Versions Compared

Old Version 10

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version 11

changes.mady.by.user Andrew Petro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: correct CVE number transpose as copied from JIRA issue descriptions.

23 May 2014

uPortal 4.0.13.1 Announcement

Apereo has released uPortal 4.0.13.1, which is uPortal 4.0.13 with security fixes to properly enforce MANAGE and CONFIG permissions.

Prior to this release, portlet administration permissions are bugged such that

...

Security Bug

  • [UP-4105] - CVE-2014-3146 3416 MANAGE[-*] permissions not enforced
  • [UP-4106] - CVE-2014-3147 3417 Any user can Configure any portlet they can SUBSCRIBE

...