LORIS Release v17.0.5

This release fixes bugs found since v17.0.4 was released. Users of LORIS v17.0.x are strongly encouraged to upgrade in order to receive the two security fixes (and 3 other minor bug fixes) described below.

LORIS instances which have a JWTKey setting which does not meet the new key strength requirement checks will need to change their JWTKey setting in the configuration module in order to use the API. (The new requirements are similar to the LORIS password requirements, except must also be at least 20 characters long since it's never directly entered by a user.)

Changes

• The check which verifies that a user is not downloading a file that they shouldn't have access to in get_file.php proved to be insufficient. It now performs an extra check.
• A check of key strength is added to the JWT tokens used for the API. (This JWT key is randomly generated by the LORIS installer, but older projects which upgraded LORIS may not have updated their keys to a secure key, so weak keys are ignored in order to ensure that upgraded LORIS instances don't have the default key.)
• A bug in an SQL query in the examiner module with MySQL 5.7 regarding the only_full_groupby setting has been fixed.
• A bug causing Date_taken to not be properly resolved in the conflict resolver has been fixed.
• The conflict resolver now shows Examiner's full name, rather than their ID, to make it easier to resolve data entry conflicts in examiner.

LORIS Release v17.0.4

This fixes a few minor bugs found since the v17.0.3 release. In particular:

• Required fields were not working properly if a user submitted the value "0"
• A bug was fixed preventing visits from being created in the API as documented
• Some changes were made to the DQT import scripts which should prevent unnecessary rebuilds and speed up the import process of large data sets

LORIS Release v17.0.3

This release fixes two security holes introduced in features added in the LORIS v17.0.0 including a remote code execution exploit in one of the brainbrowser ajax scripts. Some minor bug fixes found since v17.0.2 are also incorporated.

All users of the LORIS 17.0 branch are strongly urged to upgrade immediately.

LORIS Release v17.0.2

This release addresses various minor issues with LORIS 17.0.1.

Notably, it:

• Fixes an error in LorisForm where some dates weren't correctly being disabled when
• Fixes some bugs with MySQL 5.7
• Fixes a bug where downloading CSVs would break if the CSV had numeric values
• Improves date validation
• Fixes various problems with the data query module
• Fixes a bug where the consent module would not work if only one type of consent was specified.

LORIS Release v17.0.1

This release addresses various minor issues with LORIS 17.0.0.

In particular, minor bugs with LorisForm affecting some instruments were fixed, as well as bug fixes to the imaging browser, examiner module, and statistics module.

Anyone using LORIS 17.0.1 should upgrade to this release.

See here for a complete list of changes.

LORIS Release v17.0.0

Full list of changes

Only PHP 7 and MySQL 5.7 are supported for Loris 17.0.

New Features

• LorisForm replaces QuickForm (wiki)
• Issue Tracker module for reporting and following up on bugs and data issues
• MRI scans that have failed protocol checks are now viewable in BrainBrowser #2219
• drop-down Help text can be written as a markdown file, instead of stored in a database table, for new-style modules #2196
• Add extensions to Content-Security Policy for user-hosted content via the Config module #2204
• Examiners can be added based on User Accounts #2190
• Caveat added at the visit level for Imaging data #2135

Install Process

• Web-based Install tool now covers many steps of the install process
• New Vagrantfile to quickly deploy LORIS #2164

Updates and Improvements

• Candidate Information (Candidate Parameters) module re-designed
• Improved messaging for Imaging Uploader and Insertion process
• Visit labels should not contain underscores, for imaging insertion purposes
• Genomic Browser new progress bar for file upload #2231
• project override issue resolved #2187
• Better distinction between human and phantom scans (#2189)
• For projects using the imaging uploader's auto-launch insertion feature, log files are deleted only if insertion was successful #2252
• Final Radiological Review module shows whether T1 was successfully loaded in Loris #2175
• Various UI improvements, cleanup, and bug fixes
• Media module only shows data from user site by default #2469

Notes for Existing Projects

Follow steps for Updating your LORIS

Be sure to apply Release Patches since your last update, in release order -- including patches from all minor releases.
Note that create temporary tables mysql permission is required to run this patch

