14.22 Technical Updates
Technical updates to underlying architecture and security features are listed below:
Graphical User Interface (react)
React framework updates
Overview: A large ongoing project involves continuously improving the LMS by redesigning all pages in a React framework to offer a more modern and user-friendly experience. This transition not only enhances the usability of the platform, making it easier for users to navigate, but also strengthens our system’s security by leveraging React's robust architecture. These improvements are part of our ongoing commitment to providing a secure and seamless learning environment.
Course room layout Syllabus only
Overview: The LMS already provided a configuration to display a course room without having the detailed information in the description tab. The setting is available via the Course room type manager in the Course room layout field by selecting Syllabus only. This configuration is used to provide learners with an easy-to-use course room, where they don’t need to receive detailed information such as descriptions, learning logic, scheduling etc.
Course room layout Syllabus only before and after changes
Benefits & Use cases: The key benefits of the update includes:
Strategic Use of Imagery: In the new design, imagery plays a crucial role in enhancing the user experience. Larger and more strategically placed images not only make the interface visually appealing but also improve content recognition and accessibility. This helps users quickly identify key materials and makes the learning environment more engaging.
Enhanced Visual Hierarchy: The new design introduces a well-defined visual hierarchy, making the interface more intuitive. Distinct card titles, clearly differentiated resource types, and visible time estimates contribute to a smoother user experience. This improved structure guides users' attention, ensuring they can easily navigate through the content and focus on what's most important.
Improved Navigation: Navigation has been significantly upgraded in the new design. A more prominent back button and clearer navigation paths within course folders streamline the user journey, reducing confusion and enhancing overall flow. Users can move through the course content with greater ease and confidence.
Refined Aesthetic and User Experience: The overall aesthetic has been elevated in the new design. The interface is now cleaner and more polished, which reduces clutter and improves content discoverability. The enhanced layout, strategic use of imagery, and improved interactions combine to create a more engaging and user-friendly experience, making it easier for users to stay focused and enjoy their learning journey.
Audience: Learner
Setup & Access: No configuration necessary, the new layout will be displayed by default where Syllabus only is in use.
Considerations & Limitations: Requires Kubernetes architecture. No migration updates required.
Testing: Open a course which has a course room type that is Syllabus only.
Risk rating: Low
User syllabus page
Overview: Managers have the possibility to view or edit the Syllabus page of learners when the course has the meta tag Enable Individual Course Syllabus (11700) ticked. The update improves the layout of the manager view.
User Syllabus page before and after changes
Benefits & Use cases: The key benefits of the update includes:
Enhanced Visual Hierarchy and Clarity: The new design brings a cleaner, more organized layout that greatly improves usability. Pronounced icons and clearly visible status labels such as Not started, Passed, and Failed make it easier for managers to quickly assess the progress of each item. This clarity ensures that key information is immediately accessible.
Integrated Progress Indicator: The progress bar is now seamlessly integrated into the overall layout, positioned directly under the course title. This strategic placement makes it easier for users to track their progress in real-time, providing a more contextual and intuitive experience.
Effective Use of Status Labels and Icons: In the redesigned Syllabus, status labels are clear and accessible, accompanied by well-placed icons that enhance understanding without cluttering the interface. This careful use of visual elements improves comprehension and reduces cognitive load.
Streamlined User Interface: The introduction of a more streamlined folder structure with collapsible sections allows managers to focus on specific areas without being overwhelmed by information. This simplification enhances the user experience by making navigation more intuitive and less cluttered.
Refined Colour and Typography: The updated design features a more sophisticated colour palette that provides clear contrasts between different elements. Improved typography makes the text more legible, and color-coded statuses allow for quick identification of key information, making the interface more user-friendly.
Improved Content Organisation: Content is now more logically organized, with clear labels and distinctions between different types of content. The addition of status tags next to content items enables managers to quickly identify the completion status, facilitating easier tracking and decision-making.
