uP Status Winter 2005
A presentation on uPortal 2 status.
Presenters:
Bill Thompson of Rutgers.
Andrew Petro of Yale.
Proposed content
A presentation of uPortal 2 status, including review of uPortal 2.4.x and uPortal 2.5.x releases since the Baltimore conference and work in the CVS HEAD towards uPortal 2.6. Includes summary of major fixes and new features in these releases. Presentation of the improved process for handling discovered security vulnerabilities in uPortal and other JA-SIG projects. Review of the ongoing community process for uPortal.
Release Process Reviewed
What kinds of releases we make and why we make them.
uPortal 2.4.x status
The 2.4.x release strategy has been to:
- fix reported issues
- increase portal performance and stability
- share fixes/optimizations with later release branches (2.5.x and HEAD)
- incorporate important fixes/optimizations from later releases (2.5.x and HEAD)
In August, uPortal 2.4.3 was made generally available. This release included major changes to address memory, performance and finalizer issues. In addition, modifications were applied to reduce the number of temporary objects created by the uPortal framework. More details regarding work done during portal optimization and tuning can be found in the uPortal 2.x Status presentation.
In late September, a security exploit was identified in the CWebProxy and CGenericXSLT channels. This resulted in an October security release of uPortal 2.4.3.1 to address this problem.
Current work in the 2.4.x branch includes a planned uPortal 2.4.4 release for mid-December 2005. This release will continue to incorporate bug-fixes as well as the introduction of JDK 1.5 support for the 2.4.x branch.
uPortal 2.5.x status
uPortal 2.5.1. A long time coming, but included a number of good fixes and new features.
Security Contact Group
Opensource projects value openness and operating in public with collaboration and input. Except when we don't, because we're trying to quickly address a critical security vulnerability and seek to distribute the fix simultaneously with the announcement of the vulnerability. The infrastructure and process for this. Where to report security vulnerabilities.
uPortal 2.6
What's been happening in the HEAD and why it's been happening. Where it's at and guesses as to when it will be released.
The on-going community process for uP 2.x
Community means you. There's a process. There's a lot of ways to contribute.