HTTPS security fixes, institution blog and object locking performance fixes and much more
Today's update (1b977e1) brings with it the following changes:
Security issues
- Internet Explorer 11 on Windows 7-8.1 is not able to connect to HTTPS servers which use large Diffie-Hellmann primes. Changed to smaller primes which are compatible with Windows 7-8.1. Windows 10 was not impacted by this issue.
- LeseWeb (synthetic speech) is now accessed via HTTPS URLs to mitigate a mixed-content warning.
- HTTPS SSLv3 protocol was disabled to mitigate the POODLE attack.
Performance improvements
- The
list_institution_blog_items(r)andget_institution_blog(t)handlers caused timeout whenever they were used. This was one of the main reasons why the system has been slow the last few weeks. This should now be fixed. - Storage container size is no longer calculated when objects are modified. This was the cause of a massive locking issue on the entire object table each time an object was modified. This should radically improve performance and concurrency when working with long transactions which modify objects (e.g. recursive deletions).
New features
- Added a button to copy identifier directly to the clipboard. Enable it with the boolean user configuration variable
enable_copy_id_button. - When you're editing an object it is now possible to see which course the object belongs to on the permissions tab. You will only see courses you're an editor for.
Enhancements
- The
wav2mp3(r)handler now uses proper caching, allowing HTTP 304 NOT MODIFIED responses. This should improve rendering speed of playback of voice recordings. It is no longer possible to specify multiple objects or a WAV file URL to this handler. The object identifier can now also be specified as part of the URL path. - The
thumbnail(r)andwatermark(r)handlers have also been refactored to be more performant. A backend common cache directory is used instead of storing the cached representation together with the primary file.
Bugfixes
- When you try to delete users that have delivered quiz assignments, it should no longer trigger a database exception.
- The
ar_SYlocale now has right-to-left text direction properly defined. - UTF8/16/32 BOM text encoding detection was partially broken. This should now be fixed.
- Fixed a bug where content was not saved properly when creating new spreadsheet objects.
- Updated jxcell.jar and pfxcell.jar to conform to new security model in Oracle Java version 7u45 regarding Java applet method access from JavaScript.
-
Portfolio
-
Blog
-
Fix e-mail and user name conflicts during e-portal login
-
Fixed e-portal login edge case and other bugs
-
Bugfix for broken reset password feature
-
Auditing of security events and lots of infrastructure changes
-
Fixed high severity security issue
-
Content parser, bugfixes and lots of feature removals
-
Enabled e-portal OIDC-based login method
-
New e-portal OIDC-based login and various bugfixes
-
Another hotpatch to fix recipient issue when forwarding message
-
Hotpatch: Fix invisible recipient in message system
-
Contact manager is now used in more places and more documentation available
-
Improved documentation and code quality
-
Improved email validation and other bugfixes
-
Improved message reading experience and other accessibility improvements
-
Improved object editor workflow and fixed user membership issues
-
Improve messaging and Google Chrome cookie behavior fixes
-
Migration from Rackspace to Azure data center
-
More user behavior reports and improved report performance
-
Improved documentation and page navigation
-
Fixed issue with client-side cookies on some sites
-
New macro feature, hardened security settings and lots of reference documentation
-
Voice message menu item, additional documentation and various bug fixes
-
Email notifications, better spam protection and improved documentation
-
Bugfixes, tracing identifers, improved metrics and more
-
Operating system upgrade
-
Improved database backup solution
-
Fixed server errors on delete_quiz and increased thumbnail timeouts
-
Fixed thumbnail generation issues, accessibility issues and more
-
Fix password-changing issue and other bugs
-
Fix issue with application error page being shown more than usual
-
Another hotpatch: PIN codes can be validated again
-
Hotpatch: Object comments can now be saved again
-
Improved self-registration workflow, increased performance and more
-
Remove inactive users feature and more GDPR privacy improvements
-
Template cookie access and improved email templates
-
Users are not deleted when ePortal message is received
-
Minor bugfix fixing user deletion issue
-
Security fix, ability to delete user account and more
-
Hashed passwords, faster search and more
-
Fix for contact manager timeout issue
-
Database upgrade, persistent connections and bulk metadata editor
-
Fixing regressions with new quiz() XHR submit feature
-
User session limit introduced, Flash rendering bugfixes and more
-
Fixed issues after yesterday's update
-
Reimplemented selector and quiz editor, lots of bugfixes and more
-
Fixed issue with formatting of timestamps from database
-
Timestamps now show in correct time zone and more lists are sorted correctly
-
New image measurement handler, Heap Analytics user tracking added and default permissions warning removed
-
Default permissions, CodeMirror editor improvements and bugfixes
-
Rewritten create_response() feature and various other improvements
-
Unexpected downtime because of hardware issue
-
Improved performance, WAV to MP3 transcoding and lots of other improvements
-
More powerful database server and some bugfixes
-
Migration to cloud environment, removal of cookie warning and chat feature
-
File uploading now fixed!
-
New plain-text editor, updated third-party packages in backend and more
-
Show all children in containers, signup form spambot protection, synthetic speech configuration persistence and more
-
Network upgrade completed
-
Fix audio playback in popups and various other minor issues
-
Hardware upgrade improves response time
-
New fs2tree template function, iOS MP3 playback bugfix and more
-
Unexpected downtime because of network issue
-
Faster user search, improved history feature and more bugfixes
-
Blob storage, history feature and performance improvements
-
IP address session protection changed and multiple bugfixes
-
SASS stylesheet rendering, page timeout, timers and more improvements
-
Fixed regressions in MP3 audio player
-
Enabled sending links to any objects and some bugfixes
-
Hotpatch to address bugs since last update
-
Improved performance for several reports and several other enhancements
-
HTTPS security fixes, institution blog and object locking performance fixes and much more
-
HTTPS support, quiz radio inline mode, Google Chrome voice recorder bugfix and more
-
New exam feature, filesystem(t) skip_custom_init feature and several bugfixes
-
EU cookie warning, changed e-portal login procedure and more
-
HTTP range request support, CORS header support and improved API documentation
-
CEFR placement test usage report, JSON response bugfix, updated video player, and more
-
Hotpatch to fix broken file uploader and more
-
New PDF watermark feature, rewritten text output handling and several bugfixes
-
New HTML5-based voice recorder, more API documentation and bugfixes
-
New feature to upload profile photo, improved access key form, developer documentation and several bugfixes
-
Major design overhaul, new file uploader and lots, lots more
-
Flash embedding has changed to support latest Flash runtime
-
Improved folder menu rendering, simplified language selection and more
-
Session security and language improvements
-
Session variables, flash messages, performance improvements and more
-
Update to Google Universal Analytics and fix multiple character encoding issues
-
Bugfix for missing send button on Java-based voice recorder
-
Server upgrades, feature additions and lots of improvements
-
Small update for better protection against latency during e-portal login
-
E-portal deadlock login issue fixed + JSON response mode
-
Fix character encoding issue with quiz assignments
-
Minor correction to user activity report
-
D-bok web reader working again
-
Improved voice recorder, file manager and much more
-
Signed Java applets and improved page view logging
-
Switch to Nginx and e-portal push message support
-
E-portal provisioning and multimedia playback revamp
-
Minor update: Added group quick-search box in my students report
-
New Flash-based sound recorder available
-
ePortal and BookSync integration available
-
Big user database cleanup, performance improvements and various bugfixes
-
Several minor problems fixed
-
Completely new course activity report
-
Time tracking issue in Internet Explorer 7 and 8 fixed!
-
Vastly improved user presence time tracking!
-
SOLVED: Problems to login with email
-
Improved report performance and email hidden everywhere
-
Object cycle (image of the week) feature
-
Real-time chat available!
-
A few bugfixes related to the new calendar feature
-
Forum comments in HTML and multiple bugfixes for IE7/8
-
Calendar with Skype integration
-
Project groups, MathML embedding and multiple bugfixes and improvements
-
New app API and lots of additional enhancements and bugfixes
-
New database server online
-
Better response time
-
Improved performance and concurrency
-
CEFR HTML email reports and several bugfixes and improvements
-
New update with group enrollment feature and various bugfixes
-
Mostly bugfixes and minor improvements
-
New video player, video thumbnails, quiz editor bug fixes and more
-
New speech synthesis and matchbox code
-
Lexin
-
Finally fixing the problematic IE7/8 crashes
-
New talkbook request handler and various bugfixes
-
Features galore: Statistics on questions, job notification msg +
-
List of the most active bloggers available
-
WYSIWYG editor finally working with Internet Explorer 9
-
Performance improvements finally coming!
-
Details on today's software update
-
Feilretting etter gårsdagens oppdatering
-
Software update completed!
-
Usage log functionality restored
-
Today's software update is completed
-
Software update today
-
Details on today's software update
-
Software update details
-
Unexpected downtime / instability
-
Software update completed!
-
Oppdatering av systemet 12.11.10
-
-