4.1.0

Owned by Andrew Petro
Last updated: Aug 02, 2018 by Jim HelwigVersion comment
12 min read

Released: 16 June 2014

 

Download the release

You can grab the binary releases, including a ready-to-start Quickstart release, from the GitHub release page.

See also

See also the page for this release on the Apereo website.

Security bugs known to affect uPortal 4.1.0

This macro will automatically display publicly visible security bugs tagged as affecting this release in the issue tracker.

key summary priority
Refresh

 

uPortal 4.1.0 GA Announcement

See also : Release announcement as posted on uportal-user@ email list.


Human readable release notes

See the GitHub release page for human-readable release notes.

 

Full Release Notes Generated from JIRA:

Release Notes - uPortal - Version 4.1.0

Static listing

This is a static copy-and-paste of release notes generated from JIRA. You can re-generate this report from JIRA.

Features Added

  • [UP-3719] - Implement a responsive design with Bootstrap (Respondr)
  • [UP-3955] - A marketplace portlet to view and add portlets
  • [UP-3746] - Analytics configuration UI
  • [UP-3748] - Add uPortal google analytics
  • [UP-3884] - Safari CSS issue with Background Preference Button
  • [UP-3896] - Add Favorites portlet
  • [UP-3936] - Add a Notification Icon portlet to the pre-header region in Respondr with a badge number indicating the current number of notifications
  • [UP-4021] - Aggregate portlet rating
  • [UP-4093] - Contain JAXB Importer, Exporter, Deleter, and Upgrader provisioning failures
  • [UP-4111] - Portlet Manager -- Improve appearance and UX in Respondr
  • [UP-4141] - Disable search on form submit
  • [UP-4155] - Add Paypal Bootstrap accessibility plugin
  • [UP-4162] - Add in initial release date for marketplace entry
  • [UP-3298] - Add support for Tomcat7
  • [UP-3514] - Add RedirectionUrl to support extra path style dynamic parameter
  • [UP-3609] - Automatically run db-update tasks on startup for patch and local changes
  • [UP-3624] - Redirect log in attempts if cookies are disabled
  • [UP-3625] - Add report for Tab Render count
  • [UP-3628] - Add report for portlet execution count
  • [UP-3631] - Add report for portlets added to layout
  • [UP-3645] - Filter Portlet Registry by portlet status
  • [UP-3650] - Implement Groups and Permissions API
  • [UP-3652] - Person Lookup max results configurable & Add scrollbar
  • [UP-3662] - Addd PAGS Eager regex tester that find()s instead of match()s
  • [UP-3671] - Create a new Portal Activity framework portlet that shows some basic info about current users, logins, and searches
  • [UP-3750] - Print portlet content
  • [UP-3755] - Introduce the management of an alternative maximized link in portlet parameters
  • [UP-3762] - Add ability for users to select a background image to apply to desktop and mobile pages
  • [UP-3774] - Bundle announcement portlet
  • [UP-3783] - Allow ability to edit rich configuration from the portlet's chrome or rendered view, not just portlet administration
  • [UP-3785] - Implement Background Changer portlet on mobile web
  • [UP-3905] - Enhance the DETACHED window state to provide an optional sticky-header
  • [UP-3937] - Add the ability to configure portlet directly from portlet chrome
  • [UP-3938] - Access CONFIG and EDIT for portlets in regions (Respondr)
  • [UP-3940] - Provide an optional DynamicRespondrSkin portlet for Respondr-based portals
  • [UP-3941] - Support Massively Multi-Tenant Online Portals (MMOTP) with a Tenant Manager portlet and supporting infrastructure
  • [UP-4034] - Add a portlet preference to the portal-activity portlet to toggle display of popular searches
  • [UP-4049] - Implement sidebar-left and sidebar-right regions for Respondr
  • [UP-4051] - Flag raw events with aggregation processing failures to prevent repeat doomed attempts to process
  • [UP-4064] - Portlet Manager - filter the list of 'portlet types' (CPDs) offered to the user based on a new permission
  • [UP-4112] - Select target profile on Impersonate
  • [UP-4144] - Travis-CI continuous integration

 

