Tags

Release version 2.5.2

This is a maintenance release which only brings libraries up to date to
fix potential bugs.

Release version 2.5.1

This release fixes a performance issue on session creation affecting
large installations.

Bug fixes:
* Session import works again.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.4.3

This release fixes a performance issue on session creation affecting
large installations.

Bug fixes:
* WebSocket communication now works correctly for course sessions.
  (only affects installations using the LMS connector)
* The configuration parameter `security.facebook.allowed-roles` is now
  respected.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.5.0

Major features:
* Administration API: New endpoints have been added which are accessible
  by users defined by `security.admin-accounts`.
* Evaluation of free text answers
* Proxy support for WebSocket connections: It is now possible to use the
  same port for standard HTTP requests and WebSocket connections.
  Additionally, it is no longer necessary to setup a Java key store for
  TLS if a proxy is used.
* Auto-deletion of inactive (not activated) users and guest sessions

Minor features and changes:
* Caching improvements
* New use case including only comments
* Export of questions to arsnova.click format
* Export/import of flashcards to/from arsnova.cards format
* Flashcards are now handled separately from questions

Configuration changes:
* `socketio.ip` has been replaced by `socketio.bind-address`
* `security.ssl` has been removed. `security.keystore` and
  `security.storepass` have been replaced by `socketio.ssl.jks-file` and
  `socketio.ssl.jks-password`.
* New setting: `socketio.proxy-path`
* The default port for WebSocket connections has been changed to `8090`

With this release we have completely overhauled our
[documentation](README.md). Additionally, we now provide
[Docker images](https://github.com/thm-projects/arsnova-docker/).

Release version 2.4.2

This release fixes a minor security vulnerability which allowed an
attacker to remove a MotD from a session without being the creator.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.3.4

This release fixes a minor security vulnerability which allowed an
attacker to remove a MotD from a session without being the creator.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.4.1

This release fixes a security vulnerability caused by the CORS
implementation. Origins allowed for CORS can now be set in the
configuration via `security.cors.origins`. (Reported by Rainer Rillke at
Wikimedia)

Additionally, authentication via disabled services is now entirely
blocked to fix a security vulnerability allowing guest access despite
the setting `security.guest.enabled=false`. (Reported by Rainer Rillke
at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.3.3

This release fixes a security vulnerability caused by the CORS
implementation. Origins allowed for CORS can now be set in the
configuration via `security.cors.origins`. (Reported by Rainer Rillke at
Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.2.2

This release fixes a security vulnerability caused by the CORS
implementation. Origins allowed for CORS can now be set in the
configuration via `security.cors.origins`. (Reported by Rainer Rillke at
Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.1.2

This release fixes a security vulnerability caused by the CORS
implementation. Support for cross-origin requests has been removed. Use
ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke
at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.0.4

This release fixes a security vulnerability caused by the CORS
implementation. Support for cross-origin requests has been removed. Use
ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke
at Wikimedia)

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.4.0

Major features:
* Support for new use case and feature settings has been added.

Minor features and changes:
* New API endpoints have been added to reduce requests on session
  imports.
* Session use case and feature settings are now included in exports and
  imports.
* Authentication providers can now be enabled separately for students
  and lecturers.
* A new suspended votes offset setting has been added.
* JSON export and import now include session info and feature settings.

Bug fixes:
* Deleted sessions are now correctly evicted from cache.
* Answer count calculation for free text questions has been fixed.

Release version 2.3.2

This release fixes a security vulnerability in the account management
API. It is highly recommended to upgrade if you are using database
authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.2.1

This release fixes a security vulnerability in the account management
API. It is highly recommended to upgrade if you are using database
authentication.

Additional bug fixes:
* The `security.authentication.login-try-limit` setting now works as
  intended.

Release version 2.1.1

This release fixes a security vulnerability in the account management
API. It is highly recommended to upgrade if you are using database
authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs

Release version 2.0.3

This release fixes a security vulnerability in the account management
API. It is highly recommended to upgrade if you are using database
authentication.

Additional changes:
* Libraries have been upgraded to fix potential bugs
* Some unnecessary log warnings for Websocket communication are filtered

Release version 2.3.1

Bug fixes:
* Case-insensitive user IDs are now correctly handled for LDAP
  authentication.
* LDAP authentication does no longer request unnecessary user
  attributes.

Release version 2.3.0

Major features:
* Improved LDAP authentication support: Additional settings for LDAP
  search and a privileged LDAP user have been added.
* Usernames for admin accounts can now be set up in the configuration
  file. These accounts are privileged to create global "Messages of the
  Day". Additional privileges might be added for them in future
  releases.
* Splash screen settings have been added to override the frontend
  theme's defaults.
* The API has been extended to support features introduced with ARSnova
  Mobile 2.3.

Minor features and changes:
* Markdown formatting, learning progress, student's own questions and
  the question format flashcard are now active by default and can no
  longer be disabled for the whole ARSnova installation.

Bugfixes:
* The `security.authentication.login-try-limit` setting now works as
  intended.

Changes for developers:
* API documentation is now exposed in Swagger format.
* Startup time of Jetty has been significantly reduced.
* Version information is now saved with builds and exposed by the API.

**This version is brought to you by:**
Project management: Klaus Quibeldey-Cirkel
Lead programming: Andreas Gärtner, Daniel Gerhardt, Tom "tekay"
Käsler, Christoph Thelen
Contributions: Eduard Ellert, Tjark Wilhelm Hoeck, Mohamed Sami Jarmoud,
Stefan Schmeißer, Paul-Christian Volkmer