Le lundi 07 juillet 2014 03:02:33 Andrew Petro a écrit : > Made some good progress towards 4.1.0 release […]. > Andrew
Hi uPortal developers, During a rebasing of a forked uportal-4.0.14…uportal-4.0.6.SR1¹ onto uportal-4.1.0-RC2, I came across 4 specific commits from 4.0 branch where I didn't found a matching² commit/code in 4.1 timeline. — UP-3640 → https://issues.jasig.org/browse/UP-3640 seems to be resolved differently by UP-3298 in 4.1 line. — UP-3665 → https://issues.jasig.org/browse/UP-3665 seems to me, to be related to ↑UP-3640 so may be irrelevant to 4.1 line. — UP-3642 → https://issues.jasig.org/browse/UP-3642 UP-3981 removed console.log(…) lines from personLookup.jsp, but not from the three other files (grep -rF console.log .)… UP-3642 might be cherry-picked if relevant (there's only one unchecked console access left in entity-selector.js I guess) > $ git cherry-pick $(git rev-list --grep=UP-3642 uportal-4.0.14) > $ git checkout HEAD -- uportal-war/src/main/webapp/WEB-INF/flows/person- lookup/personLookup.jsp > $ git cherry-pick --continue — UP-4106 → https://issues.jasig.org/browse/UP-4106 CVE-2014-3417 (Illicit access to Config mode) is marked as fixed in JIRA but the commit still may be cherry-picked without many unresolvable conflicts (through my non-expert eyes however). I thought that these ↑ might eventually interest some of you, so I shared that here. Sorry for the noise if not. Regards, -- Léa Raya DÉCORNOD —————— ¹: common ancestor btw 4.0 and 4.1 is ↓ > $ git describe $(git merge-base uportal-4.0.13 uportal-4.1.0-RC2) > uportal-4.0.6.SR1-10-gfd0248e ²: > git log --grep='\(UP-3640\|UP-3642\|UP-3665\|UP-4106\)' --oneline uportal-4.0.14 > 26aa4b4 UP-4106 Enforce CONFIG permission. > cdd2623 UP-3665 Fix non-servlet3 proxied req references > b459805 UP-3642 Removing unnecessary console.log statements > 3ba9ea6 UP-3640 Get uP40 working on TC7 > $ git log --grep='\(UP-3640\|UP-3642\|UP-3665\|UP-4106\)' --oneline uportal-4.1.0-RC2 > $ -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
