View on GitHub


A digital repository providing a single platform to house your teaching and learning, research, media, and library content.

Testing Guide for Equella 6.5-Stable


Please refer to the 6.5-Stable Release Notes for more details.

#104 Scripting pack

Now in the master docs repo. Self-creation of the javadoc in issues #105 and #106 (still pending)


#98 / #102 Office Integration

Equella has the ability integrate with Microsoft Office products to enable a smoother editing experience. Due to licensing issues, and the inherit issues of using an older interop DLL on more modern installs of Office, the download of the Office Integration msi package has been removed from the Equella Web UI, and the DLLs in question have been removed from the git repo. The functionality is still useful, so conceptual documentation has been provided for users to build this functionality.


#101 / Documentation / example files moved to the master docs repo


#100 HTML Editor Plugins

Another documentation shift to the main docs repo.


#96 (Make installer set executable bit for files that need it)

After a Linux install, the sys admin no longer needs to chmod the jsvc, manager, and equellaserver scripts

Regression testing:

#84 Re-implement file upload features

File uploads were re-implemented using AJAX instead of multipart and client side progress instead of server side.

Regression testing: TestLink eqos-1687->eqos-1698

#56 (Remove dhfjava dependency)

The functionality was changed to not rely on dhfjava. Instead it uses a Tika open source library. The results are not as clean as dhfjava, so enhancements are welcome!

Functional testing:

Performance testing:

#72 (Allow configuration of the historically hardcoded email address)

System admins now configure the ‘do not reply’ email address via the Server admin pages.

Functional testing: TetLink eqos-5343

#74 (Remove the UpgradeProxyWeb python server)

The functionality point the Equella Manager at a server that provides the latest Equella update has been removed.

Functional testing: TestLink: eqos-5341

Regression testing: TestLink: Regression tests flagged.

#73 / #60 General build changes / scrubbing of commercial terminology

Hard-coded words denoting the last commercial owner and last commercial website of Equella were removed. Generally, resources (lang bundles and images) functionally haven’t changed, but how they are bundled into Equella did change.

Functional testing:

Regression testing:

#71 ( Allow configuration of LTI external tool contact for Equella )

When an LTI attachment was added to an item, at times it’s considered ‘default’, and historically, a default consumer contact email of was used. Now, you can configure this behavior by adding into

Functional testing:

Regression testing:

#62 ( Upgrade flamingo )

Flamingo was upgraded to streamline dependencies from Maven.

Functional testing: TestLink eqos-3813

#59 ( Replace use of hibernate-beanlib )

beanlib-hibernate was used for cloning a whole hibernate object tree but it had code which we no longer had the source too, so it was replaced with the use of xstream + special hibernate converters.

Regression testing: Regression tests tagged in TestLink

#55 / #107 ( Kaltura licensing issues )

The Kaltura Java client API is not Apache-license-friendly. It was moved into it’s own repo, but can be integrated back into Equella per client by building the Equella and Kaltura source repos together into an upgrade binary.

Functional testing:

Regression testing:

#54 ( Make Oracle DB driver optional )

Regression test flagged Oracle DB driver is no longer included by default. To run these tests, you’ll need a build of Equella with Oracle drivers included.

Regression testing:

#44 / #46 ( Installer / Upgrader built via SBT )

Installers and upgraders are all built via SBT.

Regression testing:

#41 ( Remove eCommerce )

eCommerce was never used by clients in Equella (since it was an option when generating commercial licenses).

Regression testing:

#33 ( Upgrade ROME )

Regression testing:

#27 ( Work out what to do about hardcoded SHA256 hash salt )

Functional testing:

Regression testing:

#5 ( Remove license validation components )

Functional testing: TestLink eqos-5340

Fixes arising from cherry pick

Regression testing:

Upgrade javax.servlet, flickr, datatools, sqlserver jdbc, kalturaclient

Regression testing: TestLink: Regression tests flagged

Upgrade srw servlet

Regression testing: TestLink: Regression Tests flagged

Use latest jna

Regression testing: TestLink: Regression Tests flagged

Option to self-generate a keystore when building or use a previously

Regression testing:

“Use a custom param for the course ID” in Canvas

EQ-31 ensure IMS/SCORM resources containing query strings will work

EQ-32 batched audit log removal

EQ-33 don’t use the public bookmark, use the actual params

EQ-34 use string URLs instead of URL URLs


EQ-2038 course API refactor

Activation, Course,

EQ-1045 (et al) refactors of entity rest services


EQ-2026 Do some validation on entities. don’t let entity editing be a free-for-all

Users can edit the names of selected resources that will be added to the LMS in a selection session

A new checkbox “Select all attachments” has been added to the “Add to External System” page.

Course builder in brightspace not using selected module

New permission for selection sessions

URL checker number of attempts

TestLink eqos-1943 eqos-1944 URL checker will disable links to external sites (e.g. Link attachments) if the URL check fails 10 times, and will send email notifications to item owners if the check fails 5 times. This hard coded settings are now configurable in

urlChecker.triesUntilWarning = 3
urlChecker.triesUntilDisabled = 5

SQL Server concurrency issue

The TLE_ADMINISTRATOR account is not required to accept DRM agreements

Users were able to access inactive copyright attachments via using a direct URL

The item moderation REST API would return a random workflow node status each time it was invoked

Issues Covered in General Regression Test

Change the My tasks UI to allow for selection of multiple items, then allow moderators with the correct (new) permissions the ability to approve and reject tasks in bulk, and sequentially process tasks without returning to the results page between each task.

Change the Manage tasks UI to allow for selection of multiple items, then allow admin users with the correct (new) permissions the ability to approve and reject tasks in bulk, and assign multiple tasks to a specific moderator.

Enhance the filtering and sorting capacity, and also make it easier for users to find the tasks they need to process by showing tasks assigned to them at the top, followed by tasks they could process then those assigned to others, also sorted in priority order.

Update both Manage tasks and My tasks pages to allow for complex filtering, including by assignment, collection, owner, date modified and assignee.

New bulk actions that can be performed against selected items including removing from workflow, moving from one workflow task to another and selecting live items not currenty in workflow and adding to a specific workflow task within the associated workflow.

Add ability to configure workflow notifications per task, and allow users to opt in or out of workflow notificaitons.

Updated the Moderation page so that the Approve/Reject buttons appear in a more logical position, and the workflow comments can be easily viewed in a scrollable panel.

A new workflow task type, ‘script task’, allows users to write a script which will automatically run as part of the workflow and proceed to the next workflow step.

Contributors now have the ability to drag an drop attachments directly into the wizard without opening the multi-step dialog.

Security fix changes

Deserialization of untrusted Java Objects

Server-side Request Forgery

Open Redirect

XML DTD Entity Injection - The web application parses externally supplied malicious XML Document Type Definitions (DTD), which can be used to read the contents of local files, determine the existence of files and folders on the system, and cause denial of service.

Missing HTTP Strict Transport Security - Strict-Transport-Security is not used; this may allow an attacker to eavesdrop on or modify communication in transit.