preview.maxwidth");
+        int ymax = configurationService.getIntProperty("webui.preview.maxheight");
+        boolean blurring = configurationService.getBooleanProperty("webui.preview.blurring");
+        boolean hqscaling = configurationService.getBooleanProperty("webui.preview.hqscaling");
        int brandHeight = configurationService.getIntProperty("webui.preview.brand.height");
        String brandFont = configurationService.getProperty("webui.preview.brand.font");
        int brandFontPoint = configurationService.getIntProperty("webui.preview.brand.fontpoint");

        JPEGFilter jpegFilter = new JPEGFilter();
-        return jpegFilter
-            .getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint,
-                         brandFont);
+        return jpegFilter.getThumb(
+                currentItem, source, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint, brandFont
+        );
    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/ImageMagickThumbnailFilter.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/ImageMagickThumbnailFilter.java
@@ -14,7 +14,7 @@ import java.io.InputStream;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;

-import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.Loader;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.dspace.content.Bitstream;
@@ -148,13 +148,13 @@ public abstract class ImageMagickThumbnailFilter extends MediaFilter {
        // the thumbnail because the CropBox is generally used to define the
        // area displayed when a user opens the PDF on a screen, whereas the
        // MediaBox is used for print. Not all PDFs set these correctly, so
-        // we can use ImageMagick's default behavior unless we see an explit
+        // we can use ImageMagick's default behavior unless we see an explicit
        // CropBox. Note: we don't need to do anything special to detect if
        // the CropBox is missing or empty because pdfbox will set it to the
        // same size as the MediaBox if it doesn't exist. Also note that we
        // only need to check the first page, since that's what we use for
-        // generating the thumbnail (PDDocument uses a zero-based index).
-        PDPage pdfPage = PDDocument.load(f).getPage(0);
+        // generating the thumbnail (PDPage uses a zero-based index).
+        PDPage pdfPage = Loader.loadPDF(f).getPage(0);
        PDRectangle pdfPageMediaBox = pdfPage.getMediaBox();
        PDRectangle pdfPageCropBox = pdfPage.getCropBox();

--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/JPEGFilter.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/JPEGFilter.java
@@ -8,19 +8,32 @@
 package org.dspace.app.mediafilter;

 import java.awt.Color;
+import java.awt.Dimension;
 import java.awt.Font;
 import java.awt.Graphics2D;
 import java.awt.RenderingHints;
 import java.awt.Transparency;
+import java.awt.geom.AffineTransform;
 import java.awt.image.BufferedImage;
 import java.awt.image.BufferedImageOp;
 import java.awt.image.ConvolveOp;
 import java.awt.image.Kernel;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import javax.imageio.ImageIO;

+import com.drew.imaging.ImageMetadataReader;
+import com.drew.imaging.ImageProcessingException;
+import com.drew.metadata.Metadata;
+import com.drew.metadata.MetadataException;
+import com.drew.metadata.exif.ExifIFD0Directory;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.dspace.content.Item;
 import org.dspace.services.ConfigurationService;
 import org.dspace.services.factory.DSpaceServicesFactory;
@@ -33,6 +46,8 @@ import org.dspace.services.factory.DSpaceServicesFactory;
 * @author Jason Sherman jsherman@usao.edu
 */
 public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats {
+    private static final Logger log = LogManager.getLogger(JPEGFilter.class);
+
    @Override
    public String getFilteredName(String oldFilename) {
        return oldFilename + ".jpg";
@@ -62,6 +77,115 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
        return "Generated Thumbnail";
    }

+    /**
+     * Gets the rotation angle from image's metadata using ImageReader.
+     * This method consumes the InputStream, so you need to be careful to don't reuse the same InputStream after
+     * computing the rotation angle.
+     *
+     * @param buf InputStream of the image file
+     * @return Rotation angle in degrees (0, 90, 180, or 270)
+     */
+    public static int getImageRotationUsingImageReader(InputStream buf) {
+        try {
+            Metadata metadata = ImageMetadataReader.readMetadata(buf);
+            ExifIFD0Directory directory = metadata.getFirstDirectoryOfType(ExifIFD0Directory.class);
+            if (directory != null && directory.containsTag(ExifIFD0Directory.TAG_ORIENTATION)) {
+                return convertRotationToDegrees(directory.getInt(ExifIFD0Directory.TAG_ORIENTATION));
+            }
+        } catch (MetadataException | ImageProcessingException | IOException e) {
+            log.error("Error reading image metadata", e);
+        }
+        return 0;
+    }
+
+    public static int convertRotationToDegrees(int valueNode) {
+        // Common orientation values:
+        // 1 = Normal (0°)
+        // 6 = Rotated 90° CW
+        // 3 = Rotated 180°
+        // 8 = Rotated 270° CW
+        switch (valueNode) {
+            case 6:
+                return 90;
+            case 3:
+                return 180;
+            case 8:
+                return 270;
+            default:
+                return 0;
+        }
+    }
+
+    /**
+     * Rotates an image by the specified angle
+     *
+     * @param image The original image
+     * @param angle The rotation angle in degrees
+     * @return Rotated image
+     */
+    public static BufferedImage rotateImage(BufferedImage image, int angle) {
+        if (angle == 0) {
+            return image;
+        }
+
+        double radians = Math.toRadians(angle);
+        double sin = Math.abs(Math.sin(radians));
+        double cos = Math.abs(Math.cos(radians));
+
+        int newWidth = (int) Math.round(image.getWidth() * cos + image.getHeight() * sin);
+        int newHeight = (int) Math.round(image.getWidth() * sin + image.getHeight() * cos);
+
+        BufferedImage rotated = new BufferedImage(newWidth, newHeight, image.getType());
+        Graphics2D g2d = rotated.createGraphics();
+        AffineTransform at = new AffineTransform();
+
+        at.translate(newWidth / 2, newHeight / 2);
+        at.rotate(radians);
+        at.translate(-image.getWidth() / 2, -image.getHeight() / 2);
+
+        g2d.setTransform(at);
+        g2d.drawImage(image, 0, 0, null);
+        g2d.dispose();
+
+        return rotated;
+    }
+
+    /**
+     * Calculates scaled dimension while maintaining aspect ratio
+     *
+     * @param imgSize  Original image dimensions
+     * @param boundary Maximum allowed dimensions
+     * @return New dimensions that fit within boundary while preserving aspect ratio
+     */
+    private Dimension getScaledDimension(Dimension imgSize, Dimension boundary) {
+
+        int originalWidth = imgSize.width;
+        int originalHeight = imgSize.height;
+        int boundWidth = boundary.width;
+        int boundHeight = boundary.height;
+        int newWidth = originalWidth;
+        int newHeight = originalHeight;
+
+
+        // First check if we need to scale width
+        if (originalWidth > boundWidth) {
+            // Scale width to fit
+            newWidth = boundWidth;
+            // Scale height to maintain aspect ratio
+            newHeight = (newWidth * originalHeight) / originalWidth;
+        }
+
+        // Then check if we need to scale even with the new height
+        if (newHeight > boundHeight) {
+            // Scale height to fit instead
+            newHeight = boundHeight;
+            newWidth = (newHeight * originalWidth) / originalHeight;
+        }
+
+        return new Dimension(newWidth, newHeight);
+    }
+
+
    /**
     * @param currentItem item
     * @param source      source input stream
@@ -72,10 +196,65 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
    @Override
    public InputStream getDestinationStream(Item currentItem, InputStream source, boolean verbose)
        throws Exception {
-        // read in bitstream's image
-        BufferedImage buf = ImageIO.read(source);
+        return getThumb(currentItem, source, verbose);
+    }

-        return getThumb(currentItem, buf, verbose);
+    public InputStream getThumb(Item currentItem, InputStream source, boolean verbose)
+        throws Exception {
+        // get config params
+        final ConfigurationService configurationService
+            = DSpaceServicesFactory.getInstance().getConfigurationService();
+        int xmax = configurationService
+            .getIntProperty("thumbnail.maxwidth");
+        int ymax = configurationService
+            .getIntProperty("thumbnail.maxheight");
+        boolean blurring = (boolean) configurationService
+            .getBooleanProperty("thumbnail.blurring");
+        boolean hqscaling = (boolean) configurationService
+            .getBooleanProperty("thumbnail.hqscaling");
+
+        return getThumb(currentItem, source, verbose, xmax, ymax, blurring, hqscaling, 0, 0, null);
+    }
+
+    protected InputStream getThumb(
+        Item currentItem,
+        InputStream source,
+        boolean verbose,
+        int xmax,
+        int ymax,
+        boolean blurring,
+        boolean hqscaling,
+        int brandHeight,
+        int brandFontPoint,
+        String brandFont
+    ) throws Exception {
+
+        File tempFile = File.createTempFile("temp", ".tmp");
+        tempFile.deleteOnExit();
+
+        // Write to temp file
+        try (FileOutputStream fos = new FileOutputStream(tempFile)) {
+            byte[] buffer = new byte[4096];
+            int len;
+            while ((len = source.read(buffer)) != -1) {
+                fos.write(buffer, 0, len);
+            }
+        }
+
+        int rotation = 0;
+        try (FileInputStream fis = new FileInputStream(tempFile)) {
+            rotation = getImageRotationUsingImageReader(fis);
+        }
+
+        try (FileInputStream fis = new FileInputStream(tempFile)) {
+            // read in bitstream's image
+            BufferedImage buf = ImageIO.read(fis);
+
+            return getThumbDim(
+                currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint, rotation,
+                brandFont
+            );
+        }
    }

    public InputStream getThumb(Item currentItem, BufferedImage buf, boolean verbose)
@@ -83,25 +262,28 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
        // get config params
        final ConfigurationService configurationService
                = DSpaceServicesFactory.getInstance().getConfigurationService();
-        float xmax = (float) configurationService
+        int xmax = configurationService
            .getIntProperty("thumbnail.maxwidth");
-        float ymax = (float) configurationService
+        int ymax = configurationService
            .getIntProperty("thumbnail.maxheight");
        boolean blurring = (boolean) configurationService
            .getBooleanProperty("thumbnail.blurring");
        boolean hqscaling = (boolean) configurationService
            .getBooleanProperty("thumbnail.hqscaling");

-        return getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, 0, 0, null);
+        return getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, 0, 0, 0, null);
    }

-    public InputStream getThumbDim(Item currentItem, BufferedImage buf, boolean verbose, float xmax, float ymax,
+    public InputStream getThumbDim(Item currentItem, BufferedImage buf, boolean verbose, int xmax, int ymax,
                                   boolean blurring, boolean hqscaling, int brandHeight, int brandFontPoint,
-                                   String brandFont)
+                                   int rotation, String brandFont)
        throws Exception {
-        // now get the image dimensions
-        float xsize = (float) buf.getWidth(null);
-        float ysize = (float) buf.getHeight(null);
+
+        // Rotate the image if needed
+        BufferedImage correctedImage = rotateImage(buf, rotation);
+
+        int xsize = correctedImage.getWidth();
+        int ysize = correctedImage.getHeight();

        // if verbose flag is set, print out dimensions
        // to STDOUT
@@ -109,86 +291,63 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
            System.out.println("original size: " + xsize + "," + ysize);
        }

-        // scale by x first if needed
-        if (xsize > xmax) {
-            // calculate scaling factor so that xsize * scale = new size (max)
-            float scale_factor = xmax / xsize;
+        // Calculate new dimensions while maintaining aspect ratio
+        Dimension newDimension = getScaledDimension(
+            new Dimension(xsize, ysize),
+            new Dimension(xmax, ymax)
+        );

-            // if verbose flag is set, print out extracted text
-            // to STDOUT
-            if (verbose) {
-                System.out.println("x scale factor: " + scale_factor);
-            }
-
-            // now reduce x size
-            // and y size
-            xsize = xsize * scale_factor;
-            ysize = ysize * scale_factor;
-
-            // if verbose flag is set, print out extracted text
-            // to STDOUT
-            if (verbose) {
-                System.out.println("size after fitting to maximum width: " + xsize + "," + ysize);
-            }
-        }
-
-        // scale by y if needed
-        if (ysize > ymax) {
-            float scale_factor = ymax / ysize;
-
-            // now reduce x size
-            // and y size
-            xsize = xsize * scale_factor;
-            ysize = ysize * scale_factor;
-        }

        // if verbose flag is set, print details to STDOUT
        if (verbose) {
-            System.out.println("size after fitting to maximum height: " + xsize + ", "
-                                   + ysize);
+            System.out.println("size after fitting to maximum height: " + newDimension.width + ", "
+                                   + newDimension.height);
        }

+        xsize = newDimension.width;
+        ysize = newDimension.height;
+
        // create an image buffer for the thumbnail with the new xsize, ysize
-        BufferedImage thumbnail = new BufferedImage((int) xsize, (int) ysize,
-                                                    BufferedImage.TYPE_INT_RGB);
+        BufferedImage thumbnail = new BufferedImage(xsize, ysize, BufferedImage.TYPE_INT_RGB);

        // Use blurring if selected in config.
        // a little blur before scaling does wonders for keeping moire in check.
        if (blurring) {
            // send the buffered image off to get blurred.
-            buf = getBlurredInstance((BufferedImage) buf);
+            correctedImage = getBlurredInstance(correctedImage);
        }

        // Use high quality scaling method if selected in config.
        // this has a definite performance penalty.
        if (hqscaling) {
            // send the buffered image off to get an HQ downscale.
-            buf = getScaledInstance((BufferedImage) buf, (int) xsize, (int) ysize,
-                                    (Object) RenderingHints.VALUE_INTERPOLATION_BICUBIC, (boolean) true);
+            correctedImage = getScaledInstance(correctedImage, xsize, ysize,
+                                               RenderingHints.VALUE_INTERPOLATION_BICUBIC, true);
        }

        // now render the image into the thumbnail buffer
        Graphics2D g2d = thumbnail.createGraphics();
-        g2d.drawImage(buf, 0, 0, (int) xsize, (int) ysize, null);
+        g2d.drawImage(correctedImage, 0, 0, xsize, ysize, null);

        if (brandHeight != 0) {
            ConfigurationService configurationService
                    = DSpaceServicesFactory.getInstance().getConfigurationService();
-            Brand brand = new Brand((int) xsize, brandHeight, new Font(brandFont, Font.PLAIN, brandFontPoint), 5);
+            Brand brand = new Brand(xsize, brandHeight, new Font(brandFont, Font.PLAIN, brandFontPoint), 5);
            BufferedImage brandImage = brand.create(configurationService.getProperty("webui.preview.brand"),
                                                    configurationService.getProperty("webui.preview.brand.abbrev"),
                                                    currentItem == null ? "" : "hdl:" + currentItem.getHandle());

-            g2d.drawImage(brandImage, (int) 0, (int) ysize, (int) xsize, (int) 20, null);
+            g2d.drawImage(brandImage, 0, ysize, xsize, 20, null);
        }