Elevated Aesthetic and User Experience: Overall, the new design significantly enhances usability by focusing on clarity, reducing visual clutter, and making critical information easily accessible. These improvements allow managers to assess progress more efficiently and manage their team’s learning experience with greater ease.
Audience: Managers
Setup & Access: No configuration necessary where the meta tag Enable Individual Course Syllabus (11700) is ticked, the new layout will be displayed to the manager by default.
Considerations & Limitations:
Testing: Locate a course where the meta tag Enable Individual Course Syllabus (11700) is ticked and in the My Staff check the Learning status of an enrolled participant for that course. This would require having supervisor rights over the participant either by supervisor email relationship or being a supervisor of a BU group that the participant is assigned to.
Risk rating: Low
Systemwide Setup
E-Signature with SAML
Overview: E-signature is applicable for validated systems. E-signature means the user electronically signs an action that the user did in the system authenticating again like saving the course. The e-signature for validated systems is now implemented for SAML.
Benefits & Use cases: The E-signature security functionality for validated systems can now be used not only for local systems, but also for SAML.
Audience: Administrators, Learners
Setup & Access: Configuration firstly requires an active SAML interface configured in the Configuration → Saml authentication.
Then in the Clients manager Access and security the checkbox SAML authentication must be ticked and the SAML entity ID must be entered that matches that configured in Configuration → Saml authentication.
Finally in the Configuration manager edit the Audit log to tick the Validation and E-signature fields.
Considerations & Limitations: Requires the SAML connector license and Kubernetes architecture. No migration required.
Testing: If there is an active SAML authentication interface and Validation is enabled, in the Navigation function locate an admin menu where validation has been activated, then go to that menu to edit the function or an object within, then on saving the E-signature requirement will present, and if authentication was via SAML then E-signature via SAML will be possible.
Risk rating: Medium
Meta tag refactoring
Overview: The complete list of meta tags have been reviewed to check the accuracy of descriptions, operational help information, and object assignability. You can now assign meta tags to courses, learning paths, media, and resources more reliably by having updated areas for availability as well as updated i-button texts.
Updated availability of meta tags
y = available for assignment, when specific media type is listed then only for that type and not for media in general an assignment is available
Benefits & Use cases: This enhancement ensures a more streamlined and meaningful meta-tagging process, reducing the assignment of irrelevant tags significantly. The operational help information for many meta tags indicates where settings for workflows require related meta tags. Furthermore, the updated meta tags may not be added where they were not intended to be so that unexpected behaviour can be mitigated.
Audience: Administrators
Setup & Access: Configuration is done as usual while setting up courses, learning paths, media and resources.
Considerations & Limitations: The meta tags that were previously assigned to courses, learning paths, media, and resources will not be affected by the changes. The update only applies to new meta tag assignments. From now on, some meta tags that were available in too many places before will be restricted. For example, the meta tag Upload file (ID 10002) used to be applicable to all types of media. Going forward, it will only be available for the File media type. However, any existing media that already has this meta tag will keep it, but new media (other than File types) will not be able to use this meta tag anymore.
Other meta tags are available in more places e.g. the meta tag Start date which can be added to media.
Testing: Too many changes made to describe. Changes were to correct meta tag assignability to different object types, remove obsolete meta tags, and add missing operating instructions. If required, testing can be made against meta tags listed in the table. The primary test would be if any of the listed meta tags were assigned incorrectly to existing objects that they are still present.
Risk rating: High
Technical Improvements
Unsupported Kava chart in old reports
Overview: Individual test assessment report can be downloaded and can be visualised via bar charts.
Example of Kava chart
Benefits & Use cases: With the help of bar charts, the performance of a learner pertaining to a test can be quickly and more easily interpreted. The detailed gap-analysis will support the learner in choosing the personal education path and enable them to close the gaps identified quickly and in a targeted manner.
Audience: Administrator
Setup & Access: No configuration needed
Considerations & Limitations: No migration needed
Testing: Requires adding the Individual test assessment report to a Report category, then accessing the report via the Admin > Reports function where Participants and Tests are selected before downloading.
