Open edX Nutmeg Release

These are the release notes for the Nutmeg release, the 14th community release of the Open edX Platform, spanning changes from October 15 2021 to April 11 2022. You can also review details about earlier releases or learn more about the Open edX Platform.

Breaking Changes

SafeSessionMiddleware

Before upgrade: Check that your logs do not contain warnings starting with “SafeCookieData user at request”, or that these warnings are very rare. If they are common, see the SafeSessionMiddleware section below in the Administrators and Operators Section.

Django Admin login disabled by default

Default Django admin login window is disabled and now one has to login from the LMS.

Learner Experiences

• Bug fix: facebook share links now work on the course about page.

User Tours

User Tours are walkthroughs that can be presented to users in micro-frontends (MFEs). The default tours that exist are: “Course Home New User Tour” (screencast), “Course Home Existing User Tour”, and “Courseware New User Tour”. In order for User Tours to properly work, the backpopulate user tours management command should be run.

$ python ./manage.py lms backpopulate_user_tours

Dates Tab

The Dates Tab has been added as a default static tab on all courses. All new courses will automatically include the Dates Tab. In order to properly have the Dates Tab show up for all your existing courses, a backfill course tabs management command has been created.

$ python manage.py cms backfill_course_tabs

The Dates Tab has also been removed from the legacy learner experience. It is only available in the Learner MFE. This is the first step in remove the legacy learner experience altogether, which will be completed in the Olive release.

Weekly Course Goals

The old course goals feature has been replaced with a new weekly learning goals feature. Users set a goal for how frequently they want to learn per course and get reminder emails about their goals. See Enabling the Weekly Learning Goals Feature for instructions on how to configure this feature and more details on how the feature works. The new weekly learning goals feature is controlled with the same flag as the previous course goals feature.

Learning Micro-Frontend (MFE)

• When an XBlock fails to render, the user will now see an error message “An unexpected error occurred. Please click the button below to refresh the page.”

• RTL languages are now supported

• Support for the pre-alpha Discussions MFE was added

Account Micro-frontend (MFE)

The Account Micro-frontend (MFE) is now enabled by default. The legacy account pages will be removed in the next release, Olive.

Mobile Experience

• Added support for notices in apps.

• Added an activation opt in checkbox (default checked) so user can agree to receive marketing messages. See LEARNER-8652 for a screenshot.

• Mobile apps can now support LTI by opening it in a browser

Special Exams Experience

To take a proctored exam, the learner must now be enrolled in a verified course track. Previously, a learner enrolled in any track could take a proctored exam. Note that ID verification (IDV) is not required.

Instructor Experiences

• Default course tabs have a new, standard order. Course authors may still change the order of their custom static tabs, but the ordering of the default tabs cannot be changed. This ensures a more uniform location across courses.

• When setting grading policies, course authors can now set the minimum grade cutoff to 99. Previously it could not be higher than 97.

• When downloading the team membership csv from the Teams > Manage page, username and external key are now separate columns (previously, an external key would override the username, leading to ambiguity when importing teams csv)

LTI Support

• Course authors can now define static and dynamic custom parameters that will be sent to the LTI Tool Provider at launch. See the Custom LTI Parameter section of the LTI Consumer XBlock Readme for more details.

• Mobile apps can now support LTI by opening it in a browser

Gradebook Micro-frontend (MFE)

• Added support for transifex translations.

• Added support for custom theming.

Administrators & Operators

• Various improvements and bugfixes have been applied to Tutor, the officialy-supported Open edX distribution and installation method. Notable features include an overhauled Tutor Plugin API and a new CLI for mounting repositories during development. You can see the full list by viewing Tutor’s changelog, starting at v13.0.1 (the first Tutor release after Maple) and reading upwards until v14.0.0 (the first Tutor release supporting Nutmeg).

• An internal performance improvement called learning sequences has been opt-in for a few releases, but is now always-on for Nutmeg. If you have any courses that have not been re-published on Koa or later, run the simulate_publish cms django command on your courses before upgrading, to populate the learning sequence data.

$ python manage.py cms simulate_publish

• By setting the ENABLE_NEW_RELIC to false, the new relic logging integration will be disabled across all MFEs.

• It’s now possible to add optional fields to the registations form that are always visible, and do not require the user to click the checkbox “Support education research by providing additional information.” Use the new optional-exposed setting in the REGISTRATION_EXTRA_FIELDS setting.

