The entire system has been moved from the Rackspace London data center to the Azure North European data center.

Contact support if any unexpected issues that might be related to this migration happen.

Today's update (6f5f52e) brings with it the following changes:

Performance improvements

• The performance of the user memberships report was improved a lot.
• The performance of the course results report was improved.

New features

• A report for how much a user has progressed in courses was added to the user profile.
• A report with the lowest course object scores was added to the user profile. It makes it easy to see which course objects the student needs to work on. It is a subset of what is available in the course result report.
• A report for user submissions was added to the user profile. This makes it easy to find essays that the student is working on. It is a subset of what is available in the course result report.

Enhancements

• The user activity report now supports reporting activity information for a range of dates, not just a single day or week. Additional information was added to the table legend to clarify some date range issues.
• The course results report now supports a range parameter, making it possible to only see activity for a certain date range.
• The report of access keys assigned to a user and the report to show all institution, group and course memberships were extracted out of the user profile and moved to their own request handlers. The user profile still load these reports into the page.
• Added user name to page title for the following reports:
  • course_result
  • user_access_keys
  • user_course_progress
  • user_memberships
  • user_object_scores

Bugfixes

• When a supervisor views the course result of a student the student identifier wasn't logged. This is now fixed.
• Downgraded FFMPEG from version 4.x to version 3.x because of unmaintained third-party code. This might impact the ability to create thumbnails for some video formats.
• Improved developer documentation for the course_result request handler.

Today's update (2f25d62) brings with it the following changes:

Security improvements

• Secure websockets are now allowed by our CSP policy on secure sites.

Performance improvements

• Improved navigation between pages by avoiding deprecated browser features.

Documentation improvements

• Added reference documentation for:
  • Email-sending behavior
  • Object rendering behavior
  • Factory behavior
  • Flash message behavior
  • File manager parameter validation
  • FastCGI web worker behavior
  • File type detection behavior
• Added reference documentation for the following HTTP request handlers:
  • aicc
  • dev
  • edit_autoreg
  • eportal_push
  • execute
  • external_search_config
  • help
  • list_permission
  • login
  • logout
  • mark_message
  • measure
  • move_element
  • nav_course
  • new_message
  • online
  • page_view_log
  • ping
  • placement_test
  • preview_content
  • quiz_editor
  • read
  • read_exam
  • read_site
  • register_account
  • resolve_path
  • session
  • sso
  • talkbook
  • update_autoreg
  • update_class
  • update_config
  • update_order_course_element
  • update_site
  • update_site_containers
  • upload
  • user_activity
  • watermark
  • welcome
  • write
  • write_account
  • write_account
  • write_autoreg
  • write_course_element
  • write_glossary
  • write_institution

Today's hotpatch (66ebc45) brings with it the following changes:

Bugfixes

• A regression in the CGI.cookie() template plugin method was causing existing cookies to not be retrieved, even though they existed in the HTTP request. The old behavior has been restored and the issue should be fixed.

Today's update (fc0b9c4) brings with it the following changes:

Security improvements

• An extensive review of HTTP security headers has been performed and several improvements to the security of the system has been implemented. This can, in some situations, cause behavior that previously worked to not work anymore, especially those involving cross-site requests involving authentication and iframes.
• How the session identifier is stored has been hardened to protect against malicious behavior. It is no longer possible to read it using JavaScript code.
• Cross-origin HTTP request validation now supports specific URIs, not just the * value.
• HTTP headers to enable reporting of client errors were added.
• Code was hardened by avoiding code conventions that can lead to security issues.

Performance improvements

• Improved performance in file manager and object/container selector by consolidating database queries.
• A small optimization to how we populate system groups was implemented. This should give a minor speed increase to anonymous requests.

New features

• It is now possible to create macros that can be used everywhere template markup can be used. Macros are named units of behavior that support required and optional parameters. The parameters are validated when the macro is called, to avoid the need for the implementing template to perform this validation. See the macro template function documentation for more details.
• A script for exporting contents of an XML dump/export into files was added. It is useful when e.g. binary content needs to be exported into another CMS.
• DuckDuckGo was added as a search engine provider.

Enhancements

• It's now possible to return JSON responses from the read request handler.
• System groups and users where previously always shown with an English name. Now the name can be localized to the user interface language.
• The label template function now supports model instance as first parameter.
• Simplified the user event log user interface a bit.
• Now all search providers use HTTPS URLs. The addresses of several search providers have been updated to match current APIs.
• Added logging of e-portal session validation URL when failing to improve ability to troubleshoot issues.

Documentation improvements

• Improved rendering and layout of reference documentation.
• Unrestricted methods in classes are now shown in reference documentation.
• Added reference documentation for:
  • Client-side app behavior
  • Appointments and calendar availability
  • Configuration variables and sets
  • Model class attributes
  • Eportal behavior
  • Asynchronous jobs, job notifications and job queue manager behavior
  • Main configuration and search provider configuration
  • Container model class
• Added reference documentation for the following HTTP request handlers:
  • history
  • impersonate
  • leseweb
  • list
  • list_class_permission
  • list_log
  • read_container
  • read_glossary
  • read_institution
  • read_message
  • rebuild_course
  • remove_institution_course
  • remove_student
  • reorder_course_element
  • score
  • selector
  • selfreg
  • send_message
  • set_assignment_score
  • set_course_supervisor
  • set_ownership
  • start_exam
  • stop_exam
  • tag_message
  • tts
  • unlink_access_key
  • unpack
  • update
  • update_config_set
  • update_container
  • update_course
  • update_course_element_order_list
  • update_institution
  • update_institution_course
  • write_class
  • write_class_membership
  • write_config
  • write_config_set
  • write_container
  • write_course

Feature removals / deprecations

• The filters for containers and groups have been removed in the event log user interface. They were not used anywhere.
• The object type script is now deprecated. It's not been in use for a long time.
• The request handler delete_account_membership is now deprecated. Use the collection manager remove_from_group action instead.
• Some search providers that are no longer valid have been removed (most notably ordboka.net). The category religious scriptures was removed because there are no more entries.