Martin Cuddy from Radically Open Security has found a security issue concerning the generation of PDF files during a security audit conducted as a part of our NGI0 Entrust grant. Unauthenticated users were able to access all PDF files generated in the last 24 hours. This was possible by triggering the generation of a PDF file, determining its ID in the GraphQL request, and counting the ID upwards or downwards to access other PDF files.

Traditionally, the AlekSIS team meets every year for a summer development sprint in the beautiful Hanseatic city of Lübeck to work on the further development of AlekSIS at the Katharineum zu Lübeck. A large part of the AlekSIS team travelled from all over Germany and Austria to work on important features and improvements for our pilot schools from 16th to 18th July 2024. In particular, the focus was on the digital class register, which some pilot schools, Katharineum zu Lübeck and Herman-Nohl-Schule want to go live with in the next school year.

Through their presence at didacta 2024, our team was able to gain valuable, interesting insights into the current developments and requirements in the digitalization of school administration and organization and enter into dialogue with many (head)teachers, members of school management and decision-makers.

While tech monopolist Apple is enjoying great popularity in schools with its tempting offers in the tablet sector, the company is fighting against the use of software from other manufacturers and against the regulation of its market power in the EU with increasingly abstruse and openly hostile measures. The recent decision to abolish Progressive Web Apps under the pretext of security justification may have serious consequences for AlekSIS and other open source projects.

Once again this year, the AlekSIS project was present at the FOSDEM in Brussels, the largest developer conference for free and open source software in Europe, with various activities on 3. and 4. February 2024. With the support of the NLnet Foundation and the NGI0-Entrust programme, we were able to organise a panel discussion on the topic of school digitisation and its challenges. Participants from various countries (including Finland, Spain and Belgium) reported what the status quo looks like for them.

The AlekSIS team is proud to announce the official acceptance for funding in the NGI0 Entrust programme of the NLnet foundation. The funding will support the development of important milestones for the large-scale usability of AlekSIS in schools.

After several months of intense development, the AlekSIS® team is proud to announce our newest release, codenamed “Dewey”. Although the list of new features and changes may appear shorter this time, we laid the foundation for planned new features, with several breaking under-the-hood changes being included that give developers new technical possibilities. For the following releases, especially 2023.12 “Falk”, we plan to make use of these improvements, enhancing the user experience.

The AlekSIS® team published the new version 2022.6 of the AlekSIS® standard distribution perfectly in time as a preparation for the beginning of the new school year in most German states. This way, schools can start the year using the version with the codename “Cohn”. The new release has been developed from January to June by the developer team and our partner schools. During this development phase, the main focus lay on improving the digital class register according to the needs of another high school and on several integrations.

The AlekSIS® team has found a security issue concerning client-protected OAuth resources. These are API endpoints (URL) protected by an OAuth client ID and secret, and currently in use only in the official app “Resint” for time-based documents. If an OAuth app without a list of allowed scopes was registered, this app could access all time-based documents, instead of none. To exploit this bug, an attacker would have to get hold of a client ID and secret for an OAuth app without a list of allowed scopes, for example by grabbing such information from a public web application using AlekSIS® for authentication.

The AlekSIS® team is proud to announce its first official release, version 2021.12, codenamed “Bruner”. Following a two years long development cycle, beginning with the merge of BiscuIT and SchoolApps in January 2020, AlekSIS and its official apps have been tested and improved in a closed beta stage, involving several partner schools headed by Katharineum zu Lübeck that provided insights in their practical use of a school information system. The official distribution release is delivered in form of the AlekSIS® Handbook, which represents the components of the distribution and installation instructions.

In the course of an AlekSIS community reunion at Katharineum in Lübeck, the team and its friends celebrated a small birthday party marking the de facto ten years anniversary of the project. Incarnation no. 1 – BiscuIT and the N@team Control Panel More precisely, ten years ago, in 2011, a group of people at Städt. Leibniz-Gymnasium Remscheid, lead by our current co-maintainer Dominik George, initiated the BiscuIT project in an effort to provide a feature-rich School Information System for the school.

The digitization of schools proceeds slowly, Germany is in the middle of the pack in this area, despite the Digital Pact, despite the various efforts of the education ministries to introduce learning with digital media as “distance learning” during the Corona pandemic. That there are projects that make hope was shown by the AlekSIS team at the Katharineum zu Lübeck. Here, software was presented which emerges from the field. Students and teachers are participated in the development process, program themselves, or give feedback for the application.

During FOSDEM, on February 1st and 2nd, 2020, AlekSIS was presented to a bigger audience for the first time, in co-operation with Teckids’ schul-frei stand that holds a co-presentation for a curated collection of free software products for education. As Teckids’ main goal is to get young people involved in free software, the presentation was mainly conducted by Andreas (13), Alexander (15) and Niels (15). The latter also co-presented in a general Community devroom talk about FOSS in education.

This article was originally posted by Frank Poetzsch-Heffter titled AlekSIS ist da! and was edited and translated for the AlekSIS website by Dominik George. The creation of a new software for management of plans, requests and information was celebrated in the computer lab of Katharineum. On Friday, January 3rd, developers from Teckids and the computer club of Katharineum met in order to to merge their projects BiscuIT and SchoolApps during a two-day sprint.

Today, there was a meeting with the teacher responsible for school books at Realschule Boltenheide. Shortly before the beginning of the holidays, a request for a new library management software reached us. We decided to include it in the BiscuIT school information system. Development of the first version of this app, called Exlibris, is split into two parts: First, we wanted to enable the responsible teacher to enter all the books and related data into the system.

Form July 15th to 17th, the core BiscuIT development team held its first sprint to get development of the first core features started. The sprint took place at Teckids e.V.’s partner school Boltenheide in Wuppertal, a school that has commited to using only free and open software in their education. The goal of the sprint was to get all core data models ready to an extent that it will be possible to start employing BiscuIT as the new school information system at Boltenheide with the start of the new term at the end of August.