Note that last week's release was pushed out last evening, March 4th, 2018.
Addressed Security exploits
We were made aware of a couple of security exploits, which we have addressed with this release:
- Vulnerability CVE-2017-1428: This fixed a particular issue with OneLogin access (Ruby SAML SSO), which could allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.
- Vulnerability CVE-2017-0889: This fixed an issue with Paperclip ruby gem version 3.1.4 and later, which allowed attackers to access information about internal network resources.
Activity Summary field added to Path Content report
In the Path Content report, the “Activity summary” field has been added to query against and include in the report output:
Session End Time now also displays in Session view for Student and Admin
When a Student accesses an enrolled session view or clicks on “View Schedule,” and when an admin views a session schedule from the activity properties, we only used to show the Session start time. Now, we also show the Session end time:
Note that Sessions which are already completed will not display the end time.
Error when deleting eLearning .zip file
After an admin had created an eLearning activity (i.e., a File-type activity with an uploaded SCORM or AICC .zip file), if the admin went back and tried to delete the .zip file, they may have encountered an AWS (Amazon Web Service) error. This bug has been fixed so that the .zip file can be deleted without issue.
Error when creating various objects without attachments or images
If an admin tried to create any of the following objects without an attachment or image, a “Something is broken” error would display:
- On the Branding Organization Properties page:
- Certificate Logo (image)
- Favicon (image)
- Login logo (image)
- Catalog Section Banner (image)
- Enrollment (attachment)
- External credit (attachment)
- Custom User Registration (image)
We’ve corrected these problems so that an admin can create these objects without error.
Removing reply-to email address at account level caused issues for activities still using it
If an admin had defined a reply-to email address at the account level, and used that email address to set the Reply-to Address on an activity, then subsequently deleted the email address at the account level, the reply-to address used for the activity wouldn’t be viewable on the account properties, so it couldn’t be changed. If the old address wasn’t valid anymore, this would be problematic. We’ve fixed this issue so that the old email address value will show even if it is no longer in the account level setting (and give the admin the ability to reset it).
Group Restrictions message on Scheduled Activity wasn’t always accurate
If an admin had created an activity which included group restrictions, and also a scheduled session of that same activity, the message that displayed in the Restrictions section of the session’s properties incorrectly noted that “This item can be accessed by everyone.” We’ve updated this message to display “This session is attached to an activity that has restrictions set” in this scenario. Note that the Session must be enabled to show in the Catalog for the Restrictions area and message to display.
Sending nil value for a “matching” answer via Assessment API causes error
When using the Assessment API, if a nil value is sent for a “matching” answer type, an error would occur. This bug has been fixed so that a nil value can be sent for matching answer types.
Link to Profile page without being logged in shows error page
If a Student is sent an email link to the Profile page in the LMS, if they were not already logged in they would encounter a “Something is wrong” error page. We’ve corrected this issue so that the Student will be prompted to login first.
Exceed Planned Maintenance and Schema changes
As part of our schema cleanup, we removed several tables and columns we no longer use in Exceed. Your custom reports, API integrations, and Exceed import integrations may be affected. Some CSV export files also changed due to the removed columns. For more detail, including a list of tables and columns that have been removed, see this article.