## Releases * Unreleased * v3.0.1 (6th May 2020) - New features: - Provide access to staff-only categories in admin. #2925 #2958 - Allow anonymous updating if anonymous reporting enabled. - Admin improvements: - Order unsent reports by confirmed date. #2911 - Disable staff private tickbox on new reports if category is private. #2961 - Move stats from main admin index to stats index. #2982 - Speed up dashboard export and report search. #2988 - Allow a template to be an initial update on reports. #2973 - Bugfixes: - Application user in Docker container can't install packages. #2914 - Look at all categories when sending reports. - Fixes the To header when sending emails about inactive accounts. #2935 - Recent reports, use same query regardless of cache. #2926 #2999 - Match body construction on Around with New setup. - Only one duplicate call in progress at once. #2941 - Stop double escape in Google Maps URL. - Refactor/stop double escape in report nav link. #2956 - Maintain group on pin move with same category in multiple groups. #2962 - Remove unnecessary margin-right on #postcodeForm. #3010 - Fix sorting by most commented on /around map view. #3013 - Development improvements: - Refactor Script::Report into an object. #2927 - Move summary failures to a separate script. #2927 - Add generic import categories from JSON script. - Add script to export/import body data. #2905 - Add fetch script that does combined job of fetch-comments and fetch-reports. #2689 - Allow fetch script to parallelize fetching. #2689 - Do all retry timeout or skip checks in database. #2947 - Show error page when submitting with web param to /import. #2233 - Add a daemon option for sending reports and updates. #2924 - Update Getopt::Long::Descriptive to stop warning. #3003 - Open311 improvements: - Allow save/drop of row extra during sending. #2788 - Match response templates on external status code over state. #2921 - Add flag to protect category/group names from Open311 overwrite. #2986 - Documentation: - Remove part about restricting access to /admin. #2937 - UK: - Added junction lookup, so you can search for things like "M60, Junction 2". #2918 * v3.0 (4th March 2020) - Security: - Fix XSS vulnerability in pagination page number. - Rotate session ID after successful login. - Switch to auto-escaping of all template variables (see below). #2772 - Scrub admin description fields. #2791 - Front end improvements: - Improved 403 message, especially for private reports. #2511 - Mobile users can now filter the pins on the `/around` map view. #2366 - Maintain whitespace formatting in email report/update lists. #2525 - Improve keyboard accessibility. #2542 - Report form now indicates that details are kept private if report is made in a private category. #2528 - Improve map JavaScript defensiveness. - Upgrade jquery-validation plugin. #2540 - Pass ‘filter_category’ param to front page to pre-filter map. - Remove on-map Permalink. #2631 - Darken front page step numbers, and improve nested heading structure. #2631 - Set report title autocomplete to off to prevent email autocompleting. #2518 - Add map filter debouncing to reduce server requests. #2675 - Add XSL to RSS feeds so they look nicer in browsers. #2736 - Add per-report OpenGraph images. #2394 - Display GPS marker on /around map. #2359 - Use nicer default photo upload message. #2358 - Remove pan control from mobile widths. #2865 - Use category groups whenever category lists are shown. #2702 - Display map inline with duplicate suggestions on mobile. #2668 - Improved try again process on mobile. #2863 - Improve messaging/display of private reports. #2884 - Add a web manifest and service worker. #2220 - Also check filter_category for category choice. #2893 - Reduce duplicate Permalink.updateLink calls when zooming map. #2824 - Hide ‘provide extra information’ preamble when no visible fields are present. #2811 - Improve user flow when JavaScript is not available. #2619 - Change ‘locate me automatically’ to ‘use my location’. #2615 - Include ‘submit’ button at very bottom of report form when signing in during report - Provide ARIA roles for message controller box. - Admin improvements: - Add new roles system, to group permissions and apply to users. #2483 - Contact form emails now include user admin links. #2608 - Allow categories/Open311 questions to disable the reporting form. #2599 - Improve category edit form. #2469 - Allow editing of category name. #1398 - Allow non-superuser staff to use 2FA, and optional enforcement of 2FA. #2701 - Add optional enforced password expiry. #2705 - Store a moderation history on admin report edit. #2722 - Add user admin log page. #2722 - Allow report as another user with only name. #2781 - Allow staff users to sign other people up for alerts. #2783 - Group categories on body page. #2850 - Add admin UI for managing web manifest themes. #2792 - Add a new "staff" contact state. #2891 - Store staff user when staff make anonymous report. #2802 - Record first time fixed/closed update sent to reporter in email. - Pre-filter ‘all reports’ by area for inspectors - show open311 failure details in admin report edit page. #2468 - New features: - Categories can be listed under more than one group #2475 - OpenID Connect login support. #2523 - Heatmap dashboard. #2675 - Allow anonymous submission by a button, optionally per-category. - Bugfixes: - Prevent creation of two templates with same title. #2471 - Fix bug going between report/new pages client side. #2484 - Don't include private reports when searching by ref from front page. - Set fixmystreet.bodies sooner client-side, for two-tier locations. #2498 - Fix front-end testing script when run with Vagrant. #2514 - Handle missing category when sending open311 reports #2502 - Fix label associations with category groups. #2541 - Hide category extras when duplicate suggestions shown. #2588 - Hide duplicate suggestions when signing in during reporting. #2588 - Retain extra data if signing in during reporting. #2588 - Have duplicate suggestion and assets coexist better. #2589 - Don't include lat/lon of private reports in ‘Report another problem here’ link. #2605 - Allow contact send method to be unset always. #2622 - Fix z-index stacking bug that was causing unclickable RSS icons on /alert page. #2624 - Fix issue with inspector duplication workflow. #2678 - Fix removal of cached photos on moderation. #2696 - Checking of cached front page details against database. #2696 - Inconsistent display of mark private checkbox for staff users - Clear user categories when staff access is removed. #2815 - Only trigger one change event on initial popstate. #2862 - Fix error when hiding a user's updates with no confirmed updates. #2898 - Sort reporting categories in display order. #2704 - Do not clear asset attributes on category change. - Development improvements: - Upgrade the underlying framework and a number of other packages. #2473 - Add feature cobrand helper function. - Add front-end testing support for WSL. #2514 - Allow cobrands to disable admin resending. #2553 - Sass variables for default link colour and decoration. #2538 - Make contact edit note optional on staging sites. - Store email addresses report sent to on the report. #2730 - Add configuration for setting Content-Security-Policy header. #2759 - Add banner on staging website/emails, and STAGING_FLAGS option to hide it. #2784 #2820 - Do not hard code site name in database fixture. #2794 - Ensure OS dependencies are kept updated in development environments. #2886 - Enhance inactive scripts to act per-cobrand, or full deletion. #2827 - Open311 improvements: - Support use of 'private' service definition to mark reports made in that category private. #2488 - Ensure any reports fetched in a category marked private are also marked private on the site. #2488 - Add new upload_files flag which sends files/photos as part of the POST service request. #2495 - Allow description in email template with placeholder. #2470 - Do not store display-only extra fields on new reports. #2560 - Support receiving updates from external source. #2521 - Improve JSON output of controller. - unset external_status_code if blank in update. #2573 - Add support for account_id parameter to POST Service Request calls. - Do not overwrite/remove protected meta data. #2598 - Spot multiple groups inside a element. #2641 - Always update problem state from first comment #2832 - Backwards incompatible changes: - The FixMyStreet templating code will now escape all variables by default. If you need to output HTML in a variable directly, you will need to escape it with the `safe` filter, e.g. `[% some_html | safe %]`. * v2.6 (3rd May 2019) - New features: - (Optional) auto-suggestion of similar nearby problems, while reporting, to discourage duplicate reports. #2386 - Front end