Release Notes for Version 2.0.0 (May 2024)
Change Overview
- - Added the ability to define a music cue sheet template for a series allowing users to quickly import frequently used works (Further Reading...)
- - Added activity indication using the S4C spinner (Further Reading...)
- - Various performance improvements (More Info...)
- - Music cue sheet saving has been greatly improved (Further Reading...)
- - Where appropriate, pages have been redesigned to try and improve consistency in terms of layout and operation with a view to making to easier for users to work with it (More Info...)
- - Help system has been re-written to provide much more information about using PAC (Further Reading...)
- - Added ability to filter users based on their active status (More Info... Further Reading...)
- - Added ability for users to recover their password (Further Reading...)
- - Passwords are no longer stored as plain text in the system database (More Info...)
- - Passwords are now case sensitive and must contain at least one uppercase character, one lowercase character, one digit and one special symbol (More Info... Further Reading...)
- - Additional checks are made to ensure the user has the rights to access the items they attempt to (More Info...)
- - The two templates per page approach has been replaced with a single template plus translation approach allowing quicker turn around of page changes and easier correction of translation issues
- - The implementation of a translation system has allowed more text to be translated (some database fields for example can now be readily translated to Welsh)
- - CodeSite logging has been implemented to provide much needed logging capabilities which should help with future issue investigations
Details
Performance Improvements
Various changes have taken place to try and improve the performance of the PAC service. These have mainly involved reducing the volume of data transferred from the server to the client, but have also seen various parts of the server optimised to avoid a lot of unnecessary processing.
Security Improvements
Improving the security of PAC has been quite a large part of this update. To that ends, the system database has been redesigned and no longer stores passwords as plain text in multiple places in the database. Passwords are now hashed when they are stored and during the login process. The requirements for passwords have also been strengthened as they are no longer case insensitive. As such you must create passwords that include at least one uppercase letter, at least one lowercase letter, at least one digit and at least one special character.
It was also discovered that PAC had very limited security once a user was logged on. As a result it was found that users of one company could modify forms for programmes which were not theirs and a freelance user was able to gain elevated access as they were able to create a new company level user. This is no longer the case and any request that results in an 'Unauthorised' response is subject to detailed logging.
Site Redesign
The site redesign has primarily focused on trying to achieve a far more consistent user experience in terms of the overall operation. A long the way, the various forms have been updated with a new look to try and freshen up the user interface.
User Filter
To make managing users easier, you can now filter the user list by users active status. At the bottom of the list is a radio button that allows you to select which filter you would like to use. By default, only active users are displayed.
Known Issues Found In This Version
Forms using multiple checkboxes fail to save all selected items (Fixed)
Issue
Forms that use multiple checkboxes (add episodes to contributor, add episodes to artists and grant rights to freelance users) are not saving all selected items properly, with only the last items being used for the saving process
Fixed - June 2024
Changes have been made to the server software to correctly handle the incoming data to ensure that all selected items are properly processed
Found in version 2.0.0 (June 2024). Fixed in version 2.0.1.
Password reset facility allows users without email addresses to try resetting their password (Fixed)
Issue
The password reset process requires a user to have an email address (to which the verificatio email can be sent). Many users (such as the admin users for each production company) do not have email addresses but the system still allowed them to try and reset their password
Fixed - June 2024
The reset process has been updated to detect and report the lack of an email address, giving clear guidance to users as to how to proceeed
Found in version 2.0.0 (June 2024). Fixed in version 2.0.1.
Known Issues Fixed In This Version
Navigation tree does not entirely switch language (Fixed)
Issue
If a user configured to use Welsh, switches to English, whilst the navigation tree will appear to reload and on some level will appear to be entirely in English, due to how some parts of the text are provided they will continue to be in Welsh.
The same issue manifests when an English user switches to Welsh.
Fixed - June 2023
All instances where this has been found to be a problem have been updated to use a language code passed into the data source.
Found in version 2.0.0 (June 2023). Fixed in version 2.0.0.
Changing username without updating password will lock the user out (Fixed)
Issue
If a users login name is updated and their password is not changed at the same time, they will no longer be able to login. The security enhancements introduced to prevent passwords being stored as plain text use the username as part of the process and as such, the secure password is dependent on their username. If the username is changed, all future attempts to validate the password against the one stored in the database will fail.
Fixed - June 2023
Usernames can now be changed without having to update the users password.
Found in version 2.0.0 (June 2023). Fixed in version 2.0.0.
Possibility for user data to be exposed (In Test)
Issue
Internally, the PAC server application used the same data structure to store information about the logged in user (during the log-in process) and the user being edited/created. As the amount of data required about the logged in user expanded, and it's lifetime was extended, there was a possibility this data could leak into the pages seen by users.
Fixed - June 2023
Internal changes have been made that separate the two uses into two different structures, thereby completely removing the possibility that details of the logged in user could leak into pages seen by users.
Found in version 1.x.x (June 2023). Fixed in version 2.0.0.
Sometimes the navigation tree doesn't scroll (In Test)
Issue
The navigation tree is supposed to scroll so the item being opened is in view (this functionality was added in this version). For the majority of the time, this works as expected and the item is scrolled into view correctly, but some times this fails, resulting in the tree being redrawn and staying at the top of the page.
Fixed - June 2023
The fix was to change how the scrolling was achieved. In the original version, it was done by the draw script after it had dropped the updated HTML into the DOM. At that point, there was no guarantee the document had been processed and fully loaded. So, the scroll to element code has basically been moved into the onload handler of the tree document. That way, it's guaranteed to be executed when the document has been fully loaded. Initial tests seem to indicate it's working fine, so we'll have to see if the glitchy behaviour still occurs.
Found in version 2.0.0 (June 2023). Fixed in version 2.0.0.
User sessions could be hijacked by a bad actor (In Test)
Issue
There is no proper validation of user sessions, therefore it is possible for sessions to be hijacked by a bad actor.
Fixed - June 2023
Found in version 1.x.x (June 2023). Fixed in version 2.0.0.
Presentation requirements information not saved correctly (Fixed)
Issue
The multiline edit field on the Presentation Requirements form is not saved correctly if it contains multiple lines that have been seperated using a carriage return (i.e. the user has pressed
Fixed - April 2024
Changes have been made to the server software to correctly handle the incoming data to ensure that all lines are saved. It should be noted that this issue was not limited to this one field and that the fix addresses the issue for any multi-line field
Found in version 1.x (March 2024). Fixed in version 2.0.0.
Icon Key
| Icon | Description |
|---|---|
| Items tagged with this icon relate primarily to the addition of new features to PAC | |
| Items tagged with this icon relate primarily to the user experience when using PAC | |
| Items tagged with this icon relate primarily to the security of the PAC system and it's data | |
| Items tagged with this icon relate primarily to the software that powers PAC and it's related database |