---
layout: post
title: Version 3.0
author: matthew
---
It has been quite a while since the last release, apologies, but today
we are happy to be releasing **version 3.0** of the FixMyStreet Platform,
which has a number of improvements.
### Front end improvements
* FixMyStreet can now be installed as a progressive web app. This means we've
added a web manifest (and an admin UI for managing this) and a basic service
worker that shows a page if you're offline, and continues the functionality of
allowing staff users to store and view their shortlisted reports offline.
If you serve your site over HTTPS, you will be able to add the website to
your homescreen (browsers may prompt the user) and have it work like an app.
This provides us with a solid base on which to continue improving this in
future, including hopefully adding functionality such as offline report drafting
through the web site.
* Various improvements have been made to the site on mobile – the "try again" process
is clearer, duplicate suggestions show an inline map, the photo upload message is
better, and map filters can now be accessed.
* Category groups are now used wherever a category list is shown – admin pages,
map filters, and so on; and you can pass a `filter_category` or `filter_group`
parameter to the front page or around page to pre-select that option, which
makes it easier to deep link to FixMyStreet from a page or form on another site.
* 
If you use geolocation, your location will now be displayed on the map, as
shown in the screenshot.
* As asked for a few times on our mailing list, we now use a report's image as
its OpenGraph image on an individual report page when shared.
* We've added XSL to our RSS feeds which means browsers no longer display them
as raw XML but as a nice simple web page that explains its purpose. Before
and after shots below:
### Security
All template variables are now automatically escaped by default, to help
protect against any future XSS vulnerabilities. We also rotate the user's
session ID after successful login, and scrub the admin description fields.
If any of your own templates outputs a variable that contains HTML that you
wish to continue to allow to display as HTML, you will need to alter your
template to escape the variable with the `safe` filter, e.g. `[% some_html |
safe %]`.
### Admin improvements
* FixMyStreet now has a new roles system, allowing you to create groups of
permissions and apply those roles to users.
* The category edit form has been drastically improved; category names can now be
edited, categories can be listed under more than one group, and categories or
particular extra questions can disable the reporting form (for e.g. emergency
"please call" categories or questions).
* Two-factor authentication can be used by any staff member, and you can choose
to optionally enforce it for all staff.
* The admin report edit page now stores moderation history, like the front end,
and you can now view a user's admin log history.
* 
We've added a heatmap dashboard for staff users, which can show hotspots.
To enable this, you will need to add `heatmap: { yourcobrand: 1 }` to your
`COBRAND_FEATURES` configuration.
* There's a new "staff only" contact state, for categories that can only be
used by staff.
* Staff users can report as other users even if they only have a name,
and can sign other people up to alerts.
### Bugfixes
Of course there have been a lot of bugfixes as well. One I remember is
when going back to the initial state with popstate, a change event was
being triggered on every single option of the filter selects. This led
to a lot of change events running on the category/status multi-selects
which then needlessly repeated the same activities over and over. This
locked up the browser for seconds in locations with many categories.
Below is a chart showing browser performance before and after:
### Development improvements
We've upgraded the underlying framework and other packages, added a banner to
the staging website/emails to make it obvious when you're in development, added
configuration for admin resending, a Content-Security-Policy header, and
stopped hard coding the site name in the database fixture.
### Open311 improvements
* It is now possible for an external Open311 service to POST updates on a report
to FixMyStreet, rather than have FixMyStreet poll an external service for updates.
* Email templates can include a placeholder to include the description fetched
from the Open311 server in the update.
* Private reports are supported, in that an Open311 server can mark a category
as private which will then automatically mark all reports sent and received
in that category as private.
* Meta questions added in the admin can be marked as protected so that they
won't be overridden by data fetched from an Open311 server. This is useful
for e.g. an "emergency" question that the Open311 server does not care about.
### Upgrading
As mentioned above, but it is worth repeating, if any of your own templates
outputs a variable that contains HTML that you wish to continue to allow to
display as HTML, you will need to alter your template to escape the variable
with the `safe` filter, e.g. `[% some_html | safe %]`.
A full list of changes can be seen in the
[changelog](https://github.com/mysociety/fixmystreet/releases/tag/v3.0) as usual.