Improvements Realized

  • [UP-2901] - Portlet Manager Channel Description should be a text area instead of a small textbox
  • [UP-3038] - Use tab externalId in URL if present
  • [UP-3182] - parameter flagging portlets for hide from impersonated logins
  • [UP-3205] - Add login link to "Logging in" default guest page portlet
  • [UP-3206] - Customize cas-in-uPortal login page to advise about default working username-password pairs
  • [UP-3210] - Mock of Courses portlet include multiple instructor surnames
  • [UP-3479] - Update user account helper to use displayName person attribute when sending password reset email
  • [UP-3556] - Update JasigWidgetPortlets to 1.0.3
  • [UP-3560] - Enable caching for default person directory configuration
  • [UP-3561] - Improve default ldap pooling configuration
  • [UP-3571] - Add support for Java 7
  • [UP-3593] - Make quickstart scripts wait for tomcat/hsql
  • [UP-3596] - Consistent entity export list ordering
  • [UP-3600] - Settings in WebProxyPortlet's datasource.properties file should come from the normal place (filters/ dir), not from the built version of rdbm.properties
  • [UP-3601] - Quote username in SingleTabUrlNodeSyntaxHelper log message
  • [UP-3606] - Add version check to event processing
  • [UP-3607] - Improve jGroups peer discovery
  • [UP-3621] - Refactor clearPass support for uPortal
  • [UP-3623] - Add LDAP Connection settings to Maven filters files
  • [UP-3629] - Refactor statistics report column headings and column labels implementation to make more generic
  • [UP-3634] - Add exception logging filter for all requests
  • [UP-3635] - Add Permanent Link feature to stats portlet
  • [UP-3636] - Include current username in thread naming
  • [UP-3648] - Enhancement to place (optionally) some config outside uPortal build/deploy process
  • [UP-3653] - Add capability for invoking data import in portlets bundled into uportal-portlets-overlay into ant tasks initportal, initdb
  • [UP-3654] - Bundle the Calendar portlet into the uPortal set of bundled portlets
  • [UP-3658] - Enhance the Directory portlet so that it goes into MAXIMIZED window state upon submitting a search
  • [UP-3659] - Add a helpful message to the Directory (framework) portlet about the maximum results
  • [UP-3663] - Add ability to import archive of entity files
  • [UP-3668] - Allow IPortalEventAggregator to check support on PortalEvent object
  • [UP-3669] - Reduce flushing during event aggregation
  • [UP-3689] - Allow users to deep link to protected content without using refUrl
  • [UP-3691] - Define several DLM for guest depending on context attributes
  • [UP-3693] - Make access to the 'Customize' menu and the 'Add Tab' button permissions-based
  • [UP-3694] - Enhance XalanAuthorizationHelperBean to provide support for upAuth:hasPermission(owner,activity,target) in the XSL
  • [UP-3700] - We should declare the uportal-maven-plugin in the (parent) portlets-overlay pom, not in the individual portlet poms
  • [UP-3705] - Remove auto-run of stats report
  • [UP-3708] - Publish links into sidebar from DLM Fragment
  • [UP-3709] - Include cn by default in directory search of LDAP
  • [UP-3711] - Merge uPortal cache managers
  • [UP-3713] - Purge unused portlet cookies from db after short duration
  • [UP-3714] - Add show hide toggle possibility on the sidebar
  • [UP-3740] - Upgrade to Jackson 2
  • [UP-3741] - Simplify PortletExecutionEvent creation
  • [UP-3743] - Provide additional information for unhandled exceptions at the Web Intercepter
  • [UP-3757] - Use JDK7 chmod in maven build
  • [UP-3763] - Allow header/footer portlets to render in the mUniversality theme
  • [UP-3779] - Enhance json.xsl (JSON rendering theme) to include info about portlets that are not within tabs and columns
  • [UP-3793] - Implement the Personalization Gallery ('CUSTOMIZE') in Respondr
  • [UP-3811] - Clarify suggestion for adding custom attribute sources
  • [UP-3812] - Update uPortal to WebProxyPortlet 2.0.0-M2
  • [UP-3823] - Enhance UP-3701 and/or change logging initialization of Listener classes
  • [UP-3867] - Update jQuery-Mobile to the last version : use jquery-mobile 1.3.2 instead of jquery-mobile 1.1.1
  • [UP-3868] - Fix zoom scale problems and bugs with fixed toolbars
  • [UP-3871] - Fix mistypes on messages and improve fr translations
  • [UP-3872] - Improve internationalization of Search Portlet and Directory Search Portlet
  • [UP-3875] - Add environment filters for cas context (/cas) and all params of email sending configuration
  • [UP-3876] - Update jQuery, jQuery-UI, Backbone, Underscore and others javascripts libs used by universality and muniversality skins
  • [UP-3877] - Improving text-shadows : fix bad blur effects on some buttons, lists, ui-li-dividers when a black text has a black text-shadow ; Removed any remaining blur on text shadows for better performance (@see jquery/jquery-mobile@7903171)
  • [UP-3887] - Add ajax auto-complete search filter to Search Box
  • [UP-3893] - Add remaining email properties to filters files
  • [UP-3898] - Replace Calendar portlet default holiday data feed to Google
  • [UP-3917] - Upgrade Universality to jQuery 1.10 using jquery-migrate to match Respondr
  • [UP-3930] - Respondr: Clean up tab manipulation visuals
  • [UP-3967] - Put password encryption value in portal.properties
  • [UP-3970] - Configure uPortal's ehcache to be a shared cache
  • [UP-3975] - Update tables to use datatables instead of fluid
  • [UP-3989] - Modify search auto-suggest to position correctly based on window size
  • [UP-3991] - Add hidden-top and hidden-bottom regions
  • [UP-3993] - Fix UI on recent Datatables changes
  • [UP-3994] - Update Datatable Styling to have filtered items go below the filter dropdowns in Respondr
  • [UP-4007] - datatables UI improvements
  • [UP-4008] - Clarify Group and Category selection UI under Respondr
  • [UP-4014] - Search - hide tabs if search is not configured to have multiple tabs
  • [UP-4015] - Create profile for universality; helpful when default skin is Respondr
  • [UP-4030] - Convert PAGS config from XML file to JPA entities
  • [UP-4037] - Include as much of ClearPass configuration as possible in standard configuration
  • [UP-4039] - Create Properties regex and inverted regex testers for PAGS user agent string tests
  • [UP-4045] - Dynamic skin update using ajax
  • [UP-4046] - Support RENDER_HEADERS two-phase render, have Dynamic Skin portlet use it
  • [UP-4050] - Have dynamic skin default to disabled
  • [UP-4055] - Widen USER_NAME columns in the portal db to 100 characters (from 35)
  • [UP-4063] - Portlet Manager -- auto-skip Choose Portlet Type step if there is only 1 choice available
  • [UP-4065] - Portlet Manager -- Detect config/edit/help/about mode support as defined in portlet.xml for portlets published with CPDs
  • [UP-4066] - Manage Portlets: Group and category selection use permissions to get forest root
  • [UP-4067] - Portlet Manager -- Simplify 'Summary' and 'Preferences' screens/steps quite a bit
  • [UP-4076] - Make Respondr the default 4.1 theme
  • [UP-4094] - Have Respondr be full-width of the browser
  • [UP-4108] - Changes to allow CAS Clearpass to work in clustered uPortal environments
  • [UP-4109] - uPortal 4.1 should default to Respondr for mobile devices instead of mUniversality
  • [UP-4113] - Update issue tracker URL in Quickstart readme
  • [UP-4114] - Update uPortal website URL in quickstart readme.
  • [UP-4116] - Remove reference to -dev quickstart
  • [UP-4118] - Add quickstart readme instruction re submitting security defect reports
  • [UP-4119] - Note bugs-affecting-version search embedded on release notes wiki page
  • [UP-4139] - Fix Reset Password so that it does not show errors when rendered on the guest layout
  • [UP-4149] - Differentiate new tenant password bootstrap emails from existing user password reset emails
  • [UP-4154] - On publishing new portlet, prompt to go to fragment administration if appropriate
  • [UP-4156] - Upgrade uPortal to use fluid 1.5.0
  • [UP-4167] - Exclude maven sonatype and apache snapshots from source repos
  • [UP-4171] - Update uPortal manual links to 4.1 version
  • [UP-4174] - Update documentation to recommend Tomcat 7
  • [UP-4175] - Acknowledge Apache Commons Lang in NOTICE file

Security Bugs Fixed

  • [UP-3626] - Users with access to User Administration can impersonate any user regardless of "IMPERSONATE" permission settings
  • [UP-3754] - Illicit CAS proxy authentication into portal
  • [UP-4105] - CVE-2014-3416 MANAGE[-*] permissions not enforced
  • [UP-4106] - CVE-2014-3417 Any user can Configure any portlet they can SUBSCRIBE

Bugs Fixed

  • [UP-3083] - Button styling in IE9 is not correct

  • [UP-3211] - Footer "uPortal Accessibility" link links to http://www.jasig.org/uportal/accessibility which does not exist

  • [UP-3212] - Footer "Privacy Policy" link links to http://www.jasig.org/uportal/privacy which does not exist
  • [UP-3254] - MySQL specified key too long
  • [UP-3276] - Significant set of DB resource leaks in org.jasig.portal.layout.simple.RDBMUserLayoutStore
  • [UP-3277] - Prepared statements not closed on Exception. Missing try catch blocks or finally
  • [UP-3279] - Software defects in compiled version of Quick Start (4.0.2) found by static code review
  • [UP-3295] - Portlet title not escaped allowing for the injection of script or the breaking of the student GUI with partial tags
  • [UP-3315] - Manage Users admin UI don't correctly escape dynamic content
  • [UP-3531] - Switch to SLF4j and Logback
  • [UP-3532] - portlet render cache output not purged on processAction in subsequent logins
  • [UP-3541] - Comments in fragment-layout.xml cause parts of layouts not to import
  • [UP-3550] - portlet preferences (provided via config mode) are lost when editing existing portlets
  • [UP-3551] - Header portlets within the hidden=false header folder are not expanded in maximized mode
  • [UP-3557] - javax.portlet.escapeXml container option not working
  • [UP-3558] - ant md5passwd broken
  • [UP-3559] - Person Directory sees queries for ALL, ALL_GROUPS, ALL_* pseudo targets
  • [UP-3562] - Portlet Manager -- Using a comma within a portlet preference value has the effect of splitting that value in two
  • [UP-3563] - Hung worker tracking not working
  • [UP-3569] - Add overlay files for portlet log configuration
  • [UP-3570] - Upgrade bundled CAS to 3.5.x
  • [UP-3575] - UP_PORTLET_ENT.USER_ID is missing an index
  • [UP-3576] - Remove CSS stylesheets from source
  • [UP-3581] - The new example LDAP config in ldapContext.xml doesn't seem to play well with SimpleLdapSecurityContext
  • [UP-3583] - dbtest never completes
  • [UP-3584] - Class Cast Exception in GrouperEntityGroupStore
  • [UP-3586] - New York Times RSS Feed broken
  • [UP-3588] - Pluto mis-parses escapeXml portlet.xml setting
  • [UP-3589] - Improve default database pooling config
  • [UP-3591] - NULL portlet preference value returned even if default vaue is provided
  • [UP-3594] - Sort groups & intervals in stats portlet
  • [UP-3595] - export flag for db-update/init ant tasks is not honored
  • [UP-3597] - Stats portlet fails to work on certain intervals
  • [UP-3602] - Unique Constraint Violation
  • [UP-3603] - Statistics Portlet and spring mvc portlet annotation bug on 3.1.2 spring version
  • [UP-3605] - Move version update calls into PortalShellBuildHelper
  • [UP-3608] - OpenEntityManagerAspect does not correctly participate in existing transactions
  • [UP-3611] - Event processing catch-up logic is wrong
  • [UP-3612] - Closed aggregations should not cause event processing failures
  • [UP-3613] - Shibboleth and attributes user caching
  • [UP-3614] - CAS 3.5.1 patch results in untracked files and directories during build
  • [UP-3615] - default.png URL in JSON feed broken
  • [UP-3616] - Resource parameters not included in cache key generation
  • [UP-3619] - Fragment Administration portlet : Edit Page/Colum Permissions
  • [UP-3622] - Disable URL Rewriting for Tomcat7
  • [UP-3627] - Pluto doesn't handle setting of Content-Type via headers correctly
  • [UP-3630] - DAO_PING fails on MySQL
  • [UP-3632] - Fix the "Popular Portlets" controller logic
  • [UP-3633] - PortalDb DataSource not in JMX
  • [UP-3641] - UP_JGROUPS_PING index length bug with MySQL
  • [UP-3642] - Unchecked console.log usage in JavaScript
  • [UP-3649] - Bump the bundled email-preview portlet to version 2.0.3
  • [UP-3651] - Missing aggregation config results in aggregating everything
  • [UP-3655] - Event Aggregation fails on MySQL due to -Infinity value
  • [UP-3660] - Editing of "View user attribute" permissions is broken
  • [UP-3664] - Bookmarks uwfn.tld apparently doesn't load on Tomcat7
  • [UP-3670] - Portlet data-import support breaks some build command combinations
  • [UP-3687] - missing portlet-wide error styles for mobile theme
  • [UP-3692] - cookieCheck doesn't capture entire URL
  • [UP-3698] - RenderHeaders output not being included in XSLT output
