The 4.0.9.1 release has been cut. I'm keeping the same 4.0.9 release
pages and just updated the download links. The 4.0.9.1 Maven
artifacts should be available in the next few hours. Sorry for the
mixup, I'll blame the new year :)
-Eric
On 1/3/13 4:15 PM, Eric Dalquist wrote:
I just realized there is a minor bug in the 4.0.9 release. The
three 4.0.8 values here
in applicationContext.xml should actually be 4.0.9. I'll cut
a 4.0.9.1 release tomorrow morning to fix this.
This will only affect people upgrading from 4.0.8, if you are
upgrading from an earlier version it will have no effect.
-Eric
On 01/03/2013 03:47 PM, Eric Dalquist
wrote:
Apereo is
proud to announce uPortal 4.0.9, continuing in our regular
patch releases of uPortal 4.0. This release addresses a
number of minor bugs and one moderate security bug. For the
security bug any user with access to user-administration
would also be able to craft a URL to use the impersonation
feature even if the user lacked the impersonation
permission. This has been addressed via commits 3636ac and 8679f6 for those interested
in applying just the fix without upgrading to 4.0.9. This
release also includes two new statistics reports that show
Tab and Portlet execution counts broken down by group and
tab/portlet, thanks to Unicon's cooperative development
program for these reporting tools. Finally
a bug related to cached group and permission data has been
resolved such that at login existing attribute, group, and
permission information about the user is completely purged
to ensure a fresh session.
Features and
Changes of Note
- [UP-3626]
- Users with access to User Administration can impersonate
any user regardless of "IMPERSONATE" permission settings
- [UP-3625]
- Add report for Tab Render count
- [UP-3628]
- Add report for portlet execution count
Full Release Notes
Bug
- [UP-3083]
- Button styling in IE9 is not correct
- [UP-3254]
- uportal 4.0.2 + mysql specified key was too long issue
- [UP-3286]
- Tomcat examples available in uPortal demo
- [UP-3416]
- Portlet 286 Ajax requests: only the first ajax call is
processed
- [UP-3492]
- Content-Disposition cannot be set in ResourceResponse
- [UP-3550]
- portlet preferences (provided via config mode) are lost
when editing existing portlets
- [UP-3590]
- Portlet configuration does not display portlet.xml
parameters
- [UP-3598]
- Portlet Manager no longer displays preferences defined in
portlet.xml when you register a new portlet
- [UP-3613]
- Shibboleth and attributes user caching
- [UP-3616]
- Resource parameters not included in cache key generation
- [UP-3618]
- portlet admin : bug when setting up of preference readOnly
- [UP-3619]
- Fragment Administration portlet : Edit Page/Colum
Permissions
- [UP-3627]
- Pluto doesn't handle setting of Content-Type via headers
correctly
- [UP-3630]
- DAO_PING fails on MySQL
- [UP-3633]
- PortalDb DataSource not in JMX
Improvement
- [UP-3456]
- Streamline SASS implementation
- [UP-3478]
- Disable scheduled background tasks during uPShell
execution
- [UP-3535]
- Enhance UserAccountHelper to invalidate cached objects it
updates
- [UP-3623]
- Add LDAP Connection settings to Maven filters files
- [UP-3634]
- Add exception logging filter for all requests
- [UP-3635]
- Add Permanent Link feature to stats portlet
- [UP-3636]
- Include current username in thread naming
New Feature
- [UP-3625]
- Add report for Tab Render count
- [UP-3628]
- Add report for portlet execution count
Security Bug
- [UP-3626]
- Users with access to User Administration can impersonate
any user regardless of "IMPERSONATE" permission settings
-Eric Dalquist
|
smime.p7s
Description: S/MIME Cryptographic Signature
