GitLab steht Mittwoch, den 08. Juli, zwischen 09:00 und 13:00 Uhr aufgrund von Wartungsarbeiten nicht zur Verfügung.

CHANGELOG.md 11.6 KB
Newer Older
Daniel Gerhardt's avatar
Daniel Gerhardt committed
1 2
# Changelog

Daniel Gerhardt's avatar
Daniel Gerhardt committed
3 4 5 6 7 8 9 10 11 12
## 2.5.1
This release fixes a performance issue on session creation affecting large
installations.

Bug fixes:
* Session import works again.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
13 14 15 16 17 18 19 20 21 22 23 24 25
## 2.4.3
This release fixes a performance issue on session creation affecting large
installations.

Bug fixes:
* WebSocket communication now works correctly for course sessions.
  (only affects installations using the LMS connector)
* The configuration parameter `security.facebook.allowed-roles` is now
  respected.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
## 2.5
Major features:
* Administration API: New endpoints have been added which are accessible by
  users defined by `security.admin-accounts`.
* Evaluation of free text answers
* Proxy support for WebSocket connections: It is now possible to use the same
  port for standard HTTP requests and WebSocket connections. Additionally, it is
  no longer necessary to setup a Java key store for TLS if a proxy is used.
* Auto-deletion of inactive (not activated) users and guest sessions

Minor features and changes:
* Caching improvements
* New use case including only comments
* Export of questions to arsnova.click format
* Export/import of flashcards to/from arsnova.cards format
* Flashcards are now handled separately from questions

Configuration changes:
* `socketio.ip` has been replaced by `socketio.bind-address`
* `security.ssl` has been removed. `security.keystore` and `security.storepass`
  have been replaced by `socketio.ssl.jks-file` and `socketio.ssl.jks-password`.
* New setting: `socketio.proxy-path`
* The default port for WebSocket connections has been changed to `8090`

With this release we have completely overhauled our [documentation](README.md).
Additionally, we now provide
[Docker images](https://github.com/thm-projects/arsnova-docker/).

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Tom "tekay" Käsler  
Contributions: Robin Drangmeister, Dennis Schönhof  
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen)


Daniel Gerhardt's avatar
Daniel Gerhardt committed
62 63 64 65 66 67 68
## 2.4.2
This release fixes a minor security vulnerability which allowed an attacker to
remove a MotD from a session without being the creator.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
69 70 71 72 73 74 75
## 2.3.4
This release fixes a minor security vulnerability which allowed an attacker to
remove a MotD from a session without being the creator.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
76 77 78 79 80 81 82 83 84 85 86 87
## 2.4.1
This release fixes a security vulnerability caused by the CORS implementation.
Origins allowed for CORS can now be set in the configuration via
`security.cors.origins`. (Reported by Rainer Rillke at Wikimedia)

Additionally, authentication via disabled services is now entirely blocked to
fix a security vulnerability allowing guest access despite the setting
`security.guest.enabled=false`. (Reported by Rainer Rillke at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
88 89 90 91 92 93 94 95
## 2.3.3
This release fixes a security vulnerability caused by the CORS implementation.
Origins allowed for CORS can now be set in the configuration via
`security.cors.origins`. (Reported by Rainer Rillke at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
96 97 98 99 100 101 102 103
## 2.2.2
This release fixes a security vulnerability caused by the CORS implementation.
Origins allowed for CORS can now be set in the configuration via
`security.cors.origins`. (Reported by Rainer Rillke at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
104 105 106 107 108 109 110 111
## 2.1.2
This release fixes a security vulnerability caused by the CORS implementation.
Support for cross-origin requests has been removed. Use ARSnova version 2.2 or
newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
112 113 114 115 116 117 118 119
## 2.0.4
This release fixes a security vulnerability caused by the CORS implementation.
Support for cross-origin requests has been removed. Use ARSnova version 2.2 or
newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
120 121 122 123 124
## 2.4
Major features:
* Support for new use case and feature settings has been added.

Minor features and changes:
125 126 127 128
* User content is assigned to a single account regardless of case used at
  login/registration for database authentication. For LDAP authentication the
  UID attribute is requested from the server instead of relying on the user's
  input to ensure correct assignment.
Daniel Gerhardt's avatar
Daniel Gerhardt committed
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
* New API endpoints have been added to reduce requests on session imports.
* Session use case and feature settings are now included in exports and imports.
* Authentication providers can now be enabled separately for students and
  lecturers.
* A new suspended votes offset setting has been added.
* JSON export and import now include session info and feature settings.

Bug fixes:
* Deleted sessions are now correctly evicted from cache.
* Answer count calculation for free text questions has been fixed.

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Tom "tekay" Käsler  
Contributions: Paul-Christian Volkmer  
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen)


Daniel Gerhardt's avatar
Daniel Gerhardt committed
148 149 150 151 152 153 154
## 2.3.2
This release fixes a security vulnerability in the account management API. It is
highly recommended to upgrade if you are using database authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
155 156 157 158 159 160 161
## 2.2.1
This release fixes a security vulnerability in the account management API. It is
highly recommended to upgrade if you are using database authentication.

Additional bug fixes:
* The `security.authentication.login-try-limit` setting now works as intended.