Risk rating: Low
LCP (Large contentful paint) optimisations
Benefits & Use cases: Better user experience due to performance improvements.
Audience: All users
Considerations & Limitations: Only available in Kubernetes architecture systems. No migration required.
Testing: None, changes are performance related.
Risk rating: High
Restrictions of XML upload
Overview: When the LMS is started, the deployed Search XML files are now compared with the source version of the uploaded files. In addition, a warning is displayed when a new XML file is uploaded via the Configuration manager XML files function.
Benefits & Use cases: If the deployed XML file differs from the source version of the uploaded files, the uploaded file is replaced in order to avoid possible inconsistencies or errors. In addition, a warning makes it clear that uploaded XML files are not permanent and can be overwritten at any time by an update of the software.
Audience: System administrators
Setup & Access: No configuration needed
Testing: This a technical test where the most likely scenario would be that a previously uploaded change (E.g. new column or filter in a function) is no longer visible after a patch. The intention of this update is to ensure that any change is correctly checked into the LMS code line after successful test.
Risk rating: Medium
Audit Log - New Event for User Deletion
Overview: Inside the existing audit log file (which logs security related events like logins, user data changes, reports access and export, system configuration changes etc.) a new event records details when a user is deleted or anonymised.
Benefits & Use cases: The user deletion can be monitored to register malicious or abnormal deletion process or to identify the targets and those responsible for accidental deletion.
Audience: System administrators
Setup & Access: Configuration available in the existing audit log configuration parameter. Activated by default.
Considerations & Limitations: No migration needed. Only future events will be logged.
Testing: Create and delete a test user, then check the Audit log file for a record of the deletion.
Risk rating: Low
Schema extension in SOLR index
Overview: Behind each SOLR index a schema is used for defining the columns to be allowed in reports. The schemas of the following 4 SOLR reports have been extended to allow customised use of additional columns in the schema / index:
Course Progress
coursecertificate
learningpathIds
learningpathBatchNumbers
Course Learning History
learningpathIds
learningpathBatchNumbers
Course Attendance
userdefinedId
typeUserdefinedId
learningpathIds
learningpathBatchNumbers
Learning Path Courses
coursecertificate
courseBatchNumber
courseStartDate
courseEndDate
courseDepartmentNameEN
courseDepartmentNameCN
Benefits & Use cases: It is now possible to make use of the fields above in the listed schemas for custom values.
Audience: Report administrators
Setup & Access: No configuration needed
Testing: Check SOLR versions of the four reports to check for extra column possibilities.
Risk rating: Low
Sanitizer (HTML) improvements
Overview: The Sanitizer is a security feature to prevent the input of potential harmful HTML; essentially by stripping out the HTML header tags on saving. The update enables administrators to choose to bypass the HTML sanitization when saving edited System Texts; this matches the long-time available equivalent for Enrolment Message Texts.
Sanitizer warning message when updating System Texts wording bundles
Benefits & Use cases: HTML in system texts, can be displayed as intended after saving the system text using the backend, which enormously improves the ease of use for administrators.
Audience: System administrators
Setup & Access: In the Configuration manager Security function, there is the new checkbox Skip sanitizing system texts with confirmation that needs to be ticked to be able to use the Skip functionality.
New checkbox in Configuration > Security
Considerations & Limitations: No migration required
Testing: In the Configuration manager Security function tick the Skip sanitizing system texts with confirmation checkbox. Then in the System texts function find a bundle that contains HTML; this can be done by searching html> which is essential part of the HTML tag that is deleted without skipping validation. Testing can be done by editing a bundle with a <HTML> tag, transferring the Standard or Client wording to the Modified text before saving, and then checking if the<HTML> tag is still present.
Risk rating: High, because harmful HTML code could be inserted into the LMS; as such this setting is recommended only for HTML text that is checked to be secure.
Security findings (Other)
Overview: There have been no security fixes in Innovation Pack 22 that created an impact to existing functionality.