Version 6

• Front end improvements:
  • Include requirements for redeeming the link in the email change confirmation mail. #4422
  • Use email field type for username if SMS authentication not enabled. #4455
  • Text overrides for new report fields can be configured to apply when it is known the report will go to a particular cobrand. #4466, #4516
  • Improve handling cache expiry for front page statistics. #4584
  • Add geolocation button to centre map at user's location. #4671
  • WasteWorks PWA can now have a separate name from the FixMyStreet PWA. #4727
  • Users can now opt out of questionnaires. #4758
  • Include reference in report list emails. #4760
  • Add support for different '/around' map display times for open/closed/fixed reports #4790
  • Add code to enable category filtering box. #4914
  • Improved the display of the map filters. #4728
  • Don't display 'Show my name publicly' checkbox when making a private report to prevent confusion. #5029
  • Allow decimals in the local alert radius. #5205
• Bugfixes:
  • Stop map panning breaking after long press. #4423
  • Fix RSS feed subscription from alert page button. #4448
  • Fix link to edit category with apostrophe in category name. #4497
  • Fallback extra field in submit email should be name, not code. #4545
  • Allow confirmation links to login user 30s within first use to prevent things like Outlook 'safelinks' breaking the UX. #4556
  • Fixes default status report filter text on Your Account page. #4558
  • Don't zoom to bounds when searching for a postcode. #4717
  • Fix restoring a draft with no location. #4762
  • Create reporter alert before creating first unconfirmed auto-update.
  • Fix display of user in assignment dropdown. #4855
  • Fix setting of fixed timestamp in CSV export. #5119
  • Fix CSV export of reports with only hidden/unconfirmed updates. #5119
  • Fix displaying category page if over 1,000 history entries. #5140
  • Stop wrapping category notices in a label.
  • Allow through a "0" extra question value. #5245
• Admin improvements:
  • Rename emergency message to site message. #4450
  • Added a category control for overriding the text of the new report details field. #4514
  • Added support for 'multivaluelist' extra category questions using checkboxes. #4514
  • Added support for 'datetime' extra category questions using a datetime picker. #4514
  • Added option to make a phone number required for a category. #4520
  • Add way to pick multiple categories in the dashboard. #4700
  • Staff cannot update name reporting when logged out. #5031
  • Allow h1, h2, h3 tags in contact notices/questions. #4959
  • Tweak config page display. #5139
  • Minor display improvements to report/update pages. #5141
  • Minor display and performance improvements to user pages. #5138
  • Move add new body/category to their own admin pages. #5140
  • Move navigation to sidebar. #5093
• Development improvements:
  • Extra data columns now stored as JSON, not RABX. #3216
  • Auto-spot a default favicon.ico. #4461
  • Add send_state column to reports. #4048
  • Return random unprocessed row to daemon. #4545
  • A cobrand level text override for the details field label on new reports can now be configured. #4514
  • Cobrands can provide (per-category) custom distances for duplicate lookup. #4456 #4746 #5162
  • Add perl 5.38 support. #4831
  • Add plain text template previews to /_dev/email. #5105
  • Add --exclude option to bin/open311-populate-service-list #5177
  • Add /status/health page to indicate service health. #5186
• Performance improvements:
  • Reduce database queries on shortlist page. #4548
  • Provide ResultSet fallback translation in lookup. #4548
  • Mark non-Open311 updates as processed by daemon. #4552
  • Inspector/planned offline report caching now fetches URLs sequentially, not in parallel. #5204
  • Desktop browsers won't automatically cache reports offline when visiting /my/planned. #5206
• Changes:
  • Switch to OpenStreetMap for reverse geocoding. #4444
  • Convert all uploaded images to JPEGs. #4778
  • Redirect after POST when creating reports. #4362
  • Include status change line in report update emails using auto response templates. #4967
  • Don't display a translation banner in front of important UI elements on Android. #4153

