PeopleFluent is pleased to announce the PeopleFluent Learning 22.03 update. PeopleFluent Learning 22.03 was released for general availability on 4 March, 2022. If you are a hosted (SaaS) customer, please contact your PeopleFluent Customer Success Manager to request a schedule for upgrading your sites.
This documentation describes the functionality changes in PeopleFluent Learning 22.03, including new and deprecated features. If you have any questions about the enhancements or the new features, please contact your PeopleFluent representative.
PeopleFluent Learning 22.03 includes a number of bug-fixes and you are encouraged to review them in the Resolved Issues Report.
Changes Impacting the Upgrade Process
The upgrade process for PeopleFluent Learning 22.03 will take longer than for previous upgrades, due to changes to the process.
SaaS Customer Upgrade Process
The upgrade process for hosted customers requires the PeopleFluent Hosting team to make significant changes to your Learning implementation. Additional coordination will be necessary for this release and due to the following changes, upgrades will require longer downtime. Upgrades will be scheduled on a first-come first-served basis that may mean your scheduled update may take longer to get to than for previous upgrades.
On-premises Customers and Partners
Customers and partners who host PeopleFluent Learning should verify their operating systems’ status and upgrade as part of their normal maintenance for security or support reasons.
Features and Enhancements
The features and enhancements described in this documentation apply to PeopleFluent Learning and will be available when the customer is upgraded to this version.
Because PeopleFluent Learning is configurable per customer, new features may affect each customer's individual implementation differently. For more information about any new feature, and how it can be used in specific implementations, contact your PeopleFluent representative.
PeopleFluent Learning 22.03 sees the start of some significant application architecture restructuring work to improve performance. This release also includes improvements to application security.
This guide is not a tutorial, although some background explanation is provided for each of the key features to better appreciate how these might affect your organization.
The following new features are included in PeopleFluent Learning 22.03:
- Catalog integration with LinkedIn Learning for SaaS customers
- Security updates:
- Updated Log4J
- Updated third-party libraries
- New HTTP headers
- New Learning Path APIs
LinkedIn Learning Catalog Integration
PeopleFluent Learning 22.03 extends the Web Catalog feature to enable LinkedIn Learning course information to be integrated with Catalogs in the LMS for SaaS customers.
The Web Catalogs page has been updated to enable LinkedIn Learning catalogs to be integrated with the LMS. The single +Add Web Catalog button is replaced with separate buttons for adding Skillsoft and LinkedIn Learning web catalogs. The new +Add LinkedIn Web Catalog button opens a version of the Add Web Catalog page with the required fields for retrieving course metadata from LinkedIn Learning via the API.
Figure: Add Web Catalog Page for LinkedIn Learning
Web Catalogs configured for a LinkedIn Learning course trigger a daily background task, which:
- Downloads the course data from LinkedIn Learning via the API
- Transforms the data into the Course CSV Loader format
- Imports CSV file
Courses are imported into a central LinkedIn Learning catalog, with each library identified in LinkedIn Learning becoming a sub-catalog.
The following security updates have been implemented:
- Updated Log4J
- Updated third-party libraries
- New HTTP headers
In December 2021 a critical security vulnerability was identified in Log4J, a java-based logging utility which is used to output log statements to a variety of output targets. PeopleFluent Learning was not subject to the Log4J security vulnerability due to the way Log4J is used. However, Log4J has been updated to 2.17.1 in PeopleFluent Learning 22.03. This is the latest version of the utility available as of 31 January.
The Log4J update is not being applied to previous PeopleFluent Learning releases. While PeopleFluent Learning is not affected by the Log4J vulnerability, customers with concerns are recommended to upgrade at their earliest convenience.
Updated Third-party Libraries
The following open source, third-party libraries have been updated to their latest releases to address minor code vulnerabilities:
- XStream – a simple library to serialize objects to XML and back again
- Keycloak – an open source identity and access management solution
- Apache Xerces – a processor for parsing, validating, serializing and manipulating XML
- Apache Xalan – an XSLT processor for transforming XML documents into HTML, text, or other XML document types
New HTTP Headers
HTTP headers are used to pass additional information between the clients and the server through the request and response header. They are maintained by the Internet Engineering Task Force.
The following headers will be added as part of the System Configuration to keep up with the HTTP standard:
- Referrer Policy
- Permission Policy
- Content Security Policy
This determines whether to send the referrer header. If the site is sending data externally, this could potentially leak secure information. PeopleFluent may need to review options to see how it might affect reporting and playing courses on a different domain. The default option for this System Configuration setting is Strict origin when cross origin.
The following options are available:
- No referrer
- No referrer when downgrade
- Same origin
- Strict origin
- Origin when cross origin
- Strict origin when cross origin
- Unsafe url
This provides a mechanism to allow and deny the use of browser features, in this case allowing the browser to make a PeopleFluent Learning window full screen. The default setting, All, allows all windows and iframes to go full screen. No other directives are set with this policy for the 22.03 release.
Content Security Policy
This allows content from specific domains as part of the interface. The default for this setting is script-src 'self' 'unsafe-inline' 'unsafe-eval';. This can be changed. New domains can be added before the semicolon (for example, script-src 'self' 'unsafe-inline' 'unsafe-eval' peoplefluent.com google.com;. It is also possible to add parameters other than script-src (for example, style-src or img-src).
New Learning Path APIs
As part of the user experience (UX) uplift to the learner-facing pages in the LMS, the 22.03 release includes the APIs needed to support a new responsive Learning Path page, to be included in a future release.
To preview the pages available with the new user interface, see this interactive prototype.