improvements: - Track map state in URL to make sharing links easier. #2242 - Default to unchecked for show name checkbox. #347 - Email improvements: - Header image file name can be customised - Admin improvements: - Include moderation history in report updates. #2379 - Allow moderation to potentially change state. #2381 - Spot moderation conflicts and raise an error. #2384 - Allow searching for in admin. - Make staff JavaScript more self-contained. - Alow staff user to be associated with multiple areas. - Improvements to admin checkbox display. - Bugfixes: - Check cached reports do still have photos before being shown. #2374 - Delete cache photos upon photo moderation. #2374 - Remove any use of `my $x if $foo`. #2377 - Fix saving of inspect form data offline. - Add CSRF and time to contact form. #2388 - Make sure admin metadata dropdown index numbers are updated too. #2369 - Fix issue with Open311 codes starting with ‘_’. #2391 - Add parameter to URL when “Show older” clicked. #2397 - Don't ask for email on alert signup if logged in. #2402 - Filter out hidden reports from top 5 list. #1957 - Add space below "map page" contents on narrow screens. - Use relative report links where possible. #1995 - Improve inline checkbox spacing. #2411 - Prevent duplicate contact history creation with Unicode data. - Show all Open311 extra fields in edit admin. - Proper bodies check for sending updates. - Check better if extra question has values. - Stop filter category overriding chosen category. - Allow things to reset if "Pick a category" picked. - Stop category_change firing more than it should. - Fix extra question display when only one category. - Fix superusers creating anonymous reports. #2435 - Ensure non_public reports aren't exposed at /open311 endpoint. - Escape body name in admin title. - Use REQUEST_URI, not PATH_INFO, to infer path. - Development improvements: - Make front page cache time configurable. - Better working of /fakemapit/ under https. - Improve Open311 error output on failing GET requests. - Optionally log failed geocoder searches. - Backwards incompatible changes: - If you wish the default for the showname checkbox to be checked, add `sub default_show_name { 1 }` to your cobrand file. - The admin body and user sections have been refactored – if you have custom templates/code, you may need to update links to those. * v2.5 (21st December 2018) - Front end improvements: - Simplify new report/update sign in flow. #642 - Simplify /auth sign in page. #2208 - Clearer relocation options while you’re reporting a problem #2238 - Enforce maximum photo size server side, strip EXIF data. #2326 #2134 - Don't require two taps on reports list on touchscreens. #2294 - Allow moderation to work without JavaScript. #2339 - More prominent display of "state" on report page #2350 - Improved report/update display on contact form. #2351 - Can limit /reports to non-public reports. #2363 - Admin improvements: - Allow moderation to potentially change category. #2320 - Add Mark/View private reports permission #2306 - Store more original stuff on moderation. #2325 - Sort user updates in reverse date order. - Improve update display on admin report edit page. - Keep all moderation history, and show in report/update admin. #2329 - Bugfixes: - Restore map zoom out when navigating to /around from /report. #1649 - Don’t escape HTML entities in report titles pulled in by ajax. #2346 - Show reopening/fixed questionnaire responses lacking updates. #2357 - Open311 improvements: - Fix bug in contact group handling. #2323 - Improve validation of fetched reports timestamps. #2327 - Fetched reports can be marked non_public #2356 - Development improvements: - Add option to symlink full size photos. #2326 - default_to_body/report_prefill permissions to control default report as/prefill behaviour. #2316 * v2.4.2 (6th November 2018) - New features: - Dashboard now has update CSV export. #2249 - Allow cobrands to override searching by reference #2271 - Allow cobrands to limit contact form to abuse reports only - Admin improvements: - List number of alerts on report page #669 - viewing and managing of user alerts in admin #676 - Allow moderation to potentially change photos/extra info. #2291 #2307 - Bugfixes: - Add perl 5.26/5.28 support. - Fix subcategory issues when visiting /report/new directly #2276 - Give superusers access to update staff dropdowns. #2286 - Update report