Menü Schließen

Ilias e-Lernplattform Security und Bugfix Release 8.3 veröffentlicht

Ilias Logo

Die Open-Source Lernplattform Ilias, die von vielen Universitäten, Schulen und Behörden eingesetzt wird, erhielt das Update 8.1. Ilias 8.x wurde am 21.06.2023 veröffentlicht und ist bis 31.12.2024 im Support. Security Bugfix gibt es für die Stable Version darüber hinaus bis zum 31.12.2025.

Ilias 8.3 Release Notes

Important Changes

  • Services/PDFGeneration
  • Plugins
    • Plugins which provide a configuration screen must add an explicit `ilCtrl` directive in the PHPDoc comments of the `il*ConfigGUI` class.
      • Example:
        • /**
           * @ilCtrl_IsCalledBy ilMyPluginConfigGUI: ilObjComponentSettingsGUI
           */
          class ilMyPluginConfigGUI extends ilPluginConfigGUI
          {
              // Code …
          }
    • Many public methods of class `ilPluginAdmin` (often considered as public API of the component service in ILIAS by developers) were removed. The class itself is marked as deprecated and will be removed in future ILIAS releases. Plugin developers should use `ilComponentRepository` and `ilComponentFactory` instead. Implementations of these interfaces can be retrieved from the dependency injection container ($DIC[„component.repository“] and $DIC[„component.factory“]).
    • Please always execute a `composer du` command if you put a new plugin into the plugin directories in your filesystem or if you applied any changes to your `plugin.php`. Otherwise the plugin will not be listed in the global ILIAS plugin administration or may cause other problems.
  • Workflow Engine
    • Due to low demand and security issues, we removed the workflow engine with 7.23 and 8.3

Known Issues

  1. Calendar: user comment disappears when booking a consultation. See Mantis 36555.
  2. Course: Coyping course with learning objectives fails. See Mantis 36496.
  3. Course: Activating new column in course member view throw error. See Mantis 35557.
  4. Course: Adding a course member to an embedded group fails. See Mantis 36200.
  5. Cron / Trash: cron job for deleting trash crashes. See Mantis 35369.
  6. Learning Sequence: Download of multiple objects leads to error. See Mantis 36631
  7. Mediacast: Podcast view does not update Learning Progress. See Mantis 34302.
  8. Search: Filtering by creation date fails when using direct search (PHP search). See Mantis 35275.
  9. Survey: Determination of competence levels in survey causes error. See Mantis 35004
  10. Test: No export of test statistics with activated ILIAS Test ID. See Mantis 35383.
  11. Test: No export of results or statistics of tests, if one of the test participants has been deleted in the meantime. See Mantis 35383.

Changed Behaviour

  • See changes concerning uploading ZIPs and unzipping here: Drag&Drop Files in Container Objects
  • The visibility of the user administration has been adjusted. For a read-only access, the permission „Read“ and no longer „Read Access to User Accounts“ is used. Mantis 37269

Security Fixes

#37374: [File] Potential Reflected Cross-Site Scripting (XSS)
#26954: [General] Make Longer Session-IDs Possible
#36529: [RBAC] Authenticated remote code execution (Armin Stock from the SEC Consult Vulnerability Lab)
#37349: [¥ UI Components / KS] Table: Stored XSS (Bundesamt für Sicherheit in der Informationstechnik (BSI))
#37374: [File] Potential Reflected Cross-Site Scripting (XSS)
#30289: [General] Blocked upload of malicious SVGs 
#37350: [Workflow Engine] Deletion Workflowengine

Fixed Issues

The following issues reported in Mantis have been resolved:

#37411: [Booking Tool] Cron Job ‚Send Reservation Notifications‘ crashes when all the prerequisites are met within a Booking Pool. (akill)
#37125: [Category and Repository] Sorting of content in container objects does not work (fschmid)
#26025: [Course Management] Order of Roles in Course members, search users (smeyer)
#36983: [Course Management] Failed test: Kurs importieren (akill)
#36985: [Course Management] Failed test: Kurs: Seitenelemente und Styles importieren (akill)
#37372: [Course Management] Course from ILIAS 7 can’t be imported (smeyer)
#37270: [Exercise] Error message when precondition haven’t reached yet (akill)
#35145: [Export] Export a group with a itemgroup (akill)
#34042: [ILIAS Page Editor] Löschen eines Content Styles löst Fehler aus (akill)
#36398: [ILIAS Page Editor] File From Personal Resources (akill)
#37165: [ILIAS Page Editor] Table cell span in data table leads to error (akill)
#37327: [ILIAS Page Editor] Linking images causes error (akill)
#37386: [ILIAS Page Editor] Page-Editor -> Image/Media -> Advanced Settings -> Default Link Areas -> Add-then edit a link (akill)
#37438: [ILIAS Page Editor] Import Content Page from ILIAS 7 with image link areas to internal link leads to crash (akill)
#37440: [ILIAS Page Editor] Linking area to an  internal repository item leads to crash (akill)
#37388: [Language Handling] Seite aus Vorlage in Lernmodul einfügen (mkunkel)
#36913: [Learning Module ILIAS : Assessment Questions] Failed test: Fehler/Worte-markieren-Frage erstellen/bearbeiten (skergomard)
#37341: [Learning Module ILIAS : Assessment Questions] Failed test: Zuordnungsfrage erstellen/bearbeiten (skergomard)
#37381: [Learning Module ILIAS : Assessment Questions] Learning  Module – Tab Questions (skergomard)
#34156: [Learning Module ILIAS : Editor] ILIAS Learning Modul: Subtab history (akill)
#37019: [Learning Module ILIAS : Editor] Failed test: Benutzer entsperren (akill)
#37380: [Learning Module ILIAS : Editor] Settings of Learning Module: Wording (mkunkel)
#28815: [Login, Auth & Registration] Video on Login-Page is blocked after logout, but works before first login (smeyer)
#37271: [Main Menu] Error in the main Menu (fschmid)
#37397: [Main Menu] VisibilityCallable Not Called in LinkLists of MainMenu (fschmid)
#37368: [Media Pools and Media Objects] Content Snippet – Usage (akill)
#37228: [Portfolio] permanent link to portfolio is broken (akill)
#34151: [RBAC] Neue Rolle anlegen und Administrationsrechte speichern löst php-Fehler aus (skergomard)
#37404: [Search] Search: Argument 1 passed to ilSearchSettings::setLastIndexTime() must be an instance of ilDateTime, null given (smeyer)
#35217: [Session (Course & Group)] Missing parameter in ilSessionMaterialsTableGUI (smeyer)
#37474: [Survey] Error bei überspringen/skippen von Single-Choice Fragen (akill)
#36896: [Test & Assessment] Error Text Question (multi word) in QPL: ‚Check‘ in preview (and access to preview afterwards) leads to fatal (skergomard)
#37034: [Test & Assessment] Error Text Question (multi word) in QPL: ‚Check‘ in preview (and access to preview afterwards) leads to fatal (skergomard)
#37334: [Test & Assessment] SC question: No answer options required in multi line mode (fhelfer)
#37370: [User Service] deleting my own account failed (skergomard)
#37458: [Wiki] Import a wiki (akill)
#37459: [¥ UI Legacy] LegacyUI/AdvancedSelectionList: Template error if async. loading of action menues in repository is enabled (akill)

Quelle: DOCU: Releases (ilias.de)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert