Product news and other information from the developers of Portfolio.
Showing 21 - 25 of 140
New macro feature, hardened security settings and lots of reference documentation
Today's update (fc0b9c4) brings with it the following changes:
- An extensive review of HTTP security headers has been performed and several
improvements to the security of the system has been implemented. This can,
in some situations, cause behavior that previously worked to not work
anymore, especially those involving cross-site requests involving
authentication and iframes.
- How the session identifier is stored has been hardened to protect against
- Cross-origin HTTP request validation now supports specific URIs, not just
- HTTP headers to enable reporting of client errors were added.
- Code was hardened by avoiding code conventions that can lead to security issues.
- Improved performance in file manager and object/container selector by consolidating database queries.
- A small optimization to how we populate system groups was implemented. This
should give a minor speed increase to anonymous requests.
- It is now possible to create macros that can be used everywhere template markup can be used. Macros are named units of behavior that support required and optional parameters. The parameters are validated when the macro is called, to avoid the need for the implementing template to perform this validation. See the
macro template function documentation for more details.
- A script for exporting contents of an XML dump/export into files was added. It is useful when e.g. binary content needs to be exported into another CMS.
- DuckDuckGo was added as a search engine provider.
- It's now possible to return JSON responses from the
read request handler.
- System groups and users where previously always shown with an English name.
Now the name can be localized to the user interface language.
label template function now supports model instance as first parameter.
- Simplified the user event log user interface a bit.
- Now all search providers use HTTPS URLs. The addresses of several search
providers have been updated to match current APIs.
- Added logging of e-portal session validation URL when failing to improve ability to troubleshoot issues.
- Improved rendering and layout of reference documentation.
- Unrestricted methods in classes are now shown in reference documentation.
- Added reference documentation for:
- Client-side app behavior
- Appointments and calendar availability
- Configuration variables and sets
- Model class attributes
- Eportal behavior
- Asynchronous jobs, job notifications and job queue manager behavior
- Main configuration and search provider configuration
- Container model class
- Added reference documentation for the following HTTP request handlers:
Feature removals / deprecations
- The filters for containers and groups have been removed in the event log user
interface. They were not used anywhere.
- The object type
script is now deprecated. It's not been in use for a long time.
- The request handler
delete_account_membership is now deprecated. Use the
remove_from_group action instead.
- Some search providers that are no longer valid have been removed (most
notably ordboka.net). The category religious scriptures was removed
because there are no more entries.
Voice message menu item, additional documentation and various bug fixes
Today's update (f1916f2) brings with it the following changes:
- Container listings should be slightly faster to load because the amount of
generated HTML code is smaller.
- The identifier (UUID) generator and validation methods were refactored,
fixing some bugs and slightly improving performance.
- The top menu has been extended with an option to send a new voice message
directly to your supervisor.
- The new_message and add_recording request handlers now properly supports
customized page redirection.
- Documentation for the following request handlers were added:
- Documentation for Portfolio::UUID was added.
- Comments are now always edited with the WYSIWYG editor (TinyMCE), which
should ensure whitespace is maintained on display.
- Empty popups are no longer shown when you click on them.
- Added back support for talkbook lookups in popups using the legacy format
lookup => "X_lyd" to indicate a letter phoneme.
Email notifications, better spam protection and improved documentation
Today's update (39c09ac) brings with it the follow changes:
- Improved our HTML form spam protection mechanism. You'll now need to check a box to confirm you're a human when you want to recover your password or register an account.
- You'll now be notified by email if you have unread messages in your inbox. You can choose to get these notifications immediately when a new message arrives, or once per day or week. You can also turn them off if you don't want them. The default is to get weekly notifications. You'll need to go to your user profile page to change this setting. Only the user itself can change this setting.
- It is now possible to preload videos by using the
preload attribute in the
embed template function. It is actually enough to just preload metadata to ensure the video object is cached properly by the backend. This is most likely only needed for somewhat large videos.
- Syndication feeds (RSS) are now handled by an external component instead of using XSLT. This should ensure we encode content much more standards-compliant. We also now support all RSS variants and Atom. The default feed format has changed from RSS 2.0 to Atom. If you have used feeds from Portfolio somewhere else you'll need to update the link to the new format.
- Additional reference documentation for template handlers have been added from our internal wiki. Especially the
embed template functions have gotten much better documentation, including examples. Clarification on recommended and deprecated ways of calling them are now documented.
- All of the XML returned by the HTTP API is now generated in a more consistent way. This should not impact anyone.
- We're now using an automated method for gathering code coverage, which will help the developers to improve the quality of the service over time.
- The access key feature has been modified extensively in the backend. This means it has a higher risk of regressions. Be aware.
Feature removals / deprecations
- The XSLT feature was completely removed. That also means that the
server_xsl query parameter to
read_container request handler was removed.
Bugfixes, tracing identifers, improved metrics and more
Today's update (9899ece) brings with it the follow changes:
- Updated third-party SSL/TLS modules to support OpenSSL 1.1 properly.
- Diminished the number metrics emitted from the queue worker when new jobs are created.
- A tracing identifier is now generated and added to all HTTP requests, allowing for more in-depth analysis when issues are encountered.
- Improved database restore script allowing for point-in-time recovery.
- Fixed issue with accidental overwriting of config set entries, site config entries and user config entries.
- Fixed issue with course rebuilt timestamp not being updated when course is rebuilt.
- Previously plain text files created in Notepad with default encoding would be detected as UTF-8, which was wrong. They should now detect properly as ISO-8859-1 (Latin1).
Today's update (d75be48) brings with it the following changes:
- Operating system of all servers upgraded to Ubuntu 18.04. This was part of a larger process to migrate away from the soon-to-be unsupported Ubuntu 14.04 version.
- Fixed a race condition in the wav2mp3 request handler that could sometimes cause the playback of voice recordings to not play back on the initial attempt.
Showing 21-25 of 140