Released: 25 April 2016
...
Version 4.3.1 is a maintenance release of uPortal 4.3. It has been six months since the release of 4.3.0, and there are a large number of updates. In total, 32 JIRA tickets are resolved in this release. The vast majority of these are bug fixes, tasks, and modest improvements to existing features. There are, however, two security-related fixes that are worth knowing about.
UP-4737 - Open Redirection Security Issue
Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input. A security scan of uPortal revealed that a vulnerability in the Login servlet could be used to redirect users to other, non-uPortal websites. This vulnerability is patched in uPortal 4.3.1.
UP-4743 - Add HTTPONLY to PORTLET_COOKIE
...
.
Highlights
...
- 14 Bugs
- 8 Improvements
- 3 Tasks
...
| Tip | ||
|---|---|---|
| ||
You can grab the binary releases, including a ready-to-start Quickstart release, from the GitHub release page. | ||
| Warning | ||
| ||
This macro will automatically display publicly visible security bugs tagged as affecting this release in the issue tracker.
| ||
| server | Apereo Issues | |
| columns | key,summary,priority | |
| maximumIssues | 200 | jqlQuery | project = UP AND issuetype IN ( "Security Bug") AND affectedVersion = 4.3.1 ORDER BY priority DESCserverId | 76221f40-4501-3df1-8578-6c87908cbdf7
See also : Release announcement as posted on uportal-user@ email list.
| Tip | ||
|---|---|---|
| ||
See the GitHub release page for human-readable release notes. |
...
Issues addressed in uPortal 4.3.1
Jira Legacy
Bugs known to afflict uPortal 4.3.1
(Note that this is only as good as the affects-version metadata on JIRA issues).
Jira Legacy