+
+        ByteArrayInputStream bais;
        // now create an input stream for the thumbnail buffer and return it
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        ImageIO.write(thumbnail, "jpeg", baos);
-
-        // now get the array
-        ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+        try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            ImageIO.write(thumbnail, "jpeg", baos);
+            // now get the array
+            bais = new ByteArrayInputStream(baos.toByteArray());
+        }

        return bais; // hope this gets written out before its garbage collected!
    }
--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/MediaFilterServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/MediaFilterServiceImpl.java
@@ -13,7 +13,6 @@ import java.time.LocalDate;
 import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -128,7 +127,7 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
            Iterator<Item> itemIterator =
                    itemService.findByLastModifiedSince(
                            context,
-                            Date.from(fromDate.atStartOfDay(ZoneId.systemDefault()).toInstant())
+                            fromDate.atStartOfDay(ZoneId.systemDefault()).toInstant()
                    );
            while (itemIterator.hasNext() && processed < max2Process) {
                applyFiltersItem(context, itemIterator.next());
--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/PDFBoxThumbnail.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/PDFBoxThumbnail.java
@@ -11,6 +11,8 @@ import java.awt.image.BufferedImage;
 import java.io.InputStream;

 import org.apache.logging.log4j.Logger;
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.io.RandomAccessReadBuffer;
 import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.encryption.InvalidPasswordException;
 import org.apache.pdfbox.rendering.PDFRenderer;
@@ -71,7 +73,7 @@ public class PDFBoxThumbnail extends MediaFilter {
        BufferedImage buf;

        // Render the page image.
-        try ( PDDocument doc = PDDocument.load(source); ) {
+        try ( PDDocument doc = Loader.loadPDF(new RandomAccessReadBuffer(source)); ) {
            PDFRenderer renderer = new PDFRenderer(doc);
            buf = renderer.renderImage(0);
        } catch (InvalidPasswordException ex) {
@@ -81,6 +83,7 @@ public class PDFBoxThumbnail extends MediaFilter {

        // Generate thumbnail derivative and return as IO stream.
        JPEGFilter jpegFilter = new JPEGFilter();
+
        return jpegFilter.getThumb(currentItem, buf, verbose);
    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/mediafilter/TikaTextExtractionFilter.java
+++ b/dspace-api/src/main/java/org/dspace/app/mediafilter/TikaTextExtractionFilter.java
@@ -39,7 +39,7 @@ public class TikaTextExtractionFilter
    extends MediaFilter {
    private final static Logger log = LogManager.getLogger();
    private static final int DEFAULT_MAX_CHARS = 100_000;
-    private static final int DEFAULT_MAX_ARRAY = 100_000_000;
+    private static final int DEFAULT_MAX_ARRAY = 1_000_000;

    @Override
    public String getFilteredName(String oldFilename) {
--- a/dspace-api/src/main/java/org/dspace/app/packager/Packager.java
+++ b/dspace-api/src/main/java/org/dspace/app/packager/Packager.java
@@ -224,7 +224,7 @@ public class Packager {
            } else {
                //otherwise, display list of valid packager types
                System.out.println("\nAvailable Submission Package (SIP) types:");
-                String pn[] = pluginService
+                String[] pn = pluginService
                    .getAllPluginNames(PackageIngester.class);
                for (int i = 0; i < pn.length; ++i) {
                    System.out.println("  " + pn[i]);
@@ -274,7 +274,7 @@ public class Packager {
            // process
            pkgParams.setRecursiveModeEnabled(true);
        }
-        String files[] = line.getArgs();
+        String[] files = line.getArgs();
        if (files.length > 0) {
            sourceFile = files[0];
        }
@@ -282,9 +282,9 @@ public class Packager {
            myPackager.submit = false;
        }
        if (line.hasOption('o')) {
-            String popt[] = line.getOptionValues('o');
+            String[] popt = line.getOptionValues('o');
            for (int i = 0; i < popt.length; ++i) {
-                String pair[] = popt[i].split("\\=", 2);
+                String[] pair = popt[i].split("\\=", 2);
                if (pair.length == 2) {
                    pkgParams.addProperty(pair[0].trim(), pair[1].trim());
                } else if (pair.length == 1) {
@@ -383,7 +383,7 @@ public class Packager {
            }

            // validate each parent arg (if any)
-            DSpaceObject parentObjs[] = null;
+            DSpaceObject[] parentObjs = null;
            if (parents != null) {
                System.out.println("Destination parents:");

@@ -461,7 +461,7 @@ public class Packager {
     * @throws PackageException      if packaging error
     */
    protected void ingest(Context context, PackageIngester sip, PackageParameters pkgParams, String sourceFile,
-                          DSpaceObject parentObjs[])
+                          DSpaceObject[] parentObjs)
        throws IOException, SQLException, FileNotFoundException, AuthorizeException, CrosswalkException,
        PackageException {
        // make sure we have an input file
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItem.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItem.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.app.requestitem;

-import java.util.Date;
+import java.time.Instant;

 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
@@ -19,8 +19,6 @@ import jakarta.persistence.JoinColumn;
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.SequenceGenerator;
 import jakarta.persistence.Table;
-import jakarta.persistence.Temporal;
-import jakarta.persistence.TemporalType;
 import org.dspace.content.Bitstream;
 import org.dspace.content.Item;
 import org.dspace.core.Context;
@@ -63,20 +61,23 @@ public class RequestItem implements ReloadableEntity<Integer> {
    private boolean allfiles;

    @Column(name = "decision_date")
-    @Temporal(TemporalType.TIMESTAMP)
-    private Date decision_date = null;
+    private Instant decision_date = null;

    @Column(name = "expires")
-    @Temporal(TemporalType.TIMESTAMP)
-    private Date expires = null;
+    private Instant expires = null;

    @Column(name = "request_date")
-    @Temporal(TemporalType.TIMESTAMP)
-    private Date request_date = null;
+    private Instant request_date = null;

    @Column(name = "accept_request")
    private boolean accept_request;

+    @Column(name = "access_token", unique = true, length = 48)
+    private String access_token = null;
+
+    @Column(name = "access_expiry")
+    private Instant access_expiry = null;
+
    /**
     * Protected constructor, create object using:
     * {@link org.dspace.app.requestitem.service.RequestItemService#createRequest(
@@ -90,7 +91,7 @@ public class RequestItem implements ReloadableEntity<Integer> {
        return requestitem_id;
    }

-    void setAllfiles(boolean allfiles) {
+    public void setAllfiles(boolean allfiles) {
        this.allfiles = allfiles;
    }

@@ -139,7 +140,8 @@ public class RequestItem implements ReloadableEntity<Integer> {
    }

    /**
-     * @return a unique request identifier which can be emailed.
+     * @return a unique request identifier which can be emailed to the *approver* of the request.
+     * This is not the same as the access token, which is used by the requester to access the item after approval.
     */
    public String getToken() {
        return token;
@@ -161,11 +163,11 @@ public class RequestItem implements ReloadableEntity<Integer> {
        return bitstream;
    }

-    public Date getDecision_date() {
+    public Instant getDecision_date() {
        return decision_date;
    }

-    public void setDecision_date(Date decision_date) {
+    public void setDecision_date(Instant decision_date) {
        this.decision_date = decision_date;
    }

@@ -177,19 +179,53 @@ public class RequestItem implements ReloadableEntity<Integer> {
        this.accept_request = accept_request;
    }

-    public Date getExpires() {
+    public Instant getExpires() {
        return expires;
    }

-    void setExpires(Date expires) {
+    void setExpires(Instant expires) {
        this.expires = expires;
    }

-    public Date getRequest_date() {
+    public Instant getRequest_date() {
        return request_date;
    }

-    void setRequest_date(Date request_date) {
+    void setRequest_date(Instant request_date) {
        this.request_date = request_date;
    }
+
+    /**
+     * @return A unique token to be used by the requester when granted access to the resource, which
+     * can be emailed upon approval
+     */
+    public String getAccess_token() {
+        return access_token;
+    }
+
+    public void setAccess_token(String access_token) {
+        this.access_token = access_token;
+    }
+
+    /**
+     * @return The date and time when the access token expires.
+     */
+    public Instant getAccess_expiry() {
+        return access_expiry;
+    }
+    public void setAccess_expiry(Instant access_expiry) {
+        this.access_expiry = access_expiry;
+    }
+
+    /**
+     * Sanitize personal information and the approval token, to be used when returning a RequestItem
+     * to Angular, especially for users clicking on the secure link
+     */
+    public void sanitizePersonalData() {
+        setReqEmail("sanitized");
+        setReqName("sanitized");
+        setReqMessage("sanitized");
+        // Even though [approval] token is not a name, it can be used to access the original object
+        setToken("sanitized");
+    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItemEmailNotifier.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItemEmailNotifier.java
@@ -10,6 +10,8 @@ package org.dspace.app.requestitem;

 import java.io.IOException;
 import java.sql.SQLException;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
 import java.util.List;

 import jakarta.annotation.ManagedBean;
@@ -28,6 +30,7 @@ import org.dspace.core.Context;
 import org.dspace.core.Email;
 import org.dspace.core.I18nUtil;
 import org.dspace.core.LogHelper;
+import org.dspace.core.Utils;
 import org.dspace.eperson.EPerson;
 import org.dspace.handle.service.HandleService;
 import org.dspace.services.ConfigurationService;
@@ -174,9 +177,23 @@ public class RequestItemEmailNotifier {
            grantorAddress = grantor.getEmail();
        }

+        // Set date format for access expiry date
+        String accessExpiryFormat = configurationService.getProperty("request.item.grant.link.dateformat",
+                "yyyy-MM-dd");
+        DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern(accessExpiryFormat)
+                .withZone(ZoneId.of("UTC"));
+
+        Email email;
+        // If this item has a secure access token, send the template with that link instead of attaching files
+        if (ri.isAccept_request() && ri.getAccess_token() != null) {
+            email = Email.getEmail(I18nUtil.getEmailFilename(context.getCurrentLocale(),
+                    "request_item.granted_token"));
+        } else {
+            email = Email.getEmail(I18nUtil.getEmailFilename(context.getCurrentLocale(),
+                    ri.isAccept_request() ? "request_item.granted" : "request_item.rejected"));
+        }
+
        // Build an email back to the requester.
-        Email email = Email.getEmail(I18nUtil.getEmailFilename(context.getCurrentLocale(),
-                ri.isAccept_request() ? "request_item.granted" : "request_item.rejected"));
        email.addArgument(ri.getReqName()); // {0} requestor's name
        email.addArgument(handleService.getCanonicalForm(ri.getItem().getHandle())); // {1} URL of the requested Item
        email.addArgument(ri.getItem().getName()); // {2} title of the requested Item
@@ -188,34 +205,47 @@ public class RequestItemEmailNotifier {
        // Attach bitstreams.
        try {
            if (ri.isAccept_request()) {
-                if (ri.isAllfiles()) {
-                    Item item = ri.getItem();
-                    List<Bundle> bundles = item.getBundles("ORIGINAL");
-                    for (Bundle bundle : bundles) {
-                        List<Bitstream> bitstreams = bundle.getBitstreams();
-                        for (Bitstream bitstream : bitstreams) {
-                            if (!bitstream.getFormat(context).isInternal() &&
-                                    requestItemService.isRestricted(context,
-                                    bitstream)) {
-                                // #8636 Anyone receiving the email can respond to the
-                                // request without authenticating into DSpace
-                                context.turnOffAuthorisationSystem();
-                                email.addAttachment(
-                                        bitstreamService.retrieve(context, bitstream),
-                                        bitstream.getName(),
-                                        bitstream.getFormat(context).getMIMEType());
-                                context.restoreAuthSystemState();
-                            }
-                        }
+                if (ri.getAccess_token() != null) {
+                    // {6} secure access link
+                    email.addArgument(configurationService.getProperty("dspace.ui.url")
+                            + "/items/" + ri.getItem().getID()
+                            + "?accessToken=" + ri.getAccess_token());
+                    // {7} access end date, but only add formatted date string if it is set and not "forever"
+                    if (ri.getAccess_expiry() != null && !ri.getAccess_expiry().equals(Utils.getMaxTimestamp())) {
+                        email.addArgument(dateTimeFormatter.format(ri.getAccess_expiry()));
+                    } else {
+                        email.addArgument(null);
                    }
                } else {
-                    Bitstream bitstream = ri.getBitstream();
-                    // #8636 Anyone receiving the email can respond to the request without authenticating into DSpace
-                    context.turnOffAuthorisationSystem();
-                    email.addAttachment(bitstreamService.retrieve(context, bitstream),
-                            bitstream.getName(),
-                            bitstream.getFormat(context).getMIMEType());
-                    context.restoreAuthSystemState();
+                    if (ri.isAllfiles()) {
+                        Item item = ri.getItem();
+                        List<Bundle> bundles = item.getBundles("ORIGINAL");
+                        for (Bundle bundle : bundles) {
+                            List<Bitstream> bitstreams = bundle.getBitstreams();
+                            for (Bitstream bitstream : bitstreams) {
+                                if (!bitstream.getFormat(context).isInternal() &&
+                                        requestItemService.isRestricted(context,
+                                                bitstream)) {
+                                    // #8636 Anyone receiving the email can respond to the
+                                    // request without authenticating into DSpace
+                                    context.turnOffAuthorisationSystem();
+                                    email.addAttachment(
+                                            bitstreamService.retrieve(context, bitstream),
+                                            bitstream.getName(),
+                                            bitstream.getFormat(context).getMIMEType());
+                                    context.restoreAuthSystemState();
+                                }
+                            }
+                        }
+                    } else {
+                        Bitstream bitstream = ri.getBitstream();
+                        //#8636 Anyone receiving the email can respond to the request without authenticating into DSpace
+                        context.turnOffAuthorisationSystem();
+                        email.addAttachment(bitstreamService.retrieve(context, bitstream),
+                                bitstream.getName(),
+                                bitstream.getFormat(context).getMIMEType());
+                        context.restoreAuthSystemState();
+                    }
                }
                email.send();
            } else {
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItemServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/RequestItemServiceImpl.java
@@ -7,25 +7,40 @@
 */
 package org.dspace.app.requestitem;

+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.sql.SQLException;
-import java.util.Date;
+import java.text.ParseException;
+import java.time.DateTimeException;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.Iterator;
 import java.util.List;
+import java.util.TimeZone;

+import org.apache.http.client.utils.URIBuilder;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.dspace.app.requestitem.dao.RequestItemDAO;
 import org.dspace.app.requestitem.service.RequestItemService;
+import org.dspace.authorize.AuthorizeException;
 import org.dspace.authorize.ResourcePolicy;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.authorize.service.ResourcePolicyService;
 import org.dspace.content.Bitstream;
+import org.dspace.content.Bundle;
 import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.core.LogHelper;
 import org.dspace.core.Utils;
+import org.dspace.services.ConfigurationService;
+import org.dspace.util.DateMathParser;
+import org.dspace.util.MultiFormatDateParser;
 import org.springframework.beans.factory.annotation.Autowired;

 /**
@@ -35,6 +50,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 * This class should never be accessed directly.
 *
 * @author kevinvandevelde at atmire.com
+ * @author Kim Shepherd
 */
 public class RequestItemServiceImpl implements RequestItemService {

@@ -49,16 +65,43 @@ public class RequestItemServiceImpl implements RequestItemService {
    @Autowired(required = true)
    protected ResourcePolicyService resourcePolicyService;

