uPortal : support for version or dependency upgradation

22 views
Skip to first unread message

anuj pankaj

unread,
May 8, 2025, 11:21:45 AMMay 8
to uPortal Community

Dear Sir/Madam,

 

I am representing MSTS Tolls, a member of Shell Group. We are technology driven product-based company and offering Tolls solution across Europe. 

 

Our product built on Microservices based architecture and that incorporating various teams from different Tech stack that also includes uPortal (https://www.apereo.org/programs/software/uportal).  We are upgrading our project dependent libraries and their versions like Java 1.8 to Java 17 and Spring 2.x to Spring 3.4.1 to counter many security & critical vulnerabilities that have been detected in OSS (Open Source software) by one of our code quality tool and as part of this exercise we also need to upgrade uPortal version in same line. 

 

I was going through to uPortal GitHub project to find latest version of uPortal to take it up this exercise , however I am unable to find any version that has upgraded as per our required configuration (Java 17 and Spring 3.4.1 or any suitable version) and neither I am unable to find steps to upgrade by ourself. I am reaching out to you find these answers. Please acknowledge, can we get such support for the uPortal upgrade? , many questions in our mind, how does Apereo look this ?, do they consider vulnerabilities and if yes , then what can be done to address this. Please find below some vulnerabilities detected by our Code Quality tool. 

 

Vulnerabilities :

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22978
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3773
  3. https://github.com/advisories/GHSA-896r-f27r-55mw
  4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
  6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893

 

There are many more to make this list very long. Please use them as reference, awaiting response. 

 

Thanks in advance !

Anuj Pankaj

Patrick Masson

unread,
May 9, 2025, 9:49:26 AMMay 9
to anuj.a...@shell.com, Jyoti....@mststolls.com, Charise Arrowood, Benito Gonzalez, in...@apereo.org, uporta...@apereo.org

Hello Anuj,

Thank you for reaching out and for sharing the important work MSTS Tolls, as part of the Shell Group, is doing to provide tolling solutions across Europe. We’re glad to know that uPortal is a part of your technology stack and appreciate your commitment to keeping your systems secure and up to date.

We’d like to gently clarify that the Apereo Foundation and its projects, including uPortal, are supported and maintained by a volunteer-driven open source community. As such, Apereo does not offer direct support services, and all assistance from the community — including help with upgrades, troubleshooting, and improvements — is provided by contributors volunteering their time and expertise.

We noticed the tone of your message suggests an expectation of direct support, and we kindly ask whether your team has prior experience engaging with open source communities. Open source projects operate differently from commercial vendors (contracted service providers), and working collaboratively, transparently, and with an understanding of mutual respect for contributors’ time is an important aspect of the open source model.

That said, your concerns around security and modernization are valid and appreciated. Community discussions — such as those held via mailing lists, and GitHub issues — are the best venues to raise these upgrade questions. Indeed a two posts just prior to yours (May 2nd) by one of uPortal's lead developers provides an update regarding future releases related to your issues [1, 2]. As you'll note by reviewing the discussions, many in the uPortal community are exploring similar modernization efforts, and by participating in those channels, your team may also benefit from shared solutions or offer contributions that support others.

If your organization requires guaranteed support or accelerated upgrades, there are commercial service providers familiar with uPortal and Apereo technologies. Unicon, an Apereo commercial member provides dedicated uPortal services, including custom development and migration assistance.

Finally, given the scale and importance of uPortal in your offerings, we encourage MSTS Tolls and Shell Group to consider supporting the project through Apereo Foundation membership. Membership helps sustain the project’s health, supports community infrastructure, and demonstrates leadership in the open source space.

Thank you again for reaching out. We welcome your continued involvement and look forward to any contributions or participation from your team in the uPortal community.

Warm regards,
Patrick

1. https://groups.google.com/u/1/a/apereo.org/g/uportal-user/c/d9ktfsL_f6E
2. https://groups.google.com/u/1/a/apereo.org/g/uportal-user/c/d9ktfsL_f6E

On 5/8/25 11:04 AM, anuj.a.pankaj via Information wrote:

Hi uPortal team,

 

We are looking support for uPortal as our product has been built on uPortal. We are not sure, whom should we reach to get the support so reached to in...@apereo.org. Three days has passed and still waiting for acknowledgment.  Please confirm, if we can get support for inline e-mail or redirect to respective team.

--
Patrick Masson
Executive Director
Apereo Foundation
9450 SW Gemini Dr PMB 98572
Beaverton, OR 97008-7105
Mobile: +1 (919) MASSON1
Calendar: Book a call

Do you support open source in education?
JOIN FRIENDS OF APEREO TODAY!
Reply all
Reply to author
Forward
0 new messages