Releases: ushahidi/platform
v3.12.3 - Cycle 7 release - bug fixes & usability enhancements
Cycle 7 release - bug fixes & usability enhancements
- BUG: CSV Export history should ONLY show exports from the logged in user
- Add a link to Permissions Documentation on Roles page
- Replace reports" with "posts"
- Sort Collections by reverse-chronological order by default
- Add Manage Collections & Saved Searches" permission to allow users to manage saved searches and collections"
- Rename IMPORT permission to be IMPORT & EXPORT to match functionality
v3.12.2
Release v3.12.1
This release includes several security fixes to the platform. Listed in no particular order:
platform#1596 - Secure Credentials Leak: sanitize HTTP headers sent to sentry.
platform#1606 - Length of Password is Not Validated After Reset: validate the password lenght on password reset.
platform#1607 - Lack of Bruteforce Protection new user: send a HTTP 429 response if the rate limit is reached due to multiple requests to the registration endpoint.
platform#1610- Missing X-XSS-Protection HTTP Header: add the HTTP header in the response as: X-XSS-Protection: 1; mode=block. Please note that for OSS deployers (not in ushahidi.io), you will need to update your ngnix or apache configuration. The updated configuration templates are available at platform-release.
platform#1617 - Role Creation and Permission Assignment: verify if a user is a paid or non-paid member of ushahidi.io before creating roles.
platform#1618 - Internal Server Error While Uploading Photo: prevent upload errors from disclosing information about the underlying host where the images are located
USH-016 - SSL Cookie Without Secure Flag Set: Set the Secure flag for all cookies that are being communicated over a secure channel.
Bugfixes and Stabilization
This release focuses on stabilizing CSV and Targeted Surveys, which were both part of the last release (v3.11.0) as well as addresses numerous bugs across the platform.
CSV
- Fixes a bug that caused certain csv exports to fail
- Ensures all expected fields are included in csv exports
Targeted Survey:
- Fixes a bug causing Targeted Survey questions to send in the incorrect order
- Reformats phone numbers to ensure they match the selected SMS provider
- Disassociates unrelated sms messages from existing surveys
- Provides a count of recipients, responses, sent, and pending messages after a survey has been published
Other:
- Selecting unmapped posts now applies filters correctly in 'Data' view
- Correctly duplicates surveys (however, not allowed with Targeted Surveys)
- Ensures that child categories inherit parent category permissions
- Updates the date on a post when changing the 'Post Date'
- Updates translations across the app and makes right-to-left changes more consistent
- Removes blank space between heading and map on embeds
Release 3.11.0
This update makes data CSV exports & filters more reliable while increasing the amount of data you can export and giving you access to an "Export history" tab to reference your exports at a later date and download them as needed. It also adds the "Targeted Surveys" feature, currently available for select deployments.
CSV IMPROVEMENTS:
- Export is now handled in a queue system. This means larger exports & datasets are possible without the system "crashing". We have added an "Export is ready" notification to let you know when you can download the file.
- Previous exports and the status of your requested exports can be viewed in Settings => CSV Export under the "Export history" tab. Exports flagged with the status "Pending" are still in progress, and you will be notified when ready (but you can always come here and check if you missed a notification).
- CSV column headers have been improved for better readability of the exported data.
- Grouped multi-value fields make it easier to view lists of data in 1 column (ie Categories).
- Ability to select fields that will be excluded from an export dataset has been added.
- Date formats are now consistent. Clarifying Date timezones in CSV with a (UTC) string in the date headers.
- "Share CSV" is not available for visitors without admin privileges. This feature was added to protect your data and only make it available to those that you grant access to. You can still publish & share exported datasets if you wish to make them available (i.e. by exporting a dataset and uploading it to google sheets).
TARGETED SURVEYS (SMS):
Important: this feature is only enabled in a select few deployments at the moment.
Targeted surveys allow administrators to create a survey to be sent to a specific group of users via sms and receive responses via sms associated to that survey and their posts.
The targeted survey consists of a group of questions (survey fields) that are sent in order of priority to all the selected contacts. When a contact responds to a question, the next message is sent to the user. When a user has answered all questions, they stop receiving messages from the targeted survey.
This feature also includes a view to see the targeted survey stats (that is, how many messages have been prepared, sent, and received) and a shortcut to see all the answers to a targeted survey to structure data efficiently.
Release v3.10.0
- Reintegrating work from the COMRADES project. In particular
- More complete webhooks support
- API support for pushing partial updates to posts
- See #1665 for detailed commits
- Centralised media, ratelimiter, and cdn configuration in
.env
file rather thanapplication/config
#2454 - Fix validation of category permissions #2486 #2481
Migration info:
- If you have customized configuration for media, ratelimiter or cdn we recommend moving this configuration to the
.env
file. New.env
params areMEDIA_MAX_UPLOAD
- maximum file upload size in bytesRATELIMITER_CACHE
- type of ratelimiter to use. Seeapplication/config/ratelimiter.php
.- New CDN params - see
application/config/cdn.php
v3.9.0
v3.8.0
v3.7.2-rc.3
v3.7.2-rc.3