Modified: portals/site-live/jetspeed-2/release-notes-2.3.0.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/release-notes-2.3.0.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/release-notes-2.3.0.html (original) +++ portals/site-live/jetspeed-2/release-notes-2.3.0.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 9 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,112 +253,112 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="Ate Douma" email="[email protected]"><person name="David Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Release_Notes_-_Jetspeed_-_Version_2.3.0"></a>Release Notes - Jetspeed - Version 2.3.0</h2> + <subtitle></subtitle><authors><person name="Ate Douma" email="[email protected]"><person name="David Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Release_Notes_-_Jetspeed_-_Version_2.3.0"></a>Release Notes - Jetspeed - Version 2.3.0</h2> <p> The list below outlines the issues that are addressed with release 2.3.0 For a full list of features, see the <a href="features.html">features list</a>. - </p> + </p> <p> And the release notes of the previous release 2.2.2 are available here: <a href="release-notes-2.2.2.html">release notes 2.2.2</a>. - </p> -<div class="section"><h3><a name="New_Feature"></a>New Feature</h3> -<ul><li>[<a href="https://issues.apache.org/jira/browse/JS2-845"; class="externalLink">JS2-845</a>] - AutoRefresh Feature - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1302"; class="externalLink">JS2-1302</a>] - Replace WebContent1 portlets by WebContent2 portlets in demo - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1303"; class="externalLink">JS2-1303</a>] - Rewrite j2-admin::SSOIFramePortlet based on webcontent2 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1304"; class="externalLink">JS2-1304</a>] - Rewrite j2-admin::SSOReverseProxyIFramePortlet based on webcontent2 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1305"; class="externalLink">JS2-1305</a>] - Rewrite j2-admin::SSOWebContentPortlet based on webcontent2 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1314"; class="externalLink">JS2-1314</a>] - Responsive Decorators - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1315"; class="externalLink">JS2-1315</a>] - Responsive Layouts - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1316"; class="externalLink">JS2-1316</a>] - Responsive Profiler Admin Portlet - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1317"; class="externalLink">JS2-1317</a>] - Improve Core J2-Admin Portlets to work with responsive layouts - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1318"; class="externalLink">JS2-1318</a>] - Second Responsive Menu for Pages Navigations on SmartPhone Breakpoint - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1331"; class="externalLink">JS2-1331</a>] - Customization to Responsive Layouts - </li> -</ul> -</div> -<div class="section"><h3><a name="Improvement"></a>Improvement</h3> -<ul><li>[<a href="https://issues.apache.org/jira/browse/JS2-874"; class="externalLink">JS2-874</a>] - Refactor Jetspeed API to use generics - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1274"; class="externalLink">JS2-1274</a>] - Support Tomcat7 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1281"; class="externalLink">JS2-1281</a>] - Generalize Security Constraints to support "AND" in addition to "OR" grant specification. - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1290"; class="externalLink">JS2-1290</a>] - Upgrade Jar Dependencies - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1292"; class="externalLink">JS2-1292</a>] - Set Default Compiler for Jetspeed Build to Java 1.7 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1293"; class="externalLink">JS2-1293</a>] - Improve User Browser to not load all users in memory - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1295"; class="externalLink">JS2-1295</a>] - Portlet Pipeline links URLs to wrong pipeline - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1301"; class="externalLink">JS2-1301</a>] - Add Derby as Migration Source to Installer - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1310"; class="externalLink">JS2-1310</a>] - Upgrade Jetspeed to use recommended Tomcat and Servlet Spec for Java 7 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1311"; class="externalLink">JS2-1311</a>] - Running in Tomcat Securely fails to generate secure links - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1324"; class="externalLink">JS2-1324</a>] - Security Cache Performance Improvements - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1325"; class="externalLink">JS2-1325</a>] - Preferences Caching Performance Improvements - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1330"; class="externalLink">JS2-1330</a>] - Improve Security Interceptors Examples and Documentation - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1332"; class="externalLink">JS2-1332</a>] - Upgrade to Portlet API 2.1.0 - </li> -</ul> -</div> -<div class="section"><h3><a name="Bug"></a>Bug</h3> -<ul><li>[<a href="https://issues.apache.org/jira/browse/JS2-1197"; class="externalLink">JS2-1197</a>] - Audit Reports do not compile on 2.2.1 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1268"; class="externalLink">JS2-1268</a>] - File download (fileserver) pipeline is broken since 2.2.1 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1289"; class="externalLink">JS2-1289</a>] - Jetspeed installer 2.2.2 Turkish installation problem - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1294"; class="externalLink">JS2-1294</a>] - Concurrency Issue with SessionPathResolverCache - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1296"; class="externalLink">JS2-1296</a>] - Password Generator Goes into Infinite Loop - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1297"; class="externalLink">JS2-1297</a>] - Page Templates are broken when not using Ajax Customization mode - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1298"; class="externalLink">JS2-1298</a>] - Jetspeed Power Tool renderPortletWindow loses PSML Preferences - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1299"; class="externalLink">JS2-1299</a>] - Auto Clear State Feature Fails on Page Refresh - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1300"; class="externalLink">JS2-1300</a>] - Cascading preferences deletes - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1306"; class="externalLink">JS2-1306</a>] - Update Velocity to 1.6.4 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1308"; class="externalLink">JS2-1308</a>] - Disabled Password is never checked and user can log in - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1319"; class="externalLink">JS2-1319</a>] - Upgrade YUI to latest version - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1320"; class="externalLink">JS2-1320</a>] - J2-Admin Chart Portlets - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1322"; class="externalLink">JS2-1322</a>] - ActionResponse.setRenderParameter crashes ActionUrl ? - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1323"; class="externalLink">JS2-1323</a>] - ActionResponse.setRenderParameter crashes ActionUrl ? - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1326"; class="externalLink">JS2-1326</a>] - Issue with User Credential functionality - Jetspeed 2.2.2 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1327"; class="externalLink">JS2-1327</a>] - Jetspeed does not build with Maven 3.3.x - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1328"; class="externalLink">JS2-1328</a>] - Improve XSS Filter - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1329"; class="externalLink">JS2-1329</a>] - Number ClassCastException on Oracle - </li> -</ul> -</div> -</div> + </p> +<div class="section"><h3><a name="New_Feature"></a>New Feature</h3> +<ul><li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-845";>JS2-845</a>] - AutoRefresh Feature + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1302";>JS2-1302</a>] - Replace WebContent1 portlets by WebContent2 portlets in demo + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1303";>JS2-1303</a>] - Rewrite j2-admin::SSOIFramePortlet based on webcontent2 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1304";>JS2-1304</a>] - Rewrite j2-admin::SSOReverseProxyIFramePortlet based on webcontent2 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1305";>JS2-1305</a>] - Rewrite j2-admin::SSOWebContentPortlet based on webcontent2 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1314";>JS2-1314</a>] - Responsive Decorators + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1315";>JS2-1315</a>] - Responsive Layouts + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1316";>JS2-1316</a>] - Responsive Profiler Admin Portlet + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1317";>JS2-1317</a>] - Improve Core J2-Admin Portlets to work with responsive layouts + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1318";>JS2-1318</a>] - Second Responsive Menu for Pages Navigations on SmartPhone Breakpoint + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1331";>JS2-1331</a>] - Customization to Responsive Layouts + </li> +</ul> +</div> +<div class="section"><h3><a name="Improvement"></a>Improvement</h3> +<ul><li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-874";>JS2-874</a>] - Refactor Jetspeed API to use generics + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1274";>JS2-1274</a>] - Support Tomcat7 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1281";>JS2-1281</a>] - Generalize Security Constraints to support "AND" in addition to "OR" grant specification. + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1290";>JS2-1290</a>] - Upgrade Jar Dependencies + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1292";>JS2-1292</a>] - Set Default Compiler for Jetspeed Build to Java 1.7 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1293";>JS2-1293</a>] - Improve User Browser to not load all users in memory + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1295";>JS2-1295</a>] - Portlet Pipeline links URLs to wrong pipeline + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1301";>JS2-1301</a>] - Add Derby as Migration Source to Installer + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1310";>JS2-1310</a>] - Upgrade Jetspeed to use recommended Tomcat and Servlet Spec for Java 7 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1311";>JS2-1311</a>] - Running in Tomcat Securely fails to generate secure links + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1324";>JS2-1324</a>] - Security Cache Performance Improvements + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1325";>JS2-1325</a>] - Preferences Caching Performance Improvements + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1330";>JS2-1330</a>] - Improve Security Interceptors Examples and Documentation + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1332";>JS2-1332</a>] - Upgrade to Portlet API 2.1.0 + </li> +</ul> +</div> +<div class="section"><h3><a name="Bug"></a>Bug</h3> +<ul><li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1197";>JS2-1197</a>] - Audit Reports do not compile on 2.2.1 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1268";>JS2-1268</a>] - File download (fileserver) pipeline is broken since 2.2.1 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1289";>JS2-1289</a>] - Jetspeed installer 2.2.2 Turkish installation problem + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1294";>JS2-1294</a>] - Concurrency Issue with SessionPathResolverCache + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1296";>JS2-1296</a>] - Password Generator Goes into Infinite Loop + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1297";>JS2-1297</a>] - Page Templates are broken when not using Ajax Customization mode + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1298";>JS2-1298</a>] - Jetspeed Power Tool renderPortletWindow loses PSML Preferences + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1299";>JS2-1299</a>] - Auto Clear State Feature Fails on Page Refresh + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1300";>JS2-1300</a>] - Cascading preferences deletes + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1306";>JS2-1306</a>] - Update Velocity to 1.6.4 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1308";>JS2-1308</a>] - Disabled Password is never checked and user can log in + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1319";>JS2-1319</a>] - Upgrade YUI to latest version + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1320";>JS2-1320</a>] - J2-Admin Chart Portlets + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1322";>JS2-1322</a>] - ActionResponse.setRenderParameter crashes ActionUrl ? + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1323";>JS2-1323</a>] - ActionResponse.setRenderParameter crashes ActionUrl ? + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1326";>JS2-1326</a>] - Issue with User Credential functionality - Jetspeed 2.2.2 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1327";>JS2-1327</a>] - Jetspeed does not build with Maven 3.3.x + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1328";>JS2-1328</a>] - Improve XSS Filter + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1329";>JS2-1329</a>] - Number ClassCastException on Oracle + </li> +</ul> +</div> +</div> </div> </div> @@ -367,7 +367,7 @@ </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation
Modified: portals/site-live/jetspeed-2/release-notes.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/release-notes.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/release-notes.html (original) +++ portals/site-live/jetspeed-2/release-notes.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 9 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,58 +253,58 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="Ate Douma" email="[email protected]"><person name="David Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Release_Notes_-_Jetspeed_-_Version_2.3.1"></a>Release Notes - Jetspeed - Version 2.3.1</h2> + <subtitle></subtitle><authors><person name="Ate Douma" email="[email protected]"><person name="David Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Release_Notes_-_Jetspeed_-_Version_2.3.1"></a>Release Notes - Jetspeed - Version 2.3.1</h2> <p> The list below outlines the issues that are addressed with release 2.3.1 For a full list of features, see the <a href="features.html">features list</a>. - </p> + </p> <p> And the release notes of the previous release 2.3.0 are available here: <a href="release-notes-2.3.0.html">release notes 2.3.0</a>. - </p> -<div class="section"><h3><a name="New_Feature"></a>New Feature</h3> -<ul><li>[<a href="http://portals.apache.org/jetspeed-2/security-reports.html"; class="externalLink">Security Patches</a>] - Important Security Issues found by Apache Security Team - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1341"; class="externalLink">JS2-1341</a>] - Add Support for Detached Portlets to Portal Pipeline - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1348"; class="externalLink">JS2-1348</a>] - Search Feature - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1349"; class="externalLink">JS2-1349</a>] - User Manager: Filter By Groups - </li> -</ul> -</div> -<div class="section"><h3><a name="Improvement"></a>Improvement</h3> -<ul><li>[<a href="https://issues.apache.org/jira/browse/JS2-1340"; class="externalLink">JS2-1340</a>] - Improve Standard Portlet Decorator Styles - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1342"; class="externalLink">JS2-1342</a>] - Improve and Update Jetspeed Archetype for 2.3.1 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1345"; class="externalLink">JS2-1345</a>] - Improve CSS in Site Manager and Constraints portlet - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1346"; class="externalLink">JS2-1346</a>] - Improve User Manager Portlet (wicket) to show and persist email address - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1352"; class="externalLink">JS2-1352</a>] - Upgrade EhCache to 2.6.11 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1353"; class="externalLink">JS2-1353</a>] - Improve