+    @Autowired
+    protected ConfigurationService configurationService;
+
+    /**
+     * Always set UTC for dateMathParser for consistent database date handling
+     */
+    static DateMathParser dateMathParser = new DateMathParser(TimeZone.getTimeZone("UTC"));
+
+    private static final int DEFAULT_MINIMUM_FILE_SIZE = 20;
+
    protected RequestItemServiceImpl() {

    }

+    /**
+     * Create a new request-a-copy item request.
+     *
+     * @param context    The relevant DSpace Context.
+     * @param bitstream  The requested bitstream
+     * @param item       The requested item
+     * @param allFiles   true indicates that all bitstreams of this item are requested
+     * @param reqEmail   email
+     *                   Requester email
+     * @param reqName    Requester name
+     * @param reqMessage Request message text
+     * @return token to be used to approver for grant/deny
+     * @throws SQLException
+     */
    @Override
    public String createRequest(Context context, Bitstream bitstream, Item item,
            boolean allFiles, String reqEmail, String reqName, String reqMessage)
            throws SQLException {
+
+        // Create an empty request item
        RequestItem requestItem = requestItemDAO.create(context, new RequestItem());

+        // Set values of the request item based on supplied parameters
        requestItem.setToken(Utils.generateHexKey());
        requestItem.setBitstream(bitstream);
        requestItem.setItem(item);
@@ -66,12 +109,58 @@ public class RequestItemServiceImpl implements RequestItemService {
        requestItem.setReqEmail(reqEmail);
        requestItem.setReqName(reqName);
        requestItem.setReqMessage(reqMessage);
-        requestItem.setRequest_date(new Date());
+        requestItem.setRequest_date(Instant.now());

+        // If the 'link' feature is enabled and the filesize threshold is met, pre-generate access token now
+        // so it can be previewed by approver and so Angular and REST services can use the existence of this token
+        // as an indication of which delivery method to use.
+        // Access period will be created upon actual approval.
+        if (configurationService.getBooleanProperty("request.item.grant.link", false)) {
+            // The 'send link' feature is enabled, is the file(s) requested over the size threshold (megabytes as int)?
+            // Default is 20MB minimum. For inspection purposes we convert to bytes.
+            long minimumSize = configurationService.getLongProperty(
+                    "request.item.grant.link.filesize", DEFAULT_MINIMUM_FILE_SIZE) * 1024 * 1024;
+            // If we have a single bitstream, we will initialise the "minimum threshold reached" correctly
+            boolean minimumSizeThresholdReached = (null != bitstream && bitstream.getSizeBytes() >= minimumSize);
+            // If all files (and presumably no min reached since bitstream should be null), we look for ANY >= min size
+            if (!minimumSizeThresholdReached && allFiles) {
+                // Iterate bitstream and inspect file sizes. At each loop iteration we will break out if the min
+                // was already reached.
+                String[] bundleNames = configurationService.getArrayProperty("request.item.grant.link.bundles",
+                        new String[]{"ORIGINAL"});
+                for (String bundleName : bundleNames) {
+                    if (!minimumSizeThresholdReached) {
+                        for (Bundle bundle : item.getBundles(bundleName)) {
+                            if (null != bundle && !minimumSizeThresholdReached) {
+                                for (Bitstream bitstreamToCheck : bundle.getBitstreams()) {
+                                    if (bitstreamToCheck.getSizeBytes() >= minimumSize) {
+                                        minimumSizeThresholdReached = true;
+                                        break;
+                                    }
+                                }
+
+                            }
+                        }
+                    }
+                }
+            }
+
+            // Now, only generate and set an access token if the minimum file size threshold was reached.
+            // Otherwise, an email attachment will still be used.
+            // From now on, the existence of an access token in the RequestItem indicates that a web link should be
+            // sent instead of attaching file(s) as an attachment.
+            if (minimumSizeThresholdReached) {
+                requestItem.setAccess_token(Utils.generateHexKey());
+            }
+        }
+
+        // Save the request item
        requestItemDAO.save(context, requestItem);

-        log.debug("Created RequestItem with ID {} and token {}",
-                requestItem::getID, requestItem::getToken);
+        log.debug("Created RequestItem with ID {}, approval token {}, access token {}, access expiry {}",
+                requestItem::getID, requestItem::getToken, requestItem::getAccess_token, requestItem::getAccess_expiry);
+
+        // Return the approver token
        return requestItem.getToken();
    }

@@ -128,4 +217,186 @@ public class RequestItemServiceImpl implements RequestItemService {
        }
        return true;
    }
+
+    /**
+     * Find a request item by its access token. This is the token that a requester would use
+     * to authenticate themselves as a granted requester.
+     * It is up to the RequestItemRepository to check validity of the item, access granted, data sanitization, etc.
+     *
+     * @param context current DSpace session.
+     * @param accessToken the token identifying the request to be temporarily accessed
+     * @return request item data
+     */
+    @Override
+    public RequestItem findByAccessToken(Context context, String accessToken) {
+        try {
+            return requestItemDAO.findByAccessToken(context, accessToken);
+        } catch (SQLException e) {
+            log.error(e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * Set the access expiry date for the request item.
+     * @param requestItem the request item to update
+     * @param accessExpiry the expiry date to set
+     */
+    @Override
+    public void setAccessExpiry(RequestItem requestItem, Instant accessExpiry) {
+        requestItem.setAccess_expiry(accessExpiry);
+    }
+
+    /**
+     * Take a string either as a formatted date, or in the "math" format expected by
+     * the DateMathParser, e.g. +7DAYS or +10MONTHS, and set the access expiry date accordingly.
+     * There are no special checks here to check that the date is in the future, or after the
+     * 'decision date', as there may be legitimate reasons to set past dates.
+     * If past dates are not allowed by some interface, then the caller should check this.
+     *
+     * @param requestItem the request item to update
+     * @param dateOrDelta the delta as a string in format expected by the DateMathParser
+     */
+    @Override
+    public void setAccessExpiry(RequestItem requestItem, String dateOrDelta) {
+        try {
+            setAccessExpiry(requestItem, parseDateOrDelta(dateOrDelta, requestItem.getDecision_date()));
+        } catch (ParseException e) {
+            log.error("Error parsing access expiry or duration: {}", e.getMessage());
+        }
+    }
+
+    /**
+     * Taking into account 'accepted' flag, bitstream id or allfiles flag, decision date and access period,
+     * either return cleanly or throw an AuthorizeException
+     *
+     * @param context the DSpace context
+     * @param requestItem the request item containing request and approval data
+     * @param bitstream the bitstream to which access is requested
+     * @param accessToken the access token supplied by the user (e.g. to REST controller)
+     * @throws AuthorizeException
+     */
+    @Override
+    public void authorizeAccessByAccessToken(Context context, RequestItem requestItem, Bitstream bitstream,
+                                             String accessToken) throws AuthorizeException {
+        if (requestItem == null || bitstream == null || context == null || accessToken == null) {
+            throw new AuthorizeException("Null resources provided, not authorized");
+        }
+        // 1. Request is accepted
+        if (requestItem.isAccept_request()
+                // 2. Request access token is not null and matches supplied string
+                && (requestItem.getAccess_token() != null && requestItem.getAccess_token().equals(accessToken))
+                // 3. Request is 'allfiles' or for this bitstream ID
+                && (requestItem.isAllfiles() || bitstream.equals(requestItem.getBitstream()))
+                // 4. access expiry timestamp is null (forever), or is *after* the current time
+                && (requestItem.getAccess_expiry() == null || requestItem.getAccess_expiry().isAfter(Instant.now()))
+        ) {
+            log.info("Authorizing access to bitstream {} by access token", bitstream.getID());
+            return;
+        }
+        // Default, throw authorize exception
+        throw new AuthorizeException("Unauthorized access to bitstream by access token for bitstream ID "
+                + bitstream.getID());
+    }
+
+    /**
+     * Taking into account 'accepted' flag, bitstream id or allfiles flag, decision date and access period,
+     * either return cleanly or throw an AuthorizeException
+     *
+     * @param context the DSpace context
+     * @param bitstream the bitstream to which access is requested
+     * @param accessToken the access token supplied by the user (e.g. to REST controller)
+     * @throws AuthorizeException
+     */
+    @Override
+    public void authorizeAccessByAccessToken(Context context, Bitstream bitstream, String accessToken)
+            throws AuthorizeException {
+        if (bitstream == null || context == null || accessToken == null) {
+            throw new AuthorizeException("Null resources provided, not authorized");
+        }
+        // get request item from access token
+        RequestItem requestItem = findByAccessToken(context, accessToken);
+        if (requestItem == null) {
+            throw new AuthorizeException("Null item request provided, not authorized");
+        }
+        // Continue with authorization check
+        authorizeAccessByAccessToken(context, requestItem, bitstream, accessToken);
+    }
+
+    /**
+     * Generate a link back to DSpace, to act on a request.
+     *
+     * @param token identifies the request.
+     * @return URL to the item request API, with the token as request parameter
+     *          "token".
+     * @throws URISyntaxException passed through.
+     * @throws MalformedURLException passed through.
+     */
+    @Override
+    public String getLinkTokenEmail(String token)
+            throws URISyntaxException, MalformedURLException {
+        final String base = configurationService.getProperty("dspace.ui.url");
+        URIBuilder uriBuilder = new URIBuilder(base);
+        String currentPath = uriBuilder.getPath();
+        String newPath = (currentPath == null || currentPath.isEmpty() || currentPath.equals("/"))
+                ? "/request-a-copy/" + token
+                : currentPath + "/request-a-copy/" + token;
+        URI uri = uriBuilder.setPath(newPath).build();
+        return uri.toURL().toExternalForm();
+    }
+
+    /**
+     * Sanitize a RequestItem. The following values in the referenced RequestItem
+     * are nullified:
+     * - approver token (aka token)
+     * - requester name
+     * - requester email
+     * - requester message
+     *
+     * These properties contain personal information, or can be used to access personal information
+     * and are not needed except for sending the original request and grant/deny emails
+     *
+     * @param requestItem
+     */
+    @Override
+    public void sanitizeRequestItem(Context context, RequestItem requestItem) {
+        if (null == requestItem) {
+            log.error("Null request item passed for sanitization, skipping");
+            return;
+        }
+
+        // Sanitized referenced data (strips requester name, email, message, and the approver token)
+        requestItem.sanitizePersonalData();
+    }
+
+    /**
+     * Parse a date or delta string into an Instant. Kept here as a static method for use in unit tests
+     * and other areas that might not have access to the full spring service
+     *
+     * @param dateOrDelta
+     * @param decisionDate
+     * @return parsed date as instant
+     * @throws ParseException
+     */
+    public static Instant parseDateOrDelta(String dateOrDelta, Instant decisionDate)
+            throws ParseException, DateTimeException {
+        // First, if dateOrDelta is a null string or "FOREVER", we will set the expiry
+        // date to a very distant date in the future.
+        if (dateOrDelta == null || dateOrDelta.equals("FOREVER")) {
+            return Utils.getMaxTimestamp();
+        }
+        // Next, try parsing as a straight date using the multiple format parser
+        ZonedDateTime parsedExpiryDate = MultiFormatDateParser.parse(dateOrDelta);
+
+        if (parsedExpiryDate == null) {
+            // That did not work, so try parsing as a delta
+            // Set the 'now' date to the decision date of the request item
+            dateMathParser.setNow(LocalDateTime.ofInstant(decisionDate, ZoneOffset.UTC));
+            // Parse the delta (e.g. +7DAYS) and set the new access expiry date
+            return dateMathParser.parseMath(dateOrDelta).toInstant(ZoneOffset.UTC);
+        } else {
+            // The expiry date was a valid formatted date string, so set the access expiry date
+            return parsedExpiryDate.toInstant();
+        }
+    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/dao/RequestItemDAO.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/dao/RequestItemDAO.java
@@ -26,7 +26,7 @@ import org.dspace.core.GenericDAO;
 */
 public interface RequestItemDAO extends GenericDAO<RequestItem> {
    /**
-     * Fetch a request named by its unique token (passed in emails).
+     * Fetch a request named by its unique approval token (passed in emails).
     *
     * @param context the current DSpace context.
     * @param token uniquely identifies the request.
@@ -35,5 +35,18 @@ public interface RequestItemDAO extends GenericDAO<RequestItem> {
     */
    public RequestItem findByToken(Context context, String token) throws SQLException;

+    /**
+     * Fetch a request named by its unique access token (passed in emails).
+     * Note this is the token used by the requester to access an approved resource, not the token
+     * used by the item submitter or helpdesk to grant the access.
+     *
+     * @param context the current DSpace context.
+     * @param accessToken uniquely identifies the request
+     * @return the found request or {@code null}
+     * @throws SQLException passed through.
+     */
+    public RequestItem findByAccessToken(Context context, String accessToken) throws SQLException;
+
    public Iterator<RequestItem> findByItem(Context context, Item item) throws SQLException;
+
 }
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/dao/impl/RequestItemDAOImpl.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/dao/impl/RequestItemDAOImpl.java
@@ -42,6 +42,17 @@ public class RequestItemDAOImpl extends AbstractHibernateDAO<RequestItem> implem
        criteriaQuery.where(criteriaBuilder.equal(requestItemRoot.get(RequestItem_.token), token));
        return uniqueResult(context, criteriaQuery, false, RequestItem.class);
    }
+
+    @Override
+    public RequestItem findByAccessToken(Context context, String accessToken) throws SQLException {
+        CriteriaBuilder criteriaBuilder = getCriteriaBuilder(context);
+        CriteriaQuery criteriaQuery = getCriteriaQuery(criteriaBuilder, RequestItem.class);
+        Root<RequestItem> requestItemRoot = criteriaQuery.from(RequestItem.class);
+        criteriaQuery.select(requestItemRoot);
+        criteriaQuery.where(criteriaBuilder.equal(requestItemRoot.get(RequestItem_.access_token), accessToken));
+        return uniqueResult(context, criteriaQuery, true, RequestItem.class);
+    }
+
    @Override
    public Iterator<RequestItem> findByItem(Context context, Item item) throws SQLException {
        CriteriaBuilder criteriaBuilder = getCriteriaBuilder(context);
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/package-info.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/package-info.java
@@ -8,13 +8,19 @@

 /**
 * Feature for conveying a request that materials forbidden to the requester
- * by resource policy be made available by other means.  The request will be
- * e-mailed to a responsible party for consideration and action.  Find details
- * in the user documentation under the rubric "Request a Copy".
+ * by resource policy be made available by other means.
+ *
+ * There are several methods of making the resource(s) available to the requester:
+ * 1. The request will be e-mailed to a responsible party for consideration and action.
+ * Find details in the user documentation under the rubric "Request a Copy".
 *
 * <p>Mailing is handled by {@link RequestItemEmailNotifier}.  Responsible
 * parties are represented by {@link RequestItemAuthor}
 *
+ * 2. A unique 48-char token will be generated and included in a special weblink emailed to the requester.
+ * This link will provide access to the requester as though they had READ policy access while the access period
+ * has not expired, or forever if the access period is null.
+ *
 * <p>This package includes several "strategy" classes which discover
 * responsible parties in various ways.  See
 * {@link RequestItemSubmitterStrategy} and the classes which extend it, and
--- a/dspace-api/src/main/java/org/dspace/app/requestitem/service/RequestItemService.java
+++ b/dspace-api/src/main/java/org/dspace/app/requestitem/service/RequestItemService.java
@@ -7,11 +7,15 @@
 */
 package org.dspace.app.requestitem.service;

