Releases · ushahidi/platform

10 Jul 22:15

ushbot

v3.12.1

f3379cd

Release v3.12.1

This release includes several security fixes to the platform. Listed in no particular order:

platform#1596 - Secure Credentials Leak: sanitize HTTP headers sent to sentry.
platform#1606 - Length of Password is Not Validated After Reset: validate the password lenght on password reset.
platform#1607 - Lack of Bruteforce Protection new user: send a HTTP 429 response if the rate limit is reached due to multiple requests to the registration endpoint.
platform#1610- Missing X-XSS-Protection HTTP Header: add the HTTP header in the response as: X-XSS-Protection: 1; mode=block. Please note that for OSS deployers (not in ushahidi.io), you will need to update your ngnix or apache configuration. The updated configuration templates are available at platform-release.
platform#1617 - Role Creation and Permission Assignment: verify if a user is a paid or non-paid member of ushahidi.io before creating roles.
platform#1618 - Internal Server Error While Uploading Photo: prevent upload errors from disclosing information about the underlying host where the images are located
USH-016 - SSL Cookie Without Secure Flag Set: Set the Secure flag for all cookies that are being communicated over a secure channel.

Assets 3

02 May 02:08

crcommons

v3.12.0

a371f7b

Bugfixes and Stabilization

This release focuses on stabilizing CSV and Targeted Surveys, which were both part of the last release (v3.11.0) as well as addresses numerous bugs across the platform.

CSV

Fixes a bug that caused certain csv exports to fail
Ensures all expected fields are included in csv exports

Targeted Survey:

Fixes a bug causing Targeted Survey questions to send in the incorrect order
Reformats phone numbers to ensure they match the selected SMS provider
Disassociates unrelated sms messages from existing surveys
Provides a count of recipients, responses, sent, and pending messages after a survey has been published

Other:

Selecting unmapped posts now applies filters correctly in 'Data' view
Correctly duplicates surveys (however, not allowed with Targeted Surveys)
Ensures that child categories inherit parent category permissions
Updates the date on a post when changing the 'Post Date'
Updates translations across the app and makes right-to-left changes more consistent
Removes blank space between heading and map on embeds

Assets 3

17 Apr 06:08

rowasc

v3.11.0

4769c99

Release 3.11.0

This update makes data CSV exports & filters more reliable while increasing the amount of data you can export and giving you access to an "Export history" tab to reference your exports at a later date and download them as needed. It also adds the "Targeted Surveys" feature, currently available for select deployments.

CSV IMPROVEMENTS:

Export is now handled in a queue system. This means larger exports & datasets are possible without the system "crashing". We have added an "Export is ready" notification to let you know when you can download the file.
Previous exports and the status of your requested exports can be viewed in Settings => CSV Export under the "Export history" tab. Exports flagged with the status "Pending" are still in progress, and you will be notified when ready (but you can always come here and check if you missed a notification).
CSV column headers have been improved for better readability of the exported data.
Grouped multi-value fields make it easier to view lists of data in 1 column (ie Categories).
Ability to select fields that will be excluded from an export dataset has been added.
Date formats are now consistent. Clarifying Date timezones in CSV with a (UTC) string in the date headers.
"Share CSV" is not available for visitors without admin privileges. This feature was added to protect your data and only make it available to those that you grant access to. You can still publish & share exported datasets if you wish to make them available (i.e. by exporting a dataset and uploading it to google sheets).

TARGETED SURVEYS (SMS):

Important: this feature is only enabled in a select few deployments at the moment.

Targeted surveys allow administrators to create a survey to be sent to a specific group of users via sms and receive responses via sms associated to that survey and their posts.
The targeted survey consists of a group of questions (survey fields) that are sent in order of priority to all the selected contacts. When a contact responds to a question, the next message is sent to the user. When a user has answered all questions, they stop receiving messages from the targeted survey.
This feature also includes a view to see the targeted survey stats (that is, how many messages have been prepared, sent, and received) and a shortcut to see all the answers to a targeted survey to structure data efficiently.

Assets 3

05 Apr 05:06

rjmackay

v3.10.0

4994bca

Release v3.10.0

Reintegrating work from the COMRADES project. In particular
- More complete webhooks support
- API support for pushing partial updates to posts
- See #1665 for detailed commits
Centralised media, ratelimiter, and cdn configuration in .env file rather than application/config #2454
Fix validation of category permissions #2486 #2481

Migration info:

If you have customized configuration for media, ratelimiter or cdn we recommend moving this configuration to the .env file. New .env params are
- MEDIA_MAX_UPLOAD - maximum file upload size in bytes
- RATELIMITER_CACHE - type of ratelimiter to use. See application/config/ratelimiter.php.
- New CDN params - see application/config/cdn.php

Assets 3

16 Feb 22:24

rowasc

v3.9.0

f318c59

v3.9.0

Merge pull request #2482 from ushahidi/user-register-can-see-user-data

fix(UserRegister) when signing up, the user must be able to read the data they just sent

Assets 3