  • [UP-3701] - Some listener classes defined in web.xml are initializing logging before the webAppRootKey is initialized
  • [UP-3702] - Caused by: java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.Comparable
  • [UP-3703] - Spring messages incorrectly escaped
  • [UP-3704] - Bug with Uportal PortletRequestImpl.isUserInRole
  • [UP-3706] - Database connection settings for the Attachments portlet are hard-coded
  • [UP-3707] - Bundle Announcement Portlet in uPortal 4.1
  • [UP-3710] - QuarterDetails needlessly deleted/recreated
  • [UP-3712] - AcademicTermDetail needlessly deleted/recreated
  • [UP-3716] - Test failures with Java 7
  • [UP-3726] - Fix error.jsp display on Mobile view when 'a portlet node is null'
  • [UP-3735] - JpaPortalEventStore.aggregatePortalEvents should ignore malformed events
  • [UP-3737] - Password Management portlet fails when user does not have edit permissions on any attributes
  • [UP-3738] - Delegate portlet resourceId's are not included in the URL
  • [UP-3739] - Config mode broken for framework portlets
  • [UP-3742] - FragmentListController fails with NPE in 'Audit DLM Fragments' portlet when a DLM fragment references a portlet fname not recognized by the portletRegistry
  • [UP-3744] - Password Management portlet password behavior not ideal
  • [UP-3751] - On Permission administration the search on principal begin ajax search on first character
  • [UP-3752] - Portlet Administration - Creating a new portlet when portlet name contains single quote break portlet choice
  • [UP-3760] - Adding portlet on locked tab/column
  • [UP-3775] - CLONED from SSP - Permissons Editing Not Visible in IE
  • [UP-3786] - Remove the broken, extraneous 'Popular Portlets' button from the Portlet Manager
  • [UP-3788] - uportal-maven-plugin does not properly copy MANIFEST.MF files within war files handled by deploy-ear
  • [UP-3815] - Manage Portlets displays 'setParameters.deleteButton' in Edit Parameters
  • [UP-3824] - Logback: Add listener
  • [UP-3864] - Manage permissions - cannot select principal in perms by category
  • [UP-3869] - Bamboo build failures with 'connection exception: connection failure: java.io.EOFException' on hsql shutdown
  • [UP-3873] - Fix error when tester is null on PersonAttributesGroupStore.java test method
  • [UP-3874] - Fix null group member entity
  • [UP-3881] - Maven goal (data-import) on project Announcements fails for Windows
  • [UP-3883] - StackOverflowError on Tomcat 7.0.47 whenever a session logs out
  • [UP-3895] - DLM's ProfileEvaluatorFactory fails to import the XML produced by the ProfileEvaluator on export
  • [UP-3899] - renaming portlet fname creates constraint violation
  • [UP-3998] - JpaClusterLockDaoTest.testConcurrentCreateLocking() intermittently fails
  • [UP-4013] - Search of Portlets fails to find portlets with uppercase in string that should match
  • [UP-4025] - When Granting Configure to a Category(target) it isn't reflecting to contained portlets
  • [UP-4032] - SimpleContentPortlet (attachments) uses Hibernate test connection pool
  • [UP-4054] - Bug in the reset-password flow that renders it unusable
  • [UP-4056] - Clustered CAS Clearpass Configuration not working
  • [UP-4057] - AuthorizableActivity.java constructor args in wrong order
  • [UP-4058] - PortletCategoryRegistryLocator bean missing from locatorContext.xml
  • [UP-4092] - PortalPermissionEvaluator sends the wrong TARGET String for JsonEntityBean objects when it checks permissions for REST API calls
  • [UP-4115] - Trivial typos in documentation
  • [UP-4117] - Quickstart readme documents wrong portal.log file path
  • [UP-4163] - uPortal build issues due to maven not handling HTTP 301 on artifact fetch
  • [UP-4164] - acceptAnyProxy set to true in ootb CAS overlay
  • [UP-4166] - uPortal build does not build uportal-platform-api
  • [UP-4024] - Maven build fails on a new machine due to CalendarPortlet dependency on xalan:serializer, which is in offline 3rd-party repo
  • [UP-4038] - Issue with sonatype snapshot redirect

 

-Andrew Petro

 

Deployer Notes

  • Requires Servlet API 2.5 to run. Tomcat 6.0 is the first version of Tomcat to support Servlet 2.5.  You probably actually want a recent Tomcat 7.
  • Requires Java 7 ("JDK 1.7") or newer.  Java 8 ("JDK 1.8") might also work, but wasn't the target version for this patch series.
  • Data export and import is required when upgrading.

Issues addressed in uPortal 4.1.0

key summary type created updated due assignee reporter priority status resolution
Refresh

Bugs known to afflict uPortal 4.1.0

(Note that this is only as good as the affects-version metadata on JIRA issues).

key summary type created updated due assignee reporter priority status resolution
Refresh