+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
 import java.sql.SQLException;
+import java.time.Instant;
 import java.util.Iterator;
 import java.util.List;

 import org.dspace.app.requestitem.RequestItem;
+import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Bitstream;
 import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
@@ -23,6 +27,7 @@ import org.dspace.core.Context;
 * for the RequestItem object and is autowired by Spring.
 *
 * @author kevinvandevelde at atmire.com
+ * @author Kim Shepherd
 */
 public interface RequestItemService {

@@ -40,7 +45,7 @@ public interface RequestItemService {
     * @return the token of the request item
     * @throws SQLException if database error
     */
-    public String createRequest(Context context, Bitstream bitstream, Item item,
+    String createRequest(Context context, Bitstream bitstream, Item item,
            boolean allFiles, String reqEmail, String reqName, String reqMessage)
        throws SQLException;

@@ -49,35 +54,46 @@ public interface RequestItemService {
     *
     * @param context current DSpace session.
     * @return all item requests.
-     * @throws java.sql.SQLException passed through.
+     * @throws SQLException passed through.
     */
-    public List<RequestItem> findAll(Context context)
+    List<RequestItem> findAll(Context context)
            throws SQLException;

    /**
-     * Retrieve a request by its token.
+     * Retrieve a request by its approver token.
     *
     * @param context current DSpace session.
-     * @param token the token identifying the request.
+     * @param token the token identifying the request to be approved.
     * @return the matching request, or null if not found.
     */
-    public RequestItem findByToken(Context context, String token);
+    RequestItem findByToken(Context context, String token);

+    /**
+     * Retrieve a request by its access token, for use by the requester
+     *
+     * @param context current DSpace session.
+     * @param token the token identifying the request to be temporarily accessed
+     * @return the matching request, or null if not found.
+     */
+    RequestItem findByAccessToken(Context context, String token);
    /**
     * Retrieve a request based on the item.
     * @param context current DSpace session.
     * @param item the item to find requests for.
     * @return the matching requests, or null if not found.
     */
-    public Iterator<RequestItem> findByItem(Context context, Item item) throws SQLException;
+    Iterator<RequestItem> findByItem(Context context, Item item) throws SQLException;

    /**
-     * Save updates to the record. Only accept_request, and decision_date are set-able.
+     * Save updates to the record. Only accept_request, decision_date, access_period are settable.
+     *
+     * Note: the "is settable" rules mentioned here are enforced in RequestItemRest with annotations meaning that
+     * these JSON properties are considered READ-ONLY by the core DSpaceRestRepository methods
     *
     * @param context     The relevant DSpace Context.
     * @param requestItem requested item
     */
-    public void update(Context context, RequestItem requestItem);
+    void update(Context context, RequestItem requestItem);

    /**
     * Remove the record from the database.
@@ -85,7 +101,7 @@ public interface RequestItemService {
     * @param context current DSpace context.
     * @param request record to be removed.
     */
-    public void delete(Context context, RequestItem request);
+    void delete(Context context, RequestItem request);

    /**
     * Is there at least one valid READ resource policy for this object?
@@ -94,6 +110,77 @@ public interface RequestItemService {
     * @return true if a READ policy applies.
     * @throws SQLException passed through.
     */
-    public boolean isRestricted(Context context, DSpaceObject o)
+    boolean isRestricted(Context context, DSpaceObject o)
            throws SQLException;
+
+    /**
+     * Set the access expiry timestamp for a request item. After this date, the
+     * bitstream(s) will no longer be available for download even with a token.
+     * @param requestItem the request item
+     * @param accessExpiry the expiry timestamp
+     */
+    void setAccessExpiry(RequestItem requestItem, Instant accessExpiry);
+
+    /**
+     * Set the access expiry timestamp for a request item by delta string.
+     * After this date, the bitstream(s) will no longer be available for download
+     * even with a token.
+     * @param requestItem the request item
+     * @param delta the delta to calculate the expiry timestamp, from the decision date
+     */
+    void setAccessExpiry(RequestItem requestItem, String delta);
+
+    /**
+     * Taking into account 'accepted' flag, bitstream id or allfiles flag, decision date and access period,
+     * either return cleanly or throw an AuthorizeException
+     *
+     * @param context the DSpace context
+     * @param requestItem the request item containing request and approval data
+     * @param bitstream the bitstream to which access is requested
+     * @param accessToken the access token supplied by the user (e.g. to REST controller)
+     * @throws AuthorizeException
+     */
+    void authorizeAccessByAccessToken(Context context, RequestItem requestItem, Bitstream bitstream,
+                                             String accessToken)
+            throws AuthorizeException;
+
+    /**
+     * Taking into account 'accepted' flag, bitstream id or allfiles flag, decision date and access period,
+     * either return cleanly or throw an AuthorizeException
+     *
+     * @param context the DSpace context
+     * @param bitstream the bitstream to which access is requested
+     * @param accessToken the access token supplied by the user (e.g. to REST controller)
+     * @throws AuthorizeException
+     */
+    void authorizeAccessByAccessToken(Context context, Bitstream bitstream, String accessToken)
+        throws AuthorizeException;
+
+    /**
+     * Generate a link back to DSpace, to act on a request.
+     *
+     * @param token identifies the request.
+     * @return URL to the item request API, with the token as request parameter
+     *          "token".
+     * @throws URISyntaxException passed through.
+     * @throws MalformedURLException passed through.
+     */
+    String getLinkTokenEmail(String token)
+            throws URISyntaxException, MalformedURLException;
+
+    /**
+     * Sanitize a RequestItem depending on the current session user. If the current user is not
+     * the approver, an administrator or other privileged group, the following values in the return object
+     * are nullified:
+     * - approver token (aka token)
+     * - requester name
+     * - requester email
+     * - requester message
+     *
+     * These properties contain personal information, or can be used to access personal information
+     * and are not needed except for sending the original request and grant/deny emails
+     *
+     * @param requestItem
+     */
+    void sanitizeRequestItem(Context context, RequestItem requestItem);
 }
--- a/dspace-api/src/main/java/org/dspace/app/sherpa/cache/SherpaCacheLogger.java
+++ b/dspace-api/src/main/java/org/dspace/app/sherpa/cache/SherpaCacheLogger.java
@@ -13,7 +13,7 @@ import org.ehcache.event.CacheEvent;
 import org.ehcache.event.CacheEventListener;

 /**
- * This is a EHCache listner responsible for logging sherpa cache events. It is
+ * This is a EHCache listener responsible for logging sherpa cache events. It is
 * bound to the sherpa cache via the dspace/config/ehcache.xml file. We need a
 * dedicated Logger for each cache as the CacheEvent doesn't include details
 * about where the event occur
--- a/dspace-api/src/main/java/org/dspace/app/sherpa/submit/SHERPASubmitService.java
+++ b/dspace-api/src/main/java/org/dspace/app/sherpa/submit/SHERPASubmitService.java
@@ -47,7 +47,7 @@ public class SHERPASubmitService {
    }

    /**
-     * Setter for SHERPA service, reponsible for actual HTTP API calls
+     * Setter for SHERPA service, responsible for actual HTTP API calls
     * @see "dspace-dspace-addon-sherpa-configuration-services.xml"
     * @param sherpaService
     */
--- a/dspace-api/src/main/java/org/dspace/app/sherpa/v2/SHERPAResponse.java
+++ b/dspace-api/src/main/java/org/dspace/app/sherpa/v2/SHERPAResponse.java
@@ -12,8 +12,8 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Serializable;
 import java.nio.charset.StandardCharsets;
+import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
@@ -59,7 +59,7 @@ public class SHERPAResponse implements Serializable {
    private String uri;

    @JsonIgnore
-    private Date retrievalTime = new Date();
+    private Instant retrievalTime = Instant.now();

    // Format enum - currently only JSON is supported
    public enum SHERPAFormat {
@@ -563,7 +563,7 @@ public class SHERPAResponse implements Serializable {
        return metadata;
    }

-    public Date getRetrievalTime() {
+    public Instant getRetrievalTime() {
        return retrievalTime;
    }
 }
--- a/dspace-api/src/main/java/org/dspace/app/sitemap/AbstractGenerator.java
+++ b/dspace-api/src/main/java/org/dspace/app/sitemap/AbstractGenerator.java
@@ -12,7 +12,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.PrintStream;
-import java.util.Date;
+import java.time.Instant;
 import java.util.zip.GZIPOutputStream;

 /**
@@ -110,7 +110,7 @@ public abstract class AbstractGenerator {
     * @throws IOException if IO error
     *                     if an error occurs writing
     */
-    public void addURL(String url, Date lastMod) throws IOException {
+    public void addURL(String url, Instant lastMod) throws IOException {
        // Kick things off if this is the first call
        if (currentOutput == null) {
            startNewFile();
@@ -143,7 +143,7 @@ public abstract class AbstractGenerator {

    /**
     * Complete writing sitemap files and write the index files. This is invoked
-     * when all calls to {@link AbstractGenerator#addURL(String, Date)} have
+     * when all calls to {@link AbstractGenerator#addURL(String, Instant)} have
     * been completed, and invalidates the generator.
     *
     * @return number of sitemap files written.
@@ -177,7 +177,7 @@ public abstract class AbstractGenerator {
     *                applicable
     * @return the mark-up to include
     */
-    public abstract String getURLText(String url, Date lastMod);
+    public abstract String getURLText(String url, Instant lastMod);

    /**
     * Return the boilerplate at the top of a sitemap file.
--- a/dspace-api/src/main/java/org/dspace/app/sitemap/GenerateSitemaps.java
+++ b/dspace-api/src/main/java/org/dspace/app/sitemap/GenerateSitemaps.java
@@ -12,7 +12,6 @@ import static org.dspace.discovery.SearchUtils.RESOURCE_TYPE_FIELD;
 import java.io.File;
 import java.io.IOException;
 import java.sql.SQLException;
-import java.util.Date;
 import java.util.List;

 import org.apache.commons.cli.CommandLine;
@@ -143,7 +142,7 @@ public class GenerateSitemaps {
    public static void deleteSitemaps() throws IOException {
        File outputDir = new File(configurationService.getProperty("sitemap.dir"));
        if (!outputDir.exists() && !outputDir.isDirectory()) {
-            log.error("Unable to delete sitemaps directory, doesn't exist or isn't a directort");
+            log.error("Unable to delete sitemaps directory, doesn't exist or isn't a directory");
        } else {
            FileUtils.deleteDirectory(outputDir);
        }
@@ -261,7 +260,6 @@ public class GenerateSitemaps {
                    } else {
                        url = uiURLStem + "items/" + doc.getID();
                    }
-                    Date lastMod = doc.getLastModified();
                    c.uncacheEntity(doc.getIndexedObject());

                    if (makeHTMLMap) {
--- a/dspace-api/src/main/java/org/dspace/app/sitemap/HTMLSitemapGenerator.java
+++ b/dspace-api/src/main/java/org/dspace/app/sitemap/HTMLSitemapGenerator.java
@@ -10,7 +10,7 @@ package org.dspace.app.sitemap;
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintStream;
-import java.util.Date;
+import java.time.Instant;

 /**
 * Class for generating HTML "sitemaps" which contain links to various pages in
@@ -77,7 +77,7 @@ public class HTMLSitemapGenerator extends AbstractGenerator {
    }

    @Override
-    public String getURLText(String url, Date lastMod) {
+    public String getURLText(String url, Instant lastMod) {
        StringBuffer urlText = new StringBuffer();

        urlText.append("<li><a href=\"").append(url).append("\">").append(url)
--- a/dspace-api/src/main/java/org/dspace/app/sitemap/SitemapsOrgGenerator.java
+++ b/dspace-api/src/main/java/org/dspace/app/sitemap/SitemapsOrgGenerator.java
@@ -10,9 +10,8 @@ package org.dspace.app.sitemap;
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintStream;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
+import java.time.Instant;
+import java.time.format.DateTimeFormatter;

 /**
 * Class for generating <a href="http://sitemaps.org/">Sitemaps</a> to improve
@@ -36,8 +35,7 @@ public class SitemapsOrgGenerator extends AbstractGenerator {
    /**
     * The correct date format
     */
-    protected DateFormat w3dtfFormat = new SimpleDateFormat(
-        "yyyy-MM-dd'T'HH:mm:ss'Z'");
+    protected DateTimeFormatter w3dtfFormat = DateTimeFormatter.ISO_INSTANT;

    /**
     * Construct a sitemaps.org protocol sitemap generator, writing files to the
@@ -85,7 +83,7 @@ public class SitemapsOrgGenerator extends AbstractGenerator {
    }

    @Override
-    public String getURLText(String url, Date lastMod) {
+    public String getURLText(String url, Instant lastMod) {
        StringBuilder urlText = new StringBuilder();

        urlText.append("<url><loc>").append(url).append("</loc>");
@@ -111,7 +109,7 @@ public class SitemapsOrgGenerator extends AbstractGenerator {
    @Override
    public void writeIndex(PrintStream output, int sitemapCount)
        throws IOException {
-        String now = w3dtfFormat.format(new Date());
+        String now = w3dtfFormat.format(Instant.now());

        output.println("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
        output
--- a/dspace-api/src/main/java/org/dspace/app/solrdatabaseresync/SolrDatabaseResyncCli.java
+++ b/dspace-api/src/main/java/org/dspace/app/solrdatabaseresync/SolrDatabaseResyncCli.java
@@ -12,7 +12,8 @@ import static org.dspace.discovery.indexobject.ItemIndexFactoryImpl.STATUS_FIELD

 import java.io.IOException;
 import java.sql.SQLException;
-import java.util.Calendar;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -167,11 +168,11 @@ public class SolrDatabaseResyncCli extends DSpaceRunnable<SolrDatabaseResyncCliS
    }

    private String getMaxTime() {
-        Calendar cal = Calendar.getInstance();
+        Instant now = Instant.now();
        if (timeUntilReindex > 0) {
-            cal.add(Calendar.MILLISECOND, -timeUntilReindex);
+            now = now.minus(timeUntilReindex, ChronoUnit.MILLIS);
        }
-        return SolrUtils.getDateFormatter().format(cal.getTime());
+        return SolrUtils.getDateFormatter().format(now);
    }

    private int getTimeUntilReindex() {
--- a/dspace-api/src/main/java/org/dspace/app/statistics/CreateStatReport.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/CreateStatReport.java
@@ -7,11 +7,13 @@
 */
 package org.dspace.app.statistics;

+import static java.time.temporal.TemporalAdjusters.firstDayOfMonth;
+import static java.time.temporal.TemporalAdjusters.lastDayOfMonth;
+
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
+import java.time.LocalDate;
+import java.time.temporal.ChronoUnit;
 import java.util.Properties;

 import org.apache.commons.cli.CommandLine;
@@ -35,14 +37,14 @@ import org.dspace.services.factory.DSpaceServicesFactory;
 public class CreateStatReport {

    /**
-     * Current date and time
+     * Current date
     */
-    private static Calendar calendar = null;
+    private static LocalDate calendar = null;

    /**
-     * Reporting start date and time
+     * Reporting start date
     */
-    private static Calendar reportStartDate = null;
+    private static LocalDate reportStartDate = null;

