Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


SSP v2.8.0 General Release Announcement

Release Date: TBD

Release Highlights

 

v2.8.0 contains a variety of changes that enhance nearly every tool within SSP. The specific issues are noted below, but there are additional resources with information about the changes.

Fresh Installation Instructions

See SSP v2.8.0 Installation Instructions

Upgrade Instructions

Upgrading Source Code Forks

See SSP Source Code Upgrade Process

Additional Upgrade Steps

 

It is important to first follow the steps in the Release Notes for v2.6.0.

The SSP development team is not aware of any SSP deployments integrated with CAS, but this release includes two security-related patch sets specifically targeted at CAS integrations:

  • SSP-2721 - Scrubs certain CAS-specific request parameters. The changes and effects are detailed in the uPortal project.  No work should be required to enable the patch, but you may want to review that document to better understand the CAS-related configuration changes included in this release.
  • SSP-2724 - Works around what amounts to a CAS-specific session hijacking vulnerability. The changes and effects are detailed in the uPortal project and the <platform-src>/uportal-war/src/main/resources/properties/security.properties file includes greatly expanded comments describing recommended configuration changes. You will likely want to review the email thread and changes to that file whether or not you use CAS. The new defaults may interfere with your existing authentication provider integrations, especially AD/LDAP. SSP-specific details below.
  • SSP-3130 - Upgrade Apache Commons Security Issue. A patch was added for Apache security into 2.8 and rel-2-7-patches. None changes were made to 2.6.

 

1 - Add new permission external view tools

SSP-3154 adds a feature to add additional tools links, four maximum, to the tools menu.  For each tool, permissions are assigned to administrator and developer roles by default.  Permissions must be added to additional roles in order for the tools to appear.  This requires a new permission that needs to be imported into SSP-Platform  Run the following command from the SSP-Platform directory

ant -Dmaven.test.skip=true -Ddir=uportal-war/src/main/data/ssp_entities/patches-SSP-2-8-0 data-import

SSP v2.8.0 JIRA Issues

Bugs

New Features

Improvements

Tasks

 

 

  • No labels