User Session Preferences - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1354"; class="externalLink">JS2-1354</a>] - Improve VersionedPortletApplicationManager to support dot versions - </li> -</ul> -</div> -<div class="section"><h3><a name="Bug"></a>Bug</h3> -<ul><li>[<a href="https://issues.apache.org/jira/browse/JS2-1334"; class="externalLink">JS2-1334</a>] - unpack overwrite rule not being honoured - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1339"; class="externalLink">JS2-1339</a>] - Portlet Decorator Selection in Standard Customizer is failing - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1344"; class="externalLink">JS2-1344</a>] - Data Migration Parameter table class_name not translated from 2.1.3/2.1.4 - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1347"; class="externalLink">JS2-1347</a>] - NPE in Dynamic Web Content Rewriter - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1350"; class="externalLink">JS2-1350</a>] - Wrong Profile Locator Assigned to New Users - </li> -<li>[<a href="https://issues.apache.org/jira/browse/JS2-1351"; class="externalLink">JS2-1351</a>] - NPE when Portlet Mode not Provided in Supports - </li> -</ul> -</div> -</div> + </p> +<div class="section"><h3><a name="New_Feature"></a>New Feature</h3> +<ul><li>[<a class="externalLink" href="http://portals.apache.org/jetspeed-2/security-reports.html";>Security Patches</a>] - Important Security Issues found by Apache Security Team + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1341";>JS2-1341</a>] - Add Support for Detached Portlets to Portal Pipeline + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1348";>JS2-1348</a>] - Search Feature + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1349";>JS2-1349</a>] - User Manager: Filter By Groups + </li> +</ul> +</div> +<div class="section"><h3><a name="Improvement"></a>Improvement</h3> +<ul><li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1340";>JS2-1340</a>] - Improve Standard Portlet Decorator Styles + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1342";>JS2-1342</a>] - Improve and Update Jetspeed Archetype for 2.3.1 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1345";>JS2-1345</a>] - Improve CSS in Site Manager and Constraints portlet + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1346";>JS2-1346</a>] - Improve User Manager Portlet (wicket) to show and persist email address + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1352";>JS2-1352</a>] - Upgrade EhCache to 2.6.11 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1353";>JS2-1353</a>] - Improve User Session Preferences + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1354";>JS2-1354</a>] - Improve VersionedPortletApplicationManager to support dot versions + </li> +</ul> +</div> +<div class="section"><h3><a name="Bug"></a>Bug</h3> +<ul><li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1334";>JS2-1334</a>] - unpack overwrite rule not being honoured + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1339";>JS2-1339</a>] - Portlet Decorator Selection in Standard Customizer is failing + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1344";>JS2-1344</a>] - Data Migration Parameter table class_name not translated from 2.1.3/2.1.4 + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1347";>JS2-1347</a>] - NPE in Dynamic Web Content Rewriter + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1350";>JS2-1350</a>] - Wrong Profile Locator Assigned to New Users + </li> +<li>[<a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1351";>JS2-1351</a>] - NPE when Portlet Mode not Provided in Supports + </li> +</ul> +</div> +</div> </div> </div> @@ -313,7 +313,7 @@ </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation Modified: portals/site-live/jetspeed-2/roadmap.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/roadmap.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/roadmap.html (original) +++ portals/site-live/jetspeed-2/roadmap.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 9 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,43 +253,43 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="David Sean Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Upcoming_Releases_Timeline"></a>Upcoming Releases Timeline</h2> -<ul><li>2.3.1 - May 9 2016</li> -<li>2.3.2 - September 2016</li> -</ul> -</div> -<div class="section"><h2><a name="a2.3.2_Release"></a>2.3.2 Release</h2> -<ul><li>TBD</li> -</ul> -</div> -<div class="section"><h2><a name="Latest_2.3.1_Release"></a>Latest 2.3.1 Release</h2> -<ul><li><a href="security-reports.html">Apache Security CVE Fixes to 2.3.0</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1348"; class="externalLink">Search Feature (JS2-1348)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1341"; class="externalLink">Detached Portlets (JS2-1341)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1342"; class="externalLink">Update Archetype and Tutorial (JS2-1342)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1349"; class="externalLink">User Admin, Filter by Groups (JS2-1349)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1346"; class="externalLink">User Admin, Edit Email field (JS2-1346)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1345"; class="externalLink">Improve CSS in Site Manager and Constraints Admin (JS2-1345)</a></li> -<li><a href="https://issues.apache.org/jira/browse/JS2-1340"; class="externalLink">Improvements to Standard Portlet Decorators (JS2-1340)</a></li> -</ul> -</div> -<div class="section"><h2><a name="Previous_Release_2.3.0"></a>Previous Release 2.3.0</h2> -<p>2.3.0 - released July 2015</p> -<ul><li>Java 1.7 Support(JS2-1292)</li> -<li>Jetspeed API + Generics (JS2-874)</li> -<li>Tomcat7 and Servlet 3.0 (JS2-1274)</li> -<li>Upgrade Dependencies, Spring (JS2-1290)</li> -<li>New Responsive Decorators (JS2-1314)</li> -<li>New Responsive Layout (JS2-1315)</li> -<li>J2-Admin Angular Portlet Framework (JS2-1316)</li> -<li>J2-Admin Core Portlets Responsive (JS2-1317)</li> -<li>J2-Admin Chart Portlets (JS2-1320)</li> -<li>New User Manager (JS2-1293)</li> -<li>Preferences Performance Improvements (JS2-1325)</li> -<li>Security Performance Improvements (JS2-1324)</li> -<li>Upgraded Portals APA and Bridges Dependencies</li> -</ul> -</div> + <subtitle></subtitle><authors><person name="David Sean Taylor" email="[email protected]"></authors><div class="section"><h2><a name="Upcoming_Releases_Timeline"></a>Upcoming Releases Timeline</h2> +<ul><li>2.3.1 - May 9 2016</li> +<li>2.3.2 - September 2016</li> +</ul> +</div> +<div class="section"><h2><a name="a2.3.2_Release"></a>2.3.2 Release</h2> +<ul><li>TBD</li> +</ul> +</div> +<div class="section"><h2><a name="Latest_2.3.1_Release"></a>Latest 2.3.1 Release</h2> +<ul><li><a href="security-reports.html">Apache Security CVE Fixes to 2.3.0</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1348";>Search Feature (JS2-1348)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1341";>Detached Portlets (JS2-1341)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1342";>Update Archetype and Tutorial (JS2-1342)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1349";>User Admin, Filter by Groups (JS2-1349)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1346";>User Admin, Edit Email field (JS2-1346)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1345";>Improve CSS in Site Manager and Constraints Admin (JS2-1345)</a></li> +<li><a class="externalLink" href="https://issues.apache.org/jira/browse/JS2-1340";>Improvements to Standard Portlet Decorators (JS2-1340)</a></li> +</ul> +</div> +<div class="section"><h2><a name="Previous_Release_2.3.0"></a>Previous Release 2.3.0</h2> +<p>2.3.0 - released July 2015</p> +<ul><li>Java 1.7 Support(JS2-1292)</li> +<li>Jetspeed API + Generics (JS2-874)</li> +<li>Tomcat7 and Servlet 3.0 (JS2-1274)</li> +<li>Upgrade Dependencies, Spring (JS2-1290)</li> +<li>New Responsive Decorators (JS2-1314)</li> +<li>New Responsive Layout (JS2-1315)</li> +<li>J2-Admin Angular Portlet Framework (JS2-1316)</li> +<li>J2-Admin Core Portlets Responsive (JS2-1317)</li> +<li>J2-Admin Chart Portlets (JS2-1320)</li> +<li>New User Manager (JS2-1293)</li> +<li>Preferences Performance Improvements (JS2-1325)</li> +<li>Security Performance Improvements (JS2-1324)</li> +<li>Upgraded Portals APA and Bridges Dependencies</li> +</ul> +</div> </div> </div> @@ -298,7 +298,7 @@ </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation Modified: portals/site-live/jetspeed-2/security-reports.