Today's hotpatch (2aedfdc) brings with it the following changes:

Bugfixes

• In the update deployed on Tuesday, users were automatically removed when the ePortal sent a remove user message. This was not the intended behavior. When a user is removed in the ePortal it should be in quarantine for some time before it is removed. Disabled automatic deletion of users until ePortal sends the correct messages at the correct time. That is, the old behavior we had before the update on Tuesday is reinstated as-is.
• The confirmation message shown when an account is tried deleted is more expressive about what will happen. Hopefully this should cause less confusion.
• Quiz observations were collected, but wasn't mentioned in our privacy policy. This data collection has now been disabled.

In certain situations a user might not be deleted when they asked for it because their home container wasn't properly removed first. This issue should be resolved in this release, 9799ad3.

Today's update (94c74a7) brings with it the following changes:

Security issues

• It was possible to change a user's password without their consent by sending specially crafted HTML which would be activated automatically using a CSRF/XSS attack when the user reads the message.
  • This vulnerability was fixed by asking for the user's existing password before setting a new password or changing their email address.
  • Users with access to the impersonate feature (special support staff) are allowed to change another user's email address without needing to enter the user's password.

Performance improvements

• The list_quota request handler now only shows the first 1000 users ordered by used storage size. This should ensure it never times out.

New features

• It is now possible to delete your user account. Only global administrators are allowed to delete accounts other than their own. If an account that owns course content (or other content outside their home folder) is deleted, that content is transferred to the orphan user. All remaining objects and containers, object quiz assignments, scores and account activity are deleted. It is not possible to login as this orphan user.
• Added privacy policy link to standard footer template. When logged in, the link is moved to the top help menu. The link is only shown if the configuration variable privacy_policy contains an object identifer.

Enhancements

• When an ePortal push message with the remove user action is received, the user is now permanently removed in Portfolio. If the user is a global administrator or has institutions associated with it the user is not deleted, only institution and course relationships are removed.
• All links in the standard footer now uses HTTPS and have been updated. The HTML markup has also been improved.

Bugfixes

• Fixed some CSS bugs in the standard stylesheet. Should have no user impact.
• Added a wrapper class for the template plugin CGI. Only the param() method is implemented, allowing for template code to easily use query string parameters.
• When users register themselves using the selfreg request handler, the group they're registered into is now properly logged.

Feature removals / deprecations

• The course progress limit feature was never used. It has now been removed.
• The event log action account_delete was removed. It didn't contain any usable metadata. All event log entries with this action have been removed.
• The event log column container_id was never used. It has now been removed.
• The object attributes cost and copyright wasn't used anywhere. They have now been removed.

Today's update (3648106) brings with it the following changes:

Security issues

• Passwords are now hashed with the Bcrypt algorithm. If you need to recover your password this is now done by sending a time-limited password reset link by email.
• The forgotten password form is now protected by a honeypot security feature that should stop most spambots. This should reduce the possibility that the form is used in a DDoS amplification attack against a third party.

Performance improvements

• Search features should now be much faster, as they use trigram database indexes. Searches for containers, objects, courses, institutions, users and mailbox messages should be significantly faster. The user search feature supports substring matching again, making it easier to search for partial user names.

New features

• When the sound recorder is used an event is sent to our metrics aggregation service (InfluxDB). This enables us to measure sound recorder usage on different platforms and browsers.
• Ownership of any container or object can now be transferred to a predefined user by global administrators. This should make it possible to clean up ownership on all of our existing course content. When an administrator use the feature a status message is sent to them when the job is completed.
• Select support staff can now impersonate another user. When this feature is used it is logged in a way that can't be removed by support staff. The feature was added to make it easier for support staff to help end-users without needing to know their password.

Enhancements

• Modernized HTTP/CGI request parsing. This moves us one step closer to not being dependent on the FastCGI protocol for communication between our web workers and the reverse proxy. Should have no end-user impact.
• Google Chrome Headless is now used instead of unmaintained PhantomJS to perform browser-based testing.

Bugfixes

• Successive empty URL path parameters are now normalized away.

Feature removals / deprecations

• Completely removed PhantomJS support code.
• Removed various database columns, indexes and sequences related to local file storage that are no longer in use.

Today's update (6ac882b) fixes a timeout issue with the contact manager.

Be aware that members of self registration groups you are a member of are no longer listed in the contact manager.