• Visit labels should not contain underscores, for imaging insertion purposes
• PHP 7 and MySQL 5.7 are supported for Loris 17.0. Timestamp fields in custom tables may require updating for MySQL 5.7 (#2222) Deprecated PHP 5* functions updated (#2370)
• Update all PHP QuickForm instruments, since HTML QuickForm is now replaced by LorisForm. No other code, configurations, templates, tables or data will be affected or require adjustment.
• If your dashboard loads but no other modules load, ensure that your /var/apache2/apache2.conf file is set to AllowOverride All in the section <Directory /var/www/> to enable re-write rules (based on htdocs/.htaccess file)
• If clicking Save or Submit form buttons generates and error, check the Configuration module and ensure the url (WWW section) is set to your host. (Loris 16.0 instructions may have recommended that you set this to the empty string)
  *For projects upgrading to 5.7, see PR #2444 for script to remove zero dates.

Known Issues / Beta features

• Issue Tracker module Beta features include: Watching (email notifications for users), and association of subjectID and timepoints with an issue

LORIS Release v16.1.3

This fixes some bugs with filters in the Data Query Tool in Loris 16.1.2. Other modules are unaffected.

• Fixes bug where adding filters returned no data.
• Adds user feedback that data is loading.
• Fixes bug with downloading files sometimes not working.
• Optimizes the time it takes to run queries. It was previously re-requesting the same data more times than it needed to.

Current users of 16.1.2 should upgrade to this release, as changes should be minimal.

LORIS Release v16.1.2

This release fixes a recently discovered security vulnerability, where AJAX scripts could return data to users who are not logged in.

Users of 16.* are strongly encouraged to upgrade immediately.

LORIS Release v17.0.0 (Release Candidate 1)

Full list of changes

Only PHP 7 and MySQL 5.7 are supported for Loris 17.0.

New Features

• LorisForm replaces QuickForm (wiki)
• Issue Tracker module for reporting and following up on bugs and data issues
• MRI scans that have failed protocol checks are now viewable in BrainBrowser #2219
• drop-down Help text can be written as a markdown file, instead of stored in a database table, for new-style modules #2196
• Add extensions to Content-Security Policy for user-hosted content via the Config module #2204
• Examiners can be added based on User Accounts #2190
• Caveat added at the visit level for Imaging data #2135

Install Process

• Web-based Install tool now covers many steps of the install process
• New Vagrantfile to quickly deploy LORIS #2164

Updates and Improvements

• Candidate Information (Candidate Parameters) module re-designed
• Improved messaging for Imaging Uploader and Insertion process
• Visit labels should not contain underscores, for imaging insertion purposes
• Genomic Browser new progress bar for file upload #2231
• project override issue resolved #2187
• Better distinction between human and phantom scans (#2189)
• For projects using the imaging uploader's auto-launch insertion feature, log files are deleted only if insertion was successful #2252
• Final Radiological Review module shows whether T1 was successfully loaded in Loris #2175
• Various UI improvements, cleanup, and bug fixes

Notes for Existing Projects

Follow steps for Updating your LORIS

Be sure to apply Release Patches since your last update, in release order -- including patches from all minor releases.
Note that create temporary tables mysql permission is required to run this patch

• Visit labels should not contain underscores, for imaging insertion purposes
• PHP 7 and MySQL 5.7 are supported for Loris 17.0. Timestamp fields in custom tables may require updating for MySQL 5.7 (#2222) Deprecated PHP 5* functions updated (#2370)
• Update all PHP QuickForm instruments, since HTML QuickForm is now replaced by LorisForm. No other code, configurations, templates, tables or data will be affected or require adjustment.
• If your dashboard loads but no other modules load, ensure that your /var/apache2/apache2.conf file is set to AllowOverride All in the section <Directory /var/www/> to enable re-write rules (based on htdocs/.htaccess file)
• If clicking Save or Submit form buttons generates and error, check the Configuration module and ensure the url (WWW section) is set to your host. (Loris 16.0 instructions may have recommended that you set this to the empty string)

Known Issues / Beta features

• Issue Tracker module Beta features include: Watching (email notifications for users), and association of subjectID and timepoints with an issue

LORIS Release v16.1.1

This release is primarily to fix an issue where an automatic update to Chrome prevented LORIS menus (and javascript) from working in v16.1.0 due to a polyfill for HTML5 date elements intended to add support for date elements Firefox. Users of LORIS v16.1.0 are strongly urged to upgrade.