Product news and other information from the developers of Portfolio.
Showing 16 - 20 of 117
Hashed passwords, faster search and more
Today's update (3648106) brings with it the following changes:
- Passwords are now hashed with the Bcrypt algorithm. If you need to recover your password this is now done by sending a time-limited password reset link by email.
- The forgotten password form is now protected by a honeypot security feature that should stop most spambots. This should reduce the possibility that the form is used in a DDoS amplification attack against a third party.
- Search features should now be much faster, as they use trigram database indexes. Searches for containers, objects, courses, institutions, users and mailbox messages should be significantly faster. The user search feature supports substring matching again, making it easier to search for partial user names.
- When the sound recorder is used an event is sent to our metrics aggregation service (InfluxDB). This enables us to measure sound recorder usage on different platforms and browsers.
- Ownership of any container or object can now be transferred to a predefined user by global administrators. This should make it possible to clean up ownership on all of our existing course content. When an administrator use the feature a status message is sent to them when the job is completed.
- Select support staff can now impersonate another user. When this feature is used it is logged in a way that can't be removed by support staff. The feature was added to make it easier for support staff to help end-users without needing to know their password.
- Modernized HTTP/CGI request parsing. This moves us one step closer to not being dependent on the FastCGI protocol for communication between our web workers and the reverse proxy. Should have no end-user impact.
- Google Chrome Headless is now used instead of unmaintained PhantomJS to perform browser-based testing.
- Successive empty URL path parameters are now normalized away.
Feature removals / deprecations
- Completely removed PhantomJS support code.
- Removed various database columns, indexes and sequences related to local file storage that are no longer in use.
Fix for contact manager timeout issue
Today's update (6ac882b) fixes a timeout issue with the contact manager.
Be aware that members of self registration groups you are a member of are no longer listed in the contact manager.
Database upgrade, persistent connections and bulk metadata editor
Today's update (a8632bd) brings with it the following changes:
- The database system has been updated to PostgreSQL 10. This should give numerous performance improvements.
- Persistent database connections feature has been implemented. This should lower load on the database system during high-traffic situations.
- Certain features that would require database locking, like updating user's last activity timestamp and object last read timestamp is now done in a single atomic database call, getting rid potential race conditions and locking issues.
- Improved performance when listing contents of inbox/outbox.
- The CodeMirror and TinyMCE editors now have a word counter.
- It's now possible to edit metadata for all containers and objects in a container in a simple user-interface. You can access this feature in the Edit menu when viewing a container. You can use Ctrl-Up/Down/Home/End to more quickly navigate the input fields in the table.
- When adding users to institutions using the table or text user interface, our standard CSV parser is now used.
- It is now possible to not inform the supervisor when an assignment is delivered. You can enable this feature by setting the custom_init variable
dont_inform_supervisor=1 on the hand-in object.
- Exception handling has been completely reimplemented, which should give more sane error handling.
- Some database queries have been moved out into external files to make it easier to develop them further. Some of them now use newer PostgreSQL 10 features.
Fixing regressions with new quiz() XHR submit feature
A minor update (dc8cdd4) was performed today to fix regressions with the new behavior for quiz submission using XHR.
User session limit introduced, Flash rendering bugfixes and more
Today's update (42590a8) brings with it the following changes:
- User sharing has never been allowed in Portfolio. It could sometimes cause performance issues that would impact the page response time of the entire system. A security feature was implemented that blocks a user from being logged in more than five places at the same time.
- Several database queries that work with arrays was changed to avoid generating very long queries. Now they use bind variables instead, which should be faster and cause less logging overhead.
- Objects that use
quiz() template functions can now be rendered with a submit button outside of the
read request handler. You need to set the
embed template function parameter
1 to use this feature. When it is activated, the quiz form will be submitted using XHR/AJAX instead of generating a page load.
- The user-interface in the object/container selector was changed from using multiple confirmation buttons to a single OK button and multiple radio buttons used to choose the insert method.
- When the object selector is used from TinyMCE the object you've highlighted in the editor is now selected in the object selector.
- The list of fully translated user-interface languages can now be customized. The site configuration variable
translated_ui_languages contains a comma-separated list of additional languages that should be supported on the site. This should solve the issue on CEFR sites that couldn't use German translations before logging in.
- More API documentation for request handlers was added.
- In recent versions of Chrome, the iframe-based method of embedding Flash content no longer works. The way Flash (.swf) content is embedded on the page has been changed to be compatible. The
use_resolve_path object custom_init parameter no longer has any purpose and can be removed. All Flash files now resolve relative file references based on the .swf object itself.
- Fixed navigation issue with add comment button on minvei.no
- Fixed issue with keyboard events not noticed by ping timer inside TinyMCE edit window.
- Fixed issue with non-HTTPS URLs being returned from LeseWEB API server preventing usage of synthetic speech feature.
quiz_timer() template function has been refactored into something that works with the new quiz form.
- Fixed issue in object selector when width and height was customized. It previously wasn't included in the injected HTML. Now it is. It now supports all CSS units.
- Fixed an issue where PIPE signal could interrupt WAVE to MP3 transcoding in an unexpected way.
Feature removals / deprecations
- The Flash plugin checker code was completely removed, as it no longer instructs modern browsers to initiate a Flash runtime download dialog anymore.
- The older Flash-based MP3 playback engine (musicplayer) used in the object selector was removed. The existing HTML5-based audio player (SoundManager2) is now used in the object selector. The musicplayer 3rd party component was removed.
read request handler query parameter
ignore_resolve_path was removed. The old method of embedding Flash content (.swf) was the only code that used it.
- The metadata panel in the object/container selector wasn't really used for anything, so it was removed.
- The title and uuid insert method options in the object/container selector were removed, as they weren't useful.
Showing 16-20 of 117