Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

关于Sakai

发布日期:待定

发布日期

Sakai 10 发布日期

10.0 - 待定

关于Sakai

Sakai是使用Java编写的,服务导向的网络应用程序,支持教学、学档、科研、项目协作等功能。Sakai一般部署在Tomcat集群上,其中每一个Tomcat节点部署一份Sakai。Sakai可以集成多种外部认证系统,包括CAS,Kerberos,LDAP,Shibboleth,WebAuth。Sakai使用MySQL或Oracle作为后台数据库,用户文件一般存放于NAS或SAN上。对于多数生产环境,Sakai需要一个后台学生信息系统(SIS)来提供学生、课程信息,然后Sakai通过API进行调用。

Sakai 10 概览

Sakai 10 概览

Sakai 10 在Sakai 2.9.3的基础上发展而来。Sakai 10中增加了2个新工具;提供了HTML 5的音频、视频支持;架构改进;约50个安全补丁;性能改进;一些列新功能;以及仅2000个补丁!其中最突出的部分包括:

  • 预约工具,曾经是第三方工具,现在成为Sakai核心工具,由耶鲁大学开发
  • 授权访问工具,曾经是第三方工具,现在成为Sakai核心工具,由密歇根大学开发
  • IMS LTI - 第一个支持LTI 2.0 的学习管理系统(LMS)
  • IMS Common Cartridge (CC) 改进支持。支持CC文件版本1.0,1.1,1.2;并且基于用户选择,可以导出CC格式1.1,1.2。

  • 作业:学生互评作业,小组作业
  • 练习与测验:支持新的问题类型(计算题和扩展匹配),改进数字答案精度,设置界面改进。
  • 课程组织:重新设计工具栏并简化,更好支持音频和视频,新增内容表格,提供内联调查,更友好的界面。
  • 资源:支持通过拖拽的方式直接添加文件;如果使用Chrome,可以直接拖拽文件夹。
  • 大纲:新的用户界面,批量更新大纲内容,更好的链接集成。
  • 成绩册:支持附加分。
  • 分布缓存:支持 JCache/JSR-107,优化默认缓存大小,简化配置。无丢失地从一台服务器到另一台服务器进行会话复制。提升大型Sakai部署的性能(此功能默认不开启)。

  • Keitai项目:增强Sakai在移动设备上的可用性。
  • 支持 Google Analytics.
  • 安全更新:Sakai社区修补了大约50个安全问题,包括XSS,CSRF。AntiSamy在2.9.3和10中默认开启。AntiSamy保证用户上传的HTML/CSS符合相应规则。
  • 学生成功门户 - 新增集成。
  • Java - 支持JDK 7.x,JDK 8.x 的支持正在进行
  • 简化Sakai技术组织。 合并大量“独立”工具来简化Sakai发布和问题反馈。

Sakai 10 致谢

Unable to render {include} The included page could not be found.

新功能列表

 Click here to expand...
Unable to render {include} The included page could not be found.
 

ReadMe - 新功能说明

 ReadMe - special notes

Unable to render {include} The included page could not be found.

系统需求

 Click here to expand...

Unable to render {include} The included page could not be found.

浏览器兼容性

 Click here to expand...

Unable to render {include} The included page could not be found.

下载

 Click here to expand...

 

Unable to render {include} The included page could not be found.

安装

 Click here to expand...

 

Unable to render {include} The included page could not be found.

升级

 Click here to expand...

 

Unable to render {include} The included page could not be found.

配置

 Click here to expand...

 

Unable to render {include} The included page could not be found.

新增配置项、权限

 Click here to expand...

 

Unable to render {include} The included page could not be found.

数据库支持

 Click here to expand...

 

Unable to render {include} The included page could not be found.

已知问题

 Click here to expand...

Unable to render {include} The included page could not be found.

 

安全策略

Sakai Project Security Policy

version 3.1

NOTICE: If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Security Working Group immediately at sakai-security@apereo.org . Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary.

INTRODUCTION

Sakai is an open-source software initiative that promotes knowledge sharing and information transparency. However, when dealing with security vulnerabilities the integrity of existing Sakai installations can be compromised by the premature public disclosure of security threats before the Sakai Community has had time to analyze, develop and distribute countermeasures through private channels to institutions and organizations that have implemented Sakai software. Recognizing this danger, the Sakai Security Working Group (WG) has developed a security policy that seeks to safeguard the security of existing Sakai installations as well as provide full public disclosure of Sakai security vulnerabilities in a timely manner.

REPORTING SECURITY ISSUES

Security vulnerabilities in Sakai should be reported immediately to the Sakai Security WG at sakai-security@apereo.org . When contacting the WG, please provide a callback telephone number so that we can contact you by phone if it is deemed necessary. Sakai Security WG and community developers, working with the original reporter of the vulnerability, will investigate the issue, determine versions affected, and, if necessary, develop and distribute as quickly as is possible a security update for the Sakai Community and general public.

