VPL 4.2.4

VPL 4.2.4 Release Notes

Introduction

This document provides an overview of the updates in version 4.2.4 of the Virtual Programming Lab (VPL). This release addresses various issues found in version 4.2.3, including critical security fixes. Updates should be made immediately.

Bug Fixes

• Critical security flaw:
  • A critical security flaw has been discovered in VPL (@vincentscode Vincent Schmandt) affecting all versions prior to 4.2.4.
  • Additionally, this issue is related the VPL Jail Server. It is strongly recommended to update your VPL Jail Servers to the latest version according to the release notes instructions.
  • If you are currently using the security parameters URLPATH and/or TASK_ONLY_FROM in your VPL Jail Servers's configuration, you are better protected against an attack. If you are not using these parameters, you may implement them as an immediate protection measure before updating. See VPL Jail System security parameters.
• Running tests of test with variations: Fixes bug that prevents the correct testing of activities with variations.
• Hide/show content malfunction: Fixed a bug that prevented the use of the hide/show content feature.
• HTML overconversion: Fixed the overconversion of HTML when showing section names in VPL activities reports.
• Code file highlighting and result processing: Fixed a bug causing issues with code file highlighting and result processing when multiple submissions were shown on the same page.
• Identification of task: Fixed a bug that, in some cases, led to the incorrect stopping of tasks.
• Remove custom vpl_evaluate.cpp file: Fixed a bug that removed a custom vpl_evaluate.cpp file, resulting in incorrect behavior.
• Testing numbers: Fixes the test of output of type numbers in the default VPL tester.
• Showing compilation and execution: Fixes a CSS bug that prevents the use of monospace fonts when showing the compilation and execution. @tats-u

Interface Enhancements

• Hide/show icon: Show cursor pointer when hovering over the hide/show icon.
• Hide grade form: Avoid showing the grade form if the activity is not gradable.
• Bulck removing automatic evaluation: If you want to remove automatic evaluation from the grade book, after unsetting automatic evaluation, you can run "evaluate all," getting a new evaluation suggestion and removing previous automatic grading.
• Relax evaluation tags detection: The evaluation parser now accepts spaces around the evaluation report tags. @Astor-Bizard
• Add Moodle activity ID: Added the MOODLE_ACTIVITY_ID environment variable to the execution environment. @FeldrinH
• Enhance cabilities assigment: Aligned capability assignments with other standard modules by removing the prohibition on different roles from having the some capability.

Integration Enhancements

• Using global modules in Node.js: Added support for global modules in Node.js.

Compatibility

This version of VPL is compatible with the following:

• Moodle: Versions 3.9 to 4.4
• PHP: Versions 7.4 to 8.3

Please note that the VPL release number is not related to the Moodle release number, unlike other modules.

Known Issues

• JQuery-UI and Boost Theme Incompatibility: The editor interface of VPL, which uses JQuery-UI, may conflict with the Boost theme in certain cases, potentially causing issues with the theme's drawer toggles while on the editor page.

Upgrading from a Previous Version

It is recommended that you update your plugin to the latest version to obtain all recent security and bug fixes. Additionally, it is strongly recommended to update your VPL Jail Servers.

To upgrade to VPL 4.2.4 without losing existing plugin data:

1. Ensure your Moodle instance is updated to a supported version.
2. Proceed with the VPL plugin upgrade following the Moodle update. Upgrades from VPL version 2.4 onwards are supported.