Today's update (1b977e1) brings with it the following changes:

Security issues

• Internet Explorer 11 on Windows 7-8.1 is not able to connect to HTTPS servers which use large Diffie-Hellmann primes. Changed to smaller primes which are compatible with Windows 7-8.1. Windows 10 was not impacted by this issue.
• LeseWeb (synthetic speech) is now accessed via HTTPS URLs to mitigate a mixed-content warning.
• HTTPS SSLv3 protocol was disabled to mitigate the POODLE attack.

Performance improvements

• The list_institution_blog_items(r) and get_institution_blog(t) handlers caused timeout whenever they were used. This was one of the main reasons why the system has been slow the last few weeks. This should now be fixed.
• Storage container size is no longer calculated when objects are modified. This was the cause of a massive locking issue on the entire object table each time an object was modified. This should radically improve performance and concurrency when working with long transactions which modify objects (e.g. recursive deletions).

New features

• Added a button to copy identifier directly to the clipboard. Enable it with the boolean user configuration variable enable_copy_id_button.
• When you're editing an object it is now possible to see which course the object belongs to on the permissions tab. You will only see courses you're an editor for.

Enhancements

• The wav2mp3(r) handler now uses proper caching, allowing HTTP 304 NOT MODIFIED responses. This should improve rendering speed of playback of voice recordings. It is no longer possible to specify multiple objects or a WAV file URL to this handler. The object identifier can now also be specified as part of the URL path.
• The thumbnail(r) and watermark(r) handlers have also been refactored to be more performant. A backend common cache directory is used instead of storing the cached representation together with the primary file.

Bugfixes

• When you try to delete users that have delivered quiz assignments, it should no longer trigger a database exception.
• The ar_SY locale now has right-to-left text direction properly defined.
• UTF8/16/32 BOM text encoding detection was partially broken. This should now be fixed.
• Fixed a bug where content was not saved properly when creating new spreadsheet objects.
• Updated jxcell.jar and pfxcell.jar to conform to new security model in Oracle Java version 7u45 regarding Java applet method access from JavaScript.

Today's update (76c9f3d) brings with it the following changes:

Security issues

• Implement HTTPS support, allowing wildcard certificates and automatically generated certificates using letsencrypt.org.
  • A redirect from HTTP to HTTPS is automatically performed if a certificate is available for the domain.
  • The web server configuration should give an SSL Labs A rating for all domains.
  • Certificates acquired using Let's Encrypt are automatically renewed 30 days before they expire.
  • The default certificate name (for clients that don't support TLS SNI) is portfolio.
  • Domains that we explicitly don't want HTTPS for can be excluded.
  • A wildcard certificate for portfolio.no and fagbokforlaget.no will arrive shortly.

New features

• Added Arabic Syria (ar_SY) content language code.

Enhancements

• Implement inline display mode for quiz type radio. Unfortunately, because of an excessive use of the previous default block display mode, the default is block (when all other types default to inline). If you want inline display mode for type radio you need to explicitly set display_mode => 'inline'.
• Improve icon for set default search method.

Bugfixes

• Adding HTTPS support should fix the microphone access issue in Google Chrome when using the voice recorder.
• Fix broken select user UI in object/container edit permissions tab.
• Cleanup CSS selectors in request_read_account template.

Today's update (9e9d0c2) brings with it the following changes:

Performance improvements

• Improve web server buffering, which should improve latency when a lot of users are requesting large multimedia content, or lots of users with low bandwidth are using the site.

New features

• It is now possible to give time-limited access to a course, similar to a traditional classroom exam. The exam is automatically delivered after the time limit and supervisors are automatically assigned so that they can assess the exam once it's done. Supervisors are notified using the internal messaging system that a new exam is available for assessment. While the exam is active an infobar is added at the top of the page informing you how far you've come and how much time is left. When the exam is started, current_course and current_institution is set. When the exam is delivered (either manually or automatically) all exam documents are automatically delivered.
• A new template function, human_duration, was added, making it easy to convert a duration instance into something easily understandable for end-users.
• The template function, current_exam_participant, was added and is used by the template element_exam_status.

Enhancements

• Extend filesystem template function to allow skipping of containers and objects based on a custom_init flag.
• The container get_child_objects() and get_child_containers() methods were also extended to support this new filesystem behavior.
• Finally the filesystem and read_container request handlers got the skip_custom_init query parameter and behavior.
• Improve backend search script so it can match against multiple regular expressions like a filter chain.
• Population of instances in model classes has been vastly improved and refactored to be simpler.

Bugfixes

• When results for a course was deleted, progress was not reset to first document in course. This has now been fixed.
• The width of the comment field when assessing assignments was too narrow. This has now been fixed.

Today's update (0e8ab70) brings with it the following changes:

New features

• A legal warning about cookie usage is now shown on top of each page with a link to more extensive documentation. If a site uses custom cookies, the template request_cookies should be extended to document their use.

Enhancements

• When logging in using the e-portal, only the user that is logging in is now created or linked up (previously associated supervisors or students where also created). This means that only student/supervisor-relationships where both students and supervisors have logged in at least once will be created. It is recommended that teachers log in at least once to one of their products in the e-portal before students log in to ensure connections are set up before students start to use the products.
• The CEFR placement test algorithm has been modified to allow skipping missing documents in the initial categories. This enables use-cases where we only want to test speech-related categories.
• Android, iOS and Microsoft Edge browsers and mobile platforms should now be properly detected, allowing content to be customized for these devices and browsers. Internet Explorer is now detected as ie instead of msie. Templates should use the client_browser.is_ie check instead of the exact name, so content should not be impacted. The same applies to the Windows platform. It now returns the name windows instead of explicit names for each version of Windows. The check client_browser.on_windows should always be used in templates.
• Several request handlers now show page titles with the name of the item being edited.

Bugfixes

• Increased line-height for code examples in reference documentation to avoid underscores not being rendered.
• Fixed PIN code case-sensitivity bug reported on revisor.portfolio.no.

Today's update (146d133) brings with it the follow changes:

Security issues

• Allow site administrators to set the CORS Access-Control-Allow-Origin HTTP header, allowing JavaScript applications on other sites access to data in Portfolio. The site configuration variable in question is named http_access_control_allow_origin. This was requested by the d-bok project.

Performance improvements

• The implementation of HTTP range requests for binary content allow the video and audio player to skip ahead in the stream, saving some bandwidth when users are only interested in a specific portion of the stream.

New features

• Support for HTTP range requests (RFC 7233) was added to all binary content served by Portfolio. The thumbnail, watermark and wav2mp3 HTTP request handlers have ranged requests disabled, because the content is dynamically generated. This also means that normal voice recordings performed in the WAV format does not support range requests during playback, because it internally uses the wav2mp3 request handler. This is because some browsers don't support playback of WAV files using HTML5.
• Additional API documentation. All template handlers should now be documented. A significant portion of the HTTP request handlers have also been documented.

Enhancements

• Binary HTTP responses from Portfolio was refactored, which should give more consistent response in terms of caching behavior.
• Improved the readability of the legend text in the CEFR placement test usage report.

Bugfixes

• Google Chrome users were unable to seek in MP4 video files before the entire video file was cached locally and the page was reloaded. This should now work as expected.