• Added an activation opt in checkbox to the registration form (default checked) so user can agree to receive marketing messages. The field marketing_emails_opt_in is now enabled by default in the REGISTRATION_EXTRA_FIELDS setting.

• Waffle overrides can be set at the org level now (in between course level and global).

• To customize the template for course emails, set BULK_EMAIL_SEND_USING_EDX_ACE to true.

• Course Discovery API now supports Learner Pathways and Course Recommendations

• Bug fix: When using GMSTP (Gmail) for sending bulk email, retriable SMTP exceptions were not caught and bulk sending failed. This has been fixed.

Bulk Course Email Tool

• Added the ability to filter recipients of bulk course emails based on the last_login date of Users enrolled in a course run. This feature can be enabled by setting a value for the BULK_COURSE_EMAIL_LAST_LOGIN_ELIGIBILITY_PERIOD setting. Its value should be an integer (representing months) that represents the eligibility period from the current date to receive a message. The new setting defaults to None which keeps this new feature disabled (and there will be no change in behavior in how recipients are filtered/selected for a message).

• Added a simple bulk_email_disabledcourse table that allows for the bulk email tool to be disabled for specific course runs, even if the bulk email flag is on and the course is enabled in the bulk_email_courseauthorization table. A course team will not be able to see the bulk email tab on the instructor dashboard for whatever course runs are in this table.

• the setting EMAIL_USE_DEFAULT_FROM_FOR_BULK was changed to EMAIL_USE_COURSE_ID_FROM_FOR_BULK. Additionally, the behavior was changed. Previously, it was possible for a “from” address constructed out of a course id to be non existent, and thus fail in email servers. Now, those who wish to use their course id in the “from” address for bulk email must enable the flag to true.

SafeSessionMiddleware rejects mismatching requests and sessions

Background: SafeSessionMiddleware is an existing middleware that provides several protections against vulnerabilities that could result from cache misconfigurations or other bugs resulting in one user getting a different user’s session.

Changed: Previously if a user mismatch was detected between request or session and response, the middleware would log warnings; now, it will invalidate the session and send an error response. The toggle ENFORCE_SAFE_SESSIONS is enabled by default, but can be disabled to return to just log warnings.

Before upgrade: Check that your logs do not contain warnings starting with “SafeCookieData user at request”, or that these warnings are very rare. If they are common, there is likely a false positive caused by some custom login, masquerading, or registration code. You will need to update your custom code to call mark_user_change_as_expected`. Otherwise, valid requests may be rejected.

Migrations

There are no known migrations that will cause compatibility issues when deployed. As always migrations should be run before the new code is deployed.

Pre-Alpha Features

The following Micro-frontends (MFEs) are in a “pre-alpha” state. They exist on GitHub but are not yet supported in Tutor. Additionally, they may lack key features such as support for theming, internationalization, and path-based deployments. We include mention of them because we expect all of them to be supported in the next release, Olive.

• Authentication Micro-Frontend (MFE)

• Discussions Micro-Frontend (MFE)

• Course Authoring Micro-frontend (MFE)

• Open-Response Assessments (ORA) Grading Micro-frontend (MFE)

Settings and Toggles

New settings and toggles added since the Maple release:

• CELERY_EXTRA_IMPORTS

• DISCUSSIONS_MFE_FEEDBACK_URL

• ORA_GRADING_MICROFRONTEND_URL

• RATELIMIT_RATE

• REGISTRATION_RATELIMIT

• COURSEGRAPH_CONNECTION

• COURSEGRAPH_JOB_QUEUE

• PREPEND_LOCALE_PATHS

• BULK_EMAIL_SEND_USING_EDX_ACE

• COURSEGRAPH_DUMP_COURSE_ON_PUBLISH

• ENABLE_AUTHN_LOGIN_BLOCK_HIBP_POLICY

• ENABLE_AUTHN_LOGIN_NUDGE_HIBP_POLICY

• ENABLE_AUTHN_REGISTER_HIBP_POLICY

• ENABLE_COPPA_COMPLIANCE

• ENFORCE_SAFE_SESSIONS

• FEATURES[‘ENABLE_AUTOMATED_SIGNUPS_EXTRA_FIELDS’]

• FEATURES[‘ENABLE_INTEGRITY_SIGNATURE’]

