Engine and Engine Dispatch 23 - All Release Notes

23.41.413

Released 2026-05-13

Bug Fixes

• [Upgrade Tool] - Fixes xAPI activity migration error when "MaxRowsPerDatabaseUpsert" is configured higher than "1".

Improvements

• Engine's API, "CourseImport" notifications, and import result postbacks will now include the duration of course import jobs - provided that they have reached a terminal status of "COMPLETE" or "ERROR".
• [Content Vault] Added optional referrer check for media content.
• [Content Vault] Added support for vaulting import-by-reference media & AICC content where that reference is pointing to content managed by Engine

Dispatch Improvements

• [SCORM 1.2] - Fixes duplicate registrations caused by bad exits or concurrent launches - particularly on mobile.

23.40.402

Released 2026-04-24

Bug Fixes

• Fixes repeated errors logged from the "XapiETLInstanceProcessor".
• For cmi5 course launches, parameters from the "SupplementalQueryStringParametersForAllActivities" setting will now be passed along to the content's launch URL.
• [Upgrade] - Fixes table name case typo in the "MigrateTincanDataPrechecksPhase" sub-phase.

Improvements

• Adds setting "AudioVideoPlayerPreventSkipUnwatched" to restrict learner from skipping un-watched cmi5 video content.
• Added new setting "PensAsyncUseDatabase" to help with PENS background processing in multi-server deployments
• Adds new registration-level setting "OverrideRuntimeLanguagePreference" to allow SCORM content runtime language preference to be overridden. When the setting has been configured, "PlayerMakeStudentPrefsGlobalToCourse" will operate as if it were set to "YES" (in order for the override to "stick").

• Bumps dependency to resolve a "moderate" CVE (CVE-2026-40021). Engine is not vulnerable by default.

•  

23.39.371

Released 2026-04-01

Bug Fixes

• Fixed a localization issue that caused database update errors when saving scores and progress measures in regions using comma-based decimal separators.
• [Upgrade] - Use less strict validation during xAPI migration to prevent unnecessary stoppage for non-critical activity and statement validation errors.
• [Upgrade] - Smoother handling of malformed statement keys during xAPI migration.

Improvements

• Update AWSSDK.Cloudfront for CVE GHSA-mvm6-f9r3-fgfx.
•  Use UsageStatistics automatically for user count if since date has available data.
• [TinCan] - Removed default "LMS" activity profile document/launch link for imported TinCan packages.
• [CMI5] - Skip an unnecessary database write when a "state" request occurs shortly after another CMI5 request
• [xAPI] Reduced alternate request syntax detail logging from INFO to DEBUG but moved some key information into existing INFO log.
• [Java] Minor version bumps and removed unused dependencies.
• [Upgrade] - Memory optimizations for xAPI statements migration

Dispatch Improvements

• Dispatched media content now receives status directly via postMessage and removes need to poll Engine for status.

23.38.354

Released 2026-03-12

Bug Fixes

• Fixes new registration launches. This issue impacts legacy integrations only on versions 23.36.317 - 23.37.341.

Improvements

• Content vault will now fall back to the request host address if X-Forwarded-For is not set.
• Updated Jersey dependencies to version 2.47 to address CVE-2025-12383.
• [Java] - If an asynchronous API import job is interrupted due to shutdown, Engine will attempt to send a postback notification indicating that the job was canceled and update the job's status in the database. 

23.37.341

Released 2026-02-27

Bug Fixes

• Fixes response for V2 API "/xAPIStatements" request when passing an invalid courseId or versionId.
• Fixes incorrect Enum type check for AICC Preview SID.
• Resolves rare missing schema prefix on query statements.
• [Upgrade] - Resolves false-positives during schema audit when migrating away from a legacy integration.
• [Upgrade] - Ensures that added indexes to support xAPI migration get added to the proper "target" database for the src/target, row-copy upgrade mode.

Improvements

• Performance improvement when putting files into S3.
• Reduce database calls for cmi5 content (such as media content).
• A new setting, "SurfaceRegistrationTimeReportedInsteadOfTimeTracked", was added to allow for surfacing reported time instead of tracked time in registration information contained in a "RegistrationSchema".
• [xAPI] - When a registration is deleted and the "DeleteXAPIDataOnRegistrationDelete" setting is "true" (default), delete all xAPI documents associated with the registration.
• [Upgrade / PostgreSql] - Significant batch query optimization.
• [Media] - When "WebContentRecordCompletionOnLaunch" is enabled, record completion of web content immediately after launch of the web content.

23.36.317

Released 2026-01-16

Improvements

• Adds new "GenerateXApiStatementsMode" setting to the configuration system as an alternative to the "ConvertTinCanFromScormRealtime" setting (which can only be configured in Engine's configuration file).
• Import results now contain course activity details.
• AiccSessionPerLaunch now works for AICC preview launches (note: AICC Preview launches utilizing launch settings will always have a unique session ID - regardless of this setting)
• Adds new "LearnerExchange" for retrieving a learner's first and last names at runtime.
• [Java] - Resolves repeated DEBUG log "Could not get server engine when logging request."
• [Java] - Better shutdown routine to prevent lingering Java process.

23.35.309

Released 2026-01-07

Bug Fixes

• [Upgrade] - Various bug fixes for when auditing the actual, existing schema.

• [Upgrade] - Improved detection of infinite batching during data migrations.

Improvements

• [LTI 1.3] - Applies to Engine as the LTI Tool. After enabling the new "Lti13InstanceRegistrationOnNewDeployment" setting, Engine will create a new registration instance if either the contextId or deploymentId has changed (resetting course progress for the registration).

Engine and Engine Dispatch 23.34.306

Released 2025-12-16

Bug Fixes

• [Java] - Redact oracle database connection strings correctly.

• [Upgrade] - Preserve "stored" date of xAPI statements when upgrading

Improvements

• [LTI13] - When Engine is configured as an LTI 1.3 tool, the accept header value on http requests to an LTI platform's access token url has been changed from the wildcard "/" to "application/json".

Engine and Engine Dispatch 23.33.303

Released 2025-11-24

Bug Fixes

• Expose actual numeric values for SCORM 2004 3rd Edition real interaction responses instead of the literal string "real".

Improvements

• By default, disable TinCan content API - only known to be used by certain very outdated content.
• [Upgrade] - Up to a tolerance threshold, preemptively remove orphaned xAPI documents.

• [Upgrade] - Record the schema version in the database only after other critical steps finish.

Engine and Engine Dispatch 23.32.297

Released 2025-10-31

Bug Fixes

• Fixes error when using "on-demand xAPI registrations" feature that occurs when "UseGuidAsObjectId" is enabled.
• [Java] Resolves duplicate metrics.

Improvements

• Added optional "EngineHostAllowList" setting to protect from spoofed proxy headers.
• [Media] - Introduces the "MediaContentDurationMode" setting to provide the option to change the manner in which duration is tracked for a registration during media content.
• [Media] - Media Courses now track media type via the new "mediaType" property located on the courseSchema.
• [Upgrade] - Audit the actual, existing schema before upgrading.

Engine and Engine Dispatch 23.31.290

Released 2025-10-02

Bug Fixes

• On relaunch of a SCORM 2004 course, attempt to recover from an inconsistent state caused by a bad exit (prevents loss of bookmarking and suspend data).
• The V2 API's GetCourseZip endpoint will now work for AICC stub packages.
• [LTI] - Fixed an improper authentication failure that would occur when attempting to send line items to an Engine tenant that had ApiTokenSecrets configured at both the system and tenant level.

Improvements

• Adds "TenantDatabaseSchema" configuration setting to better support database-per-tenant architectures. Previously, one could only specify a single "DatabaseSchema" across multiple tenants. 

• Adds "ShouldNewCourseVersionInheritSettings" setting to control whether Engine migrates the previous course version's settings to the new version or simply let the new version use defaults.

• [Java] - Improved error handling for background processors.

Engine and Engine Dispatch 23.30.284

Released 2025-09-02

Bug Fixes

• [xAPI] - Resolves 401 response for state requests when tracking is disabled.
• [Upgrade] - Fixes potential row count processing logging and avoids additional unnecessary processing when using the SkippedPhases setting.

Improvements

• Installations that ran Engine 23 versions prior to 23.8.108 will now be able to to upgrade to Engine 24.
• [Media] - Introduces the MediaContentStatementMode setting to provide the option to reduce the quantity of xAPI statements generated from media content.
• [Upgrade] - Optional FromMajorVersion fallback setting to specify the schema version from which one is upgrading.

Engine and Engine Dispatch 23.29.279

Improvements

• [Java] - Updated Bouncy Castle libraries to resolve unconstrained resource usage vulnerability (CVE-2025-8916).

Engine and Engine Dispatch 23.28.277

Released 2025-08-08

Bug Fixes

• Resolves startup failure when using an environment variable for an encryption setting.

• [Java] - Additional fixes for updating course asset files stored on AWS S3.

• [Upgrade] - During phase 3 of a phased upgrade, avoid miscounting the number of desired indexes during the "Schema Audit" sub-phase.

Improvements

• Obfuscate the "registration_usage_id" in the "UsageStatistics" database table during PII deletion job.

Engine and Engine Dispatch 23.27.273

Released 2025-07-25

Bug Fixes

• On relaunch of a SCORM 2004 course, attempt to recover from an inconsistent state caused by a bad exit (prevents loss of bookmarking and suspend data).

• [Java] - Fix for updating course asset files on AWS S3.

• [Upgrade] - Fixes statement reprocessing error.
• [Upgrade] - Protects against rare "String lengths don't match" error during the xAPI documents migration.

Improvements

• [LTI] - Include a more detailed description of the cause of an error in the alert to the user when an LTI 1.1 tool consumer (platform) returns an error response to a basic outcomes request from the tool provider (external tool).

• [Java] - Bumps Apache Commons FileUpload from version 1.5 to 1.6.0 to resolve CVE-2025-48976.

• [Java] - Bumps the esapi dependency from 2.5.3.1 to 2.7.0.0 for CVE-2025-5878.
• [Java] - Bumps commons-compress from 1.26.0 to 1.27.1 and pinned commons-lang3 for CVE.

Dispatch Bug Fixes

• URL encode contextId when included as a context property in ltiMetadata for LTI connectorReferenceRequest imports to prevent context ID validation errors when the context ID contains invalid URL characters

Dispatch Improvements

• [LTI] - More robust logging for line item creation failures.

Engine and Engine Dispatch 23.26.257

Released 2025-06-23

Bug Fixes

• For LTI launches, Engine will no longer attempt to set unnecessary content auth cookies with an empty path.
• Engine now validates against creating new subscription notifications that contain filters with empty strings.
• Resolves "invalid tenant" error when an LTI 1.3 Tool requests Engine's /token endpoint from a system-level content connector. The error only occurs in Engine environments with a deactivated "default" tenant.

Improvements

• The "Click Here to Launch Course" link is now accessible via tabbing.

Engine and Engine Dispatch 23.25.251

Released 2025-05-30

Bug Fixes

• Fixes broken concurrent launch detection for SCORM courses when UseDeltaRecordResultsPayload is enabled.
• Courses with invalid IDs can now be deleted properly.

Improvements

• Introduces experimental "X_S3MaxConcurrency" setting to cap the maximum number of concurrent connections during a transfer with Amazon S3.
• [Java] - Updated AWS Java SDK from version 2.25.7 to version 2.31.37.