Version 5

• Front end improvements:
  • Use crosshairs for mobile reporting. #4176
  • Enable keyboard navigation of map. #3321
  • Highlight pin on sidebar focus as well as hover. #3709
  • Map page pagination links now styled as links rather than buttons. #3727
  • Include username in inactive email. #3734
  • Update document title on client-side new report page transition. #3834
  • Disable staff phone and name fields to avoid accidental overwriting. #3805
  • Hide 'Assigned to' text if a report is not assigned to anyone #3646
  • Hide 'Assign to' dropdown if no available assignees #3646
  • Allow 'Asset ID' (part of optional extra data displayed for a report) to be customisable for all cobrands #3920
  • Add initial update template on report sending, not creation. #3949 #439
  • Add option to set an emergency message on reporting pages. #4015
  • Add label to questionnaire textarea. #3944
  • Offline report drafting. #4290
  • Set width=device-width in viewport meta tag. #4384
  • Improve performance of front page ‘recent problems’ query. #4424
  • Fix photo field label not visually appearing as a label.
• Bugfixes:
  • Add ID attributes to change password form inputs.
  • Fix link deactivation for privacy policy link on privacy policy page. #3704
  • Fix dashboard rows for categories with &s. #3802
  • Make calls from Geocoder files to https rather than http #3811
  • Inspector dropdown list only shows name once even if permissions repeated #3870
  • Inspector dropdown list doesn't show anonymised users, removing blank options #3873
  • Fix report unassignment so it works for users who did not create the report #3903
  • [Open311] External code removal is not a change. #3988
  • Trim whitespace on extra status codes for response templates #3997
  • The permission default_to_body now also affects updates. #3317
  • Decouple the permission to manage shortlist from default_to_body. #3317
  • Fix issue with sanitizing missing attributes. #4086
  • Include email_text from templates in export-import-data script. #4084
  • Stop map moving when navigating through images with arrow keys. #3856
  • Remember category group through OpenID login. #4231
  • For CSV export, fetch children of all generations. #4059
  • Reset subcategory selection on clicking browser 'back' button during new report journey #4260 #4284
  • Fix JS error going back from page to report page to map page #4175
  • Fix existing groups being removed when a contact is edited with the category_groups flag unset. #4307
  • Stop map panning breaking after press on pin #4132
  • With extended statuses, send 'closed' rather than 'open' status in Open311 service request when report is closed.
• Accessibility improvements:
  • The "skip map" link on /around now has new wording. #3794
  • Improve visual contrast of pagination links. #3794
  • Make map pan/zoom controls keyboard-accessible. #3751
  • Add missing label to alert distance input. #4248
  • Give generated map tiles blank alt attribute. #4248
  • Add fieldset to alert list and improve sort order. #4248
  • Remove unnecessary and add some missing fieldsets. #4283
  • Improve fancybox accessibility (text and focus). #4248
  • Add visually-hidden nearest address in report list. #4283
  • Add a focus state for button-variant mixin. #4312
  • Improved focus state for link images in the local alert page. #4312
• Admin improvements:
  • Admin 'add user' form now always creates staff users #3749
  • Make sure staff permissions removed when anonymized. #4051
  • Add role filter to dashboard interface. #4082
  • Alerts are paginated on user edit page. #4158
  • Restrict flagging users and reports to superusers. #4168
  • Display photos in report moderation updates, rather than just the image hashes. #4266
  • Add 'admin_contact_validate_category' cobrand hook to validate category names when editing or creating contacts.
  • Restrict timeline to users with the report_edit permission.
• Development improvements:
  • Default make_css to web/cobrands rather than web. #3712
  • Ability to pass custom arguments (eg: SSL config) to server when running via Docker #3713
  • Allow bin/fetch start/end times to be fractional. #3738
  • Add an --exclude option to bin/fetch. #3804
  • Add an index on problem(external_id) to speed up bin/fetch --updates #3808
  • Upgrade Net::DNS and libwww to deal with IPv6 issues. #3809
  • Add send_state column to updates. #3865
  • Enable alternative response from templates to be emailed to issue reporter. #4001
  • Option to read asset layers from configuration. #4119
  • Add GitHub Action to generate POD documentation. #4252
  • Use digest rather than last modified time for static versioning. #4280
  • Add 'open311_title_fetched_report' cobrand hook for customising how titles are created for fetch reports.
  • Add way to use digest in static filename rather than query parameter. #4402
• Security
  • Permit control over database connection sslmode via $FMS_DB_SSLMODE #3927
• Open311 improvements:
  • Increase default timeout. #3738
  • Check for an identical latest update when adding a new one. #4007
• UK:
  • Add CAPTCHA to contact form for non-UK IP addresses #2303

