-
v2.6.0790558e3 · ·
Release version 2.6.0 Features: * Experimental support for CouchDB 2 has been added. Note: The data migration script is not compatible with CouchDB 2 and has to be run before an upgrade. Improvements: * Error handling and logging has been improved. It should now be easier to find the cause of problems. API error responses now contain the name of the `Exception` which caused the error. Further details for debugging purposes can be enabled with the new `api.expose-exception-messages` setting (Do NOT enable in production environments!). * Updated OAuth handling to restore compatibility with 3rd-party login services. Bug fixes: * Fixed multiple bugs caused by incorrect type handling in the database layer. * Fixed XFO header check behind reverse proxy (used by clients when embedding external websites). * Fixed rounding error in learning progress calculation. * Fixed `security.cors.origins` setting. * Fixed import of data from older versions. Security: * Fixed DoS vulnerability in authentication handling behind reverse proxy. Configuration changes: Minor changes to the web server and Tomcat proxy configuration are required (see [installation guide](src/site/markdown/installation.md)).
-
v2.4.32628dbcf · ·
Release version 2.4.3 This release fixes a performance issue on session creation affecting large installations. Bug fixes: * WebSocket communication now works correctly for course sessions. (only affects installations using the LMS connector) * The configuration parameter `security.facebook.allowed-roles` is now respected. Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.5.0e006cc92 · ·
Release version 2.5.0 Major features: * Administration API: New endpoints have been added which are accessible by users defined by `security.admin-accounts`. * Evaluation of free text answers * Proxy support for WebSocket connections: It is now possible to use the same port for standard HTTP requests and WebSocket connections. Additionally, it is no longer necessary to setup a Java key store for TLS if a proxy is used. * Auto-deletion of inactive (not activated) users and guest sessions Minor features and changes: * Caching improvements * New use case including only comments * Export of questions to arsnova.click format * Export/import of flashcards to/from arsnova.cards format * Flashcards are now handled separately from questions Configuration changes: * `socketio.ip` has been replaced by `socketio.bind-address` * `security.ssl` has been removed. `security.keystore` and `security.storepass` have been replaced by `socketio.ssl.jks-file` and `socketio.ssl.jks-password`. * New setting: `socketio.proxy-path` * The default port for WebSocket connections has been changed to `8090` With this release we have completely overhauled our [documentation](README.md). Additionally, we now provide [Docker images](https://github.com/thm-projects/arsnova-docker/).
-
v2.4.172659b09 · ·
Release version 2.4.1 This release fixes a security vulnerability caused by the CORS implementation. Origins allowed for CORS can now be set in the configuration via `security.cors.origins`. (Reported by Rainer Rillke at Wikimedia) Additionally, authentication via disabled services is now entirely blocked to fix a security vulnerability allowing guest access despite the setting `security.guest.enabled=false`. (Reported by Rainer Rillke at Wikimedia) Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.3.3e214cd69 · ·
Release version 2.3.3 This release fixes a security vulnerability caused by the CORS implementation. Origins allowed for CORS can now be set in the configuration via `security.cors.origins`. (Reported by Rainer Rillke at Wikimedia) Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.2.2faa6d978 · ·
Release version 2.2.2 This release fixes a security vulnerability caused by the CORS implementation. Origins allowed for CORS can now be set in the configuration via `security.cors.origins`. (Reported by Rainer Rillke at Wikimedia) Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.1.2c5389a35 · ·
Release version 2.1.2 This release fixes a security vulnerability caused by the CORS implementation. Support for cross-origin requests has been removed. Use ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke at Wikimedia) Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.0.4aa4e5c43 · ·
Release version 2.0.4 This release fixes a security vulnerability caused by the CORS implementation. Support for cross-origin requests has been removed. Use ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke at Wikimedia) Additional changes: * Libraries have been upgraded to fix potential bugs
-
v2.4.0f2e1b14e · ·
Release version 2.4.0 Major features: * Support for new use case and feature settings has been added. Minor features and changes: * New API endpoints have been added to reduce requests on session imports. * Session use case and feature settings are now included in exports and imports. * Authentication providers can now be enabled separately for students and lecturers. * A new suspended votes offset setting has been added. * JSON export and import now include session info and feature settings. Bug fixes: * Deleted sessions are now correctly evicted from cache. * Answer count calculation for free text questions has been fixed.