Today's update (1234623) brings with it the following changes:

Security issues

• All request handlers that support search queries now need a minimum of three characters to be valid. The search syntax is now consistently validated before it is passed on to the database.

Performance improvements

• The My students report has been improved. It should now render faster.
• The group members report has been optimized quite a lot and should no longer cause timeouts for groups with excessively large member count. If more than 100 table rows are shown then icons are skipped to improve speed. If more than a 1000 users are shown then they are not collectable.
• The inbox/outbox should now be much more performant. The local template variables are also much more consistent. The HTTP API has been slightly changed (related to pagination).
• Automatically-generated messages older than a year will now be automatically deleted.

Enhancements

• The Course result report now shows the total time used in the course.
• The continous summary table in Page views report has been hidden behind the enable_page_views_live_report user configuration variable. It is off by default.
• The synthetic speech client now allow text and text selections in iframes to be read. The code has also been improved so it doesn't try to read JavaScript code out loud. Be aware that content in cross-origin frames or non-HTTPS frames will not be read from an HTTPS-enabled page. The starting DOM element can also be specified in the init method.
• The MP3 audio player can now be configured to place the label, slider and buttons in whatever order you want it. The currently-playing audio player is now targetable with a CSS class.
• Global and system groups are now shown in the user profile, if the user is a member of them.
• The following request handlers now support ignorable path parameters before the UUID: read, read_container, data, download

Feature removals / deprecations

• The java-settings and flash-settings object types were removed. Existing objects have been changed to type app-input.
• The java-data and flash-data object types were removed. Existing objects have been changed to type app-output.

Today's update (1b977e1) brings with it the following changes:

Security issues

• Internet Explorer 11 on Windows 7-8.1 is not able to connect to HTTPS servers which use large Diffie-Hellmann primes. Changed to smaller primes which are compatible with Windows 7-8.1. Windows 10 was not impacted by this issue.
• LeseWeb (synthetic speech) is now accessed via HTTPS URLs to mitigate a mixed-content warning.
• HTTPS SSLv3 protocol was disabled to mitigate the POODLE attack.

Performance improvements

• The list_institution_blog_items(r) and get_institution_blog(t) handlers caused timeout whenever they were used. This was one of the main reasons why the system has been slow the last few weeks. This should now be fixed.
• Storage container size is no longer calculated when objects are modified. This was the cause of a massive locking issue on the entire object table each time an object was modified. This should radically improve performance and concurrency when working with long transactions which modify objects (e.g. recursive deletions).

New features

• Added a button to copy identifier directly to the clipboard. Enable it with the boolean user configuration variable enable_copy_id_button.
• When you're editing an object it is now possible to see which course the object belongs to on the permissions tab. You will only see courses you're an editor for.

Enhancements

• The wav2mp3(r) handler now uses proper caching, allowing HTTP 304 NOT MODIFIED responses. This should improve rendering speed of playback of voice recordings. It is no longer possible to specify multiple objects or a WAV file URL to this handler. The object identifier can now also be specified as part of the URL path.
• The thumbnail(r) and watermark(r) handlers have also been refactored to be more performant. A backend common cache directory is used instead of storing the cached representation together with the primary file.

Bugfixes

• When you try to delete users that have delivered quiz assignments, it should no longer trigger a database exception.
• The ar_SY locale now has right-to-left text direction properly defined.
• UTF8/16/32 BOM text encoding detection was partially broken. This should now be fixed.
• Fixed a bug where content was not saved properly when creating new spreadsheet objects.
• Updated jxcell.jar and pfxcell.jar to conform to new security model in Oracle Java version 7u45 regarding Java applet method access from JavaScript.

Today's update (76c9f3d) brings with it the following changes:

Security issues

• Implement HTTPS support, allowing wildcard certificates and automatically generated certificates using letsencrypt.org.
  • A redirect from HTTP to HTTPS is automatically performed if a certificate is available for the domain.
  • The web server configuration should give an SSL Labs A rating for all domains.
  • Certificates acquired using Let's Encrypt are automatically renewed 30 days before they expire.
  • The default certificate name (for clients that don't support TLS SNI) is portfolio.
  • Domains that we explicitly don't want HTTPS for can be excluded.
  • A wildcard certificate for portfolio.no and fagbokforlaget.no will arrive shortly.

New features

• Added Arabic Syria (ar_SY) content language code.

Enhancements

• Implement inline display mode for quiz type radio. Unfortunately, because of an excessive use of the previous default block display mode, the default is block (when all other types default to inline). If you want inline display mode for type radio you need to explicitly set display_mode => 'inline'.
• Improve icon for set default search method.

Bugfixes

• Adding HTTPS support should fix the microphone access issue in Google Chrome when using the voice recorder.
• Fix broken select user UI in object/container edit permissions tab.
• Cleanup CSS selectors in request_read_account template.

Today's update (9e9d0c2) brings with it the following changes:

Performance improvements

• Improve web server buffering, which should improve latency when a lot of users are requesting large multimedia content, or lots of users with low bandwidth are using the site.

New features

• It is now possible to give time-limited access to a course, similar to a traditional classroom exam. The exam is automatically delivered after the time limit and supervisors are automatically assigned so that they can assess the exam once it's done. Supervisors are notified using the internal messaging system that a new exam is available for assessment. While the exam is active an infobar is added at the top of the page informing you how far you've come and how much time is left. When the exam is started, current_course and current_institution is set. When the exam is delivered (either manually or automatically) all exam documents are automatically delivered.
• A new template function, human_duration, was added, making it easy to convert a duration instance into something easily understandable for end-users.
• The template function, current_exam_participant, was added and is used by the template element_exam_status.

Enhancements

• Extend filesystem template function to allow skipping of containers and objects based on a custom_init flag.
• The container get_child_objects() and get_child_containers() methods were also extended to support this new filesystem behavior.
• Finally the filesystem and read_container request handlers got the skip_custom_init query parameter and behavior.
• Improve backend search script so it can match against multiple regular expressions like a filter chain.
• Population of instances in model classes has been vastly improved and refactored to be simpler.

Bugfixes

• When results for a course was deleted, progress was not reset to first document in course. This has now been fixed.
• The width of the comment field when assessing assignments was too narrow. This has now been fixed.

Today's update (0e8ab70) brings with it the following changes:

New features

• A legal warning about cookie usage is now shown on top of each page with a link to more extensive documentation. If a site uses custom cookies, the template request_cookies should be extended to document their use.

Enhancements

• When logging in using the e-portal, only the user that is logging in is now created or linked up (previously associated supervisors or students where also created). This means that only student/supervisor-relationships where both students and supervisors have logged in at least once will be created. It is recommended that teachers log in at least once to one of their products in the e-portal before students log in to ensure connections are set up before students start to use the products.
• The CEFR placement test algorithm has been modified to allow skipping missing documents in the initial categories. This enables use-cases where we only want to test speech-related categories.
• Android, iOS and Microsoft Edge browsers and mobile platforms should now be properly detected, allowing content to be customized for these devices and browsers. Internet Explorer is now detected as ie instead of msie. Templates should use the client_browser.is_ie check instead of the exact name, so content should not be impacted. The same applies to the Windows platform. It now returns the name windows instead of explicit names for each version of Windows. The check client_browser.on_windows should always be used in templates.
• Several request handlers now show page titles with the name of the item being edited.

Bugfixes

• Increased line-height for code examples in reference documentation to avoid underscores not being rendered.
• Fixed PIN code case-sensitivity bug reported on revisor.portfolio.no.