Version 4.0

• Front end improvements:
  • Multi-page form reporting.
  • New aerial map toggle.
  • Send text alerts for report updates to only-phone-verified users.
  • Add options for user to set global notification preferences.
  • Pop over mobile navigation menu. #3270
  • Add support for the OS Maps API. #3328
  • Speed up /report/new/ajax call. #3335
  • Improve #geolocate_link display, especially for smaller screens. #2048
  • Allow email alert radius to be specified. #68
  • Update URL on /my when map moves. #3358
  • Make anonymous updates clearer in email alerts. #3417
  • Add Maidenhead Locator support to search box.
  • Update RSS link when distance box changed. #3624
  • Inspector-managers can assign reports to inspectors in the inspector toolbar.
  • Inspectors & inspector-managers can see who a report is assigned to or 'unassigned' if a report is unassigned.
• Bugfixes:
  • Fix non-JS form when all extra questions answered. #3248
  • Improve display of disabled fields in iOS.
  • Use div for inspector form wrapped extra questions. #3250
  • Fix Open311 JSON services output. #3279
  • Send email reports in staff-only categories.
  • Fix Gaze sometimes being called twice on /around. #3324
  • Improved alert signup for phone-only user. #3367
  • Fix moderation of update text.
  • Only trigger one refresh going Back to list view. #3476
  • Fix checked order of updates in dashboard export.
  • Fix unable to edit user with verified landline #3295
  • Fix 'sites' page to reflect active fixmystreet sites #2481
  • Fix ordering of dropdown lists in extra questions #3566
  • Fix removal of cached opengraph photos.
  • Do not email inactive body comment users. #3587
  • Look up organizational domain in DMARC checking. #3603
  • Stop slash in category name breaking csv download #3642
  • Fix CSS z-index bug that resulted in the main menu being hidden behind the map on small screens #3686
  • Send contact form emails from do-not-reply address if sender's domain uses DMARC.
• Admin improvements:
  • Assignees of reports are now visible in admin reports list and report edit pages.
  • Enable per-category hint customisation.
  • Move ban/unban buttons to user edit admin page.
  • Add link to user edit admin from report/update edit admin.
  • Improve layout of some admin pages.
  • Include email in inspector form information.
  • Improve wording of new report Private checkbox.
  • No questionnaires on reports as body/anonymous.
  • CSV export, improve Site Used and add Device Type.
  • Always record contributed_by for staff users.
  • Add per-photo moderation. #3055
  • Redaction support for photos.
  • UK Councils no questionnaires for non-updating users
  • Script to export/import response templates, #3549
  • Include non-public report in front page search for staff. #3616
  • Include staff categories in map filters for staff. #3616
• Development improvements:
  • Include failure count in send report error output, #3316
  • Sort output in export script. #3323
  • Show relevant updates in alert-update email preview. #3417
  • Upgrade jQuery to 3.6.0. #3017
  • Upgrade Mozilla::CA to handle new root certificates.
  • Factor alert script to slightly smaller functions. #3615
  • Add development Docker environment.
• Open311 improvements:
  • Consistent protected field ordering.
  • Move test handling out of core code.
• Security:
  • Increase minimum password length to eight.
  • Allow throttling by user login attempts

Version 3.1.1

• Development improvements:
  • Upgrade Mozilla::CA to handle new root certificates.
• Security:
  • Increase minimum password length to eight.
  • Allow throttling by user login attempts
• Bugfixes:
  • Fix non-JS form when all extra questions answered. #3248
  • Improve display of disabled fields in iOS.
  • Use div for inspector form wrapped extra questions. #3250
  • Fix Open311 JSON services output. #3279
  • Send email reports in staff-only categories.
  • Fix Gaze sometimes being called twice on /around. #3324
  • Fix moderation of update text.
  • Only trigger one refresh going Back to list view. #3476
  • Fix checked order of updates in dashboard export.
  • Fix unable to edit user with verified landline #3295
  • Fix ordering of dropdown lists in extra questions #3566
  • Fix removal of cached opengraph photos.
  • Do not email inactive body comment users. #3587
  • Look up organizational domain in DMARC checking. #3603
  • Stop slash in category name breaking csv download #3642
  • Send contact form emails from do-not-reply address if sender's domain uses DMARC.

Version 3.1

• Security:
  • Store personal access tokens hashed, and only show once, upon generation. #3063
• New features:
  • Add Open Location Codes support to search box. #3047
• Front end improvements:
  • Add lazy image loading on list items. #3062
  • Improve Bing geocoder results. #2300 #3086
  • Add option of checking passwords against Have I Been Pwned. #3095
  • Add aerial maps option to Bing and OSM maps. #3041 #3114
  • Select matches for both filter category and group. #3110
  • Add an extra zoom level to most map types. #3130
  • Improve new report form when using phone verification. #3191
• Changes:
  • Mark user as active when sent an email alert. #3045
• Bugfixes:
  • Fix issue with dashboard report CSV export. #3026
  • bin/update-schema PostgreSQL 12 compatibility. #3043
  • Make sure category shown in all its groups when reporting. #3029
  • Do not remove any devolved contacts. #3053
  • Fix double encoding of per-category templates. #3058
  • Return reports in all closed states through Open311.
  • Skip accounts without email when sending inactive emails. #3066
  • Include file extensions in Dropzone accepted photo config. #3098
  • Fix photo orientation in modern browsers. #3098
  • Improve compatibility with G Suite OpenID Connect authentication. #3032
  • Fix duplicate asset message after dismissing duplicate suggestions. #3101
  • Improve moderation diff display in a few small ways. #3105
  • Do not have bootstrap run sudo commands. #2930
  • Fix lookups in templates of categories with &s. #3120
  • Fix a few obscure asset layer changing issues. #3157
  • Fix multiple disable messages for dropdown answers. #3186
  • Do not trigger duplicate check when checking stoppers #3194
  • Do not strip spaces from middle of Open311 category codes. #3167
  • Show all category history even if category renamed. #3181
  • Fix email alert on initial update template. #3209
  • Do not cache the service worker. #3201
• Admin improvements:
  • Interface for disabling updates/reopening for certain categories. #2991 #2992
  • Include group in CSV export if enabled. #2994
  • Disable category rename on Open311 categories when unprotected. #2957
  • In category admin, group is already shown elsewhere.
  • Add assigned_(users|categories)_only functionality.
  • Inspectors can now include a photo with public updates. #2902
  • Display user name/email for contributed as reports. #2990
  • Interface for enabling anonymous reports for certain categories. #2989
  • Better sort admin user table. #3107
  • Centralise update creation to include fields. #3111 #3123
  • Add full text index to speed up admin search. #3129 #3133
  • Offline process for CSV generation. #3146
  • Allow inspectors to change report asset. #3134 #3150
  • Staff users can use HTML tags in updates. #3143
  • Response templates can include HTML tags. #3143
  • Record whether report made on desktop or mobile. #3199
  • Do not display deleted priorities in inspect form. #3195
  • Include extra fields in submit emails. #3215
  • can remove staff status from users in bulk. #3221
  • super users can mark category names as hard coded. #3227
• Development improvements:
  • #geolocate_link is now easier to re-style. #3006
  • Links inside #front-main can be customised using $primary_link_* Sass variables. #3007
  • Add option to show front end testing code coverage. #3036
  • Add function to fetch user's country from Gaze.
  • Add cobrand hook to specify custom domain for VERP emails. #3100
• Open311 improvements:
  • Use devolved data on update sending. #3087
  • Rewrite open311-update-reports to share code and improve functionality. #3092
• Internal things:
  • Move from Travis to GitHub Actions. #3244
• UK:
  • Add option for recaptcha. #3050
  • Display search tips when location search returns no results. #3180

