Skip to content

Releases: openedx/xblock-lti-consumer

9.0.0 Validation on launch redirect URIs

06 Mar 17:06
@zacharis278 zacharis278
9.0.0
6c9c0ef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
9.0.0 Validation on launch redirect URIs

https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#900---2023-03-03

Assets 2
Loading

fix[olive]: backport LTI 1.3 grade injection vulnerability fix

07 Feb 17:37
@Agrendalath Agrendalath
4.5.1
16d01a0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
fix[olive]: backport LTI 1.3 grade injection vulnerability fix

What's Changed

New Contributors

Full Changelog: v4.5.0...4.5.1

Contributors

mtyaka
Assets 2
Loading

Fix inappropriate instructions for inline PII sharing consent dialog

03 Feb 18:05
@MichaelRoytman MichaelRoytman
8.0.1
ca1d2b7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix inappropriate instructions for inline PII sharing consent dialog

This release fixes inappropriate instructions displayed when collecting PII sharing consent before an inline LTI launch. Previously, the instructions said, "Click OK to have your [username (and) e-mail address] sent to a 3rd party application. Click Cancel to return to this page without sending your information." The latter sentence does not make sense in the context of an inline launch, because there is no cancel button. This commit modifies the inline PII sharing consent dialog to say, "Click OK to have your [username (and) e-mail address] sent to a 3rd party application."

Assets 2
Loading

v8.0.0

01 Feb 15:45
@feanil feanil
v8.0.0
3088b61
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.0.0

What's Changed

Full Changelog: 7.3.0...v8.0.0

Contributors

feanil
Assets 2
Loading

refactor: fix module-containing imports

30 Jan 17:14
@Agrendalath Agrendalath
7.3.0
c24aebc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
refactor: fix module-containing imports

What's Changed

  • [BD-13][BB-6926] refactor: fix module-containing imports by @0x29a in #320

Full Changelog: 7.2.3...7.3.0

Contributors

0x29a
Assets 2
Loading

Fix bug in rending buttons and message in PII sharing consent dialog.

24 Jan 20:50
@MichaelRoytman MichaelRoytman
7.2.3
390de4c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix bug in rending buttons and message in PII sharing consent dialog.

This release fixes a bug in the way that the PII sharing consent dialog renders. The bug resulted in the "OK" and "Cancel" buttons as well as the text of the PII sharing consent prompt appearing inside an inappropriate component when there was more than one LTI component in a unit.

Assets 2
Loading

7.2.2 Fixes LTI 1.3 grade injection vulnerability

24 Jan 16:44
@zacharis278 zacharis278
7.2.2
53823ea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
7.2.2 Fixes LTI 1.3 grade injection vulnerability

https://github.com/openedx/xblock-lti-consumer/blob/master/CHANGELOG.rst#722---2023-01-12

Assets 2
Loading

7.2.1 URL configuration support

10 Jan 22:10
@zacharis278 zacharis278
7.2.1
7369998
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
7.2.1 URL configuration support 
feat: new release for url settings (#323)
Assets 2
Loading

Fix PII Sharing Behavior and Enable PII Sharing in LTI 1.3 Launches and Fix LTI 1.3 Modal Launches

15 Dec 20:39
@MichaelRoytman MichaelRoytman
7.2.0
7200400
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix PII Sharing Behavior and Enable PII Sharing in LTI 1.3 Launches and Fix LTI 1.3 Modal Launches

This release addresses a number of issues with and bugs in sharing personally identifiable information (PII) in LTI
launches.

  • Replaces the PII sharing consent modal with an inline PII sharing consent dialog to better suit the three different
    LTI launch types (i.e. inline, modal, and new_window).

  • Adds a PII consent dialog for inline LTI launches.

  • Fixes a bug in the modal LTI launch in LTI 1.3 that was preventing the LTI launch.

  • Fixes a bug in evaluating and caching whether PII sharing is enabled via the CourseAllowPIISharingInLTIFlag.

    • This fixes a bug where the PII sharing fields in the LTI XBlock edit menu appeared regardless of the existence or
      value of this flag. The PII sharing fields will now always be hidden if either no CourseAllowPIISharingInLTIFlag
      exists for a course or if a CourseAllowPIISharingInLTIFlag exists for the course but is not enabled.
    • This fixes a bug in the backwards compatibility code in lti_access_to_learners_editable. Now,
      CourseAllowPIISharingInLTIFlag will always be created for courses that contain (an) LTI XBlock(s) that have (a)
      PII sharing field(s) set to True when a user opens the LTI XBlock edit menu. Before, this would occur inconsistently
      due to a bug in the caching code.

  • Enables sharing username and email in LTI 1.3 launches.

    • Adds preferred_username and email attributes to the Lti1p3LaunchData class. The application or context
      that instantiates Lti1p3LaunchData is responsible for ensuring that username and email can be sent via an LTI
      1.3 launch and supplying these data, if appropriate.

  • Adds code to eventually support the value of CourseAllowPIISharingInLTIFlag controlling PII sharing for a given
    course in LTI 1.1 and LTI 1.3 launches.

    • This code does not currently work, because the LTI configuration service is not available or defined in all runtime
      contexts. This code works in the LTI XBlock edit menu (i.e. the studio_view), but it does not work in the Studio
      preview context (i.e. the author_view) or the LMS (i.e. the student_view). The effect is that
      the CourseAllowPIISharingInLTIFlag can only control the appearance of the username and email PII sharing fields in
      the XBlock edit menu; it does not control PII sharing. We plan to fix this bug in the future.
Assets 2
Loading

7.1.0 Allow disabling NRPS pii

12 Dec 14:30
@zacharis278 zacharis278
7.1.0
3f2bab5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
7.1.0 Allow disabling NRPS pii 
feat: adds setting to prevent nrps pii (#315)

We would like to enable PII in an LTI1.3 launch but turning that flag on would allow the tool to grab PII for the entire course roster via NRPS. We have not fully evaluated the privacy concerns if that is allowed. For the time being this platform setting can wholly disable PII over NRPS to avoid the issue
Assets 2
Loading