Today's update (1b977e1) brings with it the following changes:
Security issues
- Internet Explorer 11 on Windows 7-8.1 is not able to connect to HTTPS servers which use large Diffie-Hellmann primes. Changed to smaller primes which are compatible with Windows 7-8.1. Windows 10 was not impacted by this issue.
- LeseWeb (synthetic speech) is now accessed via HTTPS URLs to mitigate a mixed-content warning.
- HTTPS SSLv3 protocol was disabled to mitigate the POODLE attack.
Performance improvements
- The
list_institution_blog_items(r)
and get_institution_blog(t)
handlers caused timeout whenever they were used. This was one of the main reasons why the system has been slow the last few weeks. This should now be fixed.
- Storage container size is no longer calculated when objects are modified. This was the cause of a massive locking issue on the entire object table each time an object was modified. This should radically improve performance and concurrency when working with long transactions which modify objects (e.g. recursive deletions).
New features
- Added a button to copy identifier directly to the clipboard. Enable it with the boolean user configuration variable
enable_copy_id_button
.
- When you're editing an object it is now possible to see which course the object belongs to on the permissions tab. You will only see courses you're an editor for.
Enhancements
- The
wav2mp3(r)
handler now uses proper caching, allowing HTTP 304 NOT MODIFIED responses. This should improve rendering speed of playback of voice recordings. It is no longer possible to specify multiple objects or a WAV file URL to this handler. The object identifier can now also be specified as part of the URL path.
- The
thumbnail(r)
and watermark(r)
handlers have also been refactored to be more performant. A backend common cache directory is used instead of storing the cached representation together with the primary file.
Bugfixes
- When you try to delete users that have delivered quiz assignments, it should no longer trigger a database exception.
- The
ar_SY
locale now has right-to-left text direction properly defined.
- UTF8/16/32 BOM text encoding detection was partially broken. This should now be fixed.
- Fixed a bug where content was not saved properly when creating new spreadsheet objects.
- Updated jxcell.jar and pfxcell.jar to conform to new security model in Oracle Java version 7u45 regarding Java applet method access from JavaScript.