Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

MyTimetable 3.6 is currently in the state: stable. Some bug fixes or small features may be added, but development of significant new features has completed. We recommend customers to upgrade to this version. MyTimetable 3.6 is tracked using the git branch rb-3.6.

MyTimetable 3.6 contains various security and privacy enhancements. After customer enquiries about the iCalendar feeds being transmitted over an insecure channel, we have made various changes to ensure these are transmitted over secure channels. Customers need to be aware that some of these changes require more steps from the user when adding iCalendar feeds, and any custom user manuals need to be updated.

All work involved in upgrading to the latest MyTimetable version (configuration, building, testing) is free of charge for our customers with a Software Assurance or All-In support agreement.

Functional changes

  • Insecure iCalendar feed requests redirected to HTTPS — When requesting an iCalendar feed over an insecure channel, a permanent HTTP redirect is used to redirect users to a secure URL. Apple Calendar and iPhone clients will continue to use this secure URL in the future. If customers want to force users of other applications to update their URLs
  • Replaced automatic (webcal://-based) iCalendar feed dialogs with manual instructions
  • Added iCal-export options for Outlook.com and Office 365
  • Updated help page —
  • Removed alarm support in iCalendar feeds
  • Activity type added to title of iCalendar events (optional)

Non-functional, technical and back-end changes

The following changes have been made to the MyTimetable backend and underlying software, and have no direct impact on MyTimetable functionality:

  • HSTS header added — All secure requests will now include a HTTP Strict Transport Security header requesting the browser to only use secure connections and never use insecure connections. This prevents 'SSL-stripping' and other man-in-the-middle attacks. The header includes a lifetime of 1 year by default. If, for any reason, a customer wishes to use their MyTimetable domain with insecure connections in the future, this header should be disabled.
  • Dependency upgrades:
    • GWT (2.8.2)

Removed and deprecated features

The following features from earlier MyTimetable versions have been deprecated, removed, or partially removed and are not supported anymore:

  • Internet Explorer 8, 9 and 10 support removedMicrosoft has ceased support for these browsers in January 2016. Also, according to our web analytics, these browsers are not in use anymore. Visitors using these browser versions will be redirected to a page asking them to upgrade their browser.
  • No labels