developers

developers@lists.ilias.de

1 participants
500 discussions

Upcoming GitHub Security Requirements: 2FA and Verified Commits

by Michael Jansen

Dear community members, while restructuring our "Collaborators and Teams" on GitHub recently, we noticed that some of you have not yet enabled two-factor authentication (2FA), and that a few accounts are still using authentication methods considered "insecure" by GitHub. To strengthen the security of the ILIAS project and protect our shared development infrastructure, we plan to make 2FA mandatory for all contributors. You can find detailed setup instructions here (GitHub Docs): https://docs.github.com/en/authentication/securing-your-account-with-two-fa… We will enforce this requirement starting November 17th, 2025. After this date, we will begin revoking repository access for accounts that do not have 2FA enabled. If you have any reasonable objections or concerns about this change, please reach out to us as early as possible. In addition, we encourage all contributors to use "Verified Commits" when pushing code. - Signed commits help ensure that: - The code you publish can be cryptographically linked to you as its author. - The integrity of the commit history cannot be tampered with (e.g., by impersonation or repository compromise). Further reading and setup guides: - How to get the GitHub Verified icon: https://blog.ediri.io/how-to-get-the-github-verified-icon - About commit signature verification (GitHub Docs): https://docs.github.com/en/authentication/managing-commit-signature-verific… - PHP.net Git hack and the importance of commit signing: https://php.watch/news/2021/03/git-php-net-hack Best regards, Michael on behalf of the Technical Board

4 days, 12 hours

ILIAS 10.2 published

by Fabian Wolf

Dear all, We have published release 10.2 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v10.2 . Thank you all for your fixes and support. Best regards, Fabian Wolf

2 weeks, 5 days

ILIAS 9.14 published

by Fabian Wolf

Dear all, We have published release 9.14 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v9.14 . Thank you all for your fixes and support. Best regards, Fabian Wolf

2 weeks, 5 days

ILIAS 8.24 published

by Fabian Wolf

Dear all, We have published release 8.24 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v8.24 . Thank you all for your fixes and support. Best regards, Fabian Wolf

2 weeks, 5 days

Current Attack on NPM

by Richard Klees

Dear colleagues! --- TL/DR: Please use `npm clean-install` to install npm-dependencies and be careful when updating packages. --- A little longer: Please be aware of the current supply-chain-attack on the npm-ecosystem: * https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-at… * https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm… * https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attac… * https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware… As far as we understand the situation, the attack is ongoing and additional packages might be affected in the course of future events. On the bright side, we are safe if everyone uses `npm clean-install`, as this will always pull the exact versions that we have pinned in `package-lock.json`. These are (to the best of our knowledge...) not affected. Also, existing versions of npm-Packages won't be replaced with other code (again, to the best of our knowledge). If this is not true and you can indeed identify malicious packages in our npm-dependencies, please don't hesitate to report them to security(a)ilias.de. On the other hand, every operation that might update pinned packages (be it `npm install` or `npm update`) might pull versions of libraries that are indeed affected. Please make sure to understand the risk involved here and consider to postpone any update of npm-dependencies until the attack and its consequences are mitigated. If you indeed need to update npm-dependencies now, please make sure to check the implied changes in the package-lock.json thoroughly against an up-to-date list of affected packages. It currently looks as if we are safe and can weather this situation just fine, which is a direct consequence of our tightened procedures around our dependencies, especially the centralized handling and the Dependency Jour Fixe. Good job everyone! If there are any questions or ideas, feel warmly welcome to reach out to us via tb(a)ilias.de or Discord. Kind regards! Richard Klees for the Technical Board of the ILIAS Society -- and also: Geschäftsführung Fon: +49 (0)221 / 46 75 76 - 56 Fax: +49 (0)221 / 46 75 76 - 09 --------------------------------------------- CaT Concepts and Training GmbH Subbelrather Str. 15 B 50823 Köln Fon: +49 (0) 221 / 46 75 76 - 00 Fax: +49 (0) 221 / 46 75 76 - 09 Web: https://www.concepts-and-training.de https://www.cate-lms.de --------------------------------------------- Geschäftsführung: Claudia Glander, Gerald Konrad, Richard Klees Amtsgericht Köln HRB 57804 Ust-ID-Nr.: DE 814694228 Sitz: Köln --------------------------------------------- Sollten Sie weitere Informationen zu der Verarbeitung Ihrer Daten (Art. 12 ff., DSGVO) wünschen, informieren Sie sich unter: https://concepts-and-training.de/datenschutz-kunden.html

2 weeks, 6 days

ILIAS 9.14 postponed; all releases on Tuesday 23 September

by Fabian Wolf

Dear all, We are postponing the release of ILIAS 9.14 today to next Tuesday 23 September due to pending fixes.We also intend to publish ILIAS 8.23 and 10.2 on next Tuesday. Best regards Fabian Wolf

3 weeks, 5 days

ILIAS 9.14 on Tuesday, September 16, 2025

by Fabian Wolf

Dear all, We would like to publish ILIAS 9.14 on Tuesday, September 16, 2025. If you need more time to fix issues that should become part of this release, please let me know. Best regards Fabian Wolf

3 weeks, 6 days

ILIAS 10.1 published

by Fabian Wolf

Dear all, We have published release 10.1 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v10.1 . Thank you all for your fixes and support. Best regards, Fabian Wolf

1 month, 2 weeks

ILIAS 9.13 published

by Fabian Wolf

Dear all, We have published release 9.13 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v9.13 . Thank you all for your fixes and support. Best regards, Fabian Wolf

1 month, 2 weeks

ILIAS 8.23 published

by Fabian Wolf

Dear all, We have published release 8.23 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v8.23 . Thank you all for your fixes and support. Best regards, Fabian Wolf

1 month, 2 weeks

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

developers