- Improved input validation across the entire web app
- Improved our datepicker to better support typing dates
- Added and require a JWT on the LTI 1.3 launch endpoint to prevent authorized access
- Extended Content Usage Overview report to include all content, rather than just assigned content
- Added a link to the user guide to the settings menu
- Added public API endpoints for editing bundles
- Improved dispatch launch process to use a token approach intended to limit exposure of launch secret via URL path
- Added public API endpoint to upload subtitles for videos
- Added public API endpoint to edit a course's description and language
- Fixed a broken link in the Limit By Content report
- Upgraded Tomcat to 7.0.107
- Fixed a bug with downloading the previous versions of media files.
- Fixed a bug that caused issues when launching learners that have curly brackets in their learner IDs
- Fixed a bug with exporting the Content Usage Overview report to CSV that chose the wrong dates.
- Now include bundled content and bundled equivalents in Content Usage Overview report.
- Fixed a bug with sharing bundles from certain accounts that were created using the public API.
- Fixed a bug with registration limit licenses that was undercounting the number of registrations when the same learner took multiple items with a bundle.
- Fixed a bug that could cause issues launching after deleting languages from bundled equivalents
- Fixed HTML injection vulnerability within the web app
Fixed an XSS vulnerability when launching Tin Can content with the player launch type set to "New window" while Content Vault is enabled.
- Improved access control on a number of endpoints.