Version 3.0.1

• Admin improvements:
  • Order unsent reports by confirmed date. #2911
  • Disable staff private tickbox on new reports if category is private. #2961
  • Provide access to staff-only categories in admin. #2925 #2958
  • Move stats from main admin index to stats index. #2982
  • Speed up dashboard export and report search. #2988
  • Allow a template to be an initial update on reports. #2973
• Front end improvements:
  • Allow anonymous updating if anonymous reporting enabled.
• Bugfixes:
  • Application user in Docker container can't install packages. #2914
  • Look at all categories when sending reports.
  • Fixes the To header when sending emails about inactive accounts. #2935
  • Recent reports, use same query regardless of cache. #2926 #2999
  • Match body construction on Around with New setup.
  • Only one duplicate call in progress at once. #2941
  • Stop double escape in Google Maps URL.
  • Refactor/stop double escape in report nav link. #2956
  • Maintain group on pin move with same category in multiple groups. #2962
  • Remove unnecessary margin-right on #postcodeForm. #3010
  • Fix sorting by most commented on /around map view. #3013
• Development improvements:
  • Refactor Script::Report into an object. #2927
  • Move summary failures to a separate script. #2927
  • Add generic import categories from JSON script.
  • Add script to export/import body data. #2905
  • Add fetch script that does combined job of fetch-comments and fetch-reports. #2689
  • Allow fetch script to parallelize fetching. #2689
  • Do all retry timeout or skip checks in database. #2947
  • Show error page when submitting with web param to /import. #2233
  • Add a dæmon option for sending reports and updates. #2924
  • Update Getopt::Long::Descriptive to stop warning. #3003
• Open311 improvements:
  • Allow save/drop of row extra during sending. #2788
  • Match response templates on external status code over state. #2921
  • Add flag to protect category/group names from Open311 overwrite. #2986
• Documentation:
  • Remove part about restricting access to /admin. #2937
• UK:
  • Added junction lookup, so you can search for things like "M60, Junction 2". #2918