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/security-reports.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/security-reports.html (original) +++ portals/site-live/jetspeed-2/security-reports.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 10 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,108 +253,108 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="David Sean Taylor" email="[email protected]"></authors><div class="section"><h2><a name="CVE_Reports"></a>CVE Reports</h2> -<ul><li><a href="#CVE-2016-0709">CVE-2016-0709: Code execution via ZIP file path traversal</a></li> -<li><a href="#CVE-2016-0710">CVE-2016-0710: SQL injection in User Manager service</a></li> -<li><a href="#CVE-2016-0711">CVE-2016-0711: Persistent Cross Site Scripting in links, pages and folders</a></li> -<li><a href="#CVE-2016-0712">CVE-2016-0712: Reflected Cross Site Scripting in URI path</a></li> -<li><a href="#CVE-2016-2171">CVE-2016-2171: Jetspeed User Manager REST service not restricted by Jetspeed Security</a></li> -</ul> -</div> -<div class="section"><h2><a name="a2.3.1_Release_CVE_Reports"></a>2.3.1 Release CVE Reports</h2> -<a name="CVE-2016-0709"></a><div class="section"><h3><a name="CVE-2016-0709:_Code_execution_via_ZIP_file_path_traversal"></a>CVE-2016-0709: Code execution via ZIP file path traversal</h3> -<table class="bodyTable"><tr class="a"><td>Severity: </td> -<td>Important</td> -</tr> -<tr class="b"><td>Vendor: </td> -<td>The Apache Software Foundation</td> -</tr> -<tr class="a"><td>Versions Affected:</td> -<td> Jetspeed 2.2.0 to 2.2.2</td> -</tr> -<tr class="b"><td></td> -<td>Jetspeed 2.3.0</td> -</tr> -<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> -</tr> -<tr class="b"><td>Mitigation:</td> -<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> -</tr> -<tr class="a"><td>Credit:</td> -<td>This issue was discovered by Andreas Lindh</td> -</tr> -<tr class="b"><td>References:</td> -<td>http://tomcat.apache.org/security.html</td> -</tr> -</table> -<h4>Description:</h4> + <subtitle></subtitle><authors><person name="David Sean Taylor" email="[email protected]"></authors><div class="section"><h2><a name="CVE_Reports"></a>CVE Reports</h2> +<ul><li><a href="#CVE-2016-0709">CVE-2016-0709: Code execution via ZIP file path traversal</a></li> +<li><a href="#CVE-2016-0710">CVE-2016-0710: SQL injection in User Manager service</a></li> +<li><a href="#CVE-2016-0711">CVE-2016-0711: Persistent Cross Site Scripting in links, pages and folders</a></li> +<li><a href="#CVE-2016-0712">CVE-2016-0712: Reflected Cross Site Scripting in URI path</a></li> +<li><a href="#CVE-2016-2171">CVE-2016-2171: Jetspeed User Manager REST service not restricted by Jetspeed Security</a></li> +</ul> +</div> +<div class="section"><h2><a name="a2.3.1_Release_CVE_Reports"></a>2.3.1 Release CVE Reports</h2> +<a name="CVE-2016-0709"></a><div class="section"><h3><a name="CVE-2016-0709:_Code_execution_via_ZIP_file_path_traversal"></a>CVE-2016-0709: Code execution via ZIP file path traversal</h3> +<table class="bodyTable"><tr class="a"><td>Severity: </td> +<td>Important</td> +</tr> +<tr class="b"><td>Vendor: </td> +<td>The Apache Software Foundation</td> +</tr> +<tr class="a"><td>Versions Affected:</td> +<td> Jetspeed 2.2.0 to 2.2.2</td> +</tr> +<tr class="b"><td></td> +<td>Jetspeed 2.3.0</td> +</tr> +<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> +</tr> +<tr class="b"><td>Mitigation:</td> +<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> +</tr> +<tr class="a"><td>Credit:</td> +<td>This issue was discovered by Andreas Lindh</td> +</tr> +<tr class="b"><td>References:</td> +<td>http://tomcat.apache.org/security.html</td> +</tr> +</table> +<h4>Description:</h4> <p>The Import/Export function in the Portal Site Manager, part of the Jetspeed Administrative Portlets, is vulnerable to a path traversal via specially crafted file names in ZIP archives. Any user with permission to upload files via this function can upload a file with a name like "../../../../tmp/foo" to write a file named "foo" in the /tmp directory. This is because the code that performs the unzipping of the archive does not check the validity of the file names before writing them to disk. This can be turned into code execution by uploading a .jsp file and writing it to somewhere on the file system where the web server will execute it when visited - </p> -</div> -<a name="CVE-2016-0710"></a><div class="section"><h3><a name="aCVE-2016-0710:_SQL_injection_in_User_Manager_service"></a>#CVE-2016-0710: SQL injection in User Manager service</h3> -<table class="bodyTable"><tr class="a"><td>Severity: </td> -<td>Important</td> -</tr> -<tr class="b"><td>Vendor: </td> -<td>The Apache Software Foundation</td> -</tr> -<tr class="a"><td>Versions Affected:</td> -<td> Jetspeed 2.3.0</td> -</tr> -<tr class="b"><td>Mitigation:</td> -<td>2.3.0 users should upgrade to 2.3.1</td> -</tr> -<tr class="a"><td>Credit:</td> -<td>This issue was discovered by Andreas Lindh</td> -</tr> -<tr class="b"><td>References:</td> -<td>http://tomcat.apache.org/security.html</td> -</tr> -</table> -<h4>Description:</h4> + </p> +</div> +<a name="CVE-2016-0710"></a><div class="section"><h3><a name="aCVE-2016-0710:_SQL_injection_in_User_Manager_service"></a>#CVE-2016-0710: SQL injection in User Manager service</h3> +<table class="bodyTable"><tr class="a"><td>Severity: </td> +<td>Important</td> +</tr> +<tr class="b"><td>Vendor: </td> +<td>The Apache Software Foundation</td> +</tr> +<tr class="a"><td>Versions Affected:</td> +<td> Jetspeed 2.3.0</td> +</tr> +<tr class="b"><td>Mitigation:</td> +<td>2.3.0 users should upgrade to 2.3.1</td> +</tr> +<tr class="a"><td>Credit:</td> +<td>This issue was discovered by Andreas Lindh</td> +</tr> +<tr class="b"><td>References:</td> +<td>http://tomcat.apache.org/security.html</td> +</tr> +</table> +<h4>Description:</h4> <p>The Jetspeed User Manager service, part of the Jetspeed Administrative Portlets, is vulnerable to SQL injection. When performing a search in these tools, the 'user' and 'role' parameters of the request can be injected to alter the logic of the subsequent SQL statement. - </p> -<p>There is also an authorization flaw at play here since the above URLs can be reached without being authenticated in Jetspeed.</p> -<h4>Example</h4> + </p> +<p>There is also an authorization flaw at play here since the above URLs can be reached without being authenticated in Jetspeed.</p> +<h4>Example</h4> <p> - Given this URL:<br /> -<div class="source"><pre>http://192.168.2.4:8080/jetspeed/services/usermanager/users/?_type=json&results=10&start=0&sort=userName&dir=asc&name=&roles=foo%27%20</pre> -</div> + Given this URL:<br /> +<div class="source"><pre>http://192.168.2.4:8080/jetspeed/services/usermanager/users/?