MyTimetable 3.7 release notes

Owned by Former user (Deleted)
Last updated: Oct 14, 2018

MyTimetable 3.7 is currently in the state: deprecatedNo further development is expected except for critical bug fixes. MyTimetable 3.7 is tracked using the git branch rb-3.7.

MyTimetable 3.7 includes various smaller changes requested by customers and add some additional tools for full GDPR compliance. It also includes various security fixes and enhancements suggested during a security review by a third party.

All work involved in upgrading to the latest MyTimetable version (configuration, building, testing) is free of charge for our customers with a Software Assurance or All-In support agreement.

Functional changes

  • Week numbers in list and mobile view — The list view now features a week divider between weeks, displaying the week number. The mobile view includes week numbers on the day labels.
  • Event type column added in upcoming page and various layout tweaks — The upcoming page, used for some portal integrations, now also shows the event type.
  • IRIS-Planning data provider — Support for IRIS-planning has been added. Timetables are regularly read from the HTML export of IRIS and then presented in MyTimetable.
  • Publication rules: remove custom attribute action — An action to clear a custom attribute was added to the publication rules. This allows removal of specific information from the presentation of specific events or users.
  • Publication rules: remove note action — An action to clear a note field was added to the publication rules. This allows removal of specific information from the presentation of specific events or users.
  • Syllabus Plus data provider: POS group filtering — The Syllabus Plus data provider now has the ability to filter programme of studies and modules based on programme of study groups.
  • Scientia Exam Scheduler data provider: multi-year support — The Exam Scheduler data provider is now able to only show the data for a specific academic year. This makes it possible to add the data source multiple times, to represent multiple academic years.
  • GDPR enhancement: privacy policy — For our managed hosting customers, a shortened privacy policy was added to the application. For hosted and on premises customers a link to the customer's privacy poilcy was added. As a data controller the customer is ultimately responsible for providing the complete privacy policy.
  • GDPR enhancement: remove user — It is now possible to remove a user profile and all associated information using a delete action in the admin panel.
  • GDPR enhancement: disable synchronisation — It is now possible to temporarily disable a synchronisation, in order to comply with a GDPR restriction request from a subject.
  • Links in messages (announcements) open in a new window.
  • Various bug fixes — Various other bugs were fixed, including some broken links in the admin panel, better handling of long activity names in the details dialog and some bugs in the publication rule forms.

Non-functional, technical and back-end changes

The following changes have been made to the MyTimetable backend and underlying software, and have no direct impact on MyTimetable functionality:

  • Security: cross-site scripting (XSS) fixes — Some cross-site scripting issues were fixed in various parts of the application. These could only be exploited by administrative staff (e.g., timetablers or application administrators) and are therefore classified as low risk.
  • Security: anti clickjacking headers added — X-Frame-Options and Content-Security-Policy headers were added to the application, to prevent clickjacking attacks.
  • Security: SAML SHA2 support — The SAML authentication provider now supports SHA-256, SHA-384 and SHA-512 signatures. More information about the configuration can be found on the /wiki/spaces/MYTT/pages/3099656239 page.
  • Google Calendar push synchronisation fixes — Some issues where user-modified events stopped updating were fixed in the Google Calendar sync.
  • Unique API token identification — A unique identifier was added to API tokens and the logging, to better allow identification of API users with duplicate names.
  • Version number removed — The MyTimetable version number was removed from publicely available pages, as it is not very useful to the end user and allows an attacker to more easily identify the version of the software in use.
  • Various dependencies were updated:
    • Spring (4.3.17)
    • Spring Integration (4.3.16)
    • Spring Security (4.2.6)
    • Spring Security SAML (1.0.4)
    • Jackson (2.9.4)
    • Gradle (4.6)
    • OpenCSV (4.1)
    • GWT (2.8.2)

Removed and deprecated features

The following features from earlier MyTimetable versions have been deprecated, removed, or partially removed and are not supported anymore:

  • None as of yet.