Skip to content

JATOS v3.9.6

Latest
Latest
Compare
Choose a tag to compare
@kristian-lange kristian-lange released this 08 May 18:54
· 3 commits to main since this release
v3.9.6
73d3631

If you want to update a JATOS server from version < 3.7.1 read the release information from v3.7.x first.

Try out the new version on cortex.jatos.org.

Changes in 3.9.6

  • Authentication
    • Support signing in with SURF SRAM and SURFconext
    • LDAP: Allow setting of the user attribute name, e.g. "uid" or "cn", via jatos.conf
  • Allow setting of the limit of JATOS ID cookies in jatos.conf

Changes in 3.9.5

  • Set CSRF filter: Allow API calls without change in jatos.conf
  • GUI / home page: fix flickering of branding
  • Security: rate limit sign-ins attempts per IP

Changes in 3.9.4

  • Fix security issues (Many thanks go to reporter Hacking-Notes!)
    • Potential CSRF attack by using an imported study - If an attacker can convince an JATOS admin to import and run a malicious study, they can do everything the admin can do, including creating/changing/deleting users (including their passwords) or studies. This is fixed by using CSRF tokens (a6b90de).
    • Potential stored XSS attack in GUI / study description - This vulnerability allows JavaScript to be executed in the study description section. This is fixed by proper string sanitation of the description field (b3cb97f).
    • Potential stored XSS attack by using an imported study - This bug allows to run JavaScript in the GUI / study properties section. This threat is fixed by proper sanitation of all imported study fields (fc812ff).
  • Fix bug in GUI / result pages - Exporting only subset of data if 'All' is selected (#320)
  • GUI / study sidebar - Allow multi-line study names (#319)

Changes in 3.9.3

  • Fix: JATOS GUI doesn't work in certain timezones (#313)

Changes in 3.9.2

  • Fix: GUI - File download for large files doesn't work on Chrome/Edge using HTTPS (#310)
  • Fix: GUI - Waiting popup not hiding when file selector appears at the same time
  • Fix: Missing jquery-3.5.1.min.js (#311)
  • Fix: GUI - Order of result data if exported as 'plain text' or metadata in CSV format - order now by ascending component result IDs
  • Fix: GUI / result pages - Export dropdown sometimes appear only after second click

Changes in 3.9.1

Update of JATOS' GUI (using Bootstrap 5): Same functionality but better usability

  • New study sidebar
    • Sidebar hides when not needed
    • "New Study" and "Import Study" buttons moved into sidebar
    • Study search field for study names
    • Study badges: shows components and if study is locked, linear flow, group study, has preview enabled
  • New user sidebar for everything that is user related (user settings, password, API token etc.)
  • Breadcrumbs moved into the header
  • New alert style based on Bootstrap's Toast
  • Better mobile support
  • Dark/light mode
  • Sign-in with "Keep me signed-in" slider
  • Store last visited page and go to it after sign-in
  • Extra Description button in study toolbar with study description opening up in a sidebar
  • Simpler new study and new component dialogs, e.g. study assets folder name is set by default to the study UUID (but can be still changed in the properties)
  • Docker image: switch base from eclipse-temurin:11-jre-ubi9-minimal to eclipse-temurin:11-jre-jammy (Debian based)
  • Dependency updates: ACE, DataTables, jQuery, showdown.js
  • Fix potential path traversal vulnerability in importing of zipped studies

Previous releases: github.com/JATOS/JATOS/releases

Which variant do I need?

  • If you have Java 11 already installed (all OS): jatos.zip
  • Not Java 11 installed: Choose according to your OS between
    • jatos_win_java.zip
    • jatos_mac_java.zip
    • jatos_linux_java.zip
  • If you prefer Docker: hub.docker.com/r/jatos/jatos
Assets 6
Loading