Today's update (ce51eda) brings with it the following changes:
Security issues
- Session hijacking was previously mitigated by ensuring the IP address always matched. When you're using HTTPS this is no longer needed, so it's no longer verified. Roaming between different networks (e.g. with a laptop or tablet) should now work without being logged out.
Bugfixes
- The CEFR final report could in some situations include voice recordings for competence levels other than the one the student self-evaluated as. This has been fixed.
- Using the back browser button and answering a CEFR document again would skip over a document in the workflow. This should now be fixed.
- The page activity timer is no longer restarted if you use the back/forward browser buttons to navigate to a page.
- The wav2mp3 request handler had a race condition when dealing with ADPCM WAV files from the Java-based voice recorder. This should now be fixed.
- Some broken HTML markup in my configuration and other reports was fixed.