uPortal annual report, June 2018 edition

Apereo’s 2017-2018 annual report includes a section on uPortal, based on some notes the uPortal community put together.

This post works from that content, evolving towards a more free-standing yet hyperlinked read.

uPortal continues to lead as an open source enterprise portal solution by and for higher education.

Calls to action

(These calls to action are re-stated with supporting detail in the conclusion.)


(The year described herein is 2017-05-01 through 2018-04-30).

  • Growth: Growth of the uPortal-as-ecosystem idiom, with the uPortal-home software product successfully graduating from Apereo Incubation, and 4 new software products entering the ecosystem via a clarified Intake Process.
  • Life: Almost 100 versioned releases of uPortal ecosystem software products.
  • Participation: 7 new core contributors, 1 new core committer, calls, meetups, presentations, and list discussions, oh my.
  • Financial responsibility: $26,000 recurring revenue with a $51,000 fund balance.
  • Hope: to increase recurring revenue to sustainably fund effort transforming individual and institutional return-on-investment on uPortal participation and thereby encouraging a virtuous cycle towards more investment with better ROI encouraging more investment yielding better returns encouraging more investment yielding…


A variety of software products complement the core platform to make up the greater uPortal ecosystem. uPortal further developed the ecosystem idiom this year, introducing a more formal uPortal Ecosystem Intake Process clarifying how to recognize projects as part of the ecosystem, ideally starting collaboration and openness at a very early stage in these ancillary software product initiatives.

The ecosystem grew with 1 project successfully exiting Apereo Incubation (uPortal-home) and 4 new projects entering the ecosystem via the new Intake Process:

  • ESUP-filemanager
  • Soffit-kotlin-example
  • uPortal-setup-scripts
  • uPortal-web-components

A new uPortal-contrib Github organization hosts projects upon intake.


The project continues to show healthy activity, with almost 100 versioned releases of software products within the ecosystem.

Counting core, intook, and incubating software products (“software products in the uPortal ecosystem”), and not counting open source software products in the neighborhood but not formally part of the ecosystem: 97 total releases.

uPortal core releases

  • 22 releases
  • (1 major, 7 patch, 1 release candidate, and 13 milestones)

Alternative user interfaces

  • uPortal-home: 13 releases (2 major, 6 minor, 5 patch)
  • uPortal-app-framework: 16 releases (5 major, 5 minor, 6 patch)

Portlet releases

9 Portlet software products saw at least one release, with 36 total releases.

  • AnnouncementsPortlet: 10 releases. (1 minor, 9 patch)
  • CalendarPortlet: 4 releases. (1 minor, 3 patch)
  • FeedbackPortlet: 3 releases (1 minor, 2 patch)
  • JasigWidgetPortlets: 1 minor release.
  • NewsReaderPortlet: 7 releases. (1 major, 1 minor, 5 patch)
  • NotificationPortlet: 6 releases. (2 minor, 4 patch)
  • SimpleContentPortlet: 6 releases. (1 major, 3 minor, 2 patch)
  • WeatherPortlet: 2 patch releases.
  • WebProxyPortlet: 2 patch releases.

Supporting software products

  • Resource-server: 5 releases (2 minor, 3 patch)


The core uPortal platform project added 1 new committer (Jim Helwig 2017-07-19) and 7 new contributors, with 18 total contributors. This year saw an increase in direct participation by commmunity members in France, through submissions to the new Intake Process and translations of documentation.

Contributors this year to core uPortal, new in bold:

  • Ludovic Auxepaules
  • Chris Beach
  • Josh Brudnak
  • Colin Campbell
  • Christian Cousquer
  • Nisith Dash
  • Mairi Fraser
  • Benito Gonzalez
  • Allan Jackson
  • KaJuan Johnson
  • Christian Murphy
  • Gary Roybal
  • Andrew Petro
  • Brandon Powell
  • Corey Rowe
  • Jonathan Tran
  • Timothy Vertein
  • Drew Wills

(Note that this is counting committers and contributors in the core uPortal platform itself and does not account for contributors and committers in the other ecosystem projects.)

Public engagement opportunities included 5 calls or webinars, 2 in-person meetups, 16 conference presentations, and over 1,000 discussion list posts.

Newly introduced shared Google Team Drives welcome collaboration and sharing of artifacts in less source-code-centric ways. This tooling has already proven conducive to sharing local user research findings from uPortal adopters.

uPortal handled one security vulnerability this year:

  • 2017-09-26: Feedback portlet injectable fixed in Feedback Portlet 1.2.1. Aaron Grant, Drew Wills, and Christian Murphy filled roles in the security incident handling process.


Institutions can sustain the project through the uPortal Supporting Subscription program, a rider to the institutional Apereo membership.

uPortal added 1 subscriber to a total of 3 with annual revenue of $26,000 and a fund balance of $51,000.

