IP address session protection changed and multiple bugfixes
Today's update (ce51eda) brings with it the following changes:
Security issues
- Session hijacking was previously mitigated by ensuring the IP address always matched. When you're using HTTPS this is no longer needed, so it's no longer verified. Roaming between different networks (e.g. with a laptop or tablet) should now work without being logged out.
Bugfixes
- The CEFR final report could in some situations include voice recordings for competence levels other than the one the student self-evaluated as. This has been fixed.
- Using the back browser button and answering a CEFR document again would skip over a document in the workflow. This should now be fixed.
- The page activity timer is no longer restarted if you use the back/forward browser buttons to navigate to a page.
- The wav2mp3 request handler had a race condition when dealing with ADPCM WAV files from the Java-based voice recorder. This should now be fixed.
- Some broken HTML markup in my configuration and other reports was fixed.
-
Portfolio
-
Blog
-
Fix e-mail and user name conflicts during e-portal login
-
Fixed e-portal login edge case and other bugs
-
Bugfix for broken reset password feature
-
Auditing of security events and lots of infrastructure changes
-
Fixed high severity security issue
-
Content parser, bugfixes and lots of feature removals
-
Enabled e-portal OIDC-based login method
-
New e-portal OIDC-based login and various bugfixes
-
Another hotpatch to fix recipient issue when forwarding message
-
Hotpatch: Fix invisible recipient in message system
-
Contact manager is now used in more places and more documentation available
-
Improved documentation and code quality
-
Improved email validation and other bugfixes
-
Improved message reading experience and other accessibility improvements
-
Improved object editor workflow and fixed user membership issues
-
Improve messaging and Google Chrome cookie behavior fixes
-
Migration from Rackspace to Azure data center
-
More user behavior reports and improved report performance
-
Improved documentation and page navigation
-
Fixed issue with client-side cookies on some sites
-
New macro feature, hardened security settings and lots of reference documentation
-
Voice message menu item, additional documentation and various bug fixes
-
Email notifications, better spam protection and improved documentation
-
Bugfixes, tracing identifers, improved metrics and more
-
Operating system upgrade
-
Improved database backup solution
-
Fixed server errors on delete_quiz and increased thumbnail timeouts
-
Fixed thumbnail generation issues, accessibility issues and more
-
Fix password-changing issue and other bugs
-
Fix issue with application error page being shown more than usual
-
Another hotpatch: PIN codes can be validated again
-
Hotpatch: Object comments can now be saved again
-
Improved self-registration workflow, increased performance and more
-
Remove inactive users feature and more GDPR privacy improvements
-
Template cookie access and improved email templates
-
Users are not deleted when ePortal message is received
-
Minor bugfix fixing user deletion issue
-
Security fix, ability to delete user account and more
-
Hashed passwords, faster search and more
-
Fix for contact manager timeout issue
-
Database upgrade, persistent connections and bulk metadata editor
-
Fixing regressions with new quiz() XHR submit feature
-
User session limit introduced, Flash rendering bugfixes and more
-
Fixed issues after yesterday's update
-
Reimplemented selector and quiz editor, lots of bugfixes and more
-
Fixed issue with formatting of timestamps from database
-
Timestamps now show in correct time zone and more lists are sorted correctly
-
New image measurement handler, Heap Analytics user tracking added and default permissions warning removed
-
Default permissions, CodeMirror editor improvements and bugfixes
-
Rewritten create_response() feature and various other improvements
-
Unexpected downtime because of hardware issue
-
Improved performance, WAV to MP3 transcoding and lots of other improvements
-
More powerful database server and some bugfixes
-
Migration to cloud environment, removal of cookie warning and chat feature
-
File uploading now fixed!
-
New plain-text editor, updated third-party packages in backend and more
-
Show all children in containers, signup form spambot protection, synthetic speech configuration persistence and more
-
Network upgrade completed
-
Fix audio playback in popups and various other minor issues
-
Hardware upgrade improves response time
-
New fs2tree template function, iOS MP3 playback bugfix and more
-
Unexpected downtime because of network issue
-
Faster user search, improved history feature and more bugfixes
-
Blob storage, history feature and performance improvements
-
IP address session protection changed and multiple bugfixes
-
SASS stylesheet rendering, page timeout, timers and more improvements
-
Fixed regressions in MP3 audio player
-
Enabled sending links to any objects and some bugfixes
-
Hotpatch to address bugs since last update
-
Improved performance for several reports and several other enhancements
-
HTTPS security fixes, institution blog and object locking performance fixes and much more
-
HTTPS support, quiz radio inline mode, Google Chrome voice recorder bugfix and more
-
New exam feature, filesystem(t) skip_custom_init feature and several bugfixes
-
EU cookie warning, changed e-portal login procedure and more
-
HTTP range request support, CORS header support and improved API documentation
-
CEFR placement test usage report, JSON response bugfix, updated video player, and more
-
Hotpatch to fix broken file uploader and more
-
New PDF watermark feature, rewritten text output handling and several bugfixes
-
New HTML5-based voice recorder, more API documentation and bugfixes
-
New feature to upload profile photo, improved access key form, developer documentation and several bugfixes
-
Major design overhaul, new file uploader and lots, lots more
-
Flash embedding has changed to support latest Flash runtime
-
Improved folder menu rendering, simplified language selection and more
-
Session security and language improvements
-
Session variables, flash messages, performance improvements and more
-
Update to Google Universal Analytics and fix multiple character encoding issues
-
Bugfix for missing send button on Java-based voice recorder
-
Server upgrades, feature additions and lots of improvements
-
Small update for better protection against latency during e-portal login
-
E-portal deadlock login issue fixed + JSON response mode
-
Fix character encoding issue with quiz assignments
-
Minor correction to user activity report
-
D-bok web reader working again
-
Improved voice recorder, file manager and much more
-
Signed Java applets and improved page view logging
-
Switch to Nginx and e-portal push message support
-
E-portal provisioning and multimedia playback revamp
-
Minor update: Added group quick-search box in my students report
-
New Flash-based sound recorder available
-
ePortal and BookSync integration available
-
Big user database cleanup, performance improvements and various bugfixes
-
Several minor problems fixed
-
Completely new course activity report
-
Time tracking issue in Internet Explorer 7 and 8 fixed!
-
Vastly improved user presence time tracking!
-
SOLVED: Problems to login with email
-
Improved report performance and email hidden everywhere
-
Object cycle (image of the week) feature
-
Real-time chat available!
-
A few bugfixes related to the new calendar feature
-
Forum comments in HTML and multiple bugfixes for IE7/8
-
Calendar with Skype integration
-
Project groups, MathML embedding and multiple bugfixes and improvements
-
New app API and lots of additional enhancements and bugfixes
-
New database server online
-
Better response time
-
Improved performance and concurrency
-
CEFR HTML email reports and several bugfixes and improvements
-
New update with group enrollment feature and various bugfixes
-
Mostly bugfixes and minor improvements
-
New video player, video thumbnails, quiz editor bug fixes and more
-
New speech synthesis and matchbox code
-
Lexin
-
Finally fixing the problematic IE7/8 crashes
-
New talkbook request handler and various bugfixes
-
Features galore: Statistics on questions, job notification msg +
-
List of the most active bloggers available
-
WYSIWYG editor finally working with Internet Explorer 9
-
Performance improvements finally coming!
-
Details on today's software update
-
Feilretting etter gårsdagens oppdatering
-
Software update completed!
-
Usage log functionality restored
-
Today's software update is completed
-
Software update today
-
Details on today's software update
-
Software update details
-
Unexpected downtime / instability
-
Software update completed!
-
Oppdatering av systemet 12.11.10
-
-