Daniel Gerhardt's avatar
Daniel Gerhardt committed
162 163 164 165 166 167 168
## 2.1.1
This release fixes a security vulnerability in the account management API. It is
highly recommended to upgrade if you are using database authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Daniel Gerhardt's avatar
Daniel Gerhardt committed
169 170 171 172 173 174 175 176
## 2.0.3
This release fixes a security vulnerability in the account management API. It is
highly recommended to upgrade if you are using database authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs
* Some unnecessary log warnings for Websocket communication are filtered

Daniel Gerhardt's avatar
Daniel Gerhardt committed
177 178 179 180 181
## 2.3.1
Bug fixes:
* Case-insensitive user IDs are now correctly handled for LDAP authentication.
* LDAP authentication does no longer request unnecessary user attributes.

Daniel Gerhardt's avatar
Daniel Gerhardt committed
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
## 2.3
Major features:
* Improved LDAP authentication support: Additional settings for LDAP search and
  a privileged LDAP user have been added.
* Usernames for admin accounts can now be set up in the configuration file.
  These accounts are privileged to create global "Messages of the Day".
  Additional privileges might be added for them in future releases.
* Splash screen settings have been added to override the frontend theme's
  defaults.
* The API has been extended to support features introduced with ARSnova Mobile
  2.3.

Minor features and changes:
* Markdown formatting, learning progress, student's own questions and the
  question format flashcard are now active by default and can no longer be
  disabled for the whole ARSnova installation.

Daniel Gerhardt's avatar
Daniel Gerhardt committed
199
Bug fixes:
Daniel Gerhardt's avatar
Daniel Gerhardt committed
200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
* The `security.authentication.login-try-limit` setting now works as intended.

Changes for developers:
* API documentation is now exposed in Swagger format.
* Startup time of Jetty has been significantly reduced.
* Version information is now saved with builds and exposed by the API.

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Tom "tekay" Käsler,
Christoph Thelen  
Contributions: Eduard Ellert, Tjark Wilhelm Hoeck, Mohamed Sami Jarmoud, Stefan
Schmeißer, Paul-Christian Volkmer  
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen)  


Daniel Gerhardt's avatar
Daniel Gerhardt committed
217 218 219 220 221 222 223 224 225 226 227 228 229
## 2.2
This release massively improves performance of ARSnova and contains a critical
bugfix so it is highly recommended to upgrade. Because of the newly introduced
caching method, it might be necessary to increase the Java memory limit for
servlet containers.

Major features:
* Performance improvements: Database queries are now cached by the backend.
  Answers are written to the database in batches.
* Pagination support: The range of results can now be limited.
* The API has been extended to support features introduced with ARSnova Mobile
  2.2.

Daniel Gerhardt's avatar
Daniel Gerhardt committed
230
Bug fixes:
Daniel Gerhardt's avatar
Daniel Gerhardt committed
231 232 233 234 235 236 237 238 239 240 241 242
* User content consisting of JSON could not be loaded and rendered connected
  data unloadable as well.

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Christoph Thelen  
Contributions: Dominik Hikade, Tom Käsler, Maximilian Klingelhöfer,
Michael Sann, Jan Sladek, Katharina Staden  
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen)  


Daniel Gerhardt's avatar
Daniel Gerhardt committed
243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260
## 2.1
Major features:
* Public Pool (experimental): It is now possible to share sessions with other
  users in a pool of public sessions. Other users can create their own copies of
  shared sessions. This feature can be enabled in the arsnova.properties
  configuration.

Minor features and changes:
* Adjustments to correctly handle requests for imports from the frontend.
* Some communication between the frontend and backend has been optimized for
  improved performance.
* Additional configuration parameters for tracking, session export and import, a
  demo session and a blog URL have been introduced.

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Christoph Thelen  
Contributions: Felix Schmidt, Artjom Siebert, Daniel Vogel  
261
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
Daniel Gerhardt's avatar
Daniel Gerhardt committed
262 263 264
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen)  


Daniel Gerhardt's avatar
Daniel Gerhardt committed
265 266 267 268
## 2.0.2
This release updates dependencies. The updated library for Socket.IO support
fixes memory leaks and disables SSL 3.0 support (POODLE vulnerability).

Daniel Gerhardt's avatar
Daniel Gerhardt committed
269 270 271 272 273 274 275
## 2.0.1
This release introduces the following changes:
* Updates dependency for Socket.IO support to fix memory leaks
* Usernames for student's questions and free text answers are no longer exposed
  by API responses

## 2.0.0
Daniel Gerhardt's avatar
Daniel Gerhardt committed
276 277 278 279 280 281 282 283 284 285 286 287 288
ARSnova 2.0 has been in development for more than two years. Further releases
can be expected much more frequently.

This is actually the first major release of ARSnova Backend. It is called 2.0 to
feature API compatibility with the simultaneously released ARSnova Mobile 2.0.

**This version is brought to you by:**  
Project management: Klaus Quibeldey-Cirkel  
Lead programming: Andreas Gärtner, Daniel Gerhardt, Christoph Thelen,
Paul-Christian Volkmer  
Contributions: Sören Gutzeit, Julian Hochstetter, Jan Kammer, Daniel Knapp,
Felix Schmidt, Artjom Siebert, Daniel Vogel  
Testing & Feedback: Kevin Atkins, Kathrin Jäger  
289
Sponsoring: [AG QLS](https://www.thm.de/site/en/hochschule/service/ag-qls.html),
Daniel Gerhardt's avatar
Daniel Gerhardt committed
290 291
[HMWK](https://wissenschaft.hessen.de/wissenschaft/it-neue-medien/kompetenznetz-e-learning-hessen),
[@LLZ](http://llz.uni-halle.de/)