Current uPortal Supporting Subscribers:

  • University of Wisconsin-Madison (uPortal Champion)
  • Oakland University (uPortal Booster)
  • Brigham Young University (uPortal Friend)

Thusfar the project has avoided spending these funds in ad-hoc ways, preferring to accumulate a stabilizing asset balance and work towards a level of recurring revenue that will enable a sustainable application of funds.

In the year to come, the project hopes to reach a threshold of recurring revenue to afford funding a full-time Foundation position charged with

  • driving down barriers to adoption and participation
  • improving the institutional and individual return-on-investment in that participation.

Improving the return-on-investment on adoption and participation will make adoption and participation more rewarding which will encourage more of it. More investment will create more opportunities to improve the return-on-investment. A virtuous cycle ensues.

Challenges and opportunities

Apereo as CVE numbering authority

Formal vulnerability identifiers (CVE IDs) are prohibitively difficult to acquire. This limits effectiveness of communication about security. Apereo becoming a CVE Numbering Authority could reduce friction in and increase effectiveness of communication about security vulnerabilities.

Measuring and recruiting adopters

We do not have an effective way to measure adopters. There are doubtless unrealized opportunities to draw in adopters as Apereo institutional members, uPortal supporting subscription subscribers, and most importantly as collaborators in the uPortal ecosystem.

Growing the uPortal ecosystem

The growth of the intake, contrib, ecosystem, and attic concepts and processes sets the stage to more clearly welcome, characterize, collaborate within, and communicate about projects in the uPortal ecosystem.

Sustainably converting uPortal Supporting Subscription revenue to forward progress

Hitting recurring revenue thresholds would unlock converting revenue to forward progress yielding a return-on-investment for subscribers which might encourage additional investment, a virtuous and sustainable cycle ensuing.

Discourse as superior discussion forums solution

Discourse has been adopted elsewhere to positive effect and might do a lot of good in Apereo as a next step beyond the exising Google Groups forums solution.

Collaborate with other Apereo projects

uPortal and other Apereo projects might collaborate more on shared concerns like

  • project lifecycle process
  • security incident handling
  • communications
  • release engineering

doing these and other things better in collaboration than they can be done in isolated project siloes.

Calls to action, reprise

  • uPortal adopting institutions, join uPortal’s Supporting Subscription program. This rider to an institutional Apereo membership builds essential recurring revenue for resourcing the uPortal project for confident sustainability. Begin this as modestly as your institution may need; every little bit will help this program hit the transformative threshold of potentially adding a full time staffer focused on carrying uPortal qua open source project forward. If your institution is already subscribing, increase your commitment. The opportunities for a more confident uPortal future are real.
  • Propose ancillary projects (software products) into uPortal’s new Ecosystem Intake Process. It has never been easier to approach developing a plug-in for use with uPortal (whether user-facing content, back-end service, or otherwise). The best time to share code and welcome involvement of the wider community is the moment you start. If you locally see a need, it’s very likely that another adopter could learn from this, could collaborate upon it, or could adopt the add-on and likewise has locally developed add-ons that you could be adopting too. The opportunities for more and better collaboration are real.
  • Directly participate in uPortal. It has never been easier to collaborate on uPortal, its documentation, and its ancillary projects. Suggesting an edit to even this “marketing-flavored” post is feasible via GitHub’s tooling, without leaving your Web browser. The opportunities for collaboration are real, and are beyond code.
  • Engage in Apereo. Ensure your institution is a member of Apereo. Maintain an active relationship with your institutional representative. Engage directly on the open@ list and ensure you’re subscribed to the announcements@ list. The opportunities for participation in all things Apereo are real.
  • Become an individual Apereo member. Apereo’s membership model is no longer solely that of higher education institutions as members – you as an individual human being can join, gaining a vote for a Foundation Board seat. The opportunities to engage in more interesting ways are real.

- Andrew Petro

wearing individual contributor hat.

Related Posts

Apereo CAS is now on Develocity

An overview of how Apereo CAS is using Gradle and Develocity to improve its build and test execution cycle.

CAS OAuth/OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the Apereo CAS software acting as an OAuth/OpenID Connect provider.

CAS Groovy Vulnerability Disclosure

Disclosure of a security issue with the Apereo CAS software when using Groovy.

CAS OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the Apereo CAS software acting as an OpenID Connect Provider.

CAS X.509 Vulnerability Disclosure

Disclosure of a security issue with the CAS software and its X.509 features.

CAS OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the CAS software acting as an OpenID Connect Provider.

CAS OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the CAS software acting as an OpenID Connect Provider.

CAS OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the CAS software acting as an OpenID Connect Provider.

CAS Spring Framework RCE Vulnerability Disclosure

Disclosure of the Spring framework RCE security issue with the Apereo CAS software.

CAS OpenID Connect Vulnerability Disclosure

Disclosure of a security issue with the CAS software acting as an OpenID Connect Provider.