    /**
     * Path of log directory
@@ -84,22 +86,22 @@ public class CreateStatReport {
        FileInputStream fis = new java.io.FileInputStream(new File(configFile));
        Properties config = new Properties();
        config.load(fis);
-        int startMonth = 0;
+        int startMonth = 1;
        int startYear = 2005;
        try {
-            startYear = Integer.parseInt(config.getProperty("start.year", "1").trim());
+            startYear = Integer.parseInt(config.getProperty("start.year", "2005").trim());
        } catch (NumberFormatException nfe) {
            System.err.println("start.year is incorrectly set in dstat.cfg. Must be a number (e.g. 2005).");
            System.exit(0);
        }
        try {
-            startMonth = Integer.parseInt(config.getProperty("start.month", "2005").trim());
+            startMonth = Integer.parseInt(config.getProperty("start.month", "1").trim());
        } catch (NumberFormatException nfe) {
            System.err.println("start.month is incorrectly set in dstat.cfg. Must be a number between 1 and 12.");
            System.exit(0);
        }
-        reportStartDate = new GregorianCalendar(startYear, startMonth - 1, 1);
-        calendar = new GregorianCalendar();
+        reportStartDate = LocalDate.of(startYear, startMonth, 1);
+        calendar = LocalDate.now();

        // create context as super user
        context = new Context();
@@ -168,25 +170,18 @@ public class CreateStatReport {
        String myConfigFile = null;
        boolean myLookUp = false;

-        Calendar start = new GregorianCalendar(calendar.get(Calendar.YEAR),
-                                               calendar.get(Calendar.MONTH),
-                                               calendar.getActualMinimum(Calendar.DAY_OF_MONTH));
-        Date myStartDate = start.getTime();
-
-        Calendar end = new GregorianCalendar(calendar.get(Calendar.YEAR),
-                                             calendar.get(Calendar.MONTH),
-                                             calendar.getActualMaximum(Calendar.DAY_OF_MONTH));
-        Date myEndDate = end.getTime();
+        LocalDate start = calendar.with(firstDayOfMonth());
+        LocalDate end = calendar.with(lastDayOfMonth());

        StringBuilder myOutFile = new StringBuilder(outputLogDirectory);
        myOutFile.append(outputPrefix);
-        myOutFile.append(calendar.get(Calendar.YEAR));
+        myOutFile.append(calendar.getYear());
        myOutFile.append("-");
-        myOutFile.append(calendar.get(Calendar.MONTH) + 1);
+        myOutFile.append(calendar.getMonth());
        myOutFile.append(outputSuffix);

        LogAnalyser
-            .processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), myStartDate, myEndDate,
+            .processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), start, end,
                         myLookUp);
    }

@@ -204,21 +199,19 @@ public class CreateStatReport {
        String myLogDir = null;
        String myFileTemplate = null;
        String myConfigFile = null;
-        Date myStartDate = null;
-        Date myEndDate = null;
        boolean myLookUp = false;

        StringBuilder myOutFile = new StringBuilder(outputLogDirectory);
        myOutFile.append(outputPrefix);
-        myOutFile.append(calendar.get(Calendar.YEAR));
+        myOutFile.append(calendar.getYear());
        myOutFile.append("-");
-        myOutFile.append(calendar.get(Calendar.MONTH) + 1);
+        myOutFile.append(calendar.getMonth());
        myOutFile.append("-");
-        myOutFile.append(calendar.get(Calendar.DAY_OF_MONTH));
+        myOutFile.append(calendar.getDayOfMonth());
        myOutFile.append(outputSuffix);

        LogAnalyser
-            .processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), myStartDate, myEndDate,
+            .processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), null, null,
                         myLookUp);
    }

@@ -239,34 +232,25 @@ public class CreateStatReport {
        String myConfigFile = null;
        boolean myLookUp = false;

-        Calendar reportEndDate = new GregorianCalendar(calendar.get(Calendar.YEAR),
-                                                       calendar.get(Calendar.MONTH),
-                                                       calendar.getActualMaximum(Calendar.DAY_OF_MONTH));
+        LocalDate reportEndDate = calendar.with(lastDayOfMonth());

-        Calendar currentMonth = (Calendar) reportStartDate.clone();
-        while (currentMonth.before(reportEndDate)) {
+        LocalDate currentMonth = reportStartDate;
+        while (currentMonth.isBefore(reportEndDate)) {

-            Calendar start = new GregorianCalendar(currentMonth.get(Calendar.YEAR),
-                                                   currentMonth.get(Calendar.MONTH),
-                                                   currentMonth.getActualMinimum(Calendar.DAY_OF_MONTH));
-            Date myStartDate = start.getTime();
-
-            Calendar end = new GregorianCalendar(currentMonth.get(Calendar.YEAR),
-                                                 currentMonth.get(Calendar.MONTH),
-                                                 currentMonth.getActualMaximum(Calendar.DAY_OF_MONTH));
-            Date myEndDate = end.getTime();
+            LocalDate start = currentMonth.with(firstDayOfMonth());
+            LocalDate end = currentMonth.with(lastDayOfMonth());

            StringBuilder myOutFile = new StringBuilder(outputLogDirectory);
            myOutFile.append(outputPrefix);
-            myOutFile.append(currentMonth.get(Calendar.YEAR));
+            myOutFile.append(currentMonth.getYear());
            myOutFile.append("-");
-            myOutFile.append(currentMonth.get(Calendar.MONTH) + 1);
+            myOutFile.append(currentMonth.getMonth());
            myOutFile.append(outputSuffix);

-            LogAnalyser.processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), myStartDate,
-                                    myEndDate, myLookUp);
+            LogAnalyser.processLogs(context, myLogDir, myFileTemplate, myConfigFile, myOutFile.toString(), start,
+                                    end, myLookUp);

-            currentMonth.add(Calendar.MONTH, 1);
+            currentMonth = currentMonth.plus(1, ChronoUnit.MONTHS);
        }
    }

@@ -286,20 +270,20 @@ public class CreateStatReport {

        StringBuilder myInput = new StringBuilder(outputLogDirectory);
        myInput.append(inputPrefix);
-        myInput.append(calendar.get(Calendar.YEAR));
+        myInput.append(calendar.getYear());
        myInput.append("-");
-        myInput.append(calendar.get(Calendar.MONTH) + 1);
+        myInput.append(calendar.getMonth());
        myInput.append("-");
-        myInput.append(calendar.get(Calendar.DAY_OF_MONTH));
+        myInput.append(calendar.getDayOfMonth());
        myInput.append(outputSuffix);

        StringBuilder myOutput = new StringBuilder(outputReportDirectory);
        myOutput.append(outputPrefix);
-        myOutput.append(calendar.get(Calendar.YEAR));
+        myOutput.append(calendar.getYear());
        myOutput.append("-");
-        myOutput.append(calendar.get(Calendar.MONTH) + 1);
+        myOutput.append(calendar.getMonth());
        myOutput.append("-");
-        myOutput.append(calendar.get(Calendar.DAY_OF_MONTH));
+        myOutput.append(calendar.getDayOfMonth());
        myOutput.append(".");
        myOutput.append(myFormat);

@@ -321,32 +305,30 @@ public class CreateStatReport {
        String myFormat = "html";
        String myMap = null;

-        Calendar reportEndDate = new GregorianCalendar(calendar.get(Calendar.YEAR),
-                                                       calendar.get(Calendar.MONTH),
-                                                       calendar.getActualMaximum(Calendar.DAY_OF_MONTH));
+        LocalDate reportEndDate = calendar.with(lastDayOfMonth());

-        Calendar currentMonth = (Calendar) reportStartDate.clone();
+        LocalDate currentMonth = reportStartDate;

-        while (currentMonth.before(reportEndDate)) {
+        while (currentMonth.isBefore(reportEndDate)) {

            StringBuilder myInput = new StringBuilder(outputLogDirectory);
            myInput.append(inputPrefix);
-            myInput.append(currentMonth.get(Calendar.YEAR));
+            myInput.append(currentMonth.getYear());
            myInput.append("-");
-            myInput.append(currentMonth.get(Calendar.MONTH) + 1);
+            myInput.append(currentMonth.getMonth());
            myInput.append(outputSuffix);

            StringBuilder myOutput = new StringBuilder(outputReportDirectory);
            myOutput.append(outputPrefix);
-            myOutput.append(currentMonth.get(Calendar.YEAR));
+            myOutput.append(currentMonth.getYear());
            myOutput.append("-");
-            myOutput.append(currentMonth.get(Calendar.MONTH) + 1);
+            myOutput.append(currentMonth.getMonth());
            myOutput.append(".");
            myOutput.append(myFormat);

            ReportGenerator.processReport(context, myFormat, myInput.toString(), myOutput.toString(), myMap);

-            currentMonth.add(Calendar.MONTH, 1);
+            currentMonth = currentMonth.plus(1, ChronoUnit.MONTHS);
        }
    }

@@ -365,16 +347,16 @@ public class CreateStatReport {

        StringBuilder myInput = new StringBuilder(outputLogDirectory);
        myInput.append(inputPrefix);
-        myInput.append(calendar.get(Calendar.YEAR));
+        myInput.append(calendar.getYear());
        myInput.append("-");
-        myInput.append(calendar.get(Calendar.MONTH) + 1);
+        myInput.append(calendar.getMonth());
        myInput.append(outputSuffix);

        StringBuilder myOutput = new StringBuilder(outputReportDirectory);
        myOutput.append(outputPrefix);
-        myOutput.append(calendar.get(Calendar.YEAR));
+        myOutput.append(calendar.getYear());
        myOutput.append("-");
-        myOutput.append(calendar.get(Calendar.MONTH) + 1);
+        myOutput.append(calendar.getMonth());
        myOutput.append(".");
        myOutput.append(myFormat);

--- a/dspace-api/src/main/java/org/dspace/app/statistics/HTMLReport.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/HTMLReport.java
@@ -13,8 +13,8 @@ import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
 import java.text.DateFormat;
+import java.time.LocalDate;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Matcher;
@@ -50,12 +50,12 @@ public class HTMLReport implements Report {
    /**
     * start date for report
     */
-    private Date start = null;
+    private LocalDate start = null;

    /**
     * end date for report
     */
-    private Date end = null;
+    private LocalDate end = null;

    /**
     * the output file to which to write aggregation data
@@ -190,8 +190,8 @@ public class HTMLReport implements Report {
     * @param start the start date for the report
     */
    @Override
-    public void setStartDate(Date start) {
-        this.start = (start == null ? null : new Date(start.getTime()));
+    public void setStartDate(LocalDate start) {
+        this.start = start;
    }


@@ -201,8 +201,8 @@ public class HTMLReport implements Report {
     * @param end the end date for the report
     */
    @Override
-    public void setEndDate(Date end) {
-        this.end = (end == null ? null : new Date(end.getTime()));
+    public void setEndDate(LocalDate end) {
+        this.end = end;
    }


@@ -451,7 +451,7 @@ public class HTMLReport implements Report {
    }

    /**
-     * Clean Stirngs for display in HTML
+     * Clean Strings for display in HTML
     *
     * @param s The String to clean
     * @return The cleaned String
--- a/dspace-api/src/main/java/org/dspace/app/statistics/LogAnalyser.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/LogAnalyser.java
@@ -14,18 +14,16 @@ import java.io.FileReader;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.sql.SQLException;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
 import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
-import java.util.TimeZone;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@@ -265,7 +263,7 @@ public class LogAnalyser {
    /**
     * process timing clock
     */
-    private static Calendar startTime = null;
+    private static Instant startTime = null;

    /////////////////////////
    // command line options
@@ -298,22 +296,22 @@ public class LogAnalyser {
    /**
     * the starting date of the report
     */
-    private static Date startDate = null;
+    private static LocalDate startDate = null;

    /**
     * the end date of the report
     */
-    private static Date endDate = null;
+    private static LocalDate endDate = null;

    /**
     * the starting date of the report as obtained from the log files
     */
-    private static Date logStartDate = null;
+    private static LocalDate logStartDate = null;

    /**
     * the end date of the report as obtained from the log files
     */
-    private static Date logEndDate = null;
+    private static LocalDate logEndDate = null;

    /**
     * Default constructor
@@ -331,7 +329,7 @@ public class LogAnalyser {
    public static void main(String[] argv)
        throws Exception, SQLException {
        // first, start the processing clock
-        startTime = new GregorianCalendar();
+        startTime = Instant.now();

        // create context as super user
        Context context = new Context();
@@ -342,8 +340,8 @@ public class LogAnalyser {
        String myFileTemplate = null;
        String myConfigFile = null;
        String myOutFile = null;
-        Date myStartDate = null;
-        Date myEndDate = null;
+        LocalDate myStartDate = null;
+        LocalDate myEndDate = null;
        boolean myLookUp = false;

        // Define command line options.
@@ -434,14 +432,14 @@ public class LogAnalyser {
     */
    public static String processLogs(Context context, String myLogDir,
                                     String myFileTemplate, String myConfigFile,
-                                     String myOutFile, Date myStartDate,
-                                     Date myEndDate, boolean myLookUp)
+                                     String myOutFile, LocalDate myStartDate,
+                                     LocalDate myEndDate, boolean myLookUp)
        throws IOException, SQLException, SearchServiceException {
        // FIXME: perhaps we should have all parameters and aggregators put
        // together in a single aggregating object

        // if the timer has not yet been started, then start it
-        startTime = new GregorianCalendar();
+        startTime = Instant.now();

        //instantiate aggregators
        actionAggregator = new HashMap<>();
@@ -485,7 +483,7 @@ public class LogAnalyser {
        // of the log file are sequential, but can we assume the files are
        // provided in a data sequence?
        for (i = 0; i < logFiles.length; i++) {
-            // check to see if this file is a log file agains the global regex
+            // check to see if this file is a log file against the global regex
            Matcher matchRegex = logRegex.matcher(logFiles[i].getName());
            if (matchRegex.matches()) {
                // if it is a log file, open it up and lets have a look at the
@@ -658,7 +656,7 @@ public class LogAnalyser {
     */
    public static void setParameters(String myLogDir, String myFileTemplate,
                                     String myConfigFile, String myOutFile,
-                                     Date myStartDate, Date myEndDate,
+                                     LocalDate myStartDate, LocalDate myEndDate,
                                     boolean myLookUp) {

        if (myLogDir != null) {
@@ -676,11 +674,11 @@ public class LogAnalyser {
        }

        if (myStartDate != null) {
-            startDate = new Date(myStartDate.getTime());
+            startDate = myStartDate;
        }

        if (myEndDate != null) {
-            endDate = new Date(myEndDate.getTime());
+            endDate = myEndDate;
        }

        if (myOutFile != null) {
@@ -722,18 +720,17 @@ public class LogAnalyser {
        summary.append("service_name=").append(name).append("\n");

        // output the date information if necessary
-        SimpleDateFormat sdf = new SimpleDateFormat("dd'/'MM'/'yyyy");
-
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("dd'/'MM'/'yyyy");
        if (startDate != null) {
-            summary.append("start_date=").append(sdf.format(startDate)).append("\n");
+            summary.append("start_date=").append(formatter.format(startDate)).append("\n");
        } else if (logStartDate != null) {
-            summary.append("start_date=").append(sdf.format(logStartDate)).append("\n");
+            summary.append("start_date=").append(formatter.format(logStartDate)).append("\n");
        }

        if (endDate != null) {
-            summary.append("end_date=").append(sdf.format(endDate)).append("\n");
+            summary.append("end_date=").append(formatter.format(endDate)).append("\n");
        } else if (logEndDate != null) {
-            summary.append("end_date=").append(sdf.format(logEndDate)).append("\n");
+            summary.append("end_date=").append(formatter.format(logEndDate)).append("\n");
        }

        // write out the archive stats
@@ -813,8 +810,7 @@ public class LogAnalyser {
        }

        // insert the analysis processing time information
-        Calendar endTime = new GregorianCalendar();
-        long timeInMillis = (endTime.getTimeInMillis() - startTime.getTimeInMillis());
+        long timeInMillis = Instant.now().toEpochMilli() - startTime.toEpochMilli();
        summary.append("analysis_process_time=")
                .append(Long.toString(timeInMillis / 1000)).append("\n");

@@ -1072,13 +1068,13 @@ public class LogAnalyser {
     * @return a date object containing the date, with the time set to
     * 00:00:00
     */
-    public static Date parseDate(String date) {
-        SimpleDateFormat sdf = new SimpleDateFormat("yyyy'-'MM'-'dd");
-        Date parsedDate = null;
+    public static LocalDate parseDate(String date) {
+        DateTimeFormatter formatter = DateTimeFormatter.ISO_LOCAL_DATE;
+        LocalDate parsedDate = null;

        try {
-            parsedDate = sdf.parse(date);
-        } catch (ParseException e) {
+            parsedDate = LocalDate.parse(date, formatter);
+        } catch (DateTimeParseException e) {
            System.out.println("The date is not in the correct format");
            System.exit(0);
        }
@@ -1092,11 +1088,8 @@ public class LogAnalyser {
     * @param date the date to be converted
     * @return A string of the form YYYY-MM-DD
     */
-    public static String unParseDate(Date date) {
-        // Use SimpleDateFormat
-        SimpleDateFormat sdf = new SimpleDateFormat("yyyy'-'MM'-'dd'T'hh:mm:ss'Z'");
-        sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
-        return sdf.format(date);
+    public static String unParseDate(LocalDate date) {
+        return DateTimeFormatter.ISO_LOCAL_DATE.format(date);
    }


@@ -1238,8 +1231,8 @@ public class LogAnalyser {
        }
        accessionedQuery.append("]");
        discoverQuery.addFilterQueries(accessionedQuery.toString());
-        discoverQuery.addFilterQueries("withdrawn: false");
-        discoverQuery.addFilterQueries("archived: true");
+        discoverQuery.addFilterQueries("withdrawn:false");
+        discoverQuery.addFilterQueries("archived:true");

        return (int) SearchUtils.getSearchService().search(context, discoverQuery).getTotalSearchResults();
    }
--- a/dspace-api/src/main/java/org/dspace/app/statistics/LogLine.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/LogLine.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.app.statistics;

-import java.util.Date;
+import java.time.LocalDate;

 /**
 * This class represents a single log file line and the operations that can be
@@ -22,7 +22,7 @@ public class LogLine {
    /**
     * the date of the log file line
     */
-    private Date date = null;
+    private LocalDate date = null;

    /**
     * the level of the log line type
@@ -47,7 +47,7 @@ public class LogLine {
    /**
     * constructor to create new statistic
     */
-    LogLine(Date date, String level, String user, String action, String params) {
+    LogLine(LocalDate date, String level, String user, String action, String params) {
        this.date = date;
        this.level = level;
        this.user = user;
@@ -60,8 +60,8 @@ public class LogLine {
     *
     * @return the date of this log line
     */
-    public Date getDate() {
-        return this.date == null ? null : new Date(this.date.getTime());
+    public LocalDate getDate() {
+        return this.date;
    }


@@ -108,12 +108,12 @@ public class LogLine {
    /**
     * find out if this log file line is before the given date
     *
-     * @param date the date to be compared to
+     * @param compareDate the date to be compared to
     * @return true if the line is before the given date, false if not
     */
-    public boolean beforeDate(Date date) {
-        if (date != null) {
-            return (date.compareTo(this.date) >= 0);
+    public boolean beforeDate(LocalDate compareDate) {
+        if (compareDate != null) {
+            return this.date.isBefore(compareDate);
        }
        return false;
    }
@@ -122,12 +122,12 @@ public class LogLine {
    /**
     * find out if this log file line is after the given date
     *
-     * @param date the date to be compared to
+     * @param compareDate the date to be compared to
     * @return true if the line is after the given date, false if not
     */
-    public boolean afterDate(Date date) {
-        if (date != null) {
-            return (date.compareTo(this.date) <= 0);
+    public boolean afterDate(LocalDate compareDate) {
+        if (compareDate != null) {
+            return this.date.isAfter(compareDate);
        }
        return false;
    }
--- a/dspace-api/src/main/java/org/dspace/app/statistics/Report.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/Report.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.app.statistics;

-import java.util.Date;
+import java.time.LocalDate;

 /**
 * Sn interface to a generic report generating
@@ -120,12 +120,12 @@ public interface Report {
     *
     * @param start the start date for the report
     */
-    public abstract void setStartDate(Date start);
+    public abstract void setStartDate(LocalDate start);

    /**
     * set the end date for the report
     *
     * @param end the end date for the report
     */
-    public abstract void setEndDate(Date end);
+    public abstract void setEndDate(LocalDate end);
 }
--- a/dspace-api/src/main/java/org/dspace/app/statistics/ReportGenerator.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/ReportGenerator.java
@@ -13,12 +13,11 @@ import java.io.FileReader;
 import java.io.IOException;
 import java.sql.SQLException;
 import java.text.ParseException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -132,12 +131,12 @@ public class ReportGenerator {
    /**
     * start date of this report
     */
-    private static Date startDate = null;
+    private static LocalDate startDate = null;

    /**
     * end date of this report
     */
-    private static Date endDate = null;
+    private static LocalDate endDate = null;

    /**
     * the time taken to build the aggregation file from the log
@@ -175,7 +174,7 @@ public class ReportGenerator {
    /**
     * process timing clock
     */
-    private static Calendar startTime = null;
+    private static Instant startTime = null;

    /**
     * a map from log file action to human readable action
@@ -326,7 +325,7 @@ public class ReportGenerator {
    public static void processReport(Context context, Report report,
                                     String myInput)
        throws Exception, SQLException {
-        startTime = new GregorianCalendar();
+        startTime = Instant.now();

        /** instantiate aggregators */
        actionAggregator = new HashMap<>();
@@ -352,7 +351,7 @@ public class ReportGenerator {
        report.setEndDate(endDate);
        report.setMainTitle(name, serverName);

-        // define our standard variables for re-use
+        // define our standard variables for reuse
        // FIXME: we probably don't need these once we've finished re-factoring
        Iterator<String> keys = null;
        int i = 0;
@@ -492,8 +491,7 @@ public class ReportGenerator {
        report.addBlock(levels);

        // get the display processing time information
-        Calendar endTime = new GregorianCalendar();
-        long timeInMillis = (endTime.getTimeInMillis() - startTime.getTimeInMillis());
+        long timeInMillis = Instant.now().toEpochMilli() - startTime.toEpochMilli();
        int outputProcessTime = (int) (timeInMillis / 1000);

        // prepare the processing information statistics
@@ -518,7 +516,7 @@ public class ReportGenerator {

    /**
     * a standard stats block preparation method for use when an aggregator
-     * has to be put out in its entirity.  This method will not be able to
+     * has to be put out in its entirety.  This method will not be able to
     * deal with complex cases, although it will perform sorting by value and
     * translations as per the map file if requested
     *
@@ -666,7 +664,7 @@ public class ReportGenerator {

        // first initialise a date format object to do our date processing
        // if necessary
-        SimpleDateFormat sdf = new SimpleDateFormat("dd'/'MM'/'yyyy");
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("dd'/'MM'/'yyyy");

        // FIXME: although this works, it is not very elegant
        // loop through the aggregator file and read in the values
@@ -738,9 +736,9 @@ public class ReportGenerator {
            } else if ("service_name".equals(section)) {
                name = value;
            } else if ("start_date".equals(section)) {
-                startDate = sdf.parse(value);
+                startDate = LocalDate.parse(value, formatter);
            } else if ("end_date".equals(section)) {
-                endDate = sdf.parse(value);
+                endDate = LocalDate.parse(value, formatter);
            } else if ("analysis_process_time".equals(section)) {
                processTime = Integer.parseInt(value);
            } else if ("general_summary".equals(section)) {
@@ -783,7 +781,7 @@ public class ReportGenerator {
            return null;
        }

-        // build the referece
+        // build the reference
        // FIXME: here we have blurred the line between content and presentation
        // and it should probably be un-blurred
        List<MetadataValue> title = itemService.getMetadata(item, MetadataSchemaEnum.DC.getName(),
--- a/dspace-api/src/main/java/org/dspace/app/statistics/StatisticsLoader.java
+++ b/dspace-api/src/main/java/org/dspace/app/statistics/StatisticsLoader.java
@@ -9,19 +9,20 @@ package org.dspace.app.statistics;

 import java.io.File;
 import java.io.FilenameFilter;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.YearMonth;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+import java.time.temporal.ChronoUnit;
 import java.util.Arrays;
 import java.util.Comparator;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

-import org.apache.commons.lang3.time.DateUtils;
 import org.dspace.services.ConfigurationService;
 import org.dspace.services.factory.DSpaceServicesFactory;

@@ -35,7 +36,7 @@ public class StatisticsLoader {
    private static StatsFile generalAnalysis = null;
    private static StatsFile generalReport = null;

-    private static Date lastLoaded = null;
+    private static Instant lastLoaded = null;
    private static int fileCount = 0;

    private static Pattern analysisMonthlyPattern;
@@ -43,8 +44,8 @@ public class StatisticsLoader {
    private static Pattern reportMonthlyPattern;
    private static Pattern reportGeneralPattern;

-    private static ThreadLocal<DateFormat> monthlySDF;
-    private static ThreadLocal<DateFormat> generalSDF;
+    private static ThreadLocal<DateTimeFormatter> monthlySDF;
+    private static ThreadLocal<DateTimeFormatter> generalSDF;

    // one time initialisation of the regex patterns and formatters we will use
    static {
@@ -53,17 +54,17 @@ public class StatisticsLoader {
        reportMonthlyPattern = Pattern.compile("report-([0-9][0-9][0-9][0-9]-[0-9]+)\\.html");
        reportGeneralPattern = Pattern.compile("report-general-([0-9]+-[0-9]+-[0-9]+)\\.html");

-        monthlySDF = new ThreadLocal<DateFormat>() {
+        monthlySDF = new ThreadLocal<DateTimeFormatter>() {
            @Override
-            protected DateFormat initialValue() {
-                return new SimpleDateFormat("yyyy'-'M");
+            protected DateTimeFormatter initialValue() {
+                return DateTimeFormatter.ofPattern("yyyy'-'M");
            }
        };

-        generalSDF = new ThreadLocal<DateFormat>() {
+        generalSDF = new ThreadLocal<DateTimeFormatter>() {
            @Override
-            protected DateFormat initialValue() {
-                return new SimpleDateFormat("yyyy'-'M'-'dd");
+            protected DateTimeFormatter initialValue() {
+                return DateTimeFormatter.ofPattern("yyyy'-'M'-'dd");
            }
        };
    }
@@ -78,7 +79,7 @@ public class StatisticsLoader {
     *
     * @return array of dates
     */
-    public static Date[] getMonthlyReportDates() {
+    public static LocalDate[] getMonthlyReportDates() {
        return sortDatesDescending(getDatesFromMap(monthlyReports));
    }

@@ -87,7 +88,7 @@ public class StatisticsLoader {
     *
     * @return array of dates
     */
-    public static Date[] getMonthlyAnalysisDates() {
+    public static LocalDate[] getMonthlyAnalysisDates() {
        return sortDatesDescending(getDatesFromMap(monthlyAnalysis));
    }

@@ -97,15 +98,15 @@ public class StatisticsLoader {
     * @param monthlyMap map
     * @return array of dates
     */
-    protected static Date[] getDatesFromMap(Map<String, StatsFile> monthlyMap) {
+    protected static LocalDate[] getDatesFromMap(Map<String, StatsFile> monthlyMap) {
        Set<String> keys = monthlyMap.keySet();
-        Date[] dates = new Date[keys.size()];
+        LocalDate[] dates = new LocalDate[keys.size()];
        int i = 0;
        for (String date : keys) {
            try {
-                dates[i] = monthlySDF.get().parse(date);
-            } catch (ParseException pe) {
-                // ignore
+                dates[i] = YearMonth.parse(date, monthlySDF.get()).atDay(1);
+            } catch (DateTimeParseException pe) {
+                //ignore
            }

            i++;
@@ -120,19 +121,19 @@ public class StatisticsLoader {
     * @param dates array of dates
     * @return sorted dates.
     */
-    protected static Date[] sortDatesDescending(Date[] dates) {
-        Arrays.sort(dates, new Comparator<Date>() {
+    protected static LocalDate[] sortDatesDescending(LocalDate[] dates) {
+        Arrays.sort(dates, new Comparator<LocalDate>() {
            @Override
-            public int compare(Date d1, Date d2) {
+            public int compare(LocalDate d1, LocalDate d2) {
                if (d1 == null && d2 == null) {
                    return 0;
                } else if (d1 == null) {
                    return -1;
                } else if (d2 == null) {
                    return 1;
-                } else if (d1.before(d2)) {
+                } else if (d1.isBefore(d2)) {
                    return 1;
-                } else if (d2.before(d1)) {
+                } else if (d2.isBefore(d1)) {
                    return -1;
                }

@@ -203,7 +204,7 @@ public class StatisticsLoader {
            StatisticsLoader.loadFileList(fileList);
        } else if (lastLoaded == null) {
            StatisticsLoader.loadFileList(fileList);
-        } else if (DateUtils.addHours(lastLoaded, 1).before(new Date())) {
+        } else if (Instant.now().isAfter(lastLoaded.plus(1, ChronoUnit.HOURS))) {
            StatisticsLoader.loadFileList(fileList);
        }
    }
@@ -256,7 +257,7 @@ public class StatisticsLoader {
                    statsFile = makeStatsFile(thisFile, analysisGeneralPattern, generalSDF.get());
                    if (statsFile != null) {
                        // If it is, ensure that we are pointing to the most recent file
-                        if (newGeneralAnalysis == null || statsFile.date.after(newGeneralAnalysis.date)) {
+                        if (newGeneralAnalysis == null || statsFile.date.isAfter(newGeneralAnalysis.date)) {
                            newGeneralAnalysis = statsFile;
                        }
                    }
@@ -268,7 +269,7 @@ public class StatisticsLoader {
                    statsFile = makeStatsFile(thisFile, reportGeneralPattern, generalSDF.get());
                    if (statsFile != null) {
                        // If it is, ensure that we are pointing to the most recent file
-                        if (newGeneralReport == null || statsFile.date.after(newGeneralReport.date)) {
+                        if (newGeneralReport == null || statsFile.date.isAfter(newGeneralReport.date)) {
                            newGeneralReport = statsFile;
                        }
                    }
@@ -281,7 +282,7 @@ public class StatisticsLoader {
        monthlyReports = newMonthlyReports;
        generalAnalysis = newGeneralAnalysis;
        generalReport = newGeneralReport;
-        lastLoaded = new Date();
+        lastLoaded = Instant.now();
    }

