From portal-commits at lists.jboss.org Tue Jan 24 18:49:40 2012
Content-Type: multipart/mixed; boundary="===============1663442040515114928=="
MIME-Version: 1.0
From: portal-commits at lists.jboss.org
To: portal-commits at lists.jboss.org
Subject: [portal-commits] JBoss Portal SVN: r14046 -
docs/enterprise/trunk/Static_Docs_Zip.
Date: Tue, 24 Jan 2012 18:49:40 -0500
Message-ID: <201201242349.q0ONne2n020571@svn01.web.mwc.hst.phx2.redhat.com>
--===============1663442040515114928==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Author: jaredmorgs
Date: 2012-01-24 18:49:40 -0500 (Tue, 24 Jan 2012)
New Revision: 14046
Added:
docs/enterprise/trunk/Static_Docs_Zip/README.html
Removed:
docs/enterprise/trunk/Static_Docs_Zip/Reference_Guide.pdf
docs/enterprise/trunk/Static_Docs_Zip/Release_Notes.html
docs/enterprise/trunk/Static_Docs_Zip/Tuning_Guide.pdf
docs/enterprise/trunk/Static_Docs_Zip/User_Guide.pdf
Log:
making changes, deleting old docs
Copied: docs/enterprise/trunk/Static_Docs_Zip/README.html (from rev 14045, =
docs/enterprise/trunk/Static_Docs_Zip/Release_Notes.html)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- docs/enterprise/trunk/Static_Docs_Zip/README.html =
(rev 0)
+++ docs/enterprise/trunk/Static_Docs_Zip/README.html 2012-01-24 23:49:40 U=
TC (rev 14046)
@@ -0,0 +1,103 @@
+
+
+CP07 Release Not=
es
JBoss Enterprise Port=
al Platform4.3
CP07 Release Notes
For use with JBoss Enterprise Portal Platform 4.3 CP07.
<=
/div>
Edition 4.3.7
+
+
+
Re=
d HatDocumentation Team
Red Hat Engineering Content Services
Legal Notice
+ Copyright =C2=A9 2011 Red Hat, Inc.
+
+ The text of and illustrations in this document are licensed by Red Hat u=
nder a Creative Commons Attribution=E2=80=93Share Alike 3.0 Unported licens=
e ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licen=
ses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this doc=
ument or an adaptation of it, you must provide the URL for the original ver=
sion.
+
+ Red Hat, as the licensor of this document, waives the right to enforce, =
and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent perm=
itted by applicable law.
+
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix=
, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., regi=
stered in the United States and other countries.
+
+ Linux=C2=AE is the registered trademark=
of Linus Torvalds in the United States and other countries.
+
+ Java=C2=AE is a registered trademark of=
Oracle and/or its affiliates.
+
+ XFS=C2=AE is a trademark of Silicon Gra=
phics International Corp. or its subsidiaries in the United States and/or o=
ther countries.
+
+ MySQL=C2=AE is a registered trademark o=
f MySQL AB in the United States, the European Union and other countries.
+
+ All other trademarks are the property of their respective owners.
+
Abstract
+ These release notes contain important information related to JBoss Ente=
rprise Portal Platform 4.3 CP07 that may not be currently available in the =
Product Manuals. You should read these Release Notes in their entirety befo=
re installing the product.
+
+ JBoss Enterprise Portal Platform offers an intuitive, easy to manage us=
er interface and a proven core infrastructure to enable organizations to qu=
ickly build dynamic web sites in a highly reusable way. By bringing the pri=
ncipals of Open Choice to the presentation layer, JBoss Enterprise Portal P=
latform 5 maximizes existing skills and technology investments.
+
+ By integrating open source frameworks such as JBoss Seam, Hibernate, To=
mcat, and JBoss Cache, JBoss Enterprise Portal Platform takes advantage of =
innovations in the open source community.
+
+ JBoss Enterprise Portal Platform 4.3 CP07 is fully tested and supported=
by Red Hat, and is certified to work on many leading enterprise hardware a=
nd software products.
+
Chapter=C2=A02.=C2=A0In=
stallation
+ The JBoss Enterprise Portal Platform 4.3 CP07 I=
nstallation Guide contains detailed installation instructions as well =
as environment requirements.
+
+ A bug in the org.jboss.portal.cms.security.AuthorizationProviderImpl#g=
etCurrentRoles() call was incorrectly returning null. Users authenticated u=
sing LDAP were not seeing content that should have been available to them t=
hrough the CMSPreviewServlet. The fix implements a fallback mechanism that =
uses the membershipModule to correctly authenticate users.
+
+ Removing the dashboard context from default-object.xml resulted in a N=
ull Pointer Exception (NPE) when a user authenticated. The fix ensures that=
a proper null check is performed at the dashboardContext =3D portalObjectC=
ontainer.getContext(dashboardContextId) call, which fixes the issue.
+
+ IE 6 displayed "This page contains both secure and nonsecure items" on=
every page when users were authenticated using SSL. While IE6 was honoring=
the information it received in the header.jsp, this caused unnecessary mod=
al dialog boxes to display every time a page with mixed content was opened.=
The fix implements changes to the header.jsp to correctly detect when a us=
er is authenticated, and prevents the dialog boxes from opening.