areas when moving its location. #2181 - Don't send questionnaires for closed reports. #2310 - Make sure Open311 send_method always recorded/spotted. #2121 - Development improvements: - Add cobrand hook for dashboard viewing permission. #2285 - Have body.url work in hashref lookup. #2284 - OSM based map types can now override zoom levels #2288 - Clearer name for navigation colours in SCSS. #2080 - `script/setup` now creates `conf/general.yml` for Vagrant when needed. - Internal things: - Move send-comments code to package for testing. #2109 #2170 - Open311 improvements: - Set contact group only if handling cobrand has groups enabled. #2312 * v2.4.1 (2nd October 2018) - New features: - Support for storing photos in AWS S3. #2253 - Front end improvements: - Import end point can optionally return a web page #2225 - Clicking the "Report" header links on the homepage now focusses the #pc search input #2237 - Speed up fetching lists of bodies. #2248 - Improve vertical alignment of navigation menu in Internet Explorer 9–11. - Mobile menu button no longer uses -9999px text-indent hack. - HTML email template for confirming "partial" reports #2263 - Bugfixes: - Fix display of area/pins on body page when using Bing or TonerLite map. - Do not scan through all problems to show /_dev pages. - Say “Set password”, not Change, if no password set. - Do not lose from_body field when edited by non-superuser admin. - Fix history API bug with category/state selection. - Development improvements: - Cobrand hook for disabling updates on individual problems. - Cobrand hook for disallowing title moderation. #2228 - Cobrand hook for per-questionnaire sending. #2231 - Add option for configuring memcache server. - Add Blackhole send method. #2246 - Add script to list/diff template changes in core that might need applying to a cobrand. - Move away from FastCGI in sample conf/sysvinit config. - Customised Vagrant box available, with an override option. - Add Dockerfile and example Docker Compose setup. - Add a sample systemd unit file for the Catalyst application server. * v2.4 (6th September 2018) - Security - Update user object before attempting sign-in, to prevent leak of user account phone number. - Front end improvements: - Simplify footer CSS. #2107 - Keep commas in geocode lookups. #2162 - Show message on reports closed to updates. #2163 - Only display last 6 months of reports on around page by default #2098 - Always show all reports by default on /my. - Much less reliance on input placeholders, for better accessibility #2180 - “Report another problem here” button on report confirmation page #2198 #393 - Button in nav bar now makes it easier to report again in the same location #2195 - Shrink OpenLayers library a bit. #2217 - Remove need for separate per-category ajax call. #1201 - Admin improvements: - Mandatory defect type selection if defect raised. #2173 - Send login email button on user edit page #2041 - Use do-not-reply address for sent report email. - Category group can be edited. - Trim spaces from user/report search input. - Bugfixes: - Don't remove automated fields when editing contacts #2163 - Remove small border to left of Fixed banner. #2156 - Fix issue displaying admin timeline. #2159 - Send details of unresponsive bodies to mobile app #2164 - Fix issue with category filter when category contains comma #2166 - Inspectors can unset priority. #2171 - Defect type is recorded if category change made. #2172 - [UK] Store body ID on council/ward alerts. #2175 - Show all fixed issues when staff user uses map page filter #2176 - Allow any user who can see private checkbox to use it. #2182 - Prevent duplicate category listing on /my. - Hide password help field along with other similar. #2185 - Allow questionnaire link to be revisited in quick succession. #2123 - Update Google Maps directions link. - Fix inspector pin dragging. #2073. - Maintain all single newlines in text output, not only the first. - Make sure Home clickable with Try again overlay. - Check all contacts for metadata and non-public. - Open311 improvements: - CLOSED status maps to 'closed' state if extended statuses are enabled. - Don't generate template comment text on move between fixed states. #2199 - Development improvements: - Cobrand hook for presenting custom search results. #2183 - Cobrand hook to allow extra login conditions #2092 - Add ability for client to set bodies not to