    /**
@@ -291,11 +292,11 @@ public class StatisticsLoader {
     * by the formatter provided, then we return null.
     *
     * @param thisFile    file
-     * @param thisPattern patter
-     * @param sdf         date format
+     * @param thisPattern pattern
+     * @param formatter   date formatter
     * @return StatsFile
     */
-    private static StatsFile makeStatsFile(File thisFile, Pattern thisPattern, DateFormat sdf) {
+    private static StatsFile makeStatsFile(File thisFile, Pattern thisPattern, DateTimeFormatter formatter) {
        Matcher matcher = thisPattern.matcher(thisFile.getName());
        if (matcher.matches()) {
            StatsFile sf = new StatsFile();
@@ -304,8 +305,8 @@ public class StatisticsLoader {
            sf.dateStr = matcher.group(1).trim();

            try {
-                sf.date = sdf.parse(sf.dateStr);
-            } catch (ParseException e) {
+                sf.date = LocalDate.parse(sf.dateStr, formatter);
+            } catch (DateTimeParseException e) {
                // ignore
            }

@@ -333,7 +334,7 @@ public class StatisticsLoader {
    private static class StatsFile {
        File file;
        String path;
-        Date date;
+        LocalDate date;
        String dateStr;
    }

--- a/dspace-api/src/main/java/org/dspace/app/suggestion/SolrSuggestionProvider.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/SolrSuggestionProvider.java
@@ -13,6 +13,7 @@ import java.util.UUID;

 import org.apache.logging.log4j.Logger;
 import org.apache.solr.client.solrj.SolrServerException;
+import org.dspace.content.Item;
 import org.dspace.content.service.ItemService;
 import org.dspace.core.Context;
 import org.dspace.external.model.ExternalDataObject;
@@ -137,4 +138,16 @@ public abstract class SolrSuggestionProvider implements SuggestionProvider {
     */
    protected abstract boolean isExternalDataObjectPotentiallySuggested(Context context,
            ExternalDataObject externalDataObject);
+
+    /**
+     * Save a List of ImportRecord into Solr.
+     * ImportRecord will be translate into a SolrDocument by the method translateImportRecordToSolrDocument.
+     *
+     * @param context the DSpace Context
+     * @param item    a DSpace Item
+     * @throws SolrServerException
+     * @throws IOException
+     */
+    public abstract void importRecords(Context context, Item item) throws Exception;
+
 }
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/SuggestionEvidence.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/SuggestionEvidence.java
@@ -7,8 +7,10 @@
 */
 package org.dspace.app.suggestion;

+import org.dspace.app.suggestion.scorer.EvidenceScorer;
+
 /**
- * This DTO class is returned by an {@link org.dspace.app.suggestion.openaire.EvidenceScorer} to model the concept of
+ * This DTO class is returned by an {@link EvidenceScorer} to model the concept of
 * an evidence / fact that has been used to evaluate the precision of a suggestion increasing or decreasing the score
 * of the suggestion.
 *
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/SuggestionService.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/SuggestionService.java
@@ -22,7 +22,7 @@ public interface SuggestionService {
    /** find a {@link SuggestionTarget } by source name and suggestion id */
    public SuggestionTarget find(Context context, String source, UUID id);

-    /** count all suggetion targets by suggestion source */
+    /** count all suggestion targets by suggestion source */
    public long countAll(Context context, String source);

    /** find all suggestion targets by source (paged) */
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoader.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoader.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.suggestion.openaire;
+package org.dspace.app.suggestion.loader;

 import static org.dspace.app.suggestion.SuggestionUtils.getAllEntriesByMetadatum;
 import static org.dspace.app.suggestion.SuggestionUtils.getFirstEntryByMetadatum;
@@ -19,6 +19,8 @@ import org.apache.solr.client.solrj.SolrServerException;
 import org.dspace.app.suggestion.SolrSuggestionProvider;
 import org.dspace.app.suggestion.Suggestion;
 import org.dspace.app.suggestion.SuggestionEvidence;
+import org.dspace.app.suggestion.scorer.AuthorNamesScorer;
+import org.dspace.app.suggestion.scorer.EvidenceScorer;
 import org.dspace.content.Item;
 import org.dspace.content.dto.MetadataValueDTO;
 import org.dspace.core.Context;
@@ -28,23 +30,23 @@ import org.dspace.services.ConfigurationService;
 import org.springframework.beans.factory.annotation.Autowired;

 /**
- * Class responsible to load and manage ImportRecords from OpenAIRE
+ * Class responsible to load and manage ImportRecords from external sources
 *
 * @author Pasquale Cavallo (pasquale.cavallo at 4science dot it)
 *
 */
 public class PublicationLoader extends SolrSuggestionProvider {

-    private List<String> names;
+    protected List<String> names;

-    private ExternalDataProvider primaryProvider;
+    protected ExternalDataProvider primaryProvider;

-    private List<ExternalDataProvider> otherProviders;
+    protected List<ExternalDataProvider> otherProviders;

    @Autowired
-    private ConfigurationService configurationService;
+    protected ConfigurationService configurationService;

-    private List<EvidenceScorer> pipeline;
+    protected List<EvidenceScorer> pipeline;

    public void setPrimaryProvider(ExternalDataProvider primaryProvider) {
        this.primaryProvider = primaryProvider;
@@ -65,8 +67,8 @@ public class PublicationLoader extends SolrSuggestionProvider {
    /**
     * This method filter a list of ImportRecords using a pipeline of AuthorNamesApprover
     * and return a filtered list of ImportRecords.
-     * 
-     * @see org.dspace.app.suggestion.openaire.AuthorNamesScorer
+     *
+     * @see AuthorNamesScorer
     * @param researcher the researcher Item
     * @param importRecords List of import record
     * @return a list of filtered import records
@@ -103,8 +105,9 @@ public class PublicationLoader extends SolrSuggestionProvider {
     * @throws SolrServerException
     * @throws IOException
     */
-    public void importAuthorRecords(Context context, Item researcher)
-            throws SolrServerException, IOException {
+    @Override
+    public void importRecords(Context context, Item researcher)
+        throws Exception {
        int offset = 0;
        int limit = 10;
        int loaded = limit;
@@ -132,18 +135,20 @@ public class PublicationLoader extends SolrSuggestionProvider {
     * @return Suggestion
     */
    private Suggestion translateImportRecordToSuggestion(Item item, ExternalDataObject record) {
-        String openAireId = record.getId();
-        Suggestion suggestion = new Suggestion(getSourceName(), item, openAireId);
+        String recordId = record.getId();
+        Suggestion suggestion = new Suggestion(getSourceName(), item, recordId);
        suggestion.setDisplay(getFirstEntryByMetadatum(record, "dc", "title", null));
        suggestion.getMetadata().add(
-                new MetadataValueDTO("dc", "title", null, null, getFirstEntryByMetadatum(record, "dc", "title", null)));
+            new MetadataValueDTO("dc", "title", null, null, getFirstEntryByMetadatum(record, "dc", "title", null)));
        suggestion.getMetadata().add(new MetadataValueDTO("dc", "date", "issued", null,
-                getFirstEntryByMetadatum(record, "dc", "date", "issued")));
+                                                          getFirstEntryByMetadatum(record, "dc", "date", "issued")));
        suggestion.getMetadata().add(new MetadataValueDTO("dc", "description", "abstract", null,
-                getFirstEntryByMetadatum(record, "dc", "description", "abstract")));
+                                                          getFirstEntryByMetadatum(record, "dc", "description",
+                                                                                   "abstract")));
        suggestion.setExternalSourceUri(configurationService.getProperty("dspace.server.url")
-                + "/api/integration/externalsources/" + primaryProvider.getSourceIdentifier() + "/entryValues/"
-                + openAireId);
+                                            + "/api/integration/externalsources/" +
+                                            primaryProvider.getSourceIdentifier() + "/entryValues/"
+                                            + recordId);
        for (String o : getAllEntriesByMetadatum(record, "dc", "source", null)) {
            suggestion.getMetadata().add(new MetadataValueDTO("dc", "source", null, null, o));
        }
@@ -162,10 +167,10 @@ public class PublicationLoader extends SolrSuggestionProvider {
    }

