4.0.9
- Eric Dalquist
Jan/03/13
uPortal 4.0.9 GA Announcement
Apereo is proud to announce uPortal 4.0.9, continuing in our regular patch releases of uPortal 4.0. This release addresses a number of minor bugs and one moderate security bug. For the security bug any user with access to user-administration would also be able to craft a URL to use the impersonation feature even if the user lacked the impersonation permission. This has been addressed via commits 3636ac and 8679f6 for those interested in applying just the fix without upgrading to 4.0.9. This release also includes two new statistics reports that show Tab and Portlet execution counts broken down by group and tab/portlet, thanks to Unicon's cooperative development program for these reporting tools. Finally a bug related to cached group and permission data has been resolved such that at login existing attribute, group, and permission information about the user is completely purged to ensure a fresh session.
Features and Changes of Note
- [UP-3626] - Users with access to User Administration can impersonate any user regardless of "IMPERSONATE" permission settings
- [UP-3625] - Add report for Tab Render count
- [UP-3628] - Add report for portlet execution count
Updating from 4.0.0-4.0.5
If you have data you care about in the UP_LOGIN_EVENT_AGGREGATE table please back it up externally or rename the table before executing the following steps. db-update will drop this table.
After configuring your uPortal 4.0.8 source run:
ant db-update
Downloads: http://www.jasig.org/uportal/download/uportal-409
Release Notes: https://wiki.jasig.org/display/UPC/4.0.9
Maven Project Site: http://developer.jasig.org/projects/uportal/4.0.9/
Full Release Notes
Bug
- [UP-3083] - Button styling in IE9 is not correct
- [UP-3254] - uportal 4.0.2 + mysql specified key was too long issue
- [UP-3286] - Tomcat examples available in uPortal demo
- [UP-3416] - Portlet 286 Ajax requests: only the first ajax call is processed
- [UP-3492] - Content-Disposition cannot be set in ResourceResponse
- [UP-3550] - portlet preferences (provided via config mode) are lost when editing existing portlets
- [UP-3590] - Portlet configuration does not display portlet.xml parameters
- [UP-3598] - Portlet Manager no longer displays preferences defined in portlet.xml when you register a new portlet
- [UP-3613] - Shibboleth and attributes user caching
- [UP-3616] - Resource parameters not included in cache key generation
- [UP-3618] - portlet admin : bug when setting up of preference readOnly
- [UP-3619] - Fragment Administration portlet : Edit Page/Colum Permissions
- [UP-3627] - Pluto doesn't handle setting of Content-Type via headers correctly
- [UP-3630] - DAO_PING fails on MySQL
- [UP-3633] - PortalDb DataSource not in JMX
Improvement
- [UP-3456] - Streamline SASS implementation
- [UP-3478] - Disable scheduled background tasks during uPShell execution
- [UP-3535] - Enhance UserAccountHelper to invalidate cached objects it updates
- [UP-3623] - Add LDAP Connection settings to Maven filters files
- [UP-3634] - Add exception logging filter for all requests
- [UP-3635] - Add Permanent Link feature to stats portlet
- [UP-3636] - Include current username in thread naming
New Feature
Security Bug
- [UP-3626] - Users with access to User Administration can impersonate any user regardless of "IMPERSONATE" permission settings
-Eric Dalquist
Deployer Notes
- Requires Servlet API 2.5 to run. Tomcat 6.0 is the first version of Tomcat to support Servlet 2.5
- Requires JDK 1.6.0_26 or newer
- Data export and import is required when upgrading from a version earlier than 4.0.0
Issues addressed in uPortal 4.0.9
Bugs known to afflict uPortal 4.0