Release Version: v1.2.1032
Release Date: 03/21/2024
This release includes two new features and three bug fixes:
New Features:
- Users not notified of password change
The application permitted users to change their passwords via the change password functionality or by requesting a password reset link set via email. However, when a user successfully changed their password, they did not receive an out-of-band email notification that their password has been changed. The application has been fixed now to alert the user via email when their password has been changed and if the user has not requested a change in the password they can reach out to workplacegiving@good2ive.ngo
- Insecure Change Email Functionality
When changing the account email address within the Good2Give application, users are not required to re-authenticate. Therefore the change of email for the non-sso user is not allowed anymore. A new functionality has been implemented so that the user cannot change the email address altogether.
Bug Fixes:
- Suncorp Credit card matching is not generated
Suncorp credit card matching values did not generate and appear on their matching invoices, this has been fixed.
- Carousel appeal bug
- When a charity was deleted and saved it reappeared after a refresh, this has been fixed.
- The maximum of 50 charities in the carousel appeal has been removed.
- Thumbnail pictures have been expanded so that long texts are overflowed horizontally in a single line and not wrapped together.
- Sensitive Data Sent Via GET Request
The Good2Give web application uses URL parameters to pass sensitive information between the client and server. Information in URL query strings is directly visible to the end user via the browser interface. This can cause security issues if sensitive information, such as session tokens or passwords is included in these strings. Additionally, data sent via GET requests is stored in web servers and proxy logs, which could result in sensitive information being stored on third party web servers. Code level change has been implemented to send sensitive data such as passwords via POST request method.
Please contact workplacegiving@good2give.ngo if you have any questions.