• FEATURES[‘ENABLE_NEW_BULK_EMAIL_EXPERIENCE’]

• FEATURES[‘ENABLE_PASSWORD_RESET_FAILURE_EMAIL’]

• FEATURES[‘SHOW_PROGRESS_BAR’]

• LOG_REQUEST_USER_CHANGE_HEADERS

• MARK_LIBRARY_CONTENT_BLOCK_COMPLETE_ON_VIEW

• RATELIMIT_ENABLE

• SEARCH_SKIP_SHOW_IN_CATALOG_FILTERING

• course_live.enable_course_live

• courseware.enable_new_financial_assistance_flow

• discussions.enable_discussions_mfe

• discussions.enable_learners_tab_in_discussions_mfe

• discussions.enable_moderation_reason_codes

• discussions.enable_new_structure_discussions

• discussions.enable_reported_content_email_notifications

• learner_dashboard.enable_masters_program_tab_view

• learner_dashboard.enable_program_tab_view

• learner_dashboard.enable_program_tab_view

• new_core_editors.use_new_problem_editor

• new_core_editors.use_new_text_editor

• new_core_editors.use_new_video_editor

the following settings were removed:

• agreements.enable_integrity_signature

• course_experience.latest_update

• course_goals.number_of_days_goals

• course_home.course_home_use_legacy_frontend

• learner_dashboard.enable_program_discussions

• learning_sequences.use_for_outlines

• request_utils.capture_cookie_sizes

• user_authn.redirect_to_microfrontend

Dependency updates

There are no notable dependency updates in nutmeg.

Deprecations

Removed in Nutmeg

• django-ratelimit-backend has been removed from edx-platform. Now the django-ratelimit library will be used for rate limiting. See DEPR-150 for more details. Related to this, the default Django admin login window is disabled and now one has to login from LMS.

• The edx-certificates repo has been archived. See DEPR-160 for more details.

• “Old Mongo” course access has finally been fully removed. This means course runs that have keys like Org/Course/Run rather than course-v1:Org+Course+run cannot be accessed by learners. New runs of this type haven’t been able to be created since 2015, but now learner access has also been removed. See [DEPR] Issue #62 for more information on the continuing removal of Old Mongo technology.

• problemset and videosequence are old-but-not-entirely-unused aliases to the sequential (in Studio-speak, “Subsection”) block type. Support for them in the Learning MFE ended in the maple release. Now all support has been removed.

Deprecated in Nutmeg (or earlier) and scheduled to be removed in the Olive release

• bokchoy test suites

• the frontend-learner-portal-base library

• The xblock.fragment module and deprecated id_generator method parameters in xblock.runtime

• The legacy courseware experience (rendered server-side by Django) will be removed. The Learner MFE will be required.

• The legacy account pages will be removed. The Account MFE will be required.

• EdxRestApiClient is no longer supported, as you may have been able to tell from the many, many deprecation warnings.

• DraftModuleStore (also know as Old Mongo Modulestore) will be removed. “Old Mongo” course access was already removed in nutmeg.

• microsites djangoapp

• the ability to import legacy OLX attributes slug, name, id (discussion block), for, and attempts

Future deprecations and removals

Note

Major deprecation work is being funded between now and the Olive release, scheduled for December 2022. Please review the DEPR: Deprecation & Removal board on Github to be sure you have stopped using deprecated technologies.

Researcher & Data Experiences

• added a complete_video event that fires when a user has watched a video to the end. Requires the waffle switch completion.enable_completion_tracking

Developer Experiences

• Added support for custom xBlock editors in Studio. Read the pluggable_override docstring to learn more.

• Added an API for updating user’s email opt-in setting.

• django plugins can now return context for the Instructor Dashboard template, by adding it to the constant INSTRUCTOR_DASHBOARD_PLUGIN_VIEW_NAME. See PR 29376 for more details.

Events and Filters Extension Framework

Core extensibility: We have added a new way of extending the core through Open edX Events & Filters (part of OEP-50: Hooks Extension Framework)

Open edX Events: this standardized version of Django Signals allows extension developers to extend functionality just by listening to the event that’s sent after a key process finishes, e.g after enrollment, login, register, etc.

Open edX Filters: through configuration only, extension developers can set a list of functions to be executed before a key process starts, e.g before enrollment, login, register, etc.

---

Feedback