I’m happy to announce that today, Liferay released the much anticipated Liferay Portal 6.1 CE GA3 release! DOWNLOADS: [Tomcat Bundle | GlassFish Bundle | JBoss Bundle | Maven Artifacts and Info | Source Bundle | Github Repo | other bundles and support files].
This update contains over 500 fixes, most importantly those fixes related to Liferay’s Security Manager (née PACL) and Spring MVC, which prevented many of you from successfully publishing your apps to the Marketplace. These issues should now be fixed.
Following Liferay's versioning scheme established in 2010, this release is called Liferay Portal 6.1 CE GA3. The internal version number is 6.1.2. See below for upgrade instructions from previous releases.
Earlier this year, Liferay made the use of its Security Manager optional, for those that wish to publish free apps. This will continue to be optional, though you are highly encouraged to make use of PACL in your apps - this is an important step for securing your apps, especially paid apps (once this feature is added to Marketplace).
In support of PACL, a new quasi-feature has also been added in this release - the PACL Policy Generator. This feature will automatically generate the necessary PACL policy declarations for you, saving you from having to manually test, modify, and re-test your apps. See the PACL Policy Generator's official documentation for details on how to use the generator.
If you’ve been waiting for this release to publish your app to the Marketplace, be sure to test your app with this release, and indicate that your apps are compatible with this release (and the associated EE release) by using
liferay-versions=6.1.2+,6.1.30+ in your
liferay-plugin-package.properties file. If you’ve already successfully published apps with liferay-versions=
6.1.1+ or liferay-versions=
6.1.1+,6.1.20+ then you don’t need to re-publish, but you should test against the release to ensure compatibility (see the compatibility note below).
For more detail, see:
- LPS-33047 - PACL - As a developer I would like reasonable java operations such as classloading, reflection, native library access within libraries I include to not prevent me from developing plugins for the marketplace
- LPS-32200 As a Liferay Marketplace Developer, it should be less time consuming and less error prone to identify and declare necessary PACL declarations
Liferay is committed to producing high quality and secure products. As with all of Liferay’s CE update releases, many security bugs have been fixed, including all of the security issues reported to, and fixed in the context of, the Liferay Community Security Team. The security of our products is very important to our customers and the wider Liferay community, and we have processes in place to ensure that any security-related issues are promptly addressed and that our customers' data is kept secure. For more detail, check out Liferay's “/security” URL.
JDK 7 Support
Another addition to this release is support for Java 7. Typically, Liferay will add support for new underlying platforms in a minor release, but this one was too important to pass up. See LPS-29538 Java 7 Support for details.
Spring MVC Fixes
6.1 CE GA2 had a bug that prevented many Spring MVC-based apps from properly initializing. See LPS-29103 Custom Spring MVC -portlets broken after upgrading to Liferay 6.1 GA2 (web.xml listener order) for more detail, but rest assured it's no longer an issue!
Liferay aims to make releases within a given “release family” compatible, and are continually improving the development process to catch compatibility issues early and go through the proper deprecation process, and it is no different in this release. A handful of APIs have been deprecated in this release as a result of bugfixing. If you are using them, you should strongly consider modifying your apps to use their documented replacement APIs.
As a general rule, you can upgrade from one major release to the next major release. For example, you can upgrade directly from Liferay 6.0.x to 6.1.2, but not from 5.2.x to 6.1.2. If you need to upgrade over several major releases, you'll need to run the upgrade procedure for each major release until you reach the release you want. See the official upgrade documentation for more detail and the explicit steps for upgrading. In particular, you can upgrade from 6.0.x, 6.1.0, and 6.1.1 to this release (6.1.2).
1. The GlassFish bundle has a known first-start issue (LPS-39095) with the following workarounds:
- Stop and restart the domain
portal-ext.propertiesfile (this causes Liferay to use the default security manager configured by the application server. A security manager will not be used if the application server did not configure one)
2. Due to a last minute JSP compilation build failure, the Liferay+Resin bundle is not yet available. Engineers are working on the fix as I type and it should be available soon!
A special community shout-out goes to Rotterdam CS and Emeldi for helping us with the PACL and Spring MVC testing - their apps and staff helped us find several important issues before the release, which is an awesome by-product of all the great apps people are making! Thanks, ya'll!
This is most likely the last update for the 6.1 CE vintage - 6.2 CE is right around the corner, so if you’re interested in seeing what’s coming in the next release, be sure to get involved in the 6.2 Beta program!