uPortal 4.3.1

@drewwills drewwills released this Oct 21, 2016 · 394 commits to master since this release


Version 4.3.1 is a maintenance release of uPortal 4.3. It has been six months since the release of 4.3.0, and there are a large number of updates. In total, 32 JIRA tickets are resolved in this release. The vast majority of these are bug fixes, tasks, and modest improvements to existing features.

Addresses CVE-2016-1000257 (an open redirect vulnerability).


  • 14 Bugs
  • 8 Improvements
  • 3 Tasks


uPortal 4.3.0

@drewwills drewwills released this Apr 25, 2016 · 435 commits to master since this release

Version 4.3.0 is the newest minor release of uPortal, and it is the product of a significant amount of brand new work. A total of 122 JIRA issues resolved or closed for this release, including 96 that are not a part of the 4.2.2 (or any other) release. If I had to sum up this release in one word, it would be this one: "Polish." uPortal 4.3.0 brings a large number of performance enhancements, improvements to user experience, and bug fixes. uPortal 4.3 also includes support for Java 8 & Tomcat 8.


  • Support for Java 8
  • Support for Tomcat 8
  • Addresses a potential security vulnerability (https://issues.jasig.org/browse/UP-4643)
  • Ability to manage BROWSE permission in the Portlet Manager
  • Performance fixes & improvements for permissions evaluation & JPA PAGS
  • Numerous improvements to the Tenant Manager
  • Portlet Marketplace improvements
  • New & updated REST APIs
  • Ad hoc PAGS groups (based on membership/non-membership in other groups)
  • Fixes & improvements to Respondr
  • Updates to "Hover" Chrome (options for no-chrome portlets)
  • New menu for small displays, plus optional "flyout" menues (like Universality offered)
  • Allow fragment owners to manage fragment layouts regardless of restrictions
  • Update Bootstrap to version 3.3.5
  • Version updates to the bundled CAS and several bundled portlets


uPortal 4.2.2

@drewwills drewwills released this Apr 22, 2016 · 943 commits to master since this release

his version of uPortal is a maintenance/bug-fix release of the 4.2 minor version. It includes 40 bug fixes and improvements in total, which is a substantial number. There are some very important performance improvements included with this release. (There are even more in the 4.3.0 release, which is intended to be available in the same time frame as this release.)

Detailed Release Notes


uPortal 4.2.0

@drewwills drewwills released this Apr 24, 2015 · 944 commits to master since this release

uPortal 4.2.0 Final
Released: 24 April 2015


This version of uPortal is a general audience (GA) release of the next uPortal minor version. It provides several new and exciting features that are not in the 4.1.x line, as well as all the maintenance updates – primarily bug & security fixes – that are included in the 4.1.x line. This release includes some modest changes to default configuration settings. (See Developer Notes below.) In upgrading to uPortal 4.2 from version 4.1, you are free to continue with the configurations you have; but you should review these changes and strongly consider making them locally. These changes offer better alignment with planned future enhancements.


The following enhancements or bug fixes are especially noteworthy.

  • Hover chrome, which provides access to chrome-based functions (e.g. Minimize, Maximize, Remove, etc.) for portlets with showChrome=false
  • Numerous enhancements and fixes to uPortal's Multi-Tenancy features
  • The Portlet Manager UI has been greatly improved & simplified
  • A client-side session timeout warning message, with the option to continue the session, has been added
  • A 6-column layout option has been added; works gorgeously with small portlets like the App Launcher
  • The Portlet Marketplace UI has been greatly improved & simplified
  • Added MAINTENANCE portlet lifecycle state (accessible from the Portlet Manager), which displays a user-friendly message when a portlet is out-of-service
  • Added support for the Experience ("Tin Can") API
  • Added Transient Layout Node support for unauthenticated (guest) users; this enhancement means that guest users can access – provided they have the proper permissions -- portlets that are not on the guest layout

Notes on Deploying & Upgrading:

  • Requires Servlet API 3.0 to run. Tomcat 7.0 supports this version. Choose the most recent Tomcat 7.
  • Requires Java 7 ("JDK 1.7"). Java 8 ("JDK 1.8") is not yet supported.
  • Data export and import is required when upgrading from uPortal 4.0.x or earlier. (It's also worth considering if you're upgrading from uPortal 4.1.x, depending on how much is changing.)
  • The default PAGS implementation has been switched from XML file-based (legacy) to database-based (JPA); the legacy configuration still works, but you may want to make the switch (some future administrative tools may require the JPA strategy); there is a Groovy script for migrating
  • The BROWSE permission now exclusively governs whether a portlet is available to a user in the Customize Gallery, Search results, and the /api/portletList API (used by Customize Gallery). The behavior of /api/portletList, moreover, has changed to include portlets with no categories. This change will require uPortal 4.1 and prior to review their data entities to add BROWSE permissions when migrating portlet definitions to uPortal 4.2.0. Without the BROWSE permission, users will not see portlets in these interfaces.
  • The Universality theme has been retired; Respondr is now the only theme for non-mobile devices


uPortal 4.2.0 Milestone 1

@apetro apetro released this Dec 30, 2014 · 1080 commits to master since this release

A first milestone release towards uPortal 4.2.0. Not a general audience release or even a release candidate. Not intended for production adoption.

See also:

uPortal 4.2 is uPortal 4.1 except better.

  • Better Marketplace, something much closer to feature-complete than that shipping in uPortal 4.1. You might even be willing to put this Marketplace in front of real users.
  • Better APIs. Especially JSON web service APIs. Also improvements to Java APIs modeling users and to plugin points in the rendering pipeline and for user profile selection.
  • Better experiences. A user-facing dialog inviting session extension when session timeout expires. Better messaging to users when portlets are taken out of service for maintenance.
  • Better tools. A much more attractive Portlet Manager and Permissions Manager. Command line conveniences and a better command line build implementation.
  • Better logging for better troubleshooting.

Pull requests that were merged for inclusion in this release: