Follow

Engine and Engine Dispatch 20.1.6.108

Avatar

Released 2020-06-25

Note: As mentioned below, this version fixes a potentially serious security vulnerability. If you are using the signed launch link functionality of Engine, you should update to this latest maintenance release. You can see more details about the issue here:  https://support.scorm.com/hc/en-us/articles/360050070934-Signed-Launch-Link-Security-Vulnerability

 

Bug Fixes

  • Security vulnerability fix -- prior to this version signed launch link tokens could potentially be used to access v2 API endpoints with elevated privileges [see article linked above]
  • [Java Only] Updated Jackson dependencies to a newer patch version due to some detected CVEs in the previous version

Improvements

  • Adjust progress bar background color to improve contrast of progress text display
  • [Java Only] Avoided excessive locking on synchronized TimeZone.getTimeZone("UTC") by switching to ZoneID

 


Dispatch Changes

Bug Fixes

  • Adds URL encoding to returned URLs that are used for configuring an LTI 1.3 consumer, and fixes a typo with an Assignment and Grades scope
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk