* fix formatting

# Platform Changelog

**The INJECT Exercise Platform (IXP) is released in different versions. Most significant changes

between the releases are listed below.**

**The INJECT Exercise Platform (IXP) is released in different versions.

Most significant changes between the releases are listed below.**

**This list is not complete, as each new release also includes numerous fixes and smaller

improvements.**

**This list is not complete, as each new release also includes numerous fixes and smaller improvements.**

## You might find useful

---

## 3.30.3

## 4.0.0

### New Exercise Definition Features

The exercise definition format was extended with new features to enable the creation of more

complex and engaging exercises.

The most important changes are listed below:

- added new questionnaire capabilities

    - added automatically evaluated free-form questions

    - added configurable minimum and maximum length settings for free-form questions

    - added multiple choice questions

    - added repeatable questionnaires

        - allows teams to answer a single questionnaire multiple times

            until some condition is fulfilled,

            for more details,

            see the [questionnaire documentation](./tech/architecture/definitions/README.md#questionnairesyml)

    - added questionnaires, which can be submitted after the exercise finishes

- added the option to mark email addresses as trusted

    - their emails are marked as digitally signed

- added a documents drive

    - creating a space for important documents accessible throughout the exercise

### User management improvements

An exhaustive changelog can be found [here](./tech/architecture/definitions/CHANGELOG.md).

### Trainee Performance Evaluation and Reflection

A set of new features was added to allow instructors to evaluate and reflect on trainee performance.

Furthermore, instructors can now allow trainees to self-evaluate by looking at their performance overview:

- added configurable score to milestone, learning activities, and learning objectives

- added user score export to CSV to analyst view

- added instructor comments for trainee actions

- added performance overview to trainee view

    - enabled by instructors per-team

### Improved Analytics Capabilities

The analyst view was extended with new features to allow better analysis of the actions performed during the exercise:

- added new types of actions logged

    - added questionnaire submission logs

    - added questionnaire review logs

    - added file download logs

    - added milestone modification logs

    - with info about the source of the modification (automatic, trainee, or instructor action)

    - added confirmation button logs

- added user info to action logs

    - allowing the analyst to distinguish between users within the same team

- added team selection to analyst view

- overhauled the overview page in analyst view

    - providing better insights into the exercise progress and trainee performance

### Editor Updates

[The editor](INJECT_process/prepare/editor.md) has been updated to support the latest definition version.

All known bugs were fixed, and the user experience was improved:

- updated editor to support the latest definition version (0.23.3)

- overhauled editor learning activity creation

    - with better user experience and activity type categorization

### Extended Exercise and Platform Configuration

Significant new features were added to allow more flexible exercise and platform configuration:

- added on-demand exercises with configurable time interval

    - these can be started by the assigned trainees at any time within the defined time interval

- added multitenancy support

    - multiple exercises can be run simultaneously on the same platform instance

- added optional log-collection in OpenSearch for exercises

    - logging the actions performed by trainees within a prepared sandbox VM

    - *currently an experimental feature*

- added runtime platform configuration for admins

    - with maximum number of teams per exercise setting

    - with the default exercise loop update interval setting

- added time format setting

    - with absolute, relative, and in-exercise time options

- added Czech localization to trainee view

### Improved User Management

More features were added for easier user management:

- added guest account generation

    - with expiration configuration

    - with bulk account creation

    - with credentials export to CSV or PDF

- added the option to change the initial generated password to a custom password

- added the option for trainees to register to the platform by themselves

    - with allowed email domains configuration

- added user tag management

### New Exercise-Panel Features

Several new features were added to the exercise panel to improve the user experience:

- added instructor noticeboard

    - allowing instructors to share important notes about the current usage of the platform

    - with configurable expiration for each note

- added loading exercise definitions from GitLab

New capabilities for user management were added:

### Technical Improvements

- guest account generation:

    - ideal for creation of temporary accounts without the need of acquiring the email address of the

        guest

    - option to create a csv/pdf file containing credentials of selected guest accounts that can be

        handed over in person

    - expiration mechanism of the guest accounts

- option to change initial generated password to custom password

A significant technical improvement was made to the exercise loop to enhance the responsiveness of exercises:

### On-demand exercises

- fixed overrun issue in loop thread

    - allowing shorter exercise loop update intervals

    - making the exercise significantly more responsive

- a number of performance improvements throughout the whole platform

This feature enables _self-guided exercises_ that users can complete at their own pace within a

defined timeframe, without the need for a live instructor.

### Improved User Experience

- **Asynchronous Participation**: Users have the flexibility to begin and pause the exercise at any

    point within the designated period.

- **Self-Guided**: Exercises are designed to be completed independently, removing the requirement

    for real-time instructor involvement.

- **Multi-Tenancy Support**: The system will accommodate multiple, independent groups of users, each

    running their own on-demand scenarios.

- **Integrated Analytics**: Existing analytical tools will function with these exercises.

Many smaller improvements were made to enhance the overall user experience:

This on-demand capability is particularly valuable for introductory content and offers a clear

distinction from traditional instructor-led, synchronous sessions.

- refined forms within the platform

    - providing better feedback when creating exercises, submitting questionnaires, etc.

## 3.0.3 (frontend)

This page outlines the known issues associated with the platform and provides guidance on how to

resolve or work around them.

## An exercise with more than 50 teams cannot be created

### Issue

The Create dialog in Exercise Panel does not allow the creation of exercises with more than 50

teams.

### Cause

This is an intentional limitation hardcoded in the frontend code to prevent creating exercises with

too many teams, which could lead to performance issues and a poor user experience.

### Solution

To change the hardcoded limit, you can modify the `TEAMS_MAX` constant in the

`frontend/frontend/src/exercisepanel/ExerciseManager/ExerciseCreator.tsx` file (line 36).

For further releases, we plan to make this limit configurable via a platform-wide setting.

## Exercise cannot be started after an outage

### Issue

### Backend Technology

The backend component of the IXP is built using Python and Django, a high-level web development

framework. Key components of the backend architecture include:

The backend component of the IXP is built using Python and Django, a high-level web development framework.

Key components of the backend architecture include:

- Python Backend: The backend of the IXP is implemented using Python.

- Django Framework: Django, the most popular web development framework for Python, is used to build

    the backend application. Django provides robust features for database management, user

    authentication, and more.

- GraphQL API: The backend exposes a GraphQL API for communication with the frontend. GraphQL allows

    efficient data fetching and enables the client to request only the data it needs.

    the backend application.

    Django provides robust features for database management, user authentication, and more.

- GraphQL API: The backend exposes a GraphQL API for communication with the frontend.

    GraphQL allows efficient data fetching and enables the client to request only the data it needs.

- Django REST Framework: For file transfers and other functionalities not supported by GraphQL, a

    REST API is implemented using Django REST Framework.

### Frontend Technology

The frontend component of the IXP utilizes modern web technologies including:

The frontend component of the IXP is built using React, a popular JavaScript library for building user interfaces.

Key components of the frontend architecture include:

- React Frontend: The frontend application of the IXP is developed using React, library for building

    user interfaces.

- TypeScript: TypeScript is used instead of JavaScript to ensure type safety and improve code

    quality.

- React Hooks: React hooks play a crucial role in modern React programming, providing essential

    features such as state management and performing side effects.

- Libraries and Tools: Various libraries and tools, including Yarn, Vite, Apollo Client, and

    Generouted, are utilized for package management, building, data management, and routing within

    the frontend application.

- React Frontend: The frontend of the IXP is implemented using React.

- Vite: Vite is used as the build tool for the frontend application, providing fast development and

    optimized production builds.

- TypeScript: The frontend is developed using TypeScript, a statically typed superset of JavaScript

    that enhances code quality and maintainability.

- URQL Client: The frontend uses the URQL client to interact with the GraphQL API exposed by the backend.

    URQL provides a simple and efficient way to manage GraphQL queries and mutations.

- Tanstack Router: The frontend uses Tanstack Router for client-side routing, enabling navigation between

    different views and components within the application.

## Security overview

### Authentication

Authentication on the INJECT Exercise Platform is fundamental to ensuring secure access to its

features and resources. Leveraging Django's (modified) built-in session system, the platform uses

HTTP header as a means to authenticate client requests.

features and resources.

Leveraging Django's (modified) built-in session system, the platform uses HTTP header

as a means to authenticate client requests.

### Authentication Process Overview

2. Client ← Server: Responds with backend version.

3. Client: Checks the compatibility between the client and the backend version. Displays an error in

    case of incompatible versions.

3. Client: Checks the compatibility between the client and the backend version.

    Displays an error in case of incompatible versions.

The next crucial step in the process is **login**:

  Server->>Client: Send session identifier

```

1. Client → Server: Client sends a login request on the REST endpoint containing the username and

    password.

1. Client → Server: Client sends a login request on the REST endpoint containing the username and password.

2. Client ← Server: If the provided credentials are valid, the server generates a _new session_,

    setting the _user_ attribute of the session to the corresponding user that has successfully

    authenticated. The server then responds with a _sessionid_, containing the identifier of the

    user's session.

    setting the _user_ attribute of the session to the corresponding user that has successfully authenticated.

    The server then responds with a _sessionid_, containing the identifier of the user's session.

From now on, the client requests are authenticated by the HTTP header that contains the _sessionid_

(session identifier).

---

| Definition Version | Platform Version | Codename |

| ------------------ | ---------------- | ------------------ |

| 0.23.3             | 3.30.X           | Dux – Half Release |

| ------------------ | ---------------- | -------- |

| 0.23.3             | 4.0.X            | Dux      |

| 0.18.1             | 3.0.X            | Citadel  |

| 0.12.1             | 2.0.X            | Bastion  |

| 0.8.0              | 1.0.X            | Aegis    |