Versions Compared

Old Version 1

changes.mady.by.user Jason Elwood

Saved on

compared with

New Version Current

changes.mady.by.user Daniel McCallum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

SSP v2.4.2 General Release Announcement

Info

SSP v2.4.2 to be released in mid- August 20, 2014

Release Highlights

  • 2.4.2 is a patch release to address bugs identified in the 2.4.0 and 2.4.1 releases.  
  • Fix for potential loss of courses on a MAP Plan when editing a Plan (this patch alone is very strong justification to upgrade to 2.4.2)
  • Minor fixes for the Action Plan tool
  • Corrected inaccurate Student Searches involved DOBFix for potential loss of courses on a MAP Plan when editing a Plabinvolving DOB
  • Eliminated duplicate search server round trips
  • Workaround for corrupted Maven dependency downloads
  • Fix for security vulnerabilities in SSP-Platform deployments using CAS (no such deployments known at this writing)

Info

The are no external database schema changes in this release.

Fresh Installation Instructions

See SSP v2.4.2 Installation Instructions

Upgrade Instructions

Upgrading Source Code Forks

See SSP Source Code Upgrade Process

Additional Upgrade Steps

  • Complete previous upgrade steps
Warning

For all existing installations of 2.0.X and 2.1.X, important upgrade instructions exist in the previous 2.12.2,  2.3 and 2.4 Release notesthe published Release notes should be reviewed

  • To upgrade from 2.0.X follow the upgrade instructions for 2.12.2, 2.3 and , 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.12
  •   To upgrade from 2.1.X follow the upgrade instructions for the 2.2, 2.3 and , 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.12
  •  To upgrade from 2.2.X follow the upgrade instructions for the 2.3 and , 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.2 code

It is critical to complete the steps described in the 2.4.0 release notes for any deployment not upgrading directly from 2.4.1

code

  • If you encounter "Unable to read the metadata file for artifact" errors in your ant builds, delete the containing directory for the offending file listed in the error, then try black-listing several repos in your ~/.m2/settings.xml. If you don't have that file already, use the following: 

    No Format
    <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <profiles>
    <profile>
      <id>exclude-bad-repos</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <repositories>
        <repository>
          <id>codehaus</id>
          <url>http://repository.codehaus.org</url>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>false</enabled>
          </snapshots>
        </repository>
        <repository>
          <id>sonatype-nexus-snapshots</id>
          <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>false</enabled>
          </snapshots>
        </repository>
        <repository>
          <id>sonatype-nexus-staging</id>
          <url>http://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
          <releases>
            <enabled>false</enabled>
          </releases>
          <snapshots>
            <enabled>false</enabled>
          </snapshots>
        </repository>
      </repositories>
    </profile>
  </profiles>
</settings>
  • It is critical to complete the steps described in the 2.4.0 release notes for any deployment not upgrading directly from 2.4.0 to 2.4.1

 

v2.4.1 JIRA Issues

Bugs

  • [SSP-2412] - Action Plan spelling corrections
  • [SSP-2413] - Action Plan error handling for missing CL and Due Date
  • [SSP-2416] - Early Alert Response Journal Entry template missing variables
  • [SSP-2442] - Increase SSP portlet timeout
  • [SSP-2443] - Mismatched Plan/Template field widths
  • [SSP-2454] - DOB label value doesn't render in Student Search
  • [SSP-2469] - Coaching History report has MAP Projected Graduation instead of MAP Ends
  • [SSP-2504] - Overly precise date of birth search param
  • [SSP-2505] - Duplicate Journal Step Details in Student History Report
  • [SSP-2512] - Template owner not reset upon save as after loading a template from another owner
  • [SSP-2514] - Deleted Tasks showing in Main and in Student History Reports
  • [SSP-2516] - Student Search using MAP Status renders different results
  • [SSP-2520] - Grade not considered when evaluating substitutions for On/Off Plan MAP Status
  • [SSP-2523] - Caseload pagination broken and sort indeterminate or obscure
  • [SSP-2544] - Action Plan edit temp task list dialog obscured
  • [SSP-2564] - Program combo box in MAP Save/Save As dialogs built from 'facet' API, should be 'all' API
  • [SSP-2566] - Unpredictable MAP Template term note display
  • [SSP-2568] - Potentially incorrect caseloads reflected in Early Alert reminder email
  • [SSP-2573] - Coaches receive Off Plan email for unrelated students
  • [SSP-2574] - map_plan_status_send_off_plan_coach_email not respected
  • [SSP-2580] - MAP planned courses not rendering in UI
  • [SSP-2586] - Presence of Plan notes not reflected in menu button decoration
  • [SSP-2590] - Potentially inexact course code matching in MAP UI
  • [SSP-2598] - MAP unexpectedly locked against certain edits
  • [SSP-2605] - Inexact Financial Aid File and SAP Status code matching
  • [SSP-2607] - Inexact person ID matching
  • [SSP-2609] - Inexact configuration name matching
  • [SSP-2610] - Inexact text/blurb code matching
  • [SSP-2613] - Inexact confidentiality level ID and name matching
  • [SSP-2617] - Action Plan Challenge combo box sorted randomly when filtered by Category
  • [SSP-2619] - Adding Service Groups fails after canceling the first add

Improvements and New Features

...

to 2.4.2

The SSP development team is not aware of any SSP deployments integrated with CAS, but this release includes two security-related patch sets specifically targeted at CAS integrations:

  • SSP-2721 - Scrubs certain CAS-specific request parameters. The changes and effects are detailed in the uPortal project.  No work should be required to enable the patch, but you may want to review that document to better understand the CAS-related configuration changes included in this release.
  • SSP-2724 - Works around what amounts to a CAS-specific session hijacking vulnerability. The changes and effects are detailed in the uPortal project and the <platform-src>/uportal-war/src/main/resources/properties/security.properties file includes greatly expanded comments describing recommended configuration changes. You will likely want to review the email thread and changes to that file whether or not you use CAS. The new defaults may interfere with your existing authentication provider integrations, especially AD/LDAP. SSP-specific details below.

Review security.properties Changes

This release includes a large patch to <platform-src>/uportal-war/src/main/resources/properties/security.properties for SSP-2724. These changes may result in merge conflicts, especially if you are already integrated with other authentication providers, e.g. AD/LDAP. For resolving merge conflicts in general, see SSP Source Code Upgrade Process. For this particular patch, understand that the primary goal was to change this:

No Format
principalToken.root=userName
credentialToken.root=password

To this:

No Format
principalToken.root=
credentialToken.root=

Once you're able to sort out the conflict so everything is as it was before, but with expanded comments and the unset of the "root" token config as shown above, you'll need to make sure your existing authentication provider configuration still works. In almost all SSP deployments this entails creating a token config pair for each configured LDAP security context. I.e. for every row in security.properties of the form:

No Format
root.<suffix>=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory

You will need a corresponding:

No Format
principalToken.root.<suffix>=userName
credentialToken.root.<suffix>=password

For example, if your configuration currently includes:

No Format
root.ldap_student=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory

Then you need to add the following:

No Format
principalToken.root.ldap=userName
credentialToken.root.ldap=password
 
principalToken.root.ldap_student=userName
credentialToken.root.ldap_student=password

Review Maven settings.xml

Historically you might have configured a Maven repository "blacklist" in <USER_HOME>/.m2/settings.xml to work around broken dependency downloads (ehcache especially). SSP-2634 should obviate such blacklisting, so if you haven't added it already, there should be no reason to do so. If you've already created a blacklist, it is entirely up to you whether or not to leave it in place.

 

Warning

If you are upgrading an environment, you should delete or change the passwords for the uPortal users created for demonstration purposes. This can be done through the user interface: Manage Users ->  Find an Existing User -> [Enter user ID from list below] -> [Click result] -> Delete or Edit, then change password. Demo users:

  • advisor0
  • ken
  • student0
  • student1

This is only necessary for upgrades. A fresh 2.4.2 install will not create these users.

A fresh install should also either change the admin user's password or add some other user to the Portal Administrators group and delete the admin user.

v2.4.2 JIRA Issues

Bugs

  • [SSP-2643] - Courses on MAP lost during edit
  • [SSP-2654] - DOB search results incorrect before 01/01/1970
  • [SSP-2660] - Print action plan button does not respond
  • [SSP-2697] - Inactive CL appear in Action Plan custom task
  • [SSP-2706] - Search API invoked twice when submitting search form
  • [SSP-2721] - Integrate patched CAS filter
  • [SSP-2723] - Student search column result sorting not working
  • [SSP-2724] - Improved default security.properties configuration

Improvements and New Features

  • [SSP-2634] - Integrate uPortal Maven dependency download fix