From waveflux at gmail.com Tue Nov 8 15:45:06 2016 From: waveflux at gmail.com (Tom Beaudry) Date: Tue, 8 Nov 2016 15:45:06 -0500 Subject: [Loris-dev] Fwd: [aces/Loris] LORIS Release v17.0.0 (Release Candidate 1) In-Reply-To: References: Message-ID: Congrats guys on finishing the release! Tom ---------- Forwarded message ---------- From: christinerogers Date: Tue, Nov 8, 2016 at 3:16 PM Subject: [aces/Loris] LORIS Release v17.0.0 (Release Candidate 1) To: aces/Loris Full list of changes Only PHP 7 and MySQL 5.7 are supported for Loris 17.0. New Features - LorisForm replaces QuickForm (wiki ) - Issue Tracker module for reporting and following up on bugs and data issues - MRI scans that have failed protocol checks are now viewable in BrainBrowser #2219 - drop-down Help text can be written as a markdown file, instead of stored in a database table, for new-style modules #2196 - Add extensions to Content-Security Policy for user-hosted content via the Config module #2204 - Examiners can be added based on User Accounts #2190 - Caveat added at the visit level for Imaging data #2135 Install Process - Web-based Install tool now covers many steps of the install process - New Vagrantfile to quickly deploy LORIS #2164 Updates and Improvements - Candidate Information (Candidate Parameters) module re-designed - Improved messaging for Imaging Uploader and Insertion process - Visit labels should not contain underscores, for imaging insertion purposes - Genomic Browser new progress bar for file upload #2231 - project override issue resolved #2187 - Better distinction between human and phantom scans (#2189 ) - For projects using the imaging uploader's auto-launch insertion feature, log files are deleted only if insertion was successful #2252 - Final Radiological Review module shows whether T1 was successfully loaded in Loris #2175 - Various UI improvements , cleanup , and bug fixes Notes for Existing Projects Follow steps for Updating your LORIS Including applying every Release Patch since your last update. Note that *create temporary tables* mysql permission is required to run this patch - Visit labels should not contain underscores, for imaging insertion purposes - PHP 7 and MySQL 5.7 are supported for Loris 17.0. Timestamp fields in custom tables may require updating for MySQL 5.7 (#2222 ) Deprecated PHP 5* functions updated (#2370 ) - Update all PHP QuickForm instruments , since HTML QuickForm is now replaced by LorisForm . No other code, configurations, templates, tables or data will be affected or require adjustment. - If your dashboard loads but no other modules load, ensure that your /var/apache2/apache2.conf file is set to AllowOverride All in the section to enable re-write rules (based on htdocs/.htaccess file) Known Issues / Beta features - Issue Tracker module Beta features include: Watching (email notifications for users), and association of subjectID and timepoints with an issue ? You are receiving this because you are subscribed to this thread. View it on GitHub or mute the thread . -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.macfarlane2 at mcgill.ca Wed Nov 9 14:11:03 2016 From: david.macfarlane2 at mcgill.ca (David MacFarlane, Mr) Date: Wed, 9 Nov 2016 19:11:03 +0000 Subject: [Loris-dev] LORIS v16.1.2 Message-ID: Hi LORIS users, Xavier recently discovered a vulnerability in LORIS where people who aren't logged in to LORIS can access some AJAX scripts and still retrieve the data, despite being not logged in. The code that verifies the users' login status wasn't properly being verified (Many module's AJAX scripts already did their own separate permission checking, which still worked, but not all did.) We've made LORIS v16.1.2 to fix the issue, and *strongly encourage* you to upgrade any production servers. If you're unable to upgrade, the fix in question is here: https://github.com/aces/Loris/pull/2403/files -------------- next part -------------- An HTML attachment was scrubbed... URL: