diff options
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 85 |
1 files changed, 50 insertions, 35 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 437f48656..81977b14e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,13 @@ ## Releases * Unreleased + +* v3.0 (4th March 2020) - Security: - Fix XSS vulnerability in pagination page number. - Rotate session ID after successful login. - - Switch to auto-escaping of all template variables (see below). - - Scrub admin description fields. + - Switch to auto-escaping of all template variables (see below). #2772 + - Scrub admin description fields. #2791 - Front end improvements: - Improved 403 message, especially for private reports. #2511 - Mobile users can now filter the pins on the `/around` map view. #2366 @@ -16,11 +18,11 @@ - Improve map JavaScript defensiveness. - Upgrade jquery-validation plugin. #2540 - Pass ‘filter_category’ param to front page to pre-filter map. - - Remove on-map Permalink. - - Darken front page step numbers, and improve nested heading structure. - - Set report title autocomplete to off to prevent email autocompleting + - Remove on-map Permalink. #2631 + - Darken front page step numbers, and improve nested heading structure. #2631 + - Set report title autocomplete to off to prevent email autocompleting. #2518 - Add map filter debouncing to reduce server requests. #2675 - - Add XSL to RSS feeds so they look nicer in browsers. + - Add XSL to RSS feeds so they look nicer in browsers. #2736 - Add per-report OpenGraph images. #2394 - Display GPS marker on /around map. #2359 - Use nicer default photo upload message. #2358 @@ -28,28 +30,39 @@ - Use category groups whenever category lists are shown. #2702 - Display map inline with duplicate suggestions on mobile. #2668 - Improved try again process on mobile. #2863 - - Improve messaging/display of private reports. + - Improve messaging/display of private reports. #2884 - Add a web manifest and service worker. #2220 - Also check filter_category for category choice. #2893 + - Reduce duplicate Permalink.updateLink calls when zooming map. #2824 + - Hide ‘provide extra information’ preamble when no visible fields are present. #2811 + - Improve user flow when JavaScript is not available. #2619 + - Change ‘locate me automatically’ to ‘use my location’. #2615 + - Include ‘submit’ button at very bottom of report form when signing in during report + - Provide ARIA roles for message controller box. - Admin improvements: - Add new roles system, to group permissions and apply to users. #2483 - - Contact form emails now include user admin links. + - Contact form emails now include user admin links. #2608 - Allow categories/Open311 questions to disable the reporting form. #2599 - Improve category edit form. #2469 - Allow editing of category name. #1398 - - Allow non-superuser staff to use 2FA, and optional enforcement of 2FA. - - Add optional enforced password expiry. - - Store a moderation history on admin report edit. - - Add user admin log page. - - Allow report as another user with only name. - - Allow staff users to sign other people up for alerts. + - Allow non-superuser staff to use 2FA, and optional enforcement of 2FA. #2701 + - Add optional enforced password expiry. #2705 + - Store a moderation history on admin report edit. #2722 + - Add user admin log page. #2722 + - Allow report as another user with only name. #2781 + - Allow staff users to sign other people up for alerts. #2783 - Group categories on body page. #2850 - Add admin UI for managing web manifest themes. #2792 - - Add a new "staff" contact state. + - Add a new "staff" contact state. #2891 + - Store staff user when staff make anonymous report. #2802 + - Record first time fixed/closed update sent to reporter in email. + - Pre-filter ‘all reports’ by area for inspectors + - show open311 failure details in admin report edit page. #2468 - New features: - Categories can be listed under more than one group #2475 - OpenID Connect login support. #2523 - Heatmap dashboard. #2675 + - Allow anonymous submission by a button, optionally per-category. - Bugfixes: - Prevent creation of two templates with same title. #2471 - Fix bug going between report/new pages client side. #2484 @@ -58,33 +71,35 @@ - Fix front-end testing script when run with Vagrant. #2514 - Handle missing category when sending open311 reports #2502 - Fix label associations with category groups. #2541 - - Hide category extras when duplicate suggestions shown. - - Hide duplicate suggestions when signing in during reporting. - - Retain extra data if signing in during reporting. - - Have duplicate suggestion and assets coexist better. - - Don't include lat/lon of private reports in ‘Report another problem - here’ link. - - Allow contact send method to be unset always. + - Hide category extras when duplicate suggestions shown. #2588 + - Hide duplicate suggestions when signing in during reporting. #2588 + - Retain extra data if signing in during reporting. #2588 + - Have duplicate suggestion and assets coexist better. #2589 + - Don't include lat/lon of private reports in ‘Report another problem here’ link. #2605 + - Allow contact send method to be unset always. #2622 - Fix z-index stacking bug that was causing unclickable RSS icons on /alert page. #2624 - - Fix issue with inspector duplication workflow. + - Fix issue with inspector duplication workflow. #2678 - Fix removal of cached photos on moderation. #2696 - Checking of cached front page details against database. #2696 - Inconsistent display of mark private checkbox for staff users - Clear user categories when staff access is removed. #2815 - - Only trigger one change event on initial popstate. + - Only trigger one change event on initial popstate. #2862 - Fix error when hiding a user's updates with no confirmed updates. #2898 + - Sort reporting categories in display order. #2704 + - Do not clear asset attributes on category change. - Development improvements: - Upgrade the underlying framework and a number of other packages. #2473 - Add feature cobrand helper function. - Add front-end testing support for WSL. #2514 - - Allow cobrands to disable admin resending. - - Sass variables for default link colour and decoration. + - Allow cobrands to disable admin resending. #2553 + - Sass variables for default link colour and decoration. #2538 - Make contact edit note optional on staging sites. - - Store email addresses report sent to on the report. - - Add configuration for setting Content-Security-Policy header. - - Add banner on staging website/emails, and STAGING_FLAGS option to hide it. - - Do not hard code site name in database fixture. - - Ensure OS dependencies are kept updated in development environments. + - Store email addresses report sent to on the report. #2730 + - Add configuration for setting Content-Security-Policy header. #2759 + - Add banner on staging website/emails, and STAGING_FLAGS option to hide it. #2784 #2820 + - Do not hard code site name in database fixture. #2794 + - Ensure OS dependencies are kept updated in development environments. #2886 + - Enhance inactive scripts to act per-cobrand, or full deletion. #2827 - Open311 improvements: - Support use of 'private' service definition <keywords> to mark reports made in that category private. #2488 @@ -93,13 +108,13 @@ - Add new upload_files flag which sends files/photos as part of the POST service request. #2495 - Allow description in email template with placeholder. #2470 - - Do not store display-only extra fields on new reports. - - Support receiving updates from external source. + - Do not store display-only extra fields on new reports. #2560 + - Support receiving updates from external source. #2521 - Improve JSON output of controller. - - unset external_status_code if blank in update + - unset external_status_code if blank in update. #2573 - Add support for account_id parameter to POST Service Request calls. - Do not overwrite/remove protected meta data. #2598 - - Spot multiple groups inside a <groups> element. + - Spot multiple groups inside a <groups> element. #2641 - Always update problem state from first comment #2832 - Backwards incompatible changes: - The FixMyStreet templating code will now escape all variables by |