Re:[uportal-dev] uPortal 4.0.9 Released

[Eric Dalquist]

I just realized there is a minor bug in the 4.0.9 release. The three 4.0.8 values here in applicationContext.xml should actually be 4.0.9. I'll cut a 4.0.9.1 release tomorrow morning to fix this. This will only affect people upgrading from 4.0.8, if you are upgrading from an earlier version it will have no effect. -Eric On 01/03/2013 03:47 PM, Eric Dalquist wrote: Apereo is proud to announce uPortal 4.0.9, continuing in our regular patch releases of uPortal 4.0. This release addresses a number of minor bugs and one moderate security bug. For the security bug any user with access to user-administration would also be able to craft a URL to use the impersonation feature even if the user lacked the impersonation permission. This has been addressed via commits 3636ac and 8679f6 for those interested in applying just the fix without upgrading to 4.0.9. This release also includes two new statistics reports that show Tab and Portlet execution counts broken down by group and tab/portlet, thanks to Unicon's cooperative development program for these reporting tools. Finally a bug related to cached group and permission data has been resolved such that at login existing attribute, group, and permission information about the user is completely purged to ensure a fresh session. Features and Changes of Note [UP-3626] - Users with access to User Administration can impersonate any user regardless of "IMPERSONATE" permission settings [UP-3625] - Add report for Tab Render count [UP-3628] - Add report for portlet execution count Updating from 4.0.0-4.0.5 If you have data you care about in the UP_LOGIN_EVENT_AGGREGATE table please back it up externally or rename the table before executing the following steps. db-update will drop this table. After configuring your uPortal 4.0.8 source run: ant db-update Downloads: http://www.jasig.org/uportal/download/uportal-409 Release Notes: https://wiki.jasig.org/display/UPC/4.0.9 Maven Project Site: http://developer.jasig.org/projects/uportal/4.0.9/ Full Release Notes Bug [UP-3083] - Button styling in IE9 is not correct [UP-3254] - uportal 4.0.2 + mysql specified key was too long issue [UP-3286] - Tomcat examples available in uPortal demo [UP-3416] - Portlet 286 Ajax requests: only the first ajax call is processed [UP-3492] - Content-Disposition cannot be set in ResourceResponse [UP-3550] - portlet preferences (provided via config mode) are lost when editing existing portlets [UP-3590] - Portlet configuration does not display portlet.xml parameters [UP-3598] - Portlet Manager no longer displays preferences defined in portlet.xml when you register a new portlet [UP-3613] - Shibboleth and attributes user caching [UP-3616] - Resource parameters not included in cache key generation [UP-3618] - portlet admin : bug when setting up of preference readOnly [UP-3619] - Fragment Administration portlet : Edit Page/Colum Permissions [UP-3627] - Pluto doesn't handle setting of Content-Type via headers correctly [UP-3630] - DAO_PING fails on MySQL [UP-3633] - PortalDb DataSource not in JMX Improvement [UP-3456] - Streamline SASS implementation [UP-3478] - Disable scheduled background tasks during uPShell execution [UP-3535] - Enhance UserAccountHelper to invalidate cached objects it updates [UP-3623] - Add LDAP Connection settings to Maven filters files [UP-3634] - Add exception logging filter for all requests [UP-3635] - Add Permanent Link feature to stats portlet [UP-3636] - Include current username in thread naming New Feature [UP-3625] - Add report for Tab Render count [UP-3628] - Add report for portlet execution count Security Bug [UP-3626] - Users with access to User Administration can impersonate any user regardless of "IMPERSONATE" permission settings -Eric Dalquist

smime.p7s
Description: S/MIME Cryptographic Signature