...
- HSTS header added — All secure requests will now include a HTTP Strict Transport Security header requesting the browser to only use secure connections and never use insecure connections. This prevents 'SSL-stripping' and other man-in-the-middle attacks. The header includes a lifetime of 1 year by default. If, for any reason, a customer wishes to use their MyTimetable domain with insecure connections in the future, this header should be disabled.
- Improved Office 365 / Exchange / Google Calendar removed user handling — Synchronisations of users that were removed are now correctly disabled.
- Google Calendar API update — Synchronisations are now using the new Google Calendar batch API. The old API will function until the beginning of 2019.
- Database performance updates — The Syllabus Plus data provider now uses fixed batch sizes, to improve query plan caching.
- Dependency upgrades:
- GWT (2.8.2)
...