Product news and other information from the developers of Portfolio.
Showing 1 - 5 of 138
-
Bugfix for broken reset password feature
Today's update (58269faf3) brings with it the following changes:
Bugfixes
- The last update caused a regression in the "reset password" feature. If one
reset token was requested, another could not be requested before a
successful account reset was performed. If this took more than 24 hours to
perform, the password reset feature would be completely blocked.
-
Auditing of security events and lots of infrastructure changes
Today's update (b36b08a) brings with it the following changes:
Security issues
- Added audit messages for the following security events:
- Login success/failure
- E-portal authentication callback
- User impersonation
- User created/modified/deleted
- User accessed (profile page viewed)
- Credential modified
- Credential recovery
- Group membership modified
- Institution membership modified
- Role modified
- A programming error in the
reset_pw
request handler made it possible to modify the password of any user without knowning the correct reset token. This issue has been improved further since the hotfix.
- Changed behavior to not remove existing reset tokens when creating a new one. This avoids a potential denial-of-service attack vector in the reset password feature.
- When logging in as a new user while already logged in, a login failure will now log out the existing session.
- Upgraded to Perl 5.34.1 to fix security issues in
Archive::Tar
and Compress::Raw::Zlib
.
- Updated to
cpanm
1.7045 to address the issue with
CHECKSUMS file validation
during CPAN package installation.
Performance improvements
- Started using the new e-portal health check endpoint to determine if API is available.
New features
- Changed Nginx web server from FastCGI to HTTP protocol for reverse-proxying to web application server. The web application server now uses standard PSGI/Plack runtime. Static file serving is now also supported directly in the web application server.
- Added test infrastructure to run NATS server and fully validate audit events.
Enhancements
- Changed CPAN dependency manager from Pinto to Carton.
- Now uses upstream versions of
perlbrew
and cpanm
directly, allowing for easier upgrades.
- Simplified the code to support the
explain
template function.
Bugfixes
Feature removals / deprecations
- Removed support for FastCGI protocol for reverse-proxying. We use plain HTTP now, via PSGI.
- Removed Pinto and all CPAN packages directly from upstream.
- Stopped using
Module::Build
for running test suite.
-
Fixed high severity security issue
Today's hotfix (12964b5) brings with it the following change:
Security improvements
- Fixed a high severity issue in the reset_pw request handler.
-
Content parser, bugfixes and lots of feature removals
Today's update (472a4b4) brings with it the following changes:
Performance improvements
- Stop robots/spiders from trying to index login/logout links.
New features
- Added plaintext dependency and cross-reference parser, enabling extensive
analysis of authored content and making it easier to understand how content is dependent on each other. Also indexes content for template and JavaScript function usage, so it is easier to figure out if deprecated features are in use or not.
- The referenced identifiers, template functions and JavaScript functions are
now possible to view in the object editor. This should simplify finding
content in complex documents. It should also make it very easy to find
broken internal links.
- Added identifier references tab to object and container editor.
Enhancements
- The user course progress report now shows number of read objects instead of
course element index reached. The percent is also calculated based on
read objects, making it more in line with actual course progress. The index
reached is now shown on the object tooltip.
- Extensive layout/behavior cleanup in object/container editor.
- Moved container additional fields from main tab over to advanced tab.
- Added a container metadata tab and moved LOM field over to it.
- Added LOM generator button to container editor
Bugfixes
- Fixed an issue where student/supervisor relationships are not properly
removed when a member is removed from an institution.
- Fixed issue where non-ASCII characters in user name would cause the student
or supervisor to not show up in relationship lists.
- Fixed issue with object comment content overflowing when TTS HTML content
is copied into the comment editor.
- Now reports proper error message when configuration variable is deleted, but
name of variable is not specified.
Feature removals / deprecations
- Removed all workarounds and special features targeting the legacy Internet Explorer (MSIE) browser.
- Removed all features that requires web browser plugins. They are no longer
supported by modern browsers.
- The following features have been removed:
- Java applets and Java client-side apps
- Flash video and Flash client-side apps and applications
- Windows Media Player video/audio playback
- Realplayer video playback
- QuickTime video playback
- ListenUp Java-based voice recorder
- Web-based spreadsheet editing (using Java applet)
- Spreadsheet object type (now uses
binary
)
- Stylesheet workarounds for MSIE
- Removed jQuery 1.11.2, which was needed by MSIE
- Removed Content-Disposition HTTP header workarounds for MSIE
- SVG images are now always rendered as inline HTML5.
- Self-registration feature has been removed. If you need to register for
access to a site, use the self-registration feature in e-portal instead.
- Removed the CEFR / placement-test feature completely because it has some
GDPR compliance issues.
- Also removed the
csv
request handler which was only used for sending CEFR
email reports.
- The PIN-code self-registration feature has been completely removed.
Registration using PIN-code or other automated registration is now handled
by e-portal.
- The feature to store quiz observations has been removed, as it is no longer
in use.
- The interactive chat feature that was developed for CampusOnline has been
removed, as it was not used by anyone.
- The Skype appointment/calendar feature implemented for CampusOnline has
been removed as it is no longer used.
- Removed unused Heap Analytics tracking implementation and AddThis social
media integration.
- Removed the deprecated
description_alias
kludge for Internet Explorer.
Now the DOM element is just named description
, as it always should've
been named.
- Removed various unused DOM identifiers and styling in object/container editor.
-
Enabled e-portal OIDC-based login method
Today's update (568f91c) brings with it the following changes:
Bugfixes
- Fixed issue related to e-portal external identifier during e-portal OIDC login.
Showing 1-5 of 138