Removed Support for IE 9 & 10 and PlayerInternetExplorerCompatibilityMode
In previous versions, the setting PlayerInternetExplorerCompatibilityMode could be used to force Internet Explorer into various compatibility modes when the player launched. With our drop of support for versions before IE 11, this is no longer useful, and so has been removed.
Switched default error code for an expired token
Previously, an expired token would return a 500 error. Now, a 403 response will always be returned for expired tokens.
Require playerConfigurationUrl.json file for Remote Deliver deployments
For those using our RemoteDeliverPageUrl setting in order to configure Engine to launch the player page from a location other than its default in the Engine web application, there is a new requirement. In order to close a security vulnerability in how we pass the configuration url to the player, we now create the path to that relative to the player page itself.
This works fine for all normal deployments, but for those using RemoteDeliverPageUrl, where the player page is on a completely different domain/server from Engine, it will not work. To work around this, there is now a file, playerConfigurationUrl.json, in the /player folder that is deployed on the remote server. This will need to be modified to include the appropriate playerConfigurationUrl property value that points back to the page in Engine (eg, "https://mydomain.com/RusticiEngine/PlayerConfiguration.jsp"). At runtime, for these remote deployments, Engine will retrieve this JSON file to determine what url to use to retrieve the player configuration data.
Removed Support for the V1 API
All support for using the V1 API in Engine has been removed. This includes the ability to configure ApiPostbackDataModelVersion to 'v1'. With this upgrade, you will need to switch your API calls to using the v2 API endpoints and postback format. Our support team can help you with that during the upgrade process.
Removed the 'Legacy' Player
Engine's 'Legacy' player has been removed. This old style player has not been the default since 2016.1 Engine. As part of this removal, the following settings have been removed:
- UseModernPlayer
- LegacyPlayerCustomizationScriptUrl
- LegacyPlayerCustomizationStylesheetUrl
- PlayerCourseStructureWidth -- the modern player is responsive to screen width, so it does not allow the setting of a hard-coded width for the course menu
Removed the SetCookieAndRedirect Page
This page was included in Engine as a workaround for some situations caused by Safari's Content Tracking Protection blocking authentication cookies set by the player (if hosted on CloudFront). With changes in Safari, this workaround is no longer effective, and our new Content Vault cookieless auth mechanism should be used instead for these situations.
Removed Support for Internet Explorer
All versions of Internet Explorer are unsupported (version 8 and below and all versions for Media Content were already not supported).
TinCan "Launched" Statement
When tracking is disabled, Engine will no longer generate and save a "Launched" statement during TinCan launch processing regardless of whether GenerateTinCanLaunchStatements is enabled.
Reduced support for legacy xAPI versions below 1.0.x, aka "TinCan" 0.90, 0.95
Engine will now only support launch, tracking, and bookmarking of content using these precursors to the xAPI specification. It will no longer support less common operations such as reading statements back. This should have minimal impact as people doing more than that have generally upgraded a long time ago.
PlayerEnableFlowNav Setting
Prior to this major release, the PlayerEnableFlowNav setting had no effect on the player UI when launching SCORM 2004 courses. This will change, and setting PlayerEnableFlowNav to "false" will hide the player UI's "Previous" and "Next" buttons for SCORM 2004 courses. Consequently, this could result in unexpected UI display if PlayerEnableFlowNav is currently set to "false" in either the RusticiEngineSettings configuration file or modern configuration system (V2 REST API).
Required Permissions Change for BuildRegistrationLaunchLink resource
Prior to this major release, a credential that only had permissions for the read or read:registration scopes could access the BuildRegistrationLaunchLink endpoint and obtain a launch link for a registration. Since using a launch link is an action that can change the saved progress details for a registration, we are changing the required scoped to be write or write:registration. This is more inline with the nature of the impact of accessing this resource.
InspectToken API Endpoint Change
In order to keep the token being inspected out of web server access logs, the InspectToken API has been changed from GET /appManagement/token to POST /appManagement/token/inspect. Consumers of this API will have to modify the call, or use an updated client library.
Stricter validation of characters allowed in tenant names
Since tenant names can be used in paths and urls in Engine, there are some inherent restrictions as to what characters can be allowed. To make that more explicit and to prevent errors at runtime, Engine will now return an error when creating a new tenant if the name includes characters that are not allowed.
There is now a setting that controls what is considered valid: TenantNameValidationRegex. The default for this is the following regular expression: ^[-_a-zA-Z0-9]+$ . This allows only alphanumeric characters and the hyphen or underscore in the names.
Provided that your implementation is not affected by any of these breaking changes, the upgrade process should be relatively straightforward (and handled pretty much entirely by us). This being said, the upgrade to the latest Engine version will unfortunately *require some downtime*, so we'd love to chat with you about when the best time to take that might be. If you are open to us going ahead and updating your dev instance, we can do so before setting up a call to discuss so that you can test to see any impact on your implementation. Let me know if you have any questions and we can talk a little further about what this all is going to look like.