Released 2024-07-03
Note: With release there has been a breaking change for customers who might be calling the BuildRegistrationLaunchLink resource with a credential only having read permissions. Since using a launch link can cause changes to be saved for a registrations progress, we are changing the required scopes to be write or write:registration for security reasons.
Improvements
- Improved clarity of If-Match Etag error messages for xAPI state requests
- Engine will now create an xAPIActivityId for a non-xAPI-based course by using a randomly generated GUID rather than hashing the contents of the course package
- The Partitioned attribute is now set on all Secure and SameSite=None cookies as per CHIPS guidelines
- The /registrations/{registrationId}/launchLink endpoint can now only be accessed using credentials with write or write:registration scopes (previously it was allowed for read or read:registration scopes)
- Added Tenant ID and Pipe ID to statement pipe exception log messages
Bug Fixes
- Set pdf.js config setting isEvalSupported to false to work around CVE-2024-4367
- [Upgrade Tool] - Fixes 'duplicate constraint' error on Cmi5Session table when performing phased, online row copying
- Corrected xAPI statement handling when statement reference chains arrive out of order