Engine and Engine Dispatch 23.24.248

Released 2025-05-24

Bug Fixes

• Fixes issue with the migration of xAPI state documents that are updated while in the process of  a phased upgrade.
• Handle upgrading version 0.9x TinCan content properly
• Engine no longer errors when using UseStatementTimestampInRegistrationUpdates and a statement is missing a timestamp
• [.NET only] Fixes error using a launch link containing launch-scoped settings
• [MS SQL Server] - Fixes "activity not found" error and "fatal error" popup when updating registrations at course runtime when UseGuidAsObjectId is set to 'true' and the database is MS SQL Server

Engine and Engine Dispatch 23.23.240

Released 2025-05-16

Bug Fixes

• Fixes "invalid tenant" error from a system-level content connector's jwks endpoint when the "default" tenant is deactivated.
• Resolves long-running request to GetCourseFileList when the files are stored on Amazon S3.
• [.NET only] Fixes initialization error when launching with PlayerLaunchType set to "NEW_WINDOW" while popups are blocked.
• [SqlServer] - Fixes "activity not found" error when querying registration progress for Engine databases installed with GUID as internal database IDs.

Engine and Engine Dispatch 23.22.234

Released 2025-05-07

Bug Fixes

• When forwarding xAPI statements through statement pipes, the "X-Experience-API-Version" header will be set to version 1.0.3 rather than the latest available version.

Engine and Engine Dispatch 23.21.230

Released 2025-04-21

Bug Fixes

• Fixes incorrectly formatted Last-Modified header on /statements and /state LRS requests.

Engine and Engine Dispatch 23.20.228

Released 2025-04-16

Improvements

• Bump commons-dbcp2 dependency from 2.9.0 to 2.13.0.
• Avoid excessive, verbose tracking of volume changes during media content runtime.
• Media courses no longer track progress in cmi5 review mode.
• The V2 API's GetUserCount response now includes usage from deactivated tenants.
• [Upgrade/Install] - Support online indexing for PostgreSql.
• [Upgrade/Install] - Use more generic, MariaDB-friendly syntax when creating new xAPI tables.

Bug Fixes

• Fixes import error when importing cmi5 packages with more than 1000 AUs.
• Properly encodes spaces and percent signs when generating SCORM-to-tincan interaction IDs.
• For legacy integration customers making V2 API requests, prevents an endpoint's query parameter string from being included in the PersistToStringUnencrypted and ParseFromDictionary methods' dictionary.
• [.NET] - Fixes missing param type "VARCHAR" error when operating against MySQL.
• [Upgrade/Install] - To avoid data loss during xAPI migration, batch records by update date and the table's primary key rather than just the table's primary key.
• [Upgrade/Install] - Fixes inaccurate 'processing row' count logging during upgrade.

Dispatch Improvements

• [LTI] - Include a line item with content items in Engine's deep linking response when a platform includes the "accept_lineitem" property as "true" in its deep linking request message.
• [LTI] - Introduces new "DispatchOverridePlatformAcceptLineItemMode" setting to override the default deep linking response behavior and include a line item even when the platform does not set "accept_lineitem".
• [LTI] - Added support for multiple LTI tool deployments for a single destination. A single destination may be configured with a comma-separated list of multiple deploymentIds that will share the same destination configuration, including client_id and public key.
• [LTI] - More secure LTI logging.
• [LTI] - During OIDC initialization, Engine's "externalConfig" can be sent as a query parameter or as part of the request path.

Dispatch Bug Fixes

• [.NET] - Fixes inability to dispatch content to the cmi5 standard on the Net platform.

Engine and Engine Dispatch 23.19.203

Released 2025-03-06

Improvements

• Schema change for the subscription notification retry queue to accept all UTF-8 characters. This facilitates failed notification retries for courses with non-latin characters in their titles. Note that this is a DB schema change, so existing Engine installations will need manual intervention to make this change if desired.
• "Terminated" statements for PDF media content now include a "page-view-state" extension to indicate individual page completion.
• Improved uniqueness for subscription notification GUID identifiers.