be sent to. #2179 - Make it easier to prevent a form_detail_placeholder being printed. #2212 - Include user agent in contact form emails. #2206 - Use site name in contact email subject line. - Add /_dev endpoints for previewing confirmation/submission pages. #2218 - Allow cobrand to add extra ability to moderate. #2216 * v2.3.4 (7th June 2018) - Bugfixes: - Fix pin clicking on non-/around pages, broken in 2.3.3. - Fix issue displaying anonymous account email. * v2.3.3 (6th June 2018) - Front end improvements: - Extra help text on contact form #2149 - Admin improvements: - Improve inspect form position and configurability. - Bugfixes: - Prevent contact form leaking information about updates #2149 - Fix pointer event issue selecting pin on map. #2130 - Fix admin navigation links in multi-language installs. - Fix map display issue clicking back from report page as inspector. * v2.3.2 (31st May 2018) - Front end improvements: - Improve questionnaire process. #1939 #1998 - Increase size of "sub map links" (hide pins, permalink, etc) #2003 #2056 - Edge-to-edge email layout on narrow screens #2010 - Add default placeholder to report extra fields. #2027 - Clicking the "Click map" instruction banner now begins a new report #2033 - Homepage postcode input is now marked up as a required input #2037 - Improved cursor/display of the new report pin. #2038 - Asset layers can be attached to more than one category each. #2049 - Cobrands hook to remove phone number field. #2049 - Check recent reports for any hidden since cached. #2053 - Asset layer attribution automatically shown. #2061 - The .internal-link-fixed-header positioning is now much simpler. #2117 - Added UI to view multiple wards at once on /reports. #2120 - Bugfixes: - Stop asset layers obscuring marker layer. #1999 - Don't delete hidden field values when inspecting reports. #1999 - Fix text layout issues in /reports/…/summary dashboard charts. - Fix post-edit issues on admin report edit page. - Truncate dates in Open311 output to the second. #2023 - Fix check for visible sub map links after 'Try again'. - Stop race condition when making a new report quickly. - Set a session timezone in case database server is set differently. - Fix SQL error on update edit admin page in cobrands. #2049 - Improve chart display in old IE versions. #2005 - Improve handling of Open311 state changes. #2069 - Don't strip whitespace from user passwords. #2111 - Make OpenGraph description translatable. - Stop double-escaping title in alert-update email. - Use inspection states in response template admin. - Fixed CSS padding/overflow bug during sidebar "drawer" animations. #2132 - Response template containing double quote now works. - A few small display issues with RTL text display. - Improve handling of loading spinner display. #2059 - Ignore non-interactive layers for asset message. - Admin improvements: - Inspectors can set non_public status of reports. #1992 - Default start date is shown on the dashboard. - Users with 'user_edit' permission can search for users/reports. #2027 - Don't send sent-report emails to as-body/as-anonymous reports. - Show Open311 service code as tooltip on admin category checkboxes. #2049 - Bulk user import admin page. #2057 - Add link to admin edit page for reports. #2071 - Deleted body categories now hidden by default #1962 - Display contents of report's extra field #1809 - Store user creation and last active times. - Add scripts to anonymize inactive users and reports, email inactive users, or to close reports to new updates. - Admin ability to close reports to new updates. #43 - Open311 improvements: - Fetch problems over Open311 #1986 #2067 - Option to send multiple photos over Open311 #1986 - Allow Open311 service definitions to include automated attributes #1986 - Optionally supress blank Open311 update errors #1986 - Fetch/store external status code with Open311 updates. #2048 - Response templates can be triggered by external status code. #2048 - Enable conversion from EPSG:27700 when fetching over Open311 #2028 - Add CORS header to Open311 output. #2022 - Nicer Open311 errors. #2078 - Development improvements: - Cobrand hook for adding extra areas to MAPIT_WHITELIST/_TYPES. #2049 - send-comments warns about errors when called with --verbose #2091 - Add HTML email previewer. - Add some Cypress browser-based testing. - Upgrade Vagrantfile to use Ubuntu Xenial. #2093 - Add