Security fixes, rate-limiting, metrics and upgrade to Perl 5.42.0
Today's update (e0705b8) brings with it the following changes:
Security issues
- Fix cross-site-scripting vulnerability (XSS) in user profile about me section.
- Fix cross-site-scripting vulnerability (XSS) in send_message(r).
- Fix all user enumeration vulnerability in search user UI. Now it only searches your related users (e.g. from same institution).
- Upgrade CPAN package CryptX to 0.087 to fix multiple security vulnerabilities.
- Upgrade CPAN package Mozilla::CA to 20250602 to fix security vulnerability.
- Upgrade CPAN package Log::Any to 1.718 to fix security vulnerability.
Performance improvements
- Enable rate-limiting in web server to avoid denial-of-service attacks.
New features
- Add RED Prometheus metrics for observability.
- Add saturation Prometheus metrics for observability.
- Add audit events Prometheus metrics for observability.
- Protect information in the /metrics endpoint from the public for privacy.
Enhancements
- Upgrade to latest stable version of Perl, 5.42.0.
- Update all third-party CPAN packages to latest versions.
- Use official Nginx packages instead of Ubuntu versions.
- Use RenovateBot to keep third-party dependencies up to date.
Bugfixes
- Moved WYSIWYG content editor buttons around to support smaller screens better.
-
Portfolio
-
Blog
-
Security fixes, rate-limiting, metrics and upgrade to Perl 5.42.0
-
Migration to Ubuntu 22.04, Perl 5.38 and PostgreSQL 14
-
Fix e-mail and user name conflicts during e-portal login
-
Fixed e-portal login edge case and other bugs
-
Bugfix for broken reset password feature
-
Auditing of security events and lots of infrastructure changes
-
Fixed high severity security issue
-
Content parser, bugfixes and lots of feature removals
-
Enabled e-portal OIDC-based login method
-
New e-portal OIDC-based login and various bugfixes
-
Another hotpatch to fix recipient issue when forwarding message
-
Hotpatch: Fix invisible recipient in message system
-
Contact manager is now used in more places and more documentation available
-
Improved documentation and code quality
-
Improved email validation and other bugfixes
-
Improved message reading experience and other accessibility improvements
-
Improved object editor workflow and fixed user membership issues
-
Improve messaging and Google Chrome cookie behavior fixes
-
Migration from Rackspace to Azure data center
-
More user behavior reports and improved report performance
-
Improved documentation and page navigation
-
Fixed issue with client-side cookies on some sites
-
New macro feature, hardened security settings and lots of reference documentation
-
Voice message menu item, additional documentation and various bug fixes
-
Email notifications, better spam protection and improved documentation
-
Bugfixes, tracing identifers, improved metrics and more
-
Operating system upgrade
-
Improved database backup solution
-
Fixed server errors on delete_quiz and increased thumbnail timeouts
-
Fixed thumbnail generation issues, accessibility issues and more
-
Fix password-changing issue and other bugs
-
Fix issue with application error page being shown more than usual
-
Another hotpatch: PIN codes can be validated again
-
Hotpatch: Object comments can now be saved again
-
Improved self-registration workflow, increased performance and more
-
Remove inactive users feature and more GDPR privacy improvements
-
Template cookie access and improved email templates
-
Users are not deleted when ePortal message is received
-
Minor bugfix fixing user deletion issue
-
Security fix, ability to delete user account and more
-
Hashed passwords, faster search and more
-
Fix for contact manager timeout issue
-
Database upgrade, persistent connections and bulk metadata editor
-
Fixing regressions with new quiz() XHR submit feature
-
User session limit introduced, Flash rendering bugfixes and more
-
Fixed issues after yesterday's update
-
Reimplemented selector and quiz editor, lots of bugfixes and more
-
Fixed issue with formatting of timestamps from database
-
Timestamps now show in correct time zone and more lists are sorted correctly
-
New image measurement handler, Heap Analytics user tracking added and default permissions warning removed
-
Default permissions, CodeMirror editor improvements and bugfixes
-
Rewritten create_response() feature and various other improvements
-
Unexpected downtime because of hardware issue
-
Improved performance, WAV to MP3 transcoding and lots of other improvements
-
More powerful database server and some bugfixes
-
Migration to cloud environment, removal of cookie warning and chat feature
-
File uploading now fixed!
-
New plain-text editor, updated third-party packages in backend and more
-
Show all children in containers, signup form spambot protection, synthetic speech configuration persistence and more
-
Network upgrade completed
-
Fix audio playback in popups and various other minor issues
-
Hardware upgrade improves response time
-
New fs2tree template function, iOS MP3 playback bugfix and more
-
Unexpected downtime because of network issue
-
Faster user search, improved history feature and more bugfixes
-
Blob storage, history feature and performance improvements
-
IP address session protection changed and multiple bugfixes
-
SASS stylesheet rendering, page timeout, timers and more improvements
-
Fixed regressions in MP3 audio player
-
Enabled sending links to any objects and some bugfixes
-
Hotpatch to address bugs since last update
-
Improved performance for several reports and several other enhancements
-
HTTPS security fixes, institution blog and object locking performance fixes and much more
-
HTTPS support, quiz radio inline mode, Google Chrome voice recorder bugfix and more
-
New exam feature, filesystem(t) skip_custom_init feature and several bugfixes
-
EU cookie warning, changed e-portal login procedure and more
-
HTTP range request support, CORS header support and improved API documentation
-
CEFR placement test usage report, JSON response bugfix, updated video player, and more
-
Hotpatch to fix broken file uploader and more
-
New PDF watermark feature, rewritten text output handling and several bugfixes
-
New HTML5-based voice recorder, more API documentation and bugfixes
-
New feature to upload profile photo, improved access key form, developer documentation and several bugfixes
-
Major design overhaul, new file uploader and lots, lots more
-
Flash embedding has changed to support latest Flash runtime
-
Improved folder menu rendering, simplified language selection and more
-
Session security and language improvements
-
Session variables, flash messages, performance improvements and more
-
Update to Google Universal Analytics and fix multiple character encoding issues
-
Bugfix for missing send button on Java-based voice recorder
-
Server upgrades, feature additions and lots of improvements
-
Small update for better protection against latency during e-portal login
-
E-portal deadlock login issue fixed + JSON response mode
-
Fix character encoding issue with quiz assignments
-
Minor correction to user activity report
-
D-bok web reader working again
-
Improved voice recorder, file manager and much more
-
Signed Java applets and improved page view logging
-
Switch to Nginx and e-portal push message support
-
E-portal provisioning and multimedia playback revamp
-
Minor update: Added group quick-search box in my students report
-
New Flash-based sound recorder available
-
ePortal and BookSync integration available
-
Big user database cleanup, performance improvements and various bugfixes
-
Several minor problems fixed
-
Completely new course activity report
-
Time tracking issue in Internet Explorer 7 and 8 fixed!
-
Vastly improved user presence time tracking!
-
SOLVED: Problems to login with email
-
Improved report performance and email hidden everywhere
-
Object cycle (image of the week) feature
-
Real-time chat available!
-
A few bugfixes related to the new calendar feature
-
Forum comments in HTML and multiple bugfixes for IE7/8
-
Calendar with Skype integration
-
Project groups, MathML embedding and multiple bugfixes and improvements
-
New app API and lots of additional enhancements and bugfixes
-
New database server online
-
Better response time
-
Improved performance and concurrency
-
CEFR HTML email reports and several bugfixes and improvements
-
New update with group enrollment feature and various bugfixes
-
Mostly bugfixes and minor improvements
-
New video player, video thumbnails, quiz editor bug fixes and more
-
New speech synthesis and matchbox code
-
Lexin
-
Finally fixing the problematic IE7/8 crashes
-
New talkbook request handler and various bugfixes
-
Features galore: Statistics on questions, job notification msg +
-
List of the most active bloggers available
-
WYSIWYG editor finally working with Internet Explorer 9
-
Performance improvements finally coming!
-
Details on today's software update
-
Feilretting etter gårsdagens oppdatering
-
Software update completed!
-
Usage log functionality restored
-
Today's software update is completed
-
Software update today
-
Details on today's software update
-
Software update details
-
Unexpected downtime / instability
-
Software update completed!
-
Oppdatering av systemet 12.11.10
-
-