Released 2020-06-25
Note: As mentioned below, this version fixes a potentially serious security vulnerability. If you are using the signed launch link functionality of Engine, you should update to this latest maintenance release. You can see more details about the issue here: https://support.scorm.com/hc/en-us/articles/360050070934-Signed-Launch-Link-Security-Vulnerability
Bug Fixes
- Security vulnerability fix -- prior to this version signed launch link tokens could potentially be used to access v2 API endpoints with elevated privileges [see article linked above]
- [Java Only] Updated Jackson dependencies to a newer patch version due to some detected CVEs in the previous version
Improvements
- Adjust progress bar background color to improve contrast of progress text display
- [Java Only] Avoided excessive locking on synchronized
TimeZone.getTimeZone("UTC")by switching to ZoneID
Dispatch Changes
Bug Fixes
- Adds URL encoding to returned URLs that are used for configuring an LTI 1.3 consumer, and fixes a typo with an Assignment and Grades scope