CVE-2020-23995: DOCU: Releases

5.4.12 (stable)

Release 5.4.12 has been published on May 29, 2020

• Please read the ILIAS 5.4 feature page for information about new and abandoned features and changed behaviour of this version.
• You find information about first time installation here.
• Instructions for updating ILIAS can be found here.
• Please have a look at the page Required Software for 5.4, too.

If you use a customized skin/style, please change the skin settings for root user and default of installation to ‘delos‘ before upgrading from a 4.x version to 5.4.x. Otherwise you may not login any more due to templates changes in former versions.

ILIAS 5.4 comes with a new content style that substitutes the former content style. If you want to keep this outdated style, please create a new style with it before updating to 5.4. Own created styles won’t be tackled.

ILIAS is free, open source software and published under the GNU General Public License (GPL).

Format: .zip

ILIAS-5.4.12.zip
Download (github.com)
195 MB, 2020-05-29
md5: 3a30c44a81f4a2fbf683c9e325d51610

Format: .tar.gz

ILIAS-5.4.12.tar.gz
Download (github.com)
179 MB, 2020-05-29
md5: c64c6ac8f29264679dd40eb27faaec83

Known Issues

• none

Changed Behaviour

• The user configuration of “show me in the who-is-online tool” has been changed to an “opt-in” due to bug #28970. A default setting has been added to the user administration accordingly. For details, see this comment in the bug report.

Fixed Bugs

Security Fixes

• Fixed information leak of uploaded data path via workspace upload (reported by Holger Fuhrmannek, Telekom Security)

The following bugs reported in Mantis have been resolved:

28391: [Didactic Templates] Ausgrauen der Standard-Vorlage greift nicht im Einstellungsformular (smeyer)
28111: [Didactic Templates] Special behavior for dtpl used on groups inside of groups (smeyer)
27709: [User Tracking] ilErrorHandling::{closure}:50 2 “continue” targeting switch is equivalent to "break". Did you mean to use "continue 2"? (smeyer)
28323: [Contacts] “Meine Verteilerlisten” bei ausgeschaltetem “Kontakte”-Service ohne Funktion (mjansen)
27710: [Calendar] Sprechstundenverwaltung: Sprachvariablen “Terminbuchung absagen” und “Terminbuchung löschen” vertauscht (smeyer)
28316: [Language Handling] system message: new line \n visible in pwassist_session_expired (mkunkel)
28291: [Glossary] [FRENCH - TRANSLATION ] Glossaries - Custom metadata definition (mkunkel)
28203: [Language Handling] Portugisisch Kursaufruf über Schreibtisch (akill)
27955: [Booking Tool] Fehlerhafter Export von Reservierungen (akill)
26116: [Mail] ILIAS accepts Username with ending . (point), this cause a error message in mail function (mjansen)
28332: [RBAC] RBAC: PHP 7.0 issue with access modifiers used for PHP constants (smeyer)
25257: [RBAC] Rechte über Rollentemplates hinzuzufügen setzt bestehende RBAC-Einstellungen lokaler Rollen zurück (smeyer)
26592: [Background Tasks] Mail or Chat settings, Save, then delete a background task (mjansen)
27716: [Category and Repository] Typo in Infotext about “Kachlebild” (akill)
28259: [Survey] FragenBlock (akill)
25715: [Organisational Units] Whoops trying to enter an orgu entension object (mstuder)
28149: [Export] Title of Forum lost upon import (mjansen)
28037: [Forum] ilias.de: overview subforums very slow (mjansen)
10305: [Category and Repository] Repository page is shown to anonymous users without permission (akill)
28197: [Mail] Whoops when user try to send mails (mjansen)
28088: [Language Handling] Typo Adminpage Test and Assessement (mkunkel)
28040: [Glossary] Bei automatischer Glossarverlinkung wird der restliche Text nach dem Glossarlink gelöscht (akill)
27862: [Learning Module ILIAS : Editor] Automated linking between LM and glossary doesn’t work (akill)
27605: [Media Pools and Media Objects] Thumbnail wird fehlerhaft dargestellt (akill)
25903: [Category and Repository] Displaying the properties of an object causes the tile view to look broken. (akill)