Dear list members,
the Technical Board would like to announce that we decided to support
PHP 7.4 for ILIAS 6.
As mentioned on the 'Required and Supported for ILIAS 6' page [1] we
kept the option open to support the PHP 7.3 succesor with ILIAS 6. Since
at least end of November 2019 we all know that PHP 7.4 is the latest PHP
major release and successor of PHP 7.3. Because the popular operating
systems (like Ubuntu 20.04 LTS) are shipped with PHP 7.4, we hereby
would like to officially state that ILIAS 6 supports PHP 7.4, too. All
of our unit tests are already successfully executed in a TravisCI PHP
7.4 build since last year.
We highly encourage all component maintainers to handle issues being
filed for ILIAS 6/PHP 7.4.
Have a look at our installation documentation [2] for further
information regarding supported software versions.
Best regards
Michael Jansen
on behalf of the ILIAS e.V. and the Technical Board
[1] https://docu.ilias.de/goto_docu_wiki_wpage_5692_1357.html
[2]
https://github.com/ILIAS-eLearning/ILIAS/blob/release_6/docs/configuration/…
Dear all,
We are very happy to announce that the first stable release of our new
ILIAS version 6 has been published today. You find release 6.0 at
https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v6.0
<https://github.com/ILIAS-eLearning/ILIAS/releases/tag/v6.0>
Thanks to all developers, funding partners and supporters for their
contributions and support. Over 100 new or extended features have been
implemented – and some have also been removed. Have a look at the
release page of ILIAS 6 to get an impression of what has changed:
https://docu.ilias.de/goto_docu_wiki_wpage_5457_1357.html
ILIAS 6 comes also with a revised page layout. If you have customised
the layout of your ILIAS installation you have to adapt it to the new look.
And don’t miss the list of required software for ILIAS 6 to be sure that
this new ILIAS version is running properly on your server:
https://docu.ilias.de/goto_docu_wiki_wpage_5724_1357.html
Kind regards
Fabian Wolf
Dear list,
the "show me in the who-is-online tool" user configuration has been
changed to an "opt-in" due to bug https://mantis.ilias.de/view.php?id=28070
A default setting has been added to the user administration accordingly.
For details, see https://mantis.ilias.de/view.php?id=28070#c67443
The change has been made in all major branches (5.3, 5.4, 6.0, trunk).
Best regards
Alex
--
LEIFOS GmbH
Alexander Killing
Wilhelmstr. 56-58, 50733 Köln
Tel: +49.221.12071890
killing(a)leifos.com
Gesellschaft mit beschränkter Haftung
Sitz der Gesellschaft: Köln
Eingetragen beim Handelsregister Amtsgericht Köln (HRB 63686)
Geschäftsführer: Alexander Killing, Stefan Meyer, Alexandra Tödt
Dear list,
tl/dr: Todays releases will escape HTML/JS "inactive" in all page editor
contexts per default. If you trust your authors/users you may reactivate
this under "Administration > Editing > ILIAS Page Editor".
Long version:
To a certain extent ILIAS allows to included HTML/JS content in page
editor content, e.g. in learning modules. This was a desired feature in
the early days of ILIAS and enabled authors to extend the features of
the standard editor.
In the context of wikis, this has been deactivated since the beginning
(HTML is escaped in a way it is not interpreted by browsers), for other
parts like blogs and portfolios it is possible to configure this behaviour.
Even if the page editor can log every change in its "page history",
there has been an ongoing discussion between the trade-off of
flexibility and security (possible XSS attacks), see e.g.
https://docu.ilias.de/goto_docu_wiki_wpage_5406_1357.html
Since not everyone is aware of the implications and since this has been
reported as a security issue multiple times now, all page editor
contexts will escape HTML in a way it is not interpreted by browsers
anymore. "Administration > Editing > ILIAS Page Editor" has been
extended to allow the configuration for each context individually.
Please note: This is only related to page editor content. HTML Learning
modules and uploaded SCORM packages always allow to upload HTML and
Javascript content. Do not give permission to create these resources to
users you do not trust. Use the RBAC to set permissions accordingly or
deactivate these components completely.
Best regards
Alexander Killing
