Jiglu 14.1 release notes

For end users

  • Changes have been made to the appearance of the system to give it a more contemporary look and bring it closer in layout to websites that users are already familiar with. Of note, the links previously at the top right of the page have been moved to the right of the navigation bar as icons and you now access the user menu by selecting your photo icon here. The navigation bar will now remain at the top of the screen as you scroll down the page. Clicking on the site banner will also now return you to My radar.
  • A new icon on the navigation bar will take you to your notifications. This also shows the number of notifications that you have not yet read.
  • Because of the navigation changes, all users will be shown the tour again when they first log on after the upgrade.
  • Some layout issues on mobile phones and tablets, notably with the display of instant messages, have been resolved.
  • When using an LDAP directory server to authenticate users, if a username was longer than 32 characters then it would not be possible for that user to use status updates and some pages that showed status updates would give system errors. This has been resolved.
  • A number of other minor issues have been fixed.

For group administrators

  • Jiglu now supports workflow actions for discussion messages and blog comments based on the presence of banned words, such as profanity. Checks will be made on the main text of these contributions (but not attachments) and if a banned word is found then depending on the workflow settings it can be sent for moderation, rejected, discarded or let through as normal. The detection algorithm supports finding similar sounding words and also words that have been obfuscated, such as by including punctuation, spaces or repeated letters.
  • An issue in some browsers with being unable to submit the form when adding a new member profile heading has been resolved.

For system administrators

  • To support GDPR requirements, you can now create an export file containing a user’s personal information and all the content that they have created. From either the user index or user profile pages choose the Export user content
  • To support GDPR requirements, you can now erase a deactivated user’s personal information. This will remove all personally-identifying data and reset other properties of the user to their initial defaults. From either the user index or user profile pages choose the Erase personal information
  • Some issues have been resolved with actions on users on the user index and user profile pages using incorrect logic to determine if they should be shown. Actions to clear a user’s two-factor authentication key, resend a confirmation email and send a password change email also now take place without causing the page to be refreshed.
  • There is a new system settings category Banned words from which you can administer the list of words that are not permitted within discussion messages or blog comments. By default, this list will be empty.
  • The banner at the top of the page has been reduced in height to 60 pixels and now appears on all pages. On the Banner images system settings page, you may wish to upload a new System page banner for this new size. The Group page default banner and Group page system logo banners on this settings page have been removed as they are no longer used.
  • On the Page elements system settings page, there is a new Robots meta tag setting which can be used to control search engine indexing of the site.
  • When you log on with your system administrator password the border around your photo on the navigation bar will change to red.
  • An issue in some browsers with being unable to submit the form when adding a new user profile heading has been resolved.
  • Activities for new groups in the activity stream are now expired the same as other activity types.
  • If a user has not logged on then no browser cookies are now created.

For operations engineers

Upgrade

Other changes

  • Jiglu now supports the Sec-Fetch headers as an additional defence against cross-site request forgeries.
  • Third-party libraries have all been updated to their latest recommended versions.

Security

  • A potential denial of service issue in a third-party library causing an infinite loop with specially crafted audio or video attachments has been resolved.
  • A cross-site scripting vulnerability in a third-party JavaScript library has been resolved, although no path should have existed allowing it to be exploited.
Written by Stephen Hebditch. Published on .
1.0.0
Product changes in version 14.1.