The uPortal 4.0.15 and 4.1.1 releases will ship with a code fix so that even uPortals not updating their security.properties will no longer be vulnerable. Those releases are in flight and should complete today, but if you are affected you really shouldn’t
wait for that process to complete to apply this fix to your security.properties.
This is issue https://issues.jasig.org/browse/UP-4192 in the uPortal issue tracker.
With best wishes for low-hassle patching,
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user