_type=json&results=10&start=0&sort=userName&dir=asc&name=&roles=foo%27%20</pre> +</div> The 'role' parameter contains the value "foo" which is not an existing role, but because of the injected SQL code (or '1'='1') the statement returns true anyway and all the existing users are shown. - </p> -</div> -<a name="CVE-2016-0711"></a><div class="section"><h3><a name="CVE-2016-0711:_Persistent_Cross_Site_Scripting_in_links_pages_and_folders"></a>CVE-2016-0711: Persistent Cross Site Scripting in links, pages and folders</h3> -<table class="bodyTable"><tr class="a"><td>Severity: </td> -<td>Important</td> -</tr> -<tr class="b"><td>Vendor: </td> -<td>The Apache Software Foundation</td> -</tr> -<tr class="a"><td>Versions Affected:</td> -<td> Jetspeed 2.2.0 to 2.2.2</td> -</tr> -<tr class="b"><td></td> -<td>Jetspeed 2.3.0</td> -</tr> -<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> -</tr> -<tr class="b"><td>Mitigation:</td> -<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> -</tr> -<tr class="a"><td>Credit:</td> -<td>This issue was discovered by Andreas Lindh</td> -</tr> -<tr class="b"><td>References:</td> -<td>http://tomcat.apache.org/security.html</td> -</tr> -</table> -<h4>Description:</h4> + </p> +</div> +<a name="CVE-2016-0711"></a><div class="section"><h3><a name="CVE-2016-0711:_Persistent_Cross_Site_Scripting_in_links_pages_and_folders"></a>CVE-2016-0711: Persistent Cross Site Scripting in links, pages and folders</h3> +<table class="bodyTable"><tr class="a"><td>Severity: </td> +<td>Important</td> +</tr> +<tr class="b"><td>Vendor: </td> +<td>The Apache Software Foundation</td> +</tr> +<tr class="a"><td>Versions Affected:</td> +<td> Jetspeed 2.2.0 to 2.2.2</td> +</tr> +<tr class="b"><td></td> +<td>Jetspeed 2.3.0</td> +</tr> +<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> +</tr> +<tr class="b"><td>Mitigation:</td> +<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> +</tr> +<tr class="a"><td>Credit:</td> +<td>This issue was discovered by Andreas Lindh</td> +</tr> +<tr class="b"><td>References:</td> +<td>http://tomcat.apache.org/security.html</td> +</tr> +</table> +<h4>Description:</h4> <p>The functionality to add a link, page, or folder, is vulnerable to persistent Cross Site Scripting. This is because it is possible to include HTML tags in the object's name, such as is the example below where a page object is being renamed after creation. - </p> -<h4>Example</h4> + </p> +<h4>Example</h4> <p> - Given this AJAX request:<br /> + Given this AJAX request:<br /> <div class="source"><pre> POST /jetspeed/services/pagemanagement/info/.psml/_user/andreas/foobar.psml? _type=json HTTP/1.1 @@ -372,101 +372,101 @@ Cookie: JSESSIONID=F95E2034A086BE172EF81 JS2TOOLBOX=TAB=theme&CAT=Administration Connection: close title=foobar</a></li><script>alert(document.domain)</script> - </pre> -</div> -</p> -<p>Which results in the following content in the server response:<br /> + </pre> +</div> +</p> +<p>Which results in the following content in the server response:<br /> <div class="source"><pre> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <title>foobar</a></li><script>alert(document.domain)</script></title> - </pre> -</div> -<p>Note that this code will be executed every time someone visits that space.</p> -</p> -</div> -<a name="CVE-2016-0712"></a><div class="section"><h3><a name="CVE-2016-0712:_Reflected_Cross_Site_Scripting_in_URI_path"></a>CVE-2016-0712: Reflected Cross Site Scripting in URI path</h3> -<table class="bodyTable"><tr class="a"><td>Severity: </td> -<td>Important</td> -</tr> -<tr class="b"><td>Vendor: </td> -<td>The Apache Software Foundation</td> -</tr> -<tr class="a"><td>Versions Affected:</td> -<td> Jetspeed 2.2.0 to 2.2.2</td> -</tr> -<tr class="b"><td></td> -<td>Jetspeed 2.3.0</td> -</tr> -<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> -</tr> -<tr class="b"><td>Mitigation:</td> -<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> -</tr> -<tr class="a"><td>Credit:</td> -<td>This issue was discovered by Andreas Lindh</td> -</tr> -<tr class="b"><td>References:</td> -<td>http://tomcat.apache.org/security.html</td> -</tr> -</table> -<h4>Description:</h4> + </pre> +</div> +<p>Note that this code will be executed every time someone visits that space.</p> +</p> +</div> +<a name="CVE-2016-0712"></a><div class="section"><h3><a name="CVE-2016-0712:_Reflected_Cross_Site_Scripting_in_URI_path"></a>CVE-2016-0712: Reflected Cross Site Scripting in URI path</h3> +<table class="bodyTable"><tr class="a"><td>Severity: </td> +<td>Important</td> +</tr> +<tr class="b"><td>Vendor: </td> +<td>The Apache Software Foundation</td> +</tr> +<tr class="a"><td>Versions Affected:</td> +<td> Jetspeed 2.2.0 to 2.2.2</td> +</tr> +<tr class="b"><td></td> +<td>Jetspeed 2.3.0</td> +</tr> +<tr class="a"><td>The unsupported Jetspeed 2.1.x versions may be also affected</td> +</tr> +<tr class="b"><td>Mitigation:</td> +<td>2.2.0 - 2.3.0 users should upgrade to 2.3.1</td> +</tr> +<tr class="a"><td>Credit:</td> +<td>This issue was discovered by Andreas Lindh</td> +</tr> +<tr class="b"><td>References:</td> +<td>http://tomcat.apache.org/security.html</td> +</tr> +</table> +<h4>Description:</h4> <p> The URI path directory after /portal is vulnerable to reflected Cross Site Scripting. By visiting the following URL, a JavaScript pop-up will appear when the mouse is moved over the minimize/maximize buttons (may differ for different UI versions). Note this issue is only reproduced on Firefox browser. - </p> -<h4>Example</h4> + </p> +<h4>Example</h4> <p> - Given this URL:<br /> + Given this URL:<br /> <div class="source"><pre> http://192.168.2.9:8080/jetspeed/portal/foo%22onmouseover%3d%22alert%281%29?URL=foo/bar - </pre> -</div> -</p> -<p>In the HTML response there is script:<br /> + </pre> +</div> +</p> +<p>In the HTML response there is script:<br /> <div class="source"><pre> <a href="http://192.168.2.4:8080/jetspeed/portal/_ns:..._/foo"onmouseover="alert(1)" title="Minimize" class="action portlet-action" ><img src="/jetspeed/decorations/images/minimized.gif" alt="Minimize" border="0"/></a> - </pre> -</div> -</p> -</div> -<a name="CVE-2016-2171"></a><div class="section"><h3><a name="CVE-2016-2171:_Jetspeed_User_Manager_REST_service_not_restricted_by_Jetspeed_Security"></a>CVE-2016-2171: Jetspeed User Manager REST service not restricted by Jetspeed Security</h3> -<table class="bodyTable"><tr class="a"><td>Severity: </td> -<td>Important</td> -</tr> -<tr class="b"><td>Vendor: </td> -<td>The Apache Software Foundation</td> -</tr> -<tr class="a"><td>Versions Affected:</td> -<td> Jetspeed 2.3.0</td> -</tr> -<tr class="b"><td>Mitigation:</td> -<td>2.3.0 users should upgrade to 2.3.1</td> -</tr> -<tr class="a"><td>Credit:</td> -<td>This issue was discovered by Andreas Lindh</td> -</tr> -<tr class="b"><td>References:</td> -<td>http://tomcat.apache.org/security.html</td> -</tr> -</table> -<h4>Description:</h4> + </pre> +</div> +</p> +</div> +<a name="CVE-2016-2171"></a><div class="section"><h3><a name="CVE-2016-2171:_Jetspeed_User_Manager_REST_service_not_restricted_by_Jetspeed_Security"></a>CVE-2016-2171: Jetspeed User Manager REST service not restricted by Jetspeed Security</h3> +<table class="bodyTable"><tr class="a"><td>Severity: </td> +<td>Important</td> +</tr> +<tr class="b"><td>Vendor: </td> +<td>The Apache Software Foundation</td> +</tr> +<tr class="a"><td>Versions Affected:</td> +<td> Jetspeed 2.3.0</td> +</tr> +<tr class="b"><td>Mitigation:</td> +<td>2.3.0 users should upgrade to 2.3.1</td> +</tr> +<tr class="a"><td>Credit:</td> +<td>This issue was discovered by Andreas Lindh</td> +</tr> +<tr class="b"><td>References:</td> +<td>http://tomcat.apache.org/security.html</td> +</tr> +</table> +<h4>Description:</h4> <p> The Jetspeed User Manager services are vulnerable to unauthorized access. The following APIs are not restricted by Jetspeed Security: - </p> + </p> <div class="source"><pre> GET http://host/jetspeed/services/usermanager/users/ GET http://host/jetspeed/services/usermanager/users/{name}/ POST http://host/jetspeed/services/usermanager/users/{name}/ POST http://host/jetspeed/services/usermanager/users/ DELETE http://host/jetspeed/services/usermanager/users/{name}/ - </pre> -</div> + </pre> +</div> <p> In the upcoming 2.3.1 release, these URLs are properly secured by Jetspeed Security, requiring Administrative rights. - </p> -</div> -</div> + </p> +</div> +</div> </div> </div> @@ -475,7 +475,7 @@ title="Minimize" class="a </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation Modified: portals/site-live/jetspeed-2/supporting-projects.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/supporting-projects.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/supporting-projects.html (original) +++ portals/site-live/jetspeed-2/supporting-projects.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 9 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,32 +253,32 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="David Le Strat" email="[email protected]"></authors><div class="section"><h2><a name="Supporting_Projects"></a>Supporting Projects</h2> -<table class="bodyTable"><tr class="a"><th>Project</th> -<th>Description</th> -</tr> -<tr class="b"><td><a href="http://db.apache.org/derby/"; class="externalLink"><img src="images/supporters/derby.gif" /></a></td> -<td><a href="http://db.apache.org/derby/"; class="externalLink">Derby</a> provides Jetspeed-2 default embedded database engine.</td> -</tr> -<tr class="a"><td><a href="http://directory.apache.org/apacheds/1.5/"; class="externalLink"><img src="images/supporters/directory.gif" /></a></td> -<td>Apache <a href="http://directory.apache.org/apacheds/1.5/"; class="externalLink">Directory Server</a> provides Jetspeed-2 default embedded LDAP engine.</td> -</tr> -<tr class="b"><td><a href="http://lucene.apache.org/"; class="externalLink"><img src="images/supporters/lucene.gif" /></a></td> -<td><a href="http://lucene.apache.org/"; class="externalLink">Lucene</a> provides Jetspeed-2 embedded search engine.</td> -</tr> -<tr class="a"><td><a href="http://db.apache.org/ojb/"; class="externalLink"><img src="images/supporters/ojb.gif" /></a></td> -<td><a href="http://db.apache.org/ojb/"; class="externalLink">OJB</a> provides Jetspeed-2 default persistence layer. Jetspeed-2 uses - OJB's PersistenceBroker API.</td> -</tr> -<tr class="b"><td><a href="http://portals.apache.org/pluto/"; class="externalLink"><img src="images/supporters/pluto.gif" /></a></td> -<td><a href="http://portals.apache.org/pluto/"; class="externalLink">Pluto</a> provides Jetspeed-2 portlet container. - Pluto is the Reference Implementation of the Java Portlet Specfication. </td> -</tr> -<tr class="a"><td><a href="http://www.springframework.org"; class="externalLink"><img src="images/supporters/springframework.gif" /></a></td> -<td>The <a href="http://www.springframework.org"; class="externalLink">Spring Framework</a> provides Jetspeed-2 default component framework.</td> -</tr> -</table> -</div> + <subtitle></subtitle><authors><person name="David Le Strat" email="[email protected]"></authors><div class="section"><h2><a name="Supporting_Projects"></a>Supporting Projects</h2> +<table class="bodyTable"><tr class="a"><th>Project</th> +<th>Description</th> +</tr> +<tr class="b"><td><a class="externalLink" href="http://db.apache.org/derby/";><img src="images/supporters/derby.gif" /></a></td> +<td><a class="externalLink" href="http://db.apache.org/derby/";>Derby</a> provides Jetspeed-2 default embedded database engine.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://directory.apache.org/apacheds/1.5/";><img src="images/supporters/directory.gif" /></a></td> +<td>Apache <a class="externalLink" href="http://directory.apache.org/apacheds/1.5/";>Directory Server</a> provides Jetspeed-2 default embedded LDAP engine.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://lucene.apache.org/";><img src="images/supporters/lucene.gif" /></a></td> +<td><a class="externalLink" href="http://lucene.apache.org/";>Lucene</a> provides Jetspeed-2 embedded search engine.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://db.apache.org/ojb/";><img src="images/supporters/ojb.gif" /></a></td> +<td><a class="externalLink" href="http://db.apache.org/ojb/";>OJB</a> provides Jetspeed-2 default persistence layer. Jetspeed-2 uses + OJB's PersistenceBroker API.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://portals.apache.org/pluto/";><img src="images/supporters/pluto.gif" /></a></td> +<td><a class="externalLink" href="http://portals.apache.org/pluto/";>Pluto</a> provides Jetspeed-2 portlet container. + Pluto is the Reference Implementation of the Java Portlet Specfication. </td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.springframework.org";><img src="images/supporters/springframework.gif" /></a></td> +<td>The <a class="externalLink" href="http://www.springframework.org";>Spring Framework</a> provides Jetspeed-2 default component framework.</td> +</tr> +</table> +</div> </div> </div> @@ -287,7 +287,7 @@ </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation Modified: portals/site-live/jetspeed-2/who-uses-j2.html URL: http://svn.apache.org/viewvc/portals/site-live/jetspeed-2/who-uses-j2.html?rev=1901428&r1=1901427&r2=1901428&view=diff ============================================================================== --- portals/site-live/jetspeed-2/who-uses-j2.html (original) +++ portals/site-live/jetspeed-2/who-uses-j2.html Tue May 31 02:15:08 2022 @@ -42,7 +42,7 @@ <div class="xleft"> - Last Published: 9 May 2016 + Last Published: 26 May 2022 </div> <div class="xright"> <a href="http://portals.apache.org/applications/"; class="externalLink">Applications</a> | @@ -253,105 +253,105 @@ </div> <div id="bodyColumn"> <div id="contentBox"> - <subtitle></subtitle><authors><person name="David Le Strat" email="[email protected]"></authors><div class="section"><h2><a name="Who_Uses_Jetspeed-2"></a>Who Uses Jetspeed-2?</h2> -<table class="bodyTable"><tr class="a"><th>Company/Project</th> -<th>Description</th> -</tr> -<tr class="b"><td><a href="http://www.appliedjapan.com/"; class="externalLink"><img src="images/users/applied.gif" /></a></td> -<td><a href="http://www.appliedjapan.com/"; class="externalLink">APPLIED Co.,Ltd.</a> is a Japanese company providing services - to develop IT business applications and Web sites, having many customized J1 and J2 based actual results. </td> -</tr> -<tr class="a"><td><a href="http://www.artifact-software.com"; class="externalLink"><img src="images/users/artifact.jpg" /></a></td> -<td><a href="http://www.artifact-software.com"; class="externalLink">Artifact Software</a><p>Artifact Software <a href="http://www.artifact-software.com"; class="externalLink">http://www.artifact-software.com</a> is using Jetspeed as the basis for its Vision Learning Management System. Jetspeed has allowed us to build a robust, user-friendly system with good performance. + <subtitle></subtitle><authors><person name="David Le Strat" email="[email protected]"></authors><div class="section"><h2><a name="Who_Uses_Jetspeed-2"></a>Who Uses Jetspeed-2?</h2> +<table class="bodyTable"><tr class="a"><th>Company/Project</th> +<th>Description</th> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.appliedjapan.com/";><img src="images/users/applied.gif" /></a></td> +<td><a class="externalLink" href="http://www.appliedjapan.com/";>APPLIED Co.,Ltd.</a> is a Japanese company providing services + to develop IT business applications and Web sites, having many customized J1 and J2 based actual results. </td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.artifact-software.com";><img src="images/users/artifact.jpg" /></a></td> +<td><a class="externalLink" href="http://www.artifact-software.com";>Artifact Software</a><p>Artifact Software <a class="externalLink" href="http://www.artifact-software.com";>http://www.artifact-software.com</a> is using Jetspeed as the basis for its Vision Learning Management System. Jetspeed has allowed us to build a robust, user-friendly system with good performance. We supply Vision for purchase and in a SaaS model. -The largest site that we currently support is an SaaS customer <a href="http://www.napaexcellence.ca"; class="externalLink">http://www.napaexcellence.ca</a> that has about 10,000 registered users. Half of these are employees of the client and the other half are clients. +The largest site that we currently support is an SaaS customer <a class="externalLink" href="http://www.napaexcellence.ca";>http://www.napaexcellence.ca</a> that has about 10,000 registered users. Half of these are employees of the client and the other half are clients. The catalogue has almost 900 courses offered using a Single Sign-On functionality from 5 different course delivery systems. The portal is integrated with the client's internal portal and employees see their divisional color scheme and logos in a consistent way as they move from their internal site to the SaaS LMS. Jetspeed's ability to customize the user's experience based on their profile has made branding within the site fairly straight forward both for employees and for their clients who participate in various affiliation programs. - </p> + </p> <p>Jetspeed has been very reliable. We have been able to achieve very functional and attractive sites. Vision currently consists of about 60 separately built modules which implement about 20 portlets. We are using Spring very intesively as well as Hibernate and MySQL for persistence. We are using WebServices with CXF which has turned out to be very easy to use. - </p> + </p> <p> Jetspeed contributes to the comfort level that we have that the application can be scaled very easily and that we will be able to meet new requirements relatively easily. - </p> -</td> -</tr> -<tr class="b"><td><a href="http://www.bluesunrise.com"; class="externalLink"><img src="images/users/bluesunrise.gif" /></a></td> -<td><a href="http://www.bluesunrise.com"; class="externalLink">BlueSunrise</a> provides services to help companies implement Jetspeed-2 solutions.