+
+ A bug in the HttpSession listener caused the ClusteredSession.invalida=
ted() method to be called one during session validation, and again during t=
he sessionDestroyed() call. Because the session was already invalidated, an=
exception is raised at the second invalidation attempt. The fix to HttpSes=
sion removes the unnecessary second call, which fixes the issue.
+
+ It was found that the invoker servlets, deployed by default via httpha=
-invoker, only performed access control on the HTTP GET and POST methods, a=
llowing remote attackers to make unauthenticated requests by using differen=
t HTTP methods. Due to the second layer of authentication provided by a sec=
urity interceptor, this issue is not exploitable on default installations u=
nless an administrator has misconfigured the security interceptor or disabl=
ed it. (CVE-2011-4085)
+
For use with JBoss Enterprise Portal Platform 4.3 CP07.
<=
/div>
Edition 4.3.7
-
-
-
Re=
d HatDocumentation Team
Red Hat Engineering Content Services
Legal Notice
- Copyright =C2=A9 2011 Red Hat, Inc.
-
- The text of and illustrations in this document are licensed by Red Hat u=
nder a Creative Commons Attribution=E2=80=93Share Alike 3.0 Unported licens=
e ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licen=
ses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this doc=
ument or an adaptation of it, you must provide the URL for the original ver=
sion.
-
- Red Hat, as the licensor of this document, waives the right to enforce, =
and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent perm=
itted by applicable law.
-
- Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix=
, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., regi=
stered in the United States and other countries.
-
- Linux=C2=AE is the registered trademark=
of Linus Torvalds in the United States and other countries.
-
- Java=C2=AE is a registered trademark of=
Oracle and/or its affiliates.
-
- XFS=C2=AE is a trademark of Silicon Gra=
phics International Corp. or its subsidiaries in the United States and/or o=
ther countries.
-
- MySQL=C2=AE is a registered trademark o=
f MySQL AB in the United States, the European Union and other countries.
-
- All other trademarks are the property of their respective owners.
-
Abstract
- These release notes contain important information related to JBoss Ente=
rprise Portal Platform 4.3 CP07 that may not be currently available in the =
Product Manuals. You should read these Release Notes in their entirety befo=
re installing the product.
-
- JBoss Enterprise Portal Platform offers an intuitive, easy to manage us=
er interface and a proven core infrastructure to enable organizations to qu=
ickly build dynamic web sites in a highly reusable way. By bringing the pri=
ncipals of Open Choice to the presentation layer, JBoss Enterprise Portal P=
latform 5 maximizes existing skills and technology investments.
-
- By integrating open source frameworks such as JBoss Seam, Hibernate, To=
mcat, and JBoss Cache, JBoss Enterprise Portal Platform takes advantage of =
innovations in the open source community.
-
- JBoss Enterprise Portal Platform 4.3 CP07 is fully tested and supported=
by Red Hat, and is certified to work on many leading enterprise hardware a=
nd software products.
-
Chapter=C2=A02.=C2=A0In=
stallation
- The JBoss Enterprise Portal Platform 4.3 CP07 I=
nstallation Guide contains detailed installation instructions as well =
as environment requirements.
-
- A bug in the org.jboss.portal.cms.security.AuthorizationProviderImpl#g=
etCurrentRoles() call was incorrectly returning null. Users authenticated u=
sing LDAP were not seeing content that should have been available to them t=
hrough the CMSPreviewServlet. The fix implements a fallback mechanism that =
uses the membershipModule to correctly authenticate users.
-
- Removing the dashboard context from default-object.xml resulted in a N=
ull Pointer Exception (NPE) when a user authenticated. The fix ensures that=
a proper null check is performed at the dashboardContext =3D portalObjectC=
ontainer.getContext(dashboardContextId) call, which fixes the issue.
-
- IE 6 displayed "This page contains both secure and nonsecure items" on=
every page when users were authenticated using SSL. While IE6 was honoring=
the information it received in the header.jsp, this caused unnecessary mod=
al dialog boxes to display every time a page with mixed content was opened.=
The fix implements changes to the header.jsp to correctly detect when a us=
er is authenticated, and prevents the dialog boxes from opening.
-
- A bug in the HttpSession listener caused the ClusteredSession.invalida=
ted() method to be called one during session validation, and again during t=
he sessionDestroyed() call. Because the session was already invalidated, an=
exception is raised at the second invalidation attempt. The fix to HttpSes=
sion removes the unnecessary second call, which fixes the issue.
-
- It was found that the invoker servlets, deployed by default via httpha=
-invoker, only performed access control on the HTTP GET and POST methods, a=
llowing remote attackers to make unauthenticated requests by using differen=
t HTTP methods. Due to the second layer of authentication provided by a sec=
urity interceptor, this issue is not exploitable on default installations u=
nless an administrator has misconfigured the security interceptor or disabl=
ed it. (CVE-2011-4085)
-
![3D"Documentation](3D"Common_Content/images/image_r!)