Versions Compared

Old Version 13

changes.mady.by.user Daniel McCallum

Saved on

compared with

New Version Current

changes.mady.by.user Daniel McCallum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

For all existing installations the published Release notes should be reviewed. 

  • To upgrade from 2.0.X follow the upgrade instructions for 2.12.2, 2.3, 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.2
  • To upgrade from 2.1.X follow the upgrade instructions for the 2.2, 2.3, 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.2
  • To upgrade from 2.2.X follow the upgrade instructions for the 2.3, 2.4.0 and 2.4.1 Release Notes before deploying the 2.4.2 code

It is critical to complete the steps described in the 2.4.0 release notes for any deployment not upgrading directly from 2.4.1 to 2.4.2

The SSP development team is not aware of any SSP deployments integrated with CAS, but this release includes two security-related patch sets specifically targeted at CAS integrations:

  • SSP-2721 - Scrubs certain CAS-specific request parameters. Details of the The changes and effects are detailed in the uPortal project.  No work should be required to enable the patch, but you may want to review that document to better understand the CAS-related configuration changes included in this release.
  • SSP-2724 - Works around what amounts to a CAS-specific session hijacking vulnerability. Details of the The changes and effects are detailed in the uPortal project and the <platform-src>/uportal-war/src/main/resources/properties/security.properties file includes greatly expanded comments describing recommended configuration changes. You will likely want to review the email thread and changes to that file whether or not you use CAS. The new defaults may interfere with your existing authentication provider integrations, especially AD/LDAP. SSP-specific details below.

...

Historically you might have configured a Maven repository "blacklist" in <USER_HOME>/.m2/settings.xml to work around broken dependency downloads (ehcache especially). SSP-2634 should obviate such blacklisting, so if you haven't added it already, there should be no reason to do so. If you've already created a blacklist, it is entirely up to you whether or not to leave it in place.

 

Warning

If you are upgrading an environment, you should delete or change the passwords for the uPortal users created for demonstration purposes. This can be done through the user interface: Manage Users ->  Find an Existing User -> [Enter user ID from list below] -> [Click result] -> Delete or Edit, then change password. Demo users:

  • advisor0
  • ken
  • student0
  • student1

This is only necessary for upgrades. A fresh 2.4.2 install will not create these users.

A fresh install should also either change the admin user's password or add some other user to the Portal Administrators group and delete the admin user.

v2.4.2 JIRA Issues

Bugs

  • [SSP-2643] - Courses on MAP lost during edit
  • [SSP-2654] - DOB search results incorrect before 01/01/1970
  • [SSP-2660] - Print action plan button does not respond
  • [SSP-2697] - Inactive CL appear in Action Plan custom task
  • [SSP-2706] - Search API invoked twice when submitting search form
  • [SSP-2721] - Integrate patched CAS filter
  • [SSP-2723] - Student search column result sorting not working
  • [SSP-2724] - Improved default security.properties configuration

...