GENERAL POLICIES

Issues identified as security-related are prioritized and addressed differently than functionality or other issues classified as bugs. Access to issues flagged as security vulnerabilities in Sakai's JIRA issue tracking system will be restricted to Sakai security contacts and members of the Sakai Security Work Group (see below). Discussion, analysis, code development and testing relevant to reported security vulnerabilities will be treated as confidential information.

The Sakai Security WG will work with Sakai Community members to develop fixes for both vulnerable released versions and vulnerable branches (up to a particular date or release number). Code commits for security-related fixes will seek to mask the nature of the vulnerability. This usually takes one of two forms: (1) the commit is held until a patch can be tested, distributed and implemented in known sites or (2) in the case of a fix to a less significant threat the commit may be checked in with limited commentary.

During our QA and release cycles security-related issues will receive priority. At a minimum, the Sakai Security WG will review outstanding security issues before the start of each QA cycle.

The Sakai Security WG will issue security advisories and security updates to the general public once existing Sakai installations have been notified and given time to patch their systems.

SECURITY WORK GROUP

The Sakai Community has instituted a Security Work Group (WG) composed of senior members of the community to respond to reports of security vulnerabilities and who operate using private channels of communication. Besides working to resolve known security vulnerabilities the Security WG will also operate in a pro-active manner, reviewing existing tools and services from a security perspective; defining Sakai security requirements; devising QA/testing models that identify potential security weaknesses; producing security-related documentation; and helping educate developers on web-related security vulnerabilities.

SECURITY DOCUMENTATION

Public information regarding security vulnerabilities will be documented in security advisories, Sakai software release notes and readme files included in demo, binary and source distributions as well as online at the following locations:

Sakai Issues Tracking: http://jira.sakaiproject.org/jira/
Sakai Release page: http://source.sakaiproject.org/release

Release documentation for security updates will identify the Sakai version affected including code branches and provide information on how to close the vulnerability. Security vulnerabilities will be ranked by the threat level index listed below:

Critical Risk

Security vulnerabilities classified as a critical risk involve the possible exposure of data to unauthorized viewing, modification, deletion or acquisition as well as attacks that could result in data corruption.

Major Risk

Security vulnerabilities classified as a major risk involve logical attacks that could compromise the availability of Sakai or otherwise degrade system performance, disrupt or circumvent normal application flow control of Sakai tools and services or use Sakai as a platform for attacks on other systems.

Minor Risk

Security vulnerabilities classified as a minor risk involve threats that (1) can be eliminated by updating existing configuration files to reflect a default secure state (e.g., sakai.properties), (2) are considered extremely difficult for attackers to exploit and/or (3), if exploited, are of minor consequence to the operation of Sakai installations.

SECURITY ADVISORIES

Whenever Sakai security vulnerabilities surface, the Sakai Security WG will execute a three-step security advisory protocol in order to alert (1) Apereo Foundation partners and designated security contacts associated with known Sakai implementations, (2) the wider Sakai Community, and (3) the public at large regarding security issues.

The first step in our protocol involves providing alerts to our partner institutions and organizations as well as to our security contacts throughout the Sakai Community via the use of private communication channels. We delay deliberately the issuance of community-wide and public security advisories in order to allow time for security updates to be devised, tested, distributed and, if necessary, applied to Sakai installations that are known to the Foundation. Once these systems are patched the wider Sakai Community is alerted and time provided for Sakai implementers unknown to the Sakai Security WG to identify themselves, designate security contacts, and patch their systems before we proceed to the third and final step in our security advisory protocol, the general public announcement.

SECURITY CONTACTS

The Sakai Secuirty WG encourages institutions and organizations that download and install Sakai software to consider contacting the Sakai Security WG and providing the name(s) and contact details of one or more individuals to serve as security contacts. Security contact information should be emailed to sakai-security@apereo.org.

As noted above, Sakai security contacts receive security updates in advance of public release in order their institution or organization time to patch their Sakai installation before any Sakai security vulnerability becomes general knowledge. Designated security contacts are also provided access rights to view, comment and address issues flagged as security items in Sakai's JIRA issue tracking application. Security-related JIRA issues are hidden from public view. We do not grant access to these JIRA items lightly and we verify the identity and role of each person who is designated as a security contact.

Email traffic sent to sakai-security-contacts@collab.sakaiproject.org should be treated confidentially and should not be forwarded to other Sakai or public email lists or discussed elsewhere in order to help protect institutions and organizations running Sakai from security-related exploits or attacks.

此前版本

随着Sakai 10发布,Sakai 2.8正式的社区支持将终止。强烈建议运行Sakai 2.8(或更老版本)的学校升级到Sakai 10或Sakai 2.9。

许可证

Sakai 10使用Educational Community License version 2.0许可证

  • No labels