Version 4.3.1 is a maintenance release of uPortal 4.3. It has been six months since the release of 4.3.0, and there are a large number of updates. In total, 32 JIRA tickets are resolved in this release. The vast majority of these are bug fixes, tasks, and modest improvements to existing features.
Addresses CVE-2016-1000257 (an open redirect vulnerability).
- 14 Bugs
- 8 Improvements
- 3 Tasks
Version 4.3.0 is the newest minor release of uPortal, and it is the product of a significant amount of brand new work. A total of 122 JIRA issues resolved or closed for this release, including 96 that are not a part of the 4.2.2 (or any other) release. If I had to sum up this release in one word, it would be this one: "Polish." uPortal 4.3.0 brings a large number of performance enhancements, improvements to user experience, and bug fixes. uPortal 4.3 also includes support for Java 8 & Tomcat 8.
- Support for Java 8
- Support for Tomcat 8
- Addresses a potential security vulnerability (https://issues.jasig.org/browse/UP-4643)
- Ability to manage BROWSE permission in the Portlet Manager
- Performance fixes & improvements for permissions evaluation & JPA PAGS
- Numerous improvements to the Tenant Manager
- Portlet Marketplace improvements
- New & updated REST APIs
- Ad hoc PAGS groups (based on membership/non-membership in other groups)
- Fixes & improvements to Respondr
- Updates to "Hover" Chrome (options for no-chrome portlets)
- New menu for small displays, plus optional "flyout" menues (like Universality offered)
- Allow fragment owners to manage fragment layouts regardless of restrictions
- Update Bootstrap to version 3.3.5
- Version updates to the bundled CAS and several bundled portlets
his version of uPortal is a maintenance/bug-fix release of the 4.2 minor version. It includes 40 bug fixes and improvements in total, which is a substantial number. There are some very important performance improvements included with this release. (There are even more in the 4.3.0 release, which is intended to be available in the same time frame as this release.)
This version of uPortal is a maintenance/bug-fix release of the 4.2 minor version. t includes 21 bug fixes and enhancements in total, but the primary motivation for this new patch release is updating to the new Java Portlet API 2.1 specification.
- The 4.2.1 wiki page, which includes macros listing known defects in this release and the issues resolved for this release.
Notable fixes in this release
- Update portlet api to 2.1
- Fragment-admin-exit portlet needs to be integrated with the Respondr skinning process
- uPortal builds failing with org.codehaus.staxmate:staxmate:jar:2.0.1 due to codehaus repo termination
- Add caching to two DB PAGS methods
- PortalPermissionEvaluator doesn't support unauthenticated users
- uPortal may not work with Oracle 12
- Add the search-launcher to the guest experience
- Poor SQL Performance for DB-based PAGS
- Improve performance of the Marketplace subsystem by REMOVING the (additonal) permissions check for MANAGE and by creating far fewer AuthorizationPrincipal objects
uPortal 4.2.0 Final
Released: 24 April 2015
This version of uPortal is a general audience (GA) release of the next uPortal minor version. It provides several new and exciting features that are not in the 4.1.x line, as well as all the maintenance updates – primarily bug & security fixes – that are included in the 4.1.x line. This release includes some modest changes to default configuration settings. (See Developer Notes below.) In upgrading to uPortal 4.2 from version 4.1, you are free to continue with the configurations you have; but you should review these changes and strongly consider making them locally. These changes offer better alignment with planned future enhancements.
The following enhancements or bug fixes are especially noteworthy.
- Hover chrome, which provides access to chrome-based functions (e.g. Minimize, Maximize, Remove, etc.) for portlets with showChrome=false
- Numerous enhancements and fixes to uPortal's Multi-Tenancy features
- The Portlet Manager UI has been greatly improved & simplified
- A client-side session timeout warning message, with the option to continue the session, has been added
- A 6-column layout option has been added; works gorgeously with small portlets like the App Launcher
- The Portlet Marketplace UI has been greatly improved & simplified
- Added MAINTENANCE portlet lifecycle state (accessible from the Portlet Manager), which displays a user-friendly message when a portlet is out-of-service
- Added support for the Experience ("Tin Can") API
- Added Transient Layout Node support for unauthenticated (guest) users; this enhancement means that guest users can access – provided they have the proper permissions -- portlets that are not on the guest layout
Notes on Deploying & Upgrading:
- Requires Servlet API 3.0 to run. Tomcat 7.0 supports this version. Choose the most recent Tomcat 7.
- Requires Java 7 ("JDK 1.7"). Java 8 ("JDK 1.8") is not yet supported.
- Data export and import is required when upgrading from uPortal 4.0.x or earlier. (It's also worth considering if you're upgrading from uPortal 4.1.x, depending on how much is changing.)
- The default PAGS implementation has been switched from XML file-based (legacy) to database-based (JPA); the legacy configuration still works, but you may want to make the switch (some future administrative tools may require the JPA strategy); there is a Groovy script for migrating
- The BROWSE permission now exclusively governs whether a portlet is available to a user in the Customize Gallery, Search results, and the /api/portletList API (used by Customize Gallery). The behavior of /api/portletList, moreover, has changed to include portlets with no categories. This change will require uPortal 4.1 and prior to review their data entities to add BROWSE permissions when migrating portlet definitions to uPortal 4.2.0. Without the BROWSE permission, users will not see portlets in these interfaces.
- The Universality theme has been retired; Respondr is now the only theme for non-mobile devices
A first milestone release towards uPortal 4.2.0. Not a general audience release or even a release candidate. Not intended for production adoption.
- The uPortal 4.2.0-m1 release page and news item on www.apereo.org
- The uPortal 4.2.0-m1 page in the Confluence wiki, which includes reports from the issue tracker.
- A blog post detailing what’s in this release
uPortal 4.2 is uPortal 4.1 except better.
- Better Marketplace, something much closer to feature-complete than that shipping in uPortal 4.1. You might even be willing to put this Marketplace in front of real users.
- Better APIs. Especially JSON web service APIs. Also improvements to Java APIs modeling users and to plugin points in the rendering pipeline and for user profile selection.
- Better experiences. A user-facing dialog inviting session extension when session timeout expires. Better messaging to users when portlets are taken out of service for maintenance.
- Better tools. A much more attractive Portlet Manager and Permissions Manager. Command line conveniences and a better command line build implementation.
- Better logging for better troubleshooting.
Pull requests that were merged for inclusion in this release:
- Marketplace with asynchronous cache population, layout adding, enforcement of BROWSE permission on related portlets and client-side screenshot validation.
- A much nicer Portlet Manager, with tooltips in the UI and better documentation to disambiguate portlet names, titles, and fnames. Other administrative UIs got better too. And a new Maintenance portlet lifecycle state.
- Fixed Google Analytics integration.
- A session timeout dialog
- Inline portlet configuration
- Better search results for Simple Content portlets.
- App Launcher portlet type with a handy six column layout to place them in.
- Better JSON APIs including fnames. Better IPerson API.
- Better handling of access to portlets not in one’s layout, also for unauthenticated users in transient layouts no less
- Filters Respondr regions out of mUniversality and adds Google Analytics in.
- Handy administrative access to dynamic skin configuration
- Saving a layout change as one AJAX call rather than two
- Updated PostgreSQL dependency
- A SmartLdap group store that’s less weird. Still smart.
- Use of CSS animation rather than jQuery animation, with the added bonus of working. Better
showchrome = falsestyling, again with the workings.
- Sticky profile selections, in transactions, with a fancy createOrUpdate DAO API, but not for the guest user, and with graceful failure and logging.
- MarketplaceEntry, MarketplacePortletDefinition, and PortletDefinitionImpl nicities, with keywords, launching better URLS to specified target windows.
- Better portlet failure logging and logging on DLM fragment audience determination.
- Better tools for schema update generation and deploying XSLT and LESS files, and you can even run them under
- Rendering pipeline tricks to conditionally terminate in a redirect.
- Better Groovy compilation implementation in a build process without focus stealing
- Unit testing that respondr.xsl compiles, now that everyone is adopting it.
- Updated guidance for contributing. You should.