Download & Releases
5.3.20 (stable)
- Please read the ILIAS 5.3 feature page for information about new and abandoned features and changed behaviour of this version.
- Information about first time installation can be found here.
Instructions for updating ILIAS can be found in section 3 of the general installation instructions. For major updates (e.g. 4.4.x -> 5.0.x) the safest proceeding is, to upgrade a copy of your productive system first and test whether everything works ok.
If you use a customized skin/style, please change the skin settings for root user and default of installation to ‘delos‘ before upgrading from a 4.x version to 5.3.x. Otherwise you may not login any more due to templates changes in former versions.
ILIAS is free, open source software and published under the GNU General Public License (GPL).
<div style="float:right; margin:15px;">
</div>
Format: .zip
ILIAS-5.3.20.zip
Download (github.com)184 MB, 2020-03-04md5: 41f2f8ee6deff9495a542fc7d8bc6a66
<div style="float:right; margin:15px;"></div>
Format: .tar.gz
ILIAS-5.3.20.tar.gz
Download (github.com)171 MB, 2020-03-04md5: 445385027cade8e77f66b49d7869db34
Known Issues
- none
Changed Behaviour
Escaping HTML/JS in all page editor contexts per default
To a certain extent ILIAS allows to included HTML/JS content in page editor content, e.g. in learning modules. This was a desired feature in the early days of ILIAS and enabled authors to extend the features of the standard editor.
In the context of wikis, this has been deactivated since the beginning (HTML is escaped in a way it is not interpreted by browsers), for other parts like blogs and portfolios it is possible to configure this behaviour.
Even if the page editor can log every change in its "page history", there has been an ongoing discussion between the trade-off of flexibility and security (possible XSS attacks), see e.g. https://docu.ilias.de/goto_docu_wiki_wpage_5406_1357.html
Since not everyone is aware of the implications and since this has been reported as a security issue multiple times now, all page editor contexts will escape HTML in a way it is not interpreted by browsers anymore. "Administration » Editing » ILIAS Page Editor" has been extended to allow the configuration for each context individually. If you trust your authors/users you may reactivate this in this administration setting.
Please note: This is only related to page editor content. HTML Learning modules and uploaded SCORM packages always allow to upload HTML and Javascript content. Do not give permission to create these resources to users you do not trust. Use the RBAC to set permissions accordingly or deactivate these components completely.
Fixed Bugs
The following bugs reported in Mantis have been resolved:
- Fixed several cross-site scripting (XSS) errors within the ILIAS editor. (elaborated and reported i. a. by members of the Informatik Institut, Hochschule Albstadt-Sigmaringen: Buck, Binal, Oertel and Prof. Dr. Heer)
#24906: [Accessibility Service] Missing alternative text: actions (akill)
#27672: [ILIAS Page Editor] Using Files in Content Snippets does not work (akill)
#22950: [Session (Course & Group)] Change "Join" to "Attend" in Registration Procedure Description (mbarz)
#26212: [Test & Assessment] Problem deleting more than 10 question from question pool (bheyser)
#26454: [Test & Assessment] Cannot save competancy thresholds if more than one page exists. (bheyser)
#25589: [Test & Assessment] PDF Export throws error in Print View and Review (bheyser)