Dear colleagues!
---
TL/DR: Please use `npm clean-install` to install npm-dependencies and be careful when updating packages.
---
A little longer: Please be aware of the current supply-chain-attack on the npm-ecosystem:
* https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-at…
* https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm…
* https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attac…
* https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware…
As far as we understand the situation, the attack is ongoing and additional packages might be affected in the course of future events.
On the bright side, we are safe if everyone uses `npm clean-install`, as this will always pull the exact versions that we have pinned in `package-lock.json`. These are (to the best of our knowledge...) not affected. Also, existing versions of npm-Packages won't be replaced with other code (again, to the best of our knowledge). If this is not true and you can indeed identify malicious packages in our npm-dependencies, please don't hesitate to report them to security(a)ilias.de.
On the other hand, every operation that might update pinned packages (be it `npm install` or `npm update`) might pull versions of libraries that are indeed affected. Please make sure to understand the risk involved here and consider to postpone any update of npm-dependencies until the attack and its consequences are mitigated. If you indeed need to update npm-dependencies now, please make sure to check the implied changes in the package-lock.json thoroughly against an up-to-date list of affected packages.
It currently looks as if we are safe and can weather this situation just fine, which is a direct consequence of our tightened procedures around our dependencies, especially the centralized handling and the Dependency Jour Fixe. Good job everyone!
If there are any questions or ideas, feel warmly welcome to reach out to us via tb(a)ilias.de or Discord.
Kind regards!
Richard Klees
for the Technical Board of the ILIAS Society
--
Richard Klees
Geschäftsführung
Fon: +49 (0)221 / 46 75 76 - 56
Fax: +49 (0)221 / 46 75 76 - 09
---------------------------------------------
CaT Concepts and Training GmbH
Subbelrather Str. 15 B
50823 Köln
Fon: +49 (0) 221 / 46 75 76 - 00
Fax: +49 (0) 221 / 46 75 76 - 09
Web:
https://www.concepts-and-training.dehttps://www.cate-lms.de
---------------------------------------------
Geschäftsführung:
Claudia Glander, Gerald Konrad, Richard Klees
Amtsgericht Köln HRB 57804
Ust-ID-Nr.: DE 814694228
Sitz: Köln
---------------------------------------------
Sollten Sie weitere Informationen zu der Verarbeitung Ihrer Daten (Art. 12 ff., DSGVO) wünschen, informieren Sie sich unter:
https://concepts-and-training.de/datenschutz-kunden.html
Dear ILIAS administrators,
We are very happy to announce that the first stable release of ILIAS
version 10 is now available! Thanks to all developers, testers, funding
partners and supporters for their contributions and support.
You can find all the relevant information and resources here:
* A broader view to the release at 'Download ILIAS:'
https://www.ilias.de/download-ilias/
* Download resources on the GitHub release page
https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v10.0
* Important changes and changed behaviour in the Release Notes:
https://docu.ilias.de/go/pg/197850_35
* A list of all new and all abandoned features in the Feature Wiki:
https://docu.ilias.de/go/wiki/wpage_7600_1357
* A list of required and supported software:
https://docu.ilias.de/go/wiki/wpage_8125_1357
We invite you to explore ILIAS 10 and test its new features in your
environment. If you encounter any bugs during your testing, please let
us know so we can address them as soon as possible. We also encourage
you to start planning your upgrade to ILIAS 10 to ensure your users can
benefit from the many enhancements introduced in recent versions.
Kind regards,
Fabian Wolf and Matthias Kunkel
--
Fabian Wolf Releasemanager ILIAS open source e-Learning e.V.
Geschäftsstelle: Berrenrather Str. 177 • 50937 Köln verein.ilias.de
wolf(a)ilias.de * * * * * Diese E-Mail und ihre Anlagen können
vertrauliche und / oder rechtlich geschützte Informationen enthalten.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben, informieren Sie mich bitte und löschen diese E-Mail.
Dear all,
We have published release 9.12 on GitHub, see https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v9.12.
Please have a look at the release notes at https://docu.ilias.de/go/pg/215477_35 for more information about this release. This release was initiated due to a important bug fix in the Test & Assessment component, as detailedin the 'Important Changes' section.
Best regards,
Fabian Wolf
