SAK-10719 was the original general 2.5 upgrade issue, which is probably irrelavent now that we have to updgrade for security reasons.

Upgraded Tomahawk to 1.1.6 in Calendar Summary (TRUNK) in r32561. Tests in local trunk instance revealed no issues.

Upgraded Tomahawk to 1.1.6 in User Membership (TRUNK) in r32562. Tests in local trunk instance revealed no issues.

Calendar Summary fix applied to 2.4.x:
  r32561 and r32564 merged into 2.4.x branch in r32565

User Membership fix applied to 2.4.x:
  r32562 and r32563 merged into 2.4.x branch in r32566

Blog fixed in the trunk. Testing in trunk gave no problems.
r32571

I forgot the pom file for BLOG.
Fixed in r32573

Migrated BLOG trunk changes to tool/project.xml tool/pom.xml and .classpath to 2.4.x branch
r32575
r32576
r32577

Migrated BLOG trunk changes to tool/project.xml and .classpath to 2.3.x branch
r32578

Upgraded JSF in trunk. Completed: At revision: 32595

Updated Section Info trunk in r32598

Updated JSF in 2.4.x at revision: 32626.

After getting a little distracted by SAK-10547, I updated Gradebook 2.4.x at revision: 32627.

Greg Thomas updated Roster trunk at r32649
Roster 2.4.x r32651

Chris Maurer -
OSP
r32646 trunk
(osp change was only for maven2 stuff)

CHAT
r32655 branch
r32645 trunk

Changing 2.3.x to use Tomahawk 1.1.6 is dependent on merging rev 21930 into the "tool" module as described in SAK-8513 .

Tomahawk 1.1.6 seems to have started spitting out warning-level log messages such as

14:09:39,939 WARN HtmlDataTable:593 - Couldn't determine sort property for column [_id43].

if the content of a sortable column isn't based on a simple row-object property. Here's a related note from their mailing list:

http://www.mail-archive.com/users@myfaces.apache.org/msg36877.html

Sorting still works as desired, and so the warnings are unnecessary.

I'm not yet sure how much logic has to change in our application code to block these messages.

Since I don't have commit privs for the "tool" branch, I've attached a patch file to enable Tomahawk 1.1.6 in the 2.3.x branch.

For 2-3-x, "jsf" is updated at rev 32666 and "gradebook" at rev 32667. Bogus warning messages will be logged whenever the Gradebook Overview screen is displayed.

Rather than delay the security fix, I've added a new JIRA task to deal with the unneeded warning messages: SAK-10786

Ray, I have a way to remove those warn logs. See comment in SAK-10786. Hope it works for you.

Section Info taken care of: r32598

Upgraded Tomahawk to 1.1.6 in Calendar Summary (2.3.x) in r32732.

gradebook trunk - r32941 (Chen)

Updated section info in 2.4.x... finally!

Updated section info for 2.3.x in r33257 (2.4.x in r33254)

On build of https://source.sakaiproject.org/svn/sakai/tags/sakai_2-3-2_QA_001 the GB is throwing a stack trace (is attached)

Extracted from the RTF for better ease of viewing:

org.sakaiproject.tool.api.ToolException
    at org.sakaiproject.portal.charon.CharonPortal.forwardTool(CharonPortal.java:1632)
caused by: javax.servlet.ServletException
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
caused by: java.lang.UnsupportedOperationException
    at org.sakaiproject.tool.impl.SessionComponent$MyLittleSession.getServletContext(SessionComponent.java:1074)
    at org.apache.myfaces.renderkit.html.util.AddResourceFactory.getInstance(AddResourceFactory.java:279)
    at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
    at org.sakaiproject.jsf.util.JsfTool.dispatch(JsfTool.java:137)
    at org.sakaiproject.jsf.util.JsfTool.doGet(JsfTool.java:241)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
    at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:339)
    at org.sakaiproject.portal.charon.CharonPortal.forwardTool(CharonPortal.java:1632)
    at org.sakaiproject.portal.charon.CharonPortal.doTool(CharonPortal.java:1563)
    at org.sakaiproject.portal.charon.CharonPortal.doGet(CharonPortal.java:380)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:532)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)
    at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)
    at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)
    at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684)
    at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)

As the stack trace suggests, support for the getServletContext() method needs to be backported in the Tool module. This change was originally made for 2.4.0, specifically to support newer versions of Tomahawk:

http://bugs.sakaiproject.org/jira/browse/SAK-8513\

Merged into Gradebook post-2.4.0 branch, r34258.

2.3.2 fix has been implemented and tested; 2.4.1 previously taken care of. Fixes are verified as present and working in 2.3.x and 2.4.x branches.

Also fixed in trunk.