Opencast 11: Release Notes

Features

Improvements

Behavior changes

# Before:
port=8080
prop.org.opencastproject.host.admin.example.org=tenant1-admin.example.org 
prop.org.opencastproject.host.presentation.example.org=tenant1-presentation.example.org
# Now:
prop.org.opencastproject.host.admin.example.org=https://tenant1-admin.example.org
prop.org.opencastproject.host.presentation.example.org=https://tenant1-presentation.example.org:8443

API changes

Additional Notes about 11.12

Additional Notes about 11.11

Additional Notes about 11.10

Additional Notes about 11.9

Additional Notes about 11.8

Additional Notes about 11.7

Additional Notes about 11.6

Additional Notes about 11.5

Additional Notes about 11.4

Additional Notes about 11.3

This release fixes several bugs and a security issue related to logging which was fixed in 10.9 and forward merged to this release (cf. [#3305]). A notable new feature is the speechtotext workflow operation introducing support for the STT Engine Vosk (cf. the corresponding docs section and [#2855]). Additionally, the design of the embed code selection within the Admin UI was updated (cf. [#3273]). Furthermore, [#3152] and [#3154] introduced enhancements to the execute-once and execute-many workflow operations.

Additional Notes about 11.2

This release contains a security fix:

Like the previous release this is an out-of-order patch to address and resolve a further vulnerability discovered by security researchers. Unlike the previous release it not only provides an updated version of Pax Logging, but also entirely removes the replaced bundles from Opencast's assemblies to avoid confusion if people do find the old, vulnerable version of Log4J somewhere on the filesystem, even though it is not used.

Additional Notes about 11.1

This release contains an updated version of Pax Logging, which provides Opencast's Log4j functionality. Earlier versions are affected by the Log4Shell vulnerability, which was partially mitigated in 11.0 by GHSA-mf4f-j588-5xm8. Further vulnerability discoveries by security researchers have rendered the previous mitigations ineffective. Normally we would wait for our underlying runtime (Apache Karaf) to update, however in light of the severity of these issues we have issued an out-of-order patch to address, and resolve, these concerns immediately.

Release Schedule

Date Phase
November 17, 2021 Feature freeze
November 22, 2021 Translation week
November 29, 2021 Public QA phase
December 15, 2021 Release of Opencast 11.0

Release managers