</td> -</tr> -<tr class="a"><td><a href="http://www.cardinis.com/"; class="externalLink"><img src="images/users/CardinisSolutions.jpg" /></a></td> -<td><a href="http://www.cardinis.com/"; class="externalLink">CARDINIS Solutions S.p.A.</a> is leader in providing solutions for the governance of innovation and companies, leveraging on enterprise project portofilo management and strategy management. Cardinis Suite, the flagship product of CARDINIS Solutions, is based on international standards and methodologies, and on from-the-field experiences from our consulting activities and a continuous synergy with leading analysts and universities. It deploys technologies that enable communication and information sharing, through a collaborative platform for project, program, portfolio and demand management. To satisfy our clients' requests about capability of accessing critical information about projects and other business initiatives, we decided to adopt Jetspeed2 as the portal reference, providing custom portlets that respond to specific needs.</td> -</tr> -<tr class="b"><td><a href="http://www.chikpea.com/"; class="externalLink"><img src="images/users/chikpea.jpg" /></a></td> -<td><a href="http://www.chikpea.com/"; class="externalLink">Chikpea</a>provides a self-service portal, where Business can register as a Service Provider to serve their own customers to manage Sales and Services. It allows the Business to represent its own self-service website to capture sales and service requests, as well as provides complete solution to manage those requests.</td> -</tr> -<tr class="a"><td><a href="http://www.condast.de/"; class="externalLink"><img src="images/users/condast.png" /></a></td> -<td><a href="http://www.condast.de/"; class="externalLink"></a>We use Jetspeed for our homepage so that we can offer our customers personalized information. The Condast GmbH is a german IT-consulting company. We offer our own products and consulting in application development and portals (JetSpeed, WebSphere).</td> -</tr> -<tr class="b"><td><a href="http://www.cone.it/"; class="externalLink"><img src="images/users/cone.png" /></a></td> -<td><a href="http://www.cone.it/"; class="externalLink">Cone</a> is an italian service and consulting company that provides solutions to operate in the digital era. Cone has been using Jetspeed since 2001 as the base for all its web development. Since 2007 it is the engine behind 3Spices, a comprehensive and integrated web platform for management of structured content data, products and e-commerce, entirely based on Jetspeed 2.</td> -</tr> -<tr class="a"><td><a href="http://www.convergys.com/"; class="externalLink"><img src="images/users/convergys.gif" /></a></td> -<td><a href="http://www.convergys.com/"; class="externalLink">Convergys</a> uses Jetspeed-2 as a B2B Business Intelligence - Portal to expose reports from third party enterprise OLAP engines such as Cognos and MicroStrategy.</td> -</tr> -<tr class="b"><td><a href="http://www.itgroundwork.com/"; class="externalLink"><img src="images/users/groundwork.gif" /></a></td> -<td><a href="http://www.itgroundwork.com/"; class="externalLink">GroundWork</a>'s open source IT infrastructure monitoring + </p> +</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.bluesunrise.com";><img src="images/users/bluesunrise.gif" /></a></td> +<td><a class="externalLink" href="http://www.bluesunrise.com";>BlueSunrise</a> provides services to help companies implement Jetspeed-2 solutions.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.cardinis.com/";><img src="images/users/CardinisSolutions.jpg" /></a></td> +<td><a class="externalLink" href="http://www.cardinis.com/";>CARDINIS Solutions S.p.A.</a> is leader in providing solutions for the governance of innovation and companies, leveraging on enterprise project portofilo management and strategy management. Cardinis Suite, the flagship product of CARDINIS Solutions, is based on international standards and methodologies, and on from-the-field experiences from our consulting activities and a continuous synergy with leading analysts and universities. It deploys technologies that enable communication and information sharing, through a collaborative platform for project, program, portfolio and demand management. To satisfy our clients' requests about capability of accessing critical information about projects and other business initiatives, we decided to adopt Jetspeed2 as the portal reference, providing custom portlets that respond to specific needs.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.chikpea.com/";><img src="images/users/chikpea.jpg" /></a></td> +<td><a class="externalLink" href="http://www.chikpea.com/";>Chikpea</a>provides a self-service portal, where Business can register as a Service Provider to serve their own customers to manage Sales and Services. It allows the Business to represent its own self-service website to capture sales and service requests, as well as provides complete solution to manage those requests.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.condast.de/";><img src="images/users/condast.png" /></a></td> +<td><a class="externalLink" href="http://www.condast.de/";></a>We use Jetspeed for our homepage so that we can offer our customers personalized information. The Condast GmbH is a german IT-consulting company. We offer our own products and consulting in application development and portals (JetSpeed, WebSphere).</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.cone.it/";><img src="images/users/cone.png" /></a></td> +<td><a class="externalLink" href="http://www.cone.it/";>Cone</a> is an italian service and consulting company that provides solutions to operate in the digital era. Cone has been using Jetspeed since 2001 as the base for all its web development. Since 2007 it is the engine behind 3Spices, a comprehensive and integrated web platform for management of structured content data, products and e-commerce, entirely based on Jetspeed 2.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.convergys.com/";><img src="images/users/convergys.gif" /></a></td> +<td><a class="externalLink" href="http://www.convergys.com/";>Convergys</a> uses Jetspeed-2 as a B2B Business Intelligence + Portal to expose reports from third party enterprise OLAP engines such as Cognos and MicroStrategy.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.itgroundwork.com/";><img src="images/users/groundwork.gif" /></a></td> +<td><a class="externalLink" href="http://www.itgroundwork.com/";>GroundWork</a>'s open source IT infrastructure monitoring solution delivers enterprise-class availability and performance for a fraction of the cost of commercial - alternatives.</td> -</tr> -<tr class="a"><td><a href="http://www.hippo.nl/en/index.html"; class="externalLink"><img src="images/users/hippo.png" /></a></td> -<td><a href="http://www.hippo.nl/en/index.html"; class="externalLink">Hippo</a> is a Dutch open-source Content Management Software provider developing the Hippo Portal which integrates Hippo CMS with Jetspeed-2.<br /> + alternatives.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.hippo.nl/en/index.html";><img src="images/users/hippo.png" /></a></td> +<td><a class="externalLink" href="http://www.hippo.nl/en/index.html";>Hippo</a> is a Dutch open-source Content Management Software provider developing the Hippo Portal which integrates Hippo CMS with Jetspeed-2.<br /> - Hippo Portal will provide a complete Content Repository based Portal Site Management and Delivery solution available under the ASF 2.0 license.</td> -</tr> -<tr class="b"><td><a href="http://www.italtel.com/"; class="externalLink"><img src="images/users/logo_italtel.jpg" /></a></td> -<td><a href="http://www.italtel.com/"; class="externalLink">Italtel</a> is a key partner for telecommunication operators, ISPs, enterprises in the creation and management of Next-Generation Networks through cutting-edge technological products and solutions.<br /> -</td> -</tr> -<tr class="a"><td><a href="http://www.jahia.net"; class="externalLink"><img src="images/users/jahia.gif" /></a></td> -<td>The <a href="http://www.jahia.net"; class="externalLink">Jahia 5.0</a> line of products includes a Corporate Portal Server based on Jetspeed-2. - 100% Java based, the full Jahia source code is available under a collaborative and community source license (contribute or pay paradigm).</td> -</tr> -<tr class="b"><td><a href="http://www.neronote.com/"; class="externalLink"><img src="images/users/neronote.jpg" /></a></td> -<td><a href="http://www.neronote.com/"; class="externalLink">Neronote</a> is an e-commerce of customizable italian shirts. Based on the idea of mass customization, it lets the user to chose among thousands of fabrics and over 20 billion different shirts, through an interactive and informative step by step wizard. Neronote won the "best e-commerce" award at Italian Web Awards 2012. It runs on 3Spices, a content management platform based on Jetspeed 2 and integrated with Konakart for the store management.</td> -</tr> -<tr class="a"><td><a href="http://www.n2sm.net/"; class="externalLink"><img src="images/users/n2sm.gif" /></a></td> -<td><a href="http://www.n2sm.net/"; class="externalLink">N2SM</a> provides solutions and services to construct IT business, such as Company Internal Portal and EC site. </td> -</tr> -<tr class="b"><td><a href="http://www.openxava.org"; class="externalLink"><img src="images/users/openxava.gif" /></a></td> + Hippo Portal will provide a complete Content Repository based Portal Site Management and Delivery solution available under the ASF 2.0 license.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.italtel.com/";><img src="images/users/logo_italtel.jpg" /></a></td> +<td><a class="externalLink" href="http://www.italtel.com/";>Italtel</a> is a key partner for telecommunication operators, ISPs, enterprises in the creation and management of Next-Generation Networks through cutting-edge technological products and solutions.<br /> +</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.jahia.net";><img src="images/users/jahia.gif" /></a></td> +<td>The <a class="externalLink" href="http://www.jahia.net";>Jahia 5.0</a> line of products includes a Corporate Portal Server based on Jetspeed-2. + 100% Java based, the full Jahia source code is available under a collaborative and community source license (contribute or pay paradigm).</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.neronote.com/";><img src="images/users/neronote.jpg" /></a></td> +<td><a class="externalLink" href="http://www.neronote.com/";>Neronote</a> is an e-commerce of customizable italian shirts. Based on the idea of mass customization, it lets the user to chose among thousands of fabrics and over 20 billion different shirts, through an interactive and informative step by step wizard. Neronote won the "best e-commerce" award at Italian Web Awards 2012. It runs on 3Spices, a content management platform based on Jetspeed 2 and integrated with Konakart for the store management.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.n2sm.net/";><img src="images/users/n2sm.gif" /></a></td> +<td><a class="externalLink" href="http://www.n2sm.net/";>N2SM</a> provides solutions and services to construct IT business, such as Company Internal Portal and EC site. </td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.openxava.org";><img src="images/users/openxava.gif" /></a></td> <td>OpenXava generates JSR-168 portlets deployables in Jetspeed-2. It also generates all .psml, .ds, page.metadata to deploy an OpenXava application automatically in Jetspeed-2. - OpenXava distribution is bundled with Jetspeed-2 installation and its web site is powered by Jetspeed-2. </td> -</tr> -<tr class="a"><td><a href="http://www.portalu.de/"; class="externalLink"><img src="images/users/portalu.gif" /></a></td> -<td><a href="http://www.portalu.de/"; class="externalLink">PortalU</a>is the German Environmental + OpenXava distribution is bundled with Jetspeed-2 installation and its web site is powered by Jetspeed-2. </td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.portalu.de/";><img src="images/users/portalu.gif" /></a></td> +<td><a class="externalLink" href="http://www.portalu.de/";>PortalU</a>is the German Environmental Information Portal! It offers a comfortable and central access to over 1.000.000 web-pages and database entries from public agencies in Germany. We also guide you directly to up-to-date environmental news, upcoming and past environmental events, environmental monitoring data, - and interesting background information on many environmental topics.</td> -</tr> -<tr class="b"><td><a href="http://www.rosa.com"; class="externalLink"><img src="images/users/rosa.jpg" /></a></td> -<td><a href="http://www.rosa.com"; class="externalLink">R.O.S.A. Creation. Technology. Intelligence. AG</a> deploys collaborative portals using - Jetspeed-2 and provides services in portal development.</td> -</tr> -<tr class="a"><td><a href="http://www.ugs.com"; class="externalLink"><img src="images/users/ugs.gif" /></a></td> -<td><a href="http://www.ugs.com"; class="externalLink">UGS</a> provides portals for its global sales partners using Jetspeed 2.</td> -</tr> -<tr class="b"><td><a href="http://wemove.com"; class="externalLink"><img src="images/users/wemove.gif" /></a></td> -<td>The german company <a href="http://www.wemove.com/"; class="externalLink">wemove digital + and interesting background information on many environmental topics.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://www.rosa.com";><img src="images/users/rosa.jpg" /></a></td> +<td><a class="externalLink" href="http://www.rosa.com";>R.O.S.A. Creation. Technology. Intelligence. AG</a> deploys collaborative portals using + Jetspeed-2 and provides services in portal development.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://www.ugs.com";><img src="images/users/ugs.gif" /></a></td> +<td><a class="externalLink" href="http://www.ugs.com";>UGS</a> provides portals for its global sales partners using Jetspeed 2.</td> +</tr> +<tr class="b"><td><a class="externalLink" href="http://wemove.com";><img src="images/users/wemove.gif" /></a></td> +<td>The german company <a class="externalLink" href="http://www.wemove.com/";>wemove digital solutions</a> creates portal solutions for various customers. The - current project <a href="http://www.portalu.de/"; class="externalLink">"PortalU"</a> uses + current project <a class="externalLink" href="http://www.portalu.de/";>"PortalU"</a> uses Jetspeed2 to provide an interface to a powerful search-engine for - enviromental data.</td> -</tr> -<tr class="a"><td><a href="http://wfmopen.sf.net"; class="externalLink">WfMOpen</a></td> -<td>In its 1.4 version, <a href="http://wfmopen.sf.net"; class="externalLink">WfMOpen</a> provides resource management for the - workflow engines (BPE) and uses Jetspeed-2 as a container for the engine's administrative portlets.</td> -</tr> -</table> -</div> + enviromental data.</td> +</tr> +<tr class="a"><td><a class="externalLink" href="http://wfmopen.sf.net";>WfMOpen</a></td> +<td>In its 1.4 version, <a class="externalLink" href="http://wfmopen.sf.net";>WfMOpen</a> provides resource management for the + workflow engines (BPE) and uses Jetspeed-2 as a container for the engine's administrative portlets.</td> +</tr> +</table> +</div> </div> </div> @@ -360,7 +360,7 @@ We are using Spring very intesively as w </div> <div id="footer"> <div class="xright">© - 2004-2016 + 2004-2022 Apache Software Foundation
