Improvements:
- Improved input validation across the entire web app
- Improved our datepicker to better support typing dates
- Added and require a JWT on the LTI 1.3 launch endpoint to prevent authorized access
- Extended Content Usage Overview report to include all content, rather than just assigned content
- Added a link to the user guide to the settings menu
- Added public API endpoints for editing bundles
- Improved dispatch launch process to use a token approach intended to limit exposure of launch secret via URL path
- Added public API endpoint to upload subtitles for videos
- Added public API endpoint to edit a course's description and language
- Fixed a broken link in the Limit By Content report
- Upgraded Tomcat to 7.0.107
Bug fixes:
- Fixed a bug with downloading the previous versions of media files.
- Fixed a bug that caused issues when launching learners that have curly brackets in their learner IDs
- Fixed a bug with exporting the Content Usage Overview report to CSV that chose the wrong dates.
- Now include bundled content and bundled equivalents in Content Usage Overview report.
- Fixed a bug with sharing bundles from certain accounts that were created using the public API.
- Fixed a bug with registration limit licenses that was undercounting the number of registrations when the same learner took multiple items with a bundle.
- Fixed a bug that could cause issues launching after deleting languages from bundled equivalents
Security:
- Fixed HTML injection vulnerability within the web app
-
Fixed an XSS vulnerability when launching Tin Can content with the player launch type set to "New window" while Content Vault is enabled.
- Improved access control on a number of endpoints.