validation to cobrand-specific custom reporting fields. - Drop support for IE7, improve IE8 support. #2114 - Add ability to have category extra help text. - Cobrand hook for showing all states in filter. * v2.3.1 (12th February 2018) - Front end improvements: - Zoom out as much as necessary on body map page, even on mobile. #1958 - Show loading message on initial /around map load #1976 - Ask for current password/send email on password change. #1974 - Add minimum password length and common password checking. #1981 - Nicer display of national phone numbers. #1982 - 'Report as another user' allows phone number without email. #1978 - Display loading spinner on map when asset layers are loading. #1991 - Bugfixes: - Fix bug specifying category in URL on /around. #1950 - Fix bug with multiple select-multiples on a page. #1951 - Make sure dashboard filters all fit onto one line. #1938 - Fix issue with red bars on bar graph of many categories. #1938 - Prefetch translations in /reports list of bodies. #1941 - Ignore deleted/area-less bodies in dashboard list. #1941 - Add missing CSS class from final questionnaire question. #1953 - Fix JavaScript error on /my calculating bounds #1954 - Change text on /reports to match lower down (fix translation). - Ensure all reports graph can't dip downward. #1956 - Fix error sending `requires_inspection` reports. #1961 - Fix timezone related test failure. #1984 - Restore display of extra fields on inspector form. #1994 - Admin improvements: - Admin can anonymize/hide all a user's reports. #1942 #1943 - Admin can log a user out. #1975 - Admin can remove a user's account details. #1944 - Superusers can have optional two-factor authentication. #1973 - Development improvements: - Add script to remove expired sessions. #1987 - 'components' parameter can be passed to Google geocoder. #1994 - UK: - Lazy load images in the footer. * v2.3 (18th December 2017) - New features: - Optional verification of reports and updates, and logging in, using confirmation by phone text. #1856 #1872 - Improved email/phone management in your profile. - Don't cover whole map with pin loading indicator. #1874 - Add Expand map toggle to more mobile maps. #1875 - Allow multiple wards to be shown on reports page. #1870 - Add functionality to have per-body /reports page. #1880 - Open311 category group support. #1923 - Front end improvements: - Paginate reports on `/around`. #1805 #1577 #525 - Improve performance of various pages, especially front. #1901 #1903 - More prominent "Hide pins" link on map pages, to aid reporting in busy areas. #525 - Optimised sprite file down from 97 KB to 36 KB. #1852 - SVG assets for core elements like button icons and map controls #1888 - Remove unneeded 2x PNG fallback images. - Improve location disambiguation page on small screens. #1918 - Don't show geolocation link on non-HTTPS pages. #1915 - Public report page shows state changes made in admin interface #1846 - Bugfixes - Shortlist menu item always remains a link #1855 - Fix encoded entities in RSS output. #1859 - Only save category changes if staff user update valid #1857 - Only create one update when staff user updating category #1857 - Do not include blank updates in email alerts #1857 - Redirect inspectors correctly on creation in two-tier. #1877 - Report status filter All option works for body users #1845 - Always allow reports to be removed from shortlist #1882 - Remove shortlist form from inspect duplicate list. #1889 - Fix pin size when JavaScript unavailable. - Fix display of text only body contacts #1895 - Prevent text overflow bug on homepage stats #1722 - Stop page jumping too far down on inspect form. #1863 - Prevent multiple 'Expand map' links appearing. #1909 - Superusers without a from_body can make reports again. #1913 - Fix crash when viewing /around in certain locales. #1916 - Fix back bug, from report after using list filters. #1920 - Fix issues with send method category change. #1933 - Admin improvements: - Character length limit can be placed on report detailed information #1848 - Inspector panel shows nearest address if available #1850 - Return a 200 rather than 404 for ref ID lookup. #1867 - Remove hidden from default staff state dropdown. #1878 - Marking an item as a duplicate enforces providing ID/update. #1873 - Report field pre-filling for inspectors configurable #1854 - Admins can now unban users #1881 - More JavaScript-enhanced `