Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Tentatively: 11 June 2014

uPortal 4.0.14 GA Announcement

Apereo is proud to announce uPortal 4.0.14, continuing in our regular patch releases of uPortal 4.0.

Human-readable release notes

uPortal 4.0.14 is a patch release of uPortal 4.0 cut to release a couple important security fixes and to ship a slew of minor fixes that had accumulated in the 4.0-patches maintenance branch.  Prior to this release, portlet administration permissions are bugged such that

1) CVE-2014-3146 anyone who can SUBSCRIBE the portlet-admin portlet can MANAGE any portlet, regardless of intended delegated administration MANAGE and MANAGE-* permission restrictions , and

2) CVE-2014-3147 anyone who can SUBSCRIBE a given portlet can enter CONFIG mode of that portlet to the extent that the portlet has a CONFIG mode.

 

This release includes essential fixes for successfully implementing delegated portlet administration features.  This release attempts to root the portlet management group and category selection selector UI at a close-to-tree-root yet-selectable-by-the-user group or category, fixes JSON web service permission checks to succeed when they ought instead of always failing for non-super-users, and fixes the portlet publishing lifecycle stage step of the portlet publication workflow for non-super-users

This release also adds the Emergency Alert portlet to the guest view, which will be an important fix for adopters using guest views and emergency alerts, and drops the category from the default emergency-alert portlet definition to prevent users from adding it to odd places in their own layouts.

This release works with Tomcat 7.0.47 (and later?) whereas without this fix ending and upgrading user sessions was bugged.

The reset-password portlet had been bugged so as to be unusable, but this release includes a fix.  Guest user account detection is now case-insensitive.  Permissions administration principal selection is fixed..

This release fixes DLM ProfileEvaluator import to now successfully import the XML it exports.

Search over the portlet registry standardizes to lowercase and so should have more search hits that you'd expect.

The in-memory password encryption key is now conveniently configured in portal.properties to encourage adopters to set it.  You have changed that encryption key from the default, if you're using in-memory passwords, right? 

Speaking of caching passwords in memory, CAS / ClearPass users should review the ClearPass cache update synchronicity configuration changes in this release.  This release includes out-of-the-box CAS / ClearPass configuration that's closer to ready-to-go more generally (but is still off-by-default).

In this release the calendar portlet's default US holiday data feed now draws (working) from Google, replacing a previous default configuration that went bad.

This release upgrades to  jquery and jqueryUI 1.8.24, jquery-mobile to 1.3.2 and tweaks Fluid to support jQuery 1.8disables UI scaling under muniversality, improves text shadows, fixes UI glitches in portlet-administration, in portlet titles, and in the hc and coal themes, and removes the (broken) Popular Portlets button from the Portlet Manager.  A new portlet preference governs whether the portal-activity portlet displays popular searches.

This release bumps the versions of some included portlets:

 

In under-the-hood tweaks, this release patches away some database resource leaksconfigures uPortal's ehcache to be sharedtweaks the environment filter setupdates Maven exclusions, and silences an extraneous hsql shutdown EOFException, and adds some null handling on the JSON web services accessing groups and in the person attribute group store.

The quickstart configuration in this release bumps the max memory to 500 mb.

 

On upgrade, you may want to:

 

 

Updating from 4.0.0-4.0.5

db-update will drop data

If you have data you care about in the UP_LOGIN_EVENT_AGGREGATE table please back it up externally or rename the table before executing the following steps. db-update will drop this table.

After configuring your uPortal 4.0.14 source run:

  • ant db-update

Downloads: http://www.jasig.org/uportal/download/uportal-4014 (TODO: Download link does not yet work.)
Release Notes: https://wiki.jasig.org/display/UPC/4.0.14 (TODO: this page not yet complete)
Maven Project Site: http://developer.jasig.org/projects/uportal/4.0.14/ (TODO: Maven site does not yet exist)

 

These developers contributed commits to this release:

 

 

Full Release Notes

Release Notes - uPortal - Version 4.0.14

Bug

Improvement

New Feature

Story

-Andrew Petro

 

Deployer Notes

  • Requires Servlet API 2.5 to run. Tomcat 6.0 is the first version of Tomcat to support Servlet 2.5.  You probably actually want a recent Tomcat 7.
  • Requires JDK 1.6.0_26 or newer.  Oracle JDK 6 is ridiculously old, so you probably want JDK 7 instead, which will work.  JDK 8 will almost certainly also work, but wasn't the target version for this patch series.
  • Data export and import is required when upgrading from a version earlier than 4.0.0.  Login event aggregation data migration is required when upgrading from a version 4.0.0 to 4.0.5, see above.

Issues addressed in uPortal 4.0.14

key summary type created updated due assignee reporter priority status resolution

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Bugs known to afflict uPortal 4.0.14

(Note that this is only as good as the affects-version metadata on JIRA issues).

key summary type created updated due assignee reporter priority status resolution

Unable to locate Jira server for this macro. It may be due to Application Link configuration.

  • No labels