Bug Fixes

• Resolves incompatible metadata for Tin Can .90 course imports.
• [Upgrade Tool] - Fixes statement reprocessing error.
• [Upgrade Tool] - Fixes duplicate schema prefix for some database operations against PostgreSQL.

Dispatch Improvements

• Registration Changed Subscriptions now support filtering with DispatchId

Engine and Engine Dispatch 23.18.191

Released 2025-01-29

Bug Fixes

• [Upgrade Tool] - Prevents the upgrade tool from using connection strings from the configuration system during xAPI migration.

Engine and Engine Dispatch 23.17.190

Released 2025-01-28 

Improvements

• Introduces experimental setting 'X_ValidateDirectoryForMediaFileReferenceRequests' to optionally prevent file path validation during media reference imports.
• The player UI's "Return to LMS" button and its underlying JavaScript function trigger a graceful exit in the media player.

Engine and Engine Dispatch 23.16.188

Released 2025-01-24 

Improvements

• [Java] - Updated logback to 1.3.15 for CVE-2024-12798 and CVE-2024-12801.

Bug Fixes

• [Upgrade Tool] - Fixes rare statement reprocessing error.
• [Upgrade Tool] - Avoids duplicate constraint error during xAPI documents migration.
• [Upgrade Tool] - Resolves asserter JSON deserialization error during documents migration.
• When signed launch links are enabled, also add the signed token for requests to Engine's "Logger" and "SaveDebugLog" pages.

Dispatch Fixes

• Remove description sub-claim from LTI resource_link claims to prevent 431 "Request Header Fields Too Large" error on resource link launches.
• In LTI dispatches, if a course status was not updated during a launch, the previous course status would be reported. This should now only occur if there was actually a previous course status value.
• When reporting the previous course status, the associated log message had not actually included the status.

Offline

• Offline player no longer attempts to send JS errors to be logged server-side.

Engine and Engine Dispatch 23.15.177

Released 2024-12-23

Bug Fixes

• Fixed broken subscription notifications when the number of subscriptions exceeds the API results limit.

Improvements

• Upgraded jquery min version to 3.7.1.
• Removed a few potentially vulnerable regular expressions in the client-side player.
• [media courses] VideoJS now has the same autosave support that was introduced in 23.12.164.

Engine and Engine Dispatch 23.14.173

Released 2024-12-13

Improvements

• Improved SCORM results and XML processing performance.
• Added "Voiding Agent" and "Statement Reissue" functionality

Bug Fixes

• Resolved timing issue with cmi5 on SQL Server that could result in statements rejected with "Forbidden cmi5 allowed statement: session not active" error.
• Since v23.2.21, Engine was not using external cache (i.e., memcache plugin) even if configured to do so.

Engine and Engine Dispatch 23.13.167

Released 2024-11-15

Bug Fixes

• Fixes edge case with media content where completion was reached but the status was not able to be updated even after relaunching.
• Fixes wrong content URL when using course versioning and xAPI-based courses.

Engine and Engine Dispatch 23.12.164

Released 2024-10-30

Improvements

• Added experimental X_DisableScormToTincanInteractions" setting. If enabled, the SCORM-to-tincan feature will not generate statements from SCORM interactions.
• Added new "PluginStorageExpirationProcessor" background processor to clean up expired Content Vault records. Disabled by default.
• Added "admin:writeSubscription" and "admin:readSubscription" API permission scopes.
• Added periodic progress saving for media content.
• [Oracle, Upgrade] - Added new "UpdateTableStats" setting. If enabled, the upgrade tool will update table stats for all newly created and populated tables. Will cause NotImplementedException if enabled for non-Oracle databases.

Bug Fixes

• Fixes wrong path to media subtitles when Content Vault is enabled.
• Removed "admin:write" as a possible scope for subscription API calls, as this was never a valid API permission scope.
• V2 API's GetCourseZip now throws appropriate error when using "exportType=OFFLINE" for non-SCORM courses.
• [LRS] - Fixes incorrect handling of "If-Match" header when updating existing resources.
• [LRS, Oracle] - Resolves "missing JSON parameter type" error.
• [Upgrade, Oracle] - Fixes incorrect batched insert format. 
• [Upgrade, Oracle] - Avoids "maximum number of expressions in a list" error.

Dispatch Fixes

• Fixes lost grade on LTI 1.3 relaunch.

Dispatch Improvements

• "dispatch.html" and "ltiDispatch.html" pages use the "onpagehide" handler instead of "onunload".

Engine and Engine Dispatch 23.11.137

Released 2024-09-05

Bug Fixes

• [Java] - Fixes performance hangs when importing zips into S3 with a large number of files.
• Youtube course progress no longer resets if you fail to start the video before exiting.

Engine and Engine Dispatch 23.10.135

Released 2024-09-05 

Improvements

• [AICC] - Experimental "X_ForceAICCExitAUOnLaunch" setting enables detecting lack of ExitAU command and forces proper exit.

Bug Fixes

• Restores missing score in registration schema for certain courses when "UseGuidAsObjectId" is enabled.
• Prevents error when creating subscriptions with filters when "UseGuidAsObjectId" is enabled.
• Prevents the setting of empty "Content-Encoding" metadata header when extracting content into S3.
• [Upgrade Tool] - Resolves several xAPI migration errors when "UseGuidAsObjectId" is enabled.

Dispatch Fixes

• Fixes lost grade on LTI 1.3 relaunch.

Dispatch Improvements

• Additional LTI 1.3 Claims.
  • resource_link_id
  • context_id
  • context_title
  • context_label
  • learner_email

Engine and Engine Dispatch 23.9.117

Released 2024-08-06 

Improvements

• New "webPathToCourse" override property for the "mediaReferenceRequest" schema. This addresses when multiple tenants share the same media file and the CloudFront auth cookies that Engine generates at runtime don't have the a "path" attribute that matches the file's actual location.
• Reduces overly "chatty" database error logging.
• [Upgrade Tool] - Performance improvement during data integrity check phase.

Bug Fixes

• Handling for xAPI courses that use "stateId" parameter values that exceed 255 characters.
• Fixes missing CloudFront auth "policy" cookie. If you use Engine to generate CloudFront auth cookies and are on version 23.4.44 or above, you should apply this maintenance release.
• Several fixes for the "GUIDs as internal identifiers" feature (UseGuidAsObjectId as "true").

Engine and Engine Dispatch 23.8.108

Released 2024-07-26

Improvements

• Suppresses unnecessary "agent not found" exception during PII deletion job.
• Adds cache-busting parameter to additional static player files.
  • /defaultui/player/blank.html
  • /defaultui/player/cmi5-au/1.0/js/pdfjs/build/pdf.worker.js
  • /defaultui/player/cmi5-au/1.0/html/cmi5-mediaFile.html
• [Upgrade Tool] - Several performance improvements for xAPI document migration, data integrity checks, and row-copy batch fetching.

Bug Fixes

• [PostgreSQL] Resolves 500 error when deleting xAPI-based registrations.

Engine and Engine Dispatch 23.7.96

Released 2024-07-03

Note: With release there has been a breaking change for customers who might be calling the BuildRegistrationLaunchLink resource with a credential only having read permissions. Since using a launch link can cause changes to be saved for a registrations progress, we are changing the required scopes to be write or write:registration for security reasons.

Improvements

• Improved clarity of If-Match Etag error messages for xAPI state requests
• Engine will now create an xAPIActivityId for a non-xAPI-based course by using a randomly generated GUID rather than hashing the contents of the course package
• The Partitioned attribute is now set on all Secure and SameSite=None cookies as per CHIPS guidelines
• The /registrations/{registrationId}/launchLink endpoint can now only be accessed using credentials with write or write:registration scopes (previously it was allowed for read or read:registration scopes)
• Added Tenant ID and Pipe ID to statement pipe exception log messages

Bug Fixes

• Set pdf.js config setting isEvalSupported to false to work around CVE-2024-4367
• [Upgrade Tool] - Fixes 'duplicate constraint' error on Cmi5Session table when performing phased, online row copying
• Corrected xAPI statement handling when statement reference chains arrive out of order

Engine and Engine Dispatch 23.6.59

Released 2024-06-07 

Improvements

• Changed DispatchBaseUrl and DispatchPollingBaseUrl to Tenant-level setting

Bug Fixes

• Fixes V2 API authorization error for API calls related to a new tenant installed in a separate database schema
• Fix error when configuring S3 file store without specifying a region
• Fix error when deleting registration progress on PostgreSql
• [Java Only] Updated BouncyCastle.Cryptography dependency to version 2.3.1 for CVEs: CVE-2024-30172, CVE-2024-30171, CVE-2024-29857
• [.NET Only] Updated Npgsql dependency (for PostgreSql) to version 4.0.16 for CVE-2024-32655 
• Removed 0.9 and 0.95 from supported versions returned by the About endpoint

Engine and Engine Dispatch 23.5.51

Released 2024-05-17

Bug Fixes

• [Upgrade Tool] Fixes xAPI statement comparison during upgrade when either lacks a result.duration value
• [Upgrade Tool] Fixes "Key not found" / "The given key was not present in the dictionary" in the "MigrateTinCanDocumentsWorker" during upgrade
• [Upgrade Tool] Fixes error from missing DatabaseSchemaPrefix during MigratePackagePropertiesPhase if one is used

Engine and Engine Dispatch 23.4.44

Released 2024-04-26 

Bug Fixes

• Fixes "Column stored of table XApiStatement in target schema does not match canonical definition." when installing Engine 23.x on PostgreSQL 14+

Improvements

• [Java Only] Updated AWS SDK for Java 2.x (for S3, Cloudfront Cookie, and SQS handling)

Engine and Engine Dispatch 23.3.39

Released 2024-04-19

Bug Fixes

• Fixes xAPI migration for orphaned and deactivated tenant records during upgrade
• Avoid errors when upgrade is restarted after getting partway through xAPI statement upgrade
• [Java Only] Updated to the latest BouncyCastle (for RSA key handling) and JodaTime (for date/time handling), prompted by a CVE report, even though it did not impact our usage

Improvements

• Added the PensDuplicateAction setting for specifying the action PENS takes when importing a duplicate package
• Return 404 instead of a 500 status when calling GetPIIDeletionJob with a nonexistent job id
• Custom CSS in AudioVideoContentStylesheetPath now also applies to YouTube and Vimeo content
• LRS GET request error message for invalid/unsupported X-Experience-API-Version simplified to improve security
• Better validation of required properties for LTI 1.3 Connector creation requests
• [Offline Extension] GetPlayerZip will now automatically return the a copy of the latest player code without the need to manually issue a DeletePlayerZip request to remove the previous cached version

Engine and Engine Dispatch 23.2.21

Released 2024-03-25

Bug Fixes

• Fixes 401 errors on TinCan preview launches
• Fixes support of TinCan v0.9 content
• Fixes xAPI file document migration and read/write locations in the upgrade tool

Improvements

• Added a LaunchId property to the Webhook payload 'Resources' section for certain topics (RegistrationChanged and Course Launched). This property will contain the value specified in the new LaunchId setting that can be passed when creating a LaunchLink (in the launchSettings collection). The purpose of this is to tie a webhook payload to the launch that triggered it, if desired.
• Performance improvements for the migration of xAPI statements during the upgrade
• [.NET Only] Changed default logging configuration to log at INFO and flush every 2 seconds
• [Java Only] Increased LocalCacheMaxEntries default to 250000

