This update (0e904af) brings with it the following changes:

Bugfixes:

• Fix character encoding issues when doing the following:
  • adding configuration set values
  • modifying configuration values
  • modifying site names
  • storing assignment scores
  • creating message box tags
  • creating objects
  • creating containers
  • modifying glossary entries
• Avoid a database error if an invalid number is specified when storing or updating an object or container.

Enhancements:

• Updated to Google Universal Analytics for better user behavior insight.

This update (d89c9f5) brings with it the following changes:

Bugfixes:

• Fix problem with character set encoding when editing course name.
• Ensure the send button on the Java-base voice recorder is available.

This update (a8682bc) brings with it the following changes:

Terminology changes:

• What was earlier known as a PIN code is now called an access key.
• PIN code series are now known as access key collections.

New features:

• The access keys associated with a user is displayed on the user profile page.
  • Administrative buttons to remove access keys have been added in case confusing privileges have been assigned.
  • Access keys can now be invalidated, which is done when they are removed from a user on their profile page.
• Access given by access keys are now validated during login, which should ensure they are always current.
  • If a user logs in via e-Portal, but they have an expired access key that has not been invalidated, they will be given access via e-Portal, but immediately lose access because of the expired access key. By logging in again the privileges associated with the e-Portal login should be enabled, as the access key expiration will not be performed multiple times.
  • If a user loses access and is immediately given new access, their role in the institution and course will be reset to student. Because of this behavior, access keys with expiration dates should not be used to give supervisors access.
• Allow the recorder() template function to set soft and hard time limits. This can be used to specify the maximum length of a recording. Only the Flash-based recorder implements this feature.
• Voice comments can be directly recorded from the commenting user interface.
• A new template function called quiz_aggregate() has been made available, which is used to perform aggregate calculations on the quiz score of multiple objects for the current user. This should make it possible to create quiz summary documents more easily.
• It is now possible to parse CSV files directly in templates using the parse_csv() function. It returns an iterator object that can be used in different ways.
  • The CSV column separator should be specified in the object custom_init variable csv_sep_char. If it is not specified it defaults to a comma. You can only use a single character as the separator.
  • You can also specify a flag to indicate that the CSV file has a header in the first line. If csv_has_header=1 is specified in the object's custom_init, the first line will be used as the column names. This will also make the iterator return hashes instead of arrays.
• A new generic CSV request handler was implemented, with one action that sends email to a recipient specified in the CSV file using a custom email template. When using this feature the current user will always receive a copy of the email.
• A generic decode_json() template function that can be used to convert e.g. config variables in JSON format to a data structure usable by templates.
• A template function called inflate_users_by_config() has been added that allow users to be fetched that have a specific config variable set.

Performance improvements:

• Upgraded web server to Ubuntu 14.04 LTS.
• Upgraded database server to PostgreSQL 9.3.
• Upgraded Perl to 5.18.
• Improved object accessor method performance. This should give an all-round speed boost.
• Significantly improved the speed of the institution user overview report. Now it should be able to display a list of 7000 users in about 5-10 seconds.
• Only load JavaScript-based translations for the active language instead of all languages. Should increase page
rendering/parsing time.

Enhancements:

• The read_account (user profile) request handler has been rewritten. Some variables have been renamed: manage_account => can_manage, config => user_config_map.
• When activating an access key a user is automatically logged in again to ensure the access the key gives is activated.
• The recorder() template function now has a recipient parameter which allows sending the recording to a user.
• The config() template function can now fetch information about other users, but only if you're part of a group that has a particular permission. Not even global administrators have this permission by default. If you've got this permission you can only view information on users that are part of the same institution as the group that gave you the permission.

Security issues:

• Remove access to a user's password in the element_comments template.
• Ensure sensitive user details are not logged backend.

Bugfixes:

• Ensure login panel is always visible for anonymous users, regardless of browser session preference.
• Institution roles on user profile pages belonged to the logged-in user, not the user being viewed.
• Fix usability issue in comment editing user interface.
• Ensure two ping requests being sent at the same time do not generate database error but a normal error message instead.
• Avoid database error (race condition) when storing quiz score and scoring hand-in assignments.
• Fix margin issue on radio quiz types when used with right-to-left languages.
• Add a polyfill for missing Function.prototype.bind JavaScript feature in IE8.

Feature removals / deprecations:

• It is no longer possible to limit a user from login in using date ranges. This feature caused a lot of support issues and has been rewritten to only affect permissions and membership instead of the ability to login.
• The message_system() template function is now completely redundant, now that we have the new recorder. It is still functional and works as it did previously, but it is now using the new recorder instead of a popup window.
  • message_system() will also check if the current supervisor is actually set to something and give you an error if it isn't, to avoid some unexpected behavior if a user is not in a course or doesn't have a supervisor.

It was noticed that the most recent update to better protect against service hangs impacted too many users, causing a bit too much latency for unrelated users during e-portal logins. A small modification has been performed to lessen the impact on users not related to the e-portal access group.

The server is now running release 2547292.

This update (a884aed) brings with it the following changes:

New features

• It is now possible to fetch most of the variable information available to templates by prefixing the URL path with json/. Be aware that errors will be reported in a JSON key named response, and you should always verify that the response code is valid before using the data returned.
• Front page information is now available in JSON response mode.

Enhancements

• Minmize the amount of user modifications made during e-portal syncronization. Should speed up e-portal single-sign-on quite a lot.
• Speed up login, logout and e-portal single-sign-on by avoiding session refresh.
• Speed up page views somewhat by not refreshing session information when fetching search providers.
• All database statements now time out after 1m45sec. This should ensure you always see a human-understandable error message instead of the generic "application server is unavailable" message. It should also ensure that requests that take too much time stop executing when the user receives an error.
• The encode_json() template function is now able to serialize instances of all the model classes, which should make it much easier for template authors to gain access to template variable information in JavaScript code.
• Any file uploaded with the extension .json (or mime type explicitly set to application/json) is now returned with character set to UTF-8.

Bugfixes

• They online request handler leaked session identifiers. This security issue has been fixed.
• Lock user database table during e-portal single-sign-on to avoid concurrent updates to user table. Should avoid deadlocks.
• Normal folders were supposed to be ordered by sort number first, then alphabetical by default, but the index number was ignored. This should now work as expected.
• When using an embed() template function, the arguments passed did not show up as variables if the object contained references to it. This should now be fixed.