    /**
-     * Load metadata from OpenAIRE using the import service. The service use the value
-     * get from metadata key defined in class level variable names as author to query OpenAIRE.
-     * 
-     * @see org.dspace.importer.external.openaire.service.OpenAireImportMetadataSourceServiceImpl
+     * Load metadata from external source using the import service. The service use the value
+     * get from metadata key defined in class level variable names as author to query external source.
+     *
+     * @see org.dspace.importer.external.service.AbstractImportMetadataSourceService
     * @param searchValues query
     * @param researcher item to extract metadata from
     * @param limit for pagination purpose
@@ -173,7 +178,7 @@ public class PublicationLoader extends SolrSuggestionProvider {
     * @return list of ImportRecord
     */
    private List<ExternalDataObject> getImportRecords(List<String> searchValues,
-        Item researcher, int offset, int limit) {
+                                                      Item researcher, int offset, int limit) {
        List<ExternalDataObject> matchingRecords = new ArrayList<>();
        for (String searchValue : searchValues) {
            matchingRecords.addAll(
@@ -205,7 +210,7 @@ public class PublicationLoader extends SolrSuggestionProvider {
    /**
     * Check if the ImportRecord is already present in the list.
     * The comparison is made on the value of metadatum with key 'dc.identifier.other'
-     * 
+     *
     * @param dto An importRecord instance
     * @param importRecords a list of importRecord
     * @return true if dto is already present in importRecords, false otherwise
@@ -230,7 +235,7 @@ public class PublicationLoader extends SolrSuggestionProvider {
     * @param researcher DSpace item
     * @return list of metadata values
     */
-    private List<String> searchMetadataValues(Item researcher) {
+    public List<String> searchMetadataValues(Item researcher) {
        List<String> authors = new ArrayList<String>();
        for (String name : names) {
            String value = itemService.getMetadata(researcher, name);
@@ -247,7 +252,8 @@ public class PublicationLoader extends SolrSuggestionProvider {
            return true;
        } else if (otherProviders != null) {
            return otherProviders.stream()
-                    .anyMatch(x -> StringUtils.equals(externalDataObject.getSource(), x.getSourceIdentifier()));
+                                 .anyMatch(
+                                     x -> StringUtils.equals(externalDataObject.getSource(), x.getSourceIdentifier()));
        } else {
            return false;
        }
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderRunnable.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderRunnable.java
@@ -1,115 +0,0 @@
-/**
- * The contents of this file are subject to the license and copyright
- * detailed in the LICENSE and NOTICE files at the root of the source
- * tree and available online at
- *
- * http://www.dspace.org/license/
- */
-package org.dspace.app.suggestion.openaire;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.apache.commons.cli.ParseException;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.dspace.content.Item;
-import org.dspace.core.Context;
-import org.dspace.discovery.DiscoverQuery;
-import org.dspace.discovery.SearchService;
-import org.dspace.discovery.SearchServiceException;
-import org.dspace.discovery.SearchUtils;
-import org.dspace.discovery.utils.DiscoverQueryBuilder;
-import org.dspace.discovery.utils.parameter.QueryBuilderSearchFilter;
-import org.dspace.scripts.DSpaceRunnable;
-import org.dspace.sort.SortOption;
-import org.dspace.utils.DSpace;
-
-/**
- * Runner responsible to import metadata about authors from OpenAIRE to Solr.
- * This runner works in two ways:
- * If -s parameter with a valid UUID is received, then the specific researcher
- * with this UUID will be used.
- * Invocation without any parameter results in massive import, processing all
- * authors registered in DSpace.
- *
- * @author Alessandro Martelli (alessandro.martelli at 4science.it)
- */
-public class PublicationLoaderRunnable
-    extends DSpaceRunnable<PublicationLoaderScriptConfiguration<PublicationLoaderRunnable>> {
-
-    private static final Logger LOGGER = LogManager.getLogger();
-
-    private PublicationLoader oairePublicationLoader = null;
-
-    protected Context context;
-
-    protected String profile;
-
-    @Override
-    @SuppressWarnings({ "rawtypes", "unchecked" })
-    public PublicationLoaderScriptConfiguration<PublicationLoaderRunnable> getScriptConfiguration() {
-        PublicationLoaderScriptConfiguration configuration = new DSpace().getServiceManager()
-                .getServiceByName("import-openaire-suggestions", PublicationLoaderScriptConfiguration.class);
-        return configuration;
-    }
-
-    @Override
-    public void setup() throws ParseException {
-
-        oairePublicationLoader = new DSpace().getServiceManager().getServiceByName(
-                "OpenairePublicationLoader", PublicationLoader.class);
-
-        profile = commandLine.getOptionValue("s");
-        if (profile == null) {
-            LOGGER.info("No argument for -s, process all profiles");
-        } else {
-            LOGGER.info("Process eperson item with UUID {}", profile);
-        }
-    }
-
-    @Override
-    public void internalRun() throws Exception {
-
-        context = new Context();
-
-        Iterator<Item> researchers = getResearchers(profile);
-        while (researchers.hasNext()) {
-            Item researcher = researchers.next();
-            oairePublicationLoader.importAuthorRecords(context, researcher);
-        }
-
-    }
-
-    /**
-     * Get the Item(s) which map a researcher from Solr. If the uuid is specified,
-     * the researcher with this UUID will be chosen. If the uuid doesn't match any
-     * researcher, the method returns an empty array list. If uuid is null, all
-     * research will be return.
-     *
-     * @param  profileUUID uuid of the researcher. If null, all researcher will be
-     *                     returned.
-     * @return             the researcher with specified UUID or all researchers
-     */
-    @SuppressWarnings("rawtypes")
-    private Iterator<Item> getResearchers(String profileUUID) {
-        SearchService searchService = new DSpace().getSingletonService(SearchService.class);
-        DiscoverQueryBuilder queryBuilder = SearchUtils.getQueryBuilder();
-        List<QueryBuilderSearchFilter> filters = new ArrayList<>();
-        String query = "*:*";
-        if (profileUUID != null) {
-            query = "search.resourceid:" + profileUUID;
-        }
-        try {
-            DiscoverQuery discoverQuery = queryBuilder.buildQuery(context, null,
-                SearchUtils.getDiscoveryConfigurationByName("person"),
-                query, filters,
-                "Item", 10, Long.getLong("0"), null, SortOption.DESCENDING);
-            return searchService.iteratorSearch(context, null, discoverQuery);
-        } catch (SearchServiceException e) {
-            LOGGER.error("Unable to read researcher on solr", e);
-        }
-        return null;
-    }
-}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderRunnableCli.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderRunnableCli.java
@@ -1,36 +0,0 @@
-/**
- * The contents of this file are subject to the license and copyright
- * detailed in the LICENSE and NOTICE files at the root of the source
- * tree and available online at
- *
- * http://www.dspace.org/license/
- */
-package org.dspace.app.suggestion.openaire;
-
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.ParseException;
-import org.dspace.utils.DSpace;
-
-public class PublicationLoaderRunnableCli extends PublicationLoaderRunnable {
-
-    @Override
-    @SuppressWarnings({ "rawtypes", "unchecked" })
-    public PublicationLoaderCliScriptConfiguration getScriptConfiguration() {
-        PublicationLoaderCliScriptConfiguration configuration = new DSpace().getServiceManager()
-                .getServiceByName("import-openaire-suggestions", PublicationLoaderCliScriptConfiguration.class);
-        return configuration;
-    }
-
-    @Override
-    public void setup() throws ParseException {
-        super.setup();
-
-        // in case of CLI we show the help prompt
-        if (commandLine.hasOption('h')) {
-            HelpFormatter formatter = new HelpFormatter();
-            formatter.printHelp("Import Researchers Suggestions", getScriptConfiguration().getOptions());
-            System.exit(0);
-        }
-    }
-
-}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderScriptConfiguration.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/PublicationLoaderScriptConfiguration.java
@@ -1,56 +0,0 @@
-/**
- * The contents of this file are subject to the license and copyright
- * detailed in the LICENSE and NOTICE files at the root of the source
- * tree and available online at
- *
- * http://www.dspace.org/license/
- */
-package org.dspace.app.suggestion.openaire;
-
-import org.apache.commons.cli.Options;
-import org.dspace.scripts.configuration.ScriptConfiguration;
-
-public class PublicationLoaderScriptConfiguration<T extends PublicationLoaderRunnable>
-    extends ScriptConfiguration<T> {
-
-    private Class<T> dspaceRunnableClass;
-
-    @Override
-    public Class<T> getDspaceRunnableClass() {
-        return dspaceRunnableClass;
-    }
-
-    /**
-     * Generic setter for the dspaceRunnableClass
-     * @param dspaceRunnableClass   The dspaceRunnableClass to be set on this PublicationLoaderScriptConfiguration
-     */
-    @Override
-    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
-        this.dspaceRunnableClass = dspaceRunnableClass;
-    }
-
-    /*
-    @Override
-    public boolean isAllowedToExecute(Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
-    */
-
-    @Override
-    public Options getOptions() {
-        if (options == null) {
-            Options options = new Options();
-
-            options.addOption("s", "single-researcher", true, "Single researcher UUID");
-            options.getOption("s").setType(String.class);
-
-            super.options = options;
-        }
-        return options;
-    }
-
-}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openalex/OpenAlexPublicationLoader.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openalex/OpenAlexPublicationLoader.java
@@ -0,0 +1,59 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.suggestion.openalex;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.app.suggestion.loader.PublicationLoader;
+import org.dspace.content.Item;
+
+
+/**
+ * Implementation of {@link PublicationLoader} that retrieves metadata values
+ * from an OpenAlex external source.
+ *
+ * @author Adamo Fapohunda (adamo.fapohunda at 4science.com)
+ **/
+public class OpenAlexPublicationLoader extends PublicationLoader {
+
+    /**
+     * Searches for metadata values related to a given researcher item.
+     * It first checks for "dc.identifier" metadata and builds the filter accordingly.
+     * If not found, it collects available metadata values to be used in the search query.
+     *
+     * @param researcher The researcher item from which metadata values are extracted.
+     * @return A list of search query parameters for OpenAlex.
+     */
+    @Override
+    public List<String> searchMetadataValues(Item researcher) {
+        List<String> names = getNames();
+
+        // First, check for "dc.identifier.openalex" and build the filter if present
+        List<String> authorIds = names.stream()
+                                      .filter("dc.identifier.openalex"::equals)
+                                      .map(name -> itemService.getMetadata(researcher, name))
+                                      .filter(Objects::nonNull)
+                                      .collect(Collectors.toList());
+
+        if (!authorIds.isEmpty()) {
+            return Collections.singletonList(StringUtils.join(authorIds, "|"));
+        }
+
+        // Otherwise, collect all available metadata values
+        return names.stream()
+                    .map(name -> itemService.getMetadata(researcher, name))
+                    .filter(Objects::nonNull)
+                    .map(i -> "search_by_author=" + i)
+                    .collect(Collectors.toList());
+    }
+
+}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/runnable/PublicationLoaderRunnable.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/runnable/PublicationLoaderRunnable.java
@@ -0,0 +1,203 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.suggestion.runnable;
+
+import java.sql.SQLException;
+import java.util.List;
+
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.app.suggestion.SolrSuggestionProvider;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.content.DCDate;
+import org.dspace.content.Item;
+import org.dspace.content.MetadataFieldName;
+import org.dspace.content.factory.ContentServiceFactory;
+import org.dspace.content.service.ItemService;
+import org.dspace.core.Context;
+import org.dspace.discovery.DiscoverQuery;
+import org.dspace.discovery.DiscoverResultItemIterator;
+import org.dspace.discovery.indexobject.IndexableItem;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+import org.dspace.services.ConfigurationService;
+import org.dspace.services.factory.DSpaceServicesFactory;
+import org.dspace.util.UUIDUtils;
+import org.dspace.utils.DSpace;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Runner responsible to import metadata about authors from loader to Solr. This
+ * runner works in two ways: If -s parameter with a valid UUID is received, then
+ * the specific researcher with this UUID will be used. Invocation without any
+ * parameter results in massive import, processing all authors registered in
+ * DSpace.
+ *
+ * @author Alessandro Martelli (alessandro.martelli at 4science.it)
+ **/
+public class PublicationLoaderRunnable
+    extends DSpaceRunnable<ScriptConfiguration<?>> {
+    private static final Logger LOGGER = LoggerFactory.getLogger(PublicationLoaderRunnable.class);
+    protected Context context;
+    protected String profile;
+    protected String loader;
+    protected String filterQuery;
+    private SolrSuggestionProvider publicationLoader = null;
+    private ConfigurationService configurationService;
+    private ItemService itemService;
+    private Integer itemLimit;
+    private List<SolrSuggestionProvider> providers;
+
+
+    /**
+     * Retrieves the script configuration for this runnable.
+     * The configuration is fetched from the DSpace service manager.
+     *
+     * @return The {@link ScriptConfiguration} instance for the import-loader-suggestions script.
+     */
+    @Override
+    @SuppressWarnings({"rawtypes", "unchecked"})
+    public ScriptConfiguration<?> getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+                           .getServiceByName("import-loader-suggestions", ScriptConfiguration.class);
+    }
+
+
+    /**
+     * Initializes the script execution environment by setting up necessary services,
+     * retrieving command-line arguments, and setting default values where necessary.
+     *
+     * @throws ParseException If there is an error parsing command-line options.
+     */
+    @Override
+    public void setup() throws ParseException {
+        configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
+        itemService = ContentServiceFactory.getInstance().getItemService();
+        providers = new DSpace().getServiceManager().getServicesByType(SolrSuggestionProvider.class);
+        loader = commandLine.getOptionValue("l");
+        profile = commandLine.getOptionValue("s");
+        filterQuery = !commandLine.hasOption("f") ? "" : commandLine.getOptionValue("f");
+        if (profile == null) {
+            LOGGER.info("No argument for -s, process all profile");
+        } else {
+            LOGGER.info("Process eperson item with UUID " + profile);
+        }
+        if (commandLine.hasOption("m")) {
+            this.itemLimit = Integer.valueOf(commandLine.getOptionValue("m"));
+        } else {
+            this.itemLimit = getDefaultLimit();
+        }
+    }
+
+    /**
+     * Main execution method for the script.
+     * It validates input parameters, retrieves researcher items, and triggers the publication import process.
+     *
+     * @throws Exception If an error occurs during execution.
+     */
+    @Override
+    public void internalRun() throws Exception {
+        if (loader == null) {
+            throw new NullPointerException("loader can't be null");
+        }
+        if (profile != null && UUIDUtils.fromString(profile) == null) {
+            throw new IllegalArgumentException("The provided argument -s is not a valid uuid");
+        }
+
+        publicationLoader = getPublicationLoader(loader);
+
+        try {
+            context = new Context();
+            context.turnOffAuthorisationSystem();
+            DiscoverResultItemIterator researchers = findResearchers();
+            while (researchers.hasNext()) {
+                Item researcher = researchers.next();
+                researcher = context.reloadEntity(researcher);
+                publicationLoader.importRecords(context, researcher);
+                setLastImportMetadataValue(researcher);
+                context.commit();
+                context.uncacheEntity(researcher);
+            }
+        } finally {
+            context.restoreAuthSystemState();
+            context.complete();
+        }
+    }
+
+    /**
+     * Retrieves the {@link SolrSuggestionProvider} based on the provided loader name.
+     *
+     * @param loader The name of the publication loader.
+     * @return The corresponding {@link SolrSuggestionProvider}.
+     * @throws IllegalArgumentException If no provider matching the loader name is found.
+     */
+    private SolrSuggestionProvider getPublicationLoader(String loader) {
+        return providers
+            .stream()
+            .filter(provider -> StringUtils.equals(provider.getSourceName(), loader))
+            .findFirst()
+            .orElseThrow(() -> new IllegalArgumentException("IllegalArgumentException: " +
+                                                                "Provider for: " + loader + " couldn't be found"));
+    }
+
+
+    /**
+     * Get the Item(s) which map a researcher from Solr. If the uuid is specified,
+     * the researcher with this UUID will be chosen. If the uuid doesn't match any
+     * researcher, the method returns an empty array list. If uuid is null, all
+     * research will be return.
+     *
+     * @return the researcher with specified UUID or all researchers
+     */
+    private DiscoverResultItemIterator findResearchers() {
+        DiscoverQuery discoverQuery = new DiscoverQuery();
+        discoverQuery.setDSpaceObjectFilter(IndexableItem.TYPE);
+        if (org.apache.commons.lang3.StringUtils.isNotBlank(profile)) {
+            discoverQuery.setQuery("search.resourceid:" + profile);
+        }
+        discoverQuery.addFilterQueries("search.resourcetype:Item");
+        discoverQuery.addFilterQueries("dspace.entity.type:Person");
+        discoverQuery.setSortField("lastModified", DiscoverQuery.SORT_ORDER.asc);
+
+        if (!filterQuery.isEmpty()) {
+            discoverQuery.addFilterQueries(filterQuery);
+        }
+
+        DiscoverResultItemIterator iterator = new DiscoverResultItemIterator(context, discoverQuery, itemLimit);
+        return iterator;
+    }
+
+
+    /**
+     * Updates the researcher's item metadata to store the last import timestamp.
+     *
+     * @param item The researcher item whose metadata should be updated.
+     */
+    private void setLastImportMetadataValue(Item item) {
+        try {
+            item = context.reloadEntity(item);
+            String metadataField = String.format("dspace.%s.lastimport", loader);
+            String currentDate = DCDate.getCurrent().toString();
+            itemService.setMetadataSingleValue(context, item, new MetadataFieldName(metadataField), null, currentDate);
+            itemService.update(context, item);
+        } catch (SQLException | AuthorizeException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * Retrieves the default item limit for the publication loader.
+     *
+     * @return The default item limit, as defined in the DSpace configuration.
+     */
+    private Integer getDefaultLimit() {
+        return configurationService.getIntProperty("suggestion.publication-loader.max", -1);
+    }
+}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/runnable/PublicationLoaderRunnableCli.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/runnable/PublicationLoaderRunnableCli.java
@@ -0,0 +1,57 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.suggestion.runnable;
+
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.ParseException;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+import org.dspace.utils.DSpace;
+
+/**
+ * CLI implementation of the {@link PublicationLoaderRunnable} script.
+ * This class extends {@link PublicationLoaderRunnable} and provides additional
+ * functionality specific to command-line execution.
+ *
+ * @author Adamo Fapohunda (adamo.fapohunda at 4science.com)
+ */
+public class PublicationLoaderRunnableCli extends PublicationLoaderRunnable {
+
+    /**
+     * Retrieves the script configuration associated with this CLI script.
+     * This method fetches the configuration from the DSpace service manager.
+     *
+     * @return The {@link ScriptConfiguration} instance for the import-loader-suggestions script.
+     */
+    @Override
+    @SuppressWarnings({"rawtypes", "unchecked"})
+    public ScriptConfiguration<?> getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+                           .getServiceByName("import-loader-suggestions", ScriptConfiguration.class);
+    }
+
+
+    /**
+     * Sets up the script execution environment.
+     * This method also checks for the presence of the help option and, if found,
+     * displays usage instructions before terminating the script.
+     *
+     * @throws ParseException If there is an error parsing the command-line options.
+     */
+    @Override
+    public void setup() throws ParseException {
+        super.setup();
+
+        // in case of CLI we show the help prompt
+        if (commandLine.hasOption('h')) {
+            HelpFormatter formatter = new HelpFormatter();
+            formatter.printHelp("Imports suggestions from external providers for publication claim",
+                                getScriptConfiguration().getOptions());
+            System.exit(0);
+        }
+    }
+}
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/AuthorNamesScorer.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/AuthorNamesScorer.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.suggestion.openaire;
+package org.dspace.app.suggestion.scorer;

 import static org.dspace.app.suggestion.SuggestionUtils.getAllEntriesByMetadatum;

@@ -137,6 +137,8 @@ public class AuthorNamesScorer implements EvidenceScorer {
     * */
    private String normalize(String value) {
        String norm = Normalizer.normalize(value, Normalizer.NFD);
+        // Removes diacritical marks
+        norm = norm.replaceAll("\\p{M}", "");
        CharsetDetector cd = new CharsetDetector();
        cd.setText(value.getBytes());
        CharsetMatch detect = cd.detect();
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/DateScorer.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/DateScorer.java
@@ -5,12 +5,10 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.suggestion.openaire;
+package org.dspace.app.suggestion.scorer;

-import java.util.Calendar;
+import java.time.LocalDateTime;
 import java.util.Collections;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.List;

 import org.dspace.app.suggestion.SuggestionEvidence;
@@ -202,11 +200,9 @@ public class DateScorer implements EvidenceScorer {
    private int getYear(String birthDateStr) {
        int birthDateYear = -1;
        if (birthDateStr != null) {
-            Date birthDate = MultiFormatDateParser.parse(birthDateStr);
+            LocalDateTime birthDate = MultiFormatDateParser.parse(birthDateStr).toLocalDateTime();
            if (birthDate != null) {
-                Calendar calendar = new GregorianCalendar();
-                calendar.setTime(birthDate);
-                birthDateYear = calendar.get(Calendar.YEAR);
+                birthDateYear = birthDate.getYear();
            }
        }
        return birthDateYear;
--- a/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/EvidenceScorer.java
+++ b/dspace-api/src/main/java/org/dspace/app/suggestion/openaire/EvidenceScorer.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.suggestion.openaire;
+package org.dspace.app.suggestion.scorer;

 import org.dspace.app.suggestion.SuggestionEvidence;
 import org.dspace.content.Item;
@@ -32,6 +32,6 @@ public interface EvidenceScorer {
     * @return the generated suggestion evidence or null if the record should be
     *         discarded
     */
-    public SuggestionEvidence computeEvidence(Item researcher, ExternalDataObject importRecord);
+    SuggestionEvidence computeEvidence(Item researcher, ExternalDataObject importRecord);

 }
--- a/Show More
+++ b/Show More