Engine and Engine Dispatch 23.1.8

Released 2024-02-23

 Bug Fixes

• Fixes fatal null pointer exception in upgrade tool
• Fixed an issue where extremely large PII deletions would fail
• Fixed an issue where large xAPI documents were not deleting properly
• [Java Only] Updated commons-compress dependency to 1.26.0 for CVE-2024-25710, a potential for an infinite loop, and bumped other "commons" jars it depends on as well

Improvements

• New setting: PlayerOverrideCmi5LaunchMethod allows users to specify if they want to ignore the launchMethod found in the cmi5.xml manifest (AnyWindow/OwnWindow) and instead use the PlayerScoLaunchType setting value (like other standards)
• If the LRS receives a statement with a duplicate ID and the content is different, a 409 status code is returned

Engine and Engine Dispatch 23

Released 2024-02-15

xAPI 2.0 Support

Engine's LRS now supports xAPI 2.0! Early adopters can send and receive xAPI 2.0 statements and make other requests that adhere to that standard.

Note: There is currently no way to launch xAPI-based content that uses xAPI 2.0, because cmi5 still requires xAPI 1.0 (for now), and Engine won’t accept 2.0 statements from Tin Can packages (the older type that contains a tincan.xml manifest). So working with the new standard version will primarily be through direct requests to the LRS.

LRS Improvements

For customers who have heavy usage of xAPI-based content and very large sets of xAPI data in Engine, reading statements from the database could be slow at times. With Engine 23 we have redesigned our database schema for storing xAPI data to alleviate some of these performance issues. On most database platforms we've seen significant improvements in read performance (around 50% faster for reading statements in many cases).

Note: If you are a customer with an existing xAPI dataset that is already large, upgrading to Engine 23 may require a bit more coordination and time than normal due to this change in schema. We'll work with you to make that go as smoothly as possible.

Streaming Video Support

In addition to MP4 video files, Engine can now deliver streaming video in either the widely supported HLS format, or MPEG-DASH, which works in many places except for mobile Safari. Both formats work by breaking videos up into short segments that may be encoded at different qualities, and delivering the best available quality for the learner’s available bandwidth.

This support comes in the form of allowing you to do a 'reference' import by providing us with the .m3u8 (for HLS) or .mpd (for MPEG-DASH) playlist file. Engine can then launch this in the VideoJS video player.

Note: Engine is not doing any automatic transcoding of video files into these formats. So you would have to already have these transcoded videos hosted and available and the m3u8 or mpd files will point to them.

Launch Specific Configuration

One thing that comes up occasionally is the need to override an Engine configuration setting only for a specific launch of a course. Maybe there is a value that needs to be different depending on the context of where the learner is launching (eg, mobile vs. desktop). Now you will be able to specify a collection of setting IDs and values when requesting the launch link and these will be used to override behavior at runtime. This will work for any setting that is defined as 'registration level' in the documentation.

Alternate Configuration Sources

Engine now supports the ability to read configuration values from Hashicorp’s Vault and Consul services. Hashicorp’s Vault is a popular service for storing sensitive data, such as auth tokens or passwords. Consul is (among many other things) a service for storing other sorts of non-sensitive data. Engine 23 ships with plugins for reading configuration values from those services, which can simplify deploying clusters of Engine app servers that need to share settings.

Note: this is currently only available on the Java version of Engine. It may be possible to create a plugin to support this on the .NET version of Engine, but we do not currently provide that.

Alternate Queue Implementations

With the Webhook feature of Engine, if we fail to send a notification to your endpoint, we will queue it for retrying. Engine has a SQL-based queue that serves as the default implementation of this. However, now you have the ability to implement a plugin to substitute your own implementation of the queue, if desired. Out of the box, the Java version of Engine has a plugin implementation for using Amazon SQS that can be used. You can read more about configuring this in the main documentation. 

Note: There are a number of potentially breaking changes in Engine 23. If you are upgrading from an older Engine please check out this document for details on those.