Releases: GEWIS/gewisweb
Releases · GEWIS/gewisweb
Version 4.1
- Added information on tutoring to the education page.
- Added overview for similar courses.
- Added links to directly submit/search infima on the Supremum website.
- Added fail-safe for manually assigned roles to let them automatically expire.
- Added proper Markdown support to
Activity
,NewsItem
, andOrganInformation
. - Added highlights to search terms in the results of a decision search.
- Added functionality to assist with GDPR data subject requests.
- Improved searching for specific meetings by allowing the English initialism of the meetings.
- Improved course document display by separating exams & summaries and ordering by date.
- Improved wording on the privacy widget to prevent confusing analytics with tracking.
- Improved activity creation form by moving it to the more spacious administration section of the website.
- Improved activity overview page by not removing structure and simple styling from descriptions.
- Improved activity sign-up process.
- Improved separation of concerns by splitting
board
andadmin
privileges. - Removed links to education pages that are behind a login.
- Fixed issue where cropping images resulted in an incorrect aspect ratio.
- Fixed issue where requesting an infimum around midnight resulted in an exception.
- Fixed issue where the sign-up overview was not responsive on mobiles.
- Fixed issue where activities did not appear in the news section of the front page.
- Fixed issue where injection of HTML in activity descriptions was possible.
- Fixed issue where existing custom pages had URLs longer than the limit.
Version 4.0.2
- Fixed issue where decisions removed in GEWISDB were not removed during synchronisation.
Version 4.0.1
- Added the option to mark a sign-up list field as sensitive. Sensitive fields are only viewable by the organiser or the board.
- Added tooltip to meeting documents to show when the meeting document was uploaded.
- Improved activity admin approval view by preserving structure of activity descriptions.
- Improved sign-up form by adding asterisks to denote required fields.
- Fixed issue where the navbar was grey instead of GEWIS red.
- Fixed issue where it was possible to use special path characters for custom routes.
- Fixed issue where sub-albums did not display the 'NEW' tag if they were recently created.
- Fixed issue where photos in the admin album overview would not load.
- Fixed issue where the 'Text' sign-up list field was never validated when signing up.
- Fixed issue where activities that were not yet approved could be viewed by everyone.
Version 4.0
- Added notice for
administrator
s to warn them about their powers. - Added history of board positions to member profiles of board members.
- Added option to mark course documents as
scanned
to improve quality of watermarked PDF. - Added option for organisers of activities to view sign-up list details up to a month after the activity ended.
- Added more detailed suggestions to failed searches to help with getting results.
- Added notice to polls to prevent personal data from appearing in polls.
- Added horizontal watermark to course documents to help with automatic OCR detection.
- Added button to historical poll overview to go to the current poll.
- Added language aware router for localised URLs (e.g. gewis.nl/en/).
- Added localisable routes to custom pages.
- Changed how historical polls are displayed and interacted with.
- Changed coding standard to catch issues before they make it to production.
- Changed map provider for photo locations from Google Maps to OpenStreetMap.
- Changed how translations are compiled.
- Changed localisation of polls.
- Changed validation of poll questions to always require them to end with a question mark.
- Improved support for password managers to autofill and change passwords.
- Improved
diff
display for proposed updates to activities and vacancies. - Improved selecting required viewing privileges for custom pages by exchanging the text field with a list.
- Improved consistency of page headings for custom pages.
- Improved synchronisation script for GEWISDB by replacing not dropping all data at once.
- Improved layout of album overview when albums have long titles.
- Fixed issue where long poll options were not split across multiple lines.
- Fixed issue where it was not possible to update a
JobCategory
. - Fixed issue where poll question was not shown on the frontpage.
- Fixed issue where renaming a
MeetingDocument
would redirect away from the current page. - Fixed issue where it was not possible to unsubscribe from an activity.
- Fixed issue where organ functions where displayed for the wrong organ due to incorrect deduplication and ordering of organ hashes.
- Fixed issue where e-mails with a
Reply-To
with special characters resulted in an exception. - Fixed issue where MariaDB healthcheck did no longer work.
- Fixed issue where birthdays of expired memberships/graduate statuses were shown on July 1.
- Fixed issue where it was not possible to view activity update proposals when the organiser was removed in the update.
- Fixed issue where it was possible to approve activity update proposals without having the proper privileges.
- Fixed issue where it was possible to comment on old or unapproved polls.
- Fixed issue where certain sign-up list fields would not show when selected.
- Fixed issue where errors in the synchronisation script for GEWISDB could result in (temporary) loss of data.
- Fixed issue where it was not possible to close a dropdown that was open by default on mobile devices.
- Fixed issue where (un)collapsing the main navbar would also (un)collapse the admin navbar.
- Updated dependencies.
Version 3.0.5
- Changed text under active polls on the frontpage to be more descriptive.
- Removed notices regarding the changed password requirements.
- Fixed issue where adding spaces around poll content (e.g., comments) would circumvent length checks.
Version 3.0.4
- Added bylaws and internal regulations to list of policies on the members page.
- Fixed issue where uploading a meeting document for a specific meeting would be uploaded to another meeting.
Version 3.0.3
- Added sender and recipient names to e-mails.
- Fixed issue where keyholders were not correctly synced.
- Fixed issue where the 90-day reminder logic was inverted preventing external authentication.
- Fixed issue where the approver of an activity would be lost preventing being able to reset the approval status of the activity.
- Fixed issue where e-mails would not be sent if the recipient's name contains unicode characters.
Version 3.0.2
- Added support for keyholders.
- Added
base-uri
to Content Security Policy to prevent hijacking of relative URLs. - Changed website title from
GEWIS Website
toStudy Association GEWIS
(Studievereniging GEWIS
when Dutch is selected as language). - Changed sender of e-mails to
Study Association GEWIS
. - Removed unused
photo_guest
role. - Fixed issue where viewing retired fraternities could result in an error in certain cases.
- Fixed issue where going to an external application would fail if the 90-day reminder dialog was shown.
Version 3.0.1
- Changed title of the "My Information"-page to prevent being able to track users through collected analytics.
- Changed login form validation messages to prevent account enumeration attacks.
- Changed login form redirects to prevent open redirects.
- Fixed issue where
graduate
s could be incorrectly assignedactive_member
privileges.
Version 3.0
- Added support for marking sign-up lists as having limited capacity.
- Added support for adding a representative to a company (this is different from a company contact).
- Added
CompanyUser
s (i.e. representatives) that can manage company profiles. - Added the GEWIS Career Platform where company representatives can log in to manage their company.
- Added support for company representatives to propose new jobs in the company's job package(s).
- Added support for company representatives to propose updates to existing jobs in the company's job package(s).
- Added support for company representatives to transfer jobs from expired job packages to non-expired job packages.
- Added support for company representatives to delete jobs.
- Added elementary support for company representatives to update their company's profile.
- Added the option to add a contract number to company packages.
- Added an approval queue for company profile and job (update) proposals.
- Added support for approving or rejecting job proposals (rejections may include a message that is shown to the company representative).
- Added support for applying or cancelling job update proposals (cancellations may include a message that is shown to the company representative).
- Added checks for passwords against the GEWIS-hosted version of Pwned Passwords. If a password is leaked in a public data breach, the user must reset their password before they can log in. When (re)setting passwords, this check is also performed and "pwned" passwords cannot be used.
- Added the Alcohol Policy to publicly available policies.
- Added timestamps to
SignUp
s to track when people signed up to a sign-up list. - Added support for searching for specific decisions.
- Added timestamps to
Album
s to add a "NEW"-tag to recently uploaded albums. - Added support for recording when a user has changed their password, this is used to see which users comply with new password requirements.
- Added support for renaming
MeetingDocument
s after being uploaded. - Added timestamps to
MeetingDocument
s andMeetingMinutes
to track when they are uploaded. - Changed
AV
toALV
to adhere to the terminology from the bylaws. - Changed the minimum required length of passwords to
12
forUser
s. - Changed the career admin to move job categories and labels to separate sections, leaving more space to interact with companies.
- Changed most of the e-mail templates to use the new e-mail template from Stijl.
- Changed the default state of new jobs to be
published
(when approved). - Changed the agreement text when subscribing to an activity to include the Alcohol Policy in accordance with changes to the Activity Policy.
- Changed the maximum number of decisions returned when searching to
100
(from50
). - Changed how decisions are displayed after searching or on meeting pages to improve readability.
- Changed the default duration of activation and password reset links to
24h
(from∞
). - Changed the default cookie
SameSite
directive toLax
. - Improved several translations.
- Upgraded to PHP 8.2.
- Fixed issue where exams and summaries would still be inaccessible from the university's NAT'd Wi-Fi network.
- Fixed issue where the Content Security Policy was too lenient on what content was allowed.
- Fixed issue where cookies where incorrectly shared with sub-domains.
- Fixed issue where the privacy widget could appear after it was already dismissed.
- Fixed issue where a (limited) SQL injection was possible through the decision search field.
- Fixed issue where searching for decisions using only a meeting number would not return any decisions.
- Fixed issue where form validation on the login form was not applied.
- Fixed issue where proposing an update to an activity could silently fail.
- Fixed issue where selecting a meeting that shares its meeting number with another meeting of another type would prevent uploads of
MeetingDocument
s. - Fixed issue where
deleted
,expired
, orhidden
members could still request a password reset. - Updated dependencies.