Product news and other information from the developers of Portfolio.
Showing 1 - 5 of 141
-
Migration to Ubuntu 22.04, Perl 5.38 and PostgreSQL 14
Today's update (645472d) brings with it the following changes:
Security issues
- Operating system has been updated to Ubuntu 22.04.
Performance improvements
- Perl has been upgraded to version 5.38.
- PostgreSQL has been upgraded to version 14.
Enhancements
- Ensure e-Portal product only assigned to teachers are not accessible for students.
- Changed HTTP status code emitted from front page handler to 200 when site is not configured.
- Support IPv6 clients.
Bugfixes
- Update atime when blob is accessed in cache directory. This improves cache cleanup behavior.
Feature removals / deprecations
- Client-side performance monitoring using Report-To HTTP header has been disabled. This is to reduce costs for storage of this information, as it is no longer needed.
-
Fix e-mail and user name conflicts during e-portal login
Today's update (a557bed) brings with it the following changes:
Enhancements
- If an email or user name was in conflict with an existing user in Portfolio
during e-portal login, it would generate a generic error message and
synchronization would be aborted. Now the error message will contain either
the user name or email in conflict, making it easier to figure out which
user must be modified to fix the conflict.
- If a user name from e-portal is in conflict with an existing user name in
Portfolio, an error during synchronization would occur. With this change
a new user name will be generated during login based on the conflicting
user's full name.
-
Fixed e-portal login edge case and other bugs
Today's update (ba9f819) brings with it the following changes:
Security issues
- Set a limit on how large HTTP uploads are allowed to be, to avoid a potential denial-of-service situation.
Bugfixes
- When logging in directly by clicking on a product in e-portal that uses
the OIDC-based login method, a session cookie was not generated before
redirecting to e-portal login system. This caused a Portfolio login prompt
to be shown when returning from e-portal and trying to synchronize
permissions. This issue should now be fixed.
- Fixed issue where HTTP uploads larger than 1MB might not work properly.
Feature removals / deprecations
- Removed unused Portfolio::Course->student_progress() method.
-
Bugfix for broken reset password feature
Today's update (58269faf3) brings with it the following changes:
Bugfixes
- The last update caused a regression in the "reset password" feature. If one
reset token was requested, another could not be requested before a
successful account reset was performed. If this took more than 24 hours to
perform, the password reset feature would be completely blocked.
-
Auditing of security events and lots of infrastructure changes
Today's update (b36b08a) brings with it the following changes:
Security issues
- Added audit messages for the following security events:
- Login success/failure
- E-portal authentication callback
- User impersonation
- User created/modified/deleted
- User accessed (profile page viewed)
- Credential modified
- Credential recovery
- Group membership modified
- Institution membership modified
- Role modified
- A programming error in the
reset_pw
request handler made it possible to modify the password of any user without knowning the correct reset token. This issue has been improved further since the hotfix.
- Changed behavior to not remove existing reset tokens when creating a new one. This avoids a potential denial-of-service attack vector in the reset password feature.
- When logging in as a new user while already logged in, a login failure will now log out the existing session.
- Upgraded to Perl 5.34.1 to fix security issues in
Archive::Tar
and Compress::Raw::Zlib
.
- Updated to
cpanm
1.7045 to address the issue with
CHECKSUMS file validation
during CPAN package installation.
Performance improvements
- Started using the new e-portal health check endpoint to determine if API is available.
New features
- Changed Nginx web server from FastCGI to HTTP protocol for reverse-proxying to web application server. The web application server now uses standard PSGI/Plack runtime. Static file serving is now also supported directly in the web application server.
- Added test infrastructure to run NATS server and fully validate audit events.
Enhancements
- Changed CPAN dependency manager from Pinto to Carton.
- Now uses upstream versions of
perlbrew
and cpanm
directly, allowing for easier upgrades.
- Simplified the code to support the
explain
template function.
Bugfixes
Feature removals / deprecations
- Removed support for FastCGI protocol for reverse-proxying. We use plain HTTP now, via PSGI.
- Removed Pinto and all CPAN packages directly from upstream.
- Stopped using
Module::Build
for running test suite.
Showing 1-5 of 141