Version 3.0

• Security:
  • Fix XSS vulnerability in pagination page number.
  • Rotate session ID after successful login.
  • Switch to auto-escaping of all template variables (see below). #2772
  • Scrub admin description fields. #2791
• Front end improvements:
  • Improved 403 message, especially for private reports. #2511
  • Mobile users can now filter the pins on the /around map view. #2366
  • Maintain whitespace formatting in email report/update lists. #2525
  • Improve keyboard accessibility. #2542
  • Report form now indicates that details are kept private if report is made in a private category. #2528
  • Improve map JavaScript defensiveness.
  • Upgrade jquery-validation plugin. #2540
  • Pass ‘filter_category’ param to front page to pre-filter map.
  • Remove on-map Permalink. #2631
  • Darken front page step numbers, and improve nested heading structure. #2631
  • Set report title autocomplete to off to prevent email autocompleting. #2518
  • Add map filter debouncing to reduce server requests. #2675
  • Add XSL to RSS feeds so they look nicer in browsers. #2736
  • Add per-report OpenGraph images. #2394
  • Display GPS marker on /around map. #2359
  • Use nicer default photo upload message. #2358
  • Remove pan control from mobile widths. #2865
  • Use category groups whenever category lists are shown. #2702
  • Display map inline with duplicate suggestions on mobile. #2668
  • Improved try again process on mobile. #2863
  • Improve messaging/display of private reports. #2884
  • Add a web manifest and service worker. #2220
  • Also check filter_category for category choice. #2893
  • Reduce duplicate Permalink.updateLink calls when zooming map. #2824
  • Hide ‘provide extra information’ preamble when no visible fields are present. #2811
  • Improve user flow when JavaScript is not available. #2619
  • Change ‘locate me automatically’ to ‘use my location’. #2615
  • Include ‘submit’ button at very bottom of report form when signing in during report
  • Provide ARIA roles for message controller box.
• Admin improvements:
  • Add new roles system, to group permissions and apply to users. #2483
  • Contact form emails now include user admin links. #2608
  • Allow categories/Open311 questions to disable the reporting form. #2599
  • Improve category edit form. #2469
  • Allow editing of category name. #1398
  • Allow non-superuser staff to use 2FA, and optional enforcement of 2FA. #2701
  • Add optional enforced password expiry. #2705
  • Store a moderation history on admin report edit. #2722
  • Add user admin log page. #2722
  • Allow report as another user with only name. #2781
  • Allow staff users to sign other people up for alerts. #2783
  • Group categories on body page. #2850
  • Add admin UI for managing web manifest themes. #2792
  • Add a new "staff" contact state. #2891
  • Store staff user when staff make anonymous report. #2802
  • Record first time fixed/closed update sent to reporter in email.
  • Pre-filter ‘all reports’ by area for inspectors
  • show open311 failure details in admin report edit page. #2468
• New features:
  • Categories can be listed under more than one group #2475
  • OpenID Connect login support. #2523
  • Heatmap dashboard. #2675
  • Allow anonymous submission by a button, optionally per-category.
• Bugfixes:
  • Prevent creation of two templates with same title. #2471
  • Fix bug going between report/new pages client side. #2484
  • Don't include private reports when searching by ref from front page.
  • Set fixmystreet.bodies sooner client-side, for two-tier locations. #2498
  • Fix front-end testing script when run with Vagrant. #2514
  • Handle missing category when sending open311 reports #2502
  • Fix label associations with category groups. #2541
  • Hide category extras when duplicate suggestions shown. #2588
  • Hide duplicate suggestions when signing in during reporting. #2588
  • Retain extra data if signing in during reporting. #2588
  • Have duplicate suggestion and assets coexist better. #2589
  • Don't include lat/lon of private reports in ‘Report another problem here’ link. #2605
  • Allow contact send method to be unset always. #2622
  • Fix z-index stacking bug that was causing unclickable RSS icons on /alert page. #2624
  • Fix issue with inspector duplication workflow. #2678
  • Fix removal of cached photos on moderation. #2696
  • Checking of cached front page details against database. #2696
  • Inconsistent display of mark private checkbox for staff users
  • Clear user categories when staff access is removed. #2815
  • Only trigger one change event on initial popstate. #2862
  • Fix error when hiding a user's updates with no confirmed updates. #2898
  • Sort reporting categories in display order. #2704
  • Do not clear asset attributes on category change.
• Development improvements:
  • Upgrade the underlying framework and a number of other packages. #2473
  • Add feature cobrand helper function.
  • Add front-end testing support for WSL. #2514
  • Allow cobrands to disable admin resending. #2553
  • Sass variables for default link colour and decoration. #2538
  • Make contact edit note optional on staging sites.
  • Store email addresses report sent to on the report. #2730
  • Add configuration for setting Content-Security-Policy header. #2759
  • Add banner on staging website/emails, and STAGING_FLAGS option to hide it. #2784 #2820
  • Do not hard code site name in database fixture. #2794
  • Ensure OS dependencies are kept updated in development environments. #2886
  • Enhance inactive scripts to act per-cobrand, or full deletion. #2827
• Open311 improvements:
  • Support use of 'private' service definition to mark reports made in that category private. #2488
  • Ensure any reports fetched in a category marked private are also marked private on the site. #2488
  • Add new upload_files flag which sends files/photos as part of the POST service request. #2495
  • Allow description in email template with placeholder. #2470
  • Do not store display-only extra fields on new reports. #2560
  • Support receiving updates from external source. #2521
  • Improve JSON output of controller.
  • unset external_status_code if blank in update. #2573
  • Add support for account_id parameter to POST Service Request calls.
  • Do not overwrite/remove protected meta data. #2598
  • Spot multiple groups inside a element. #2641
  • Always update problem state from first comment #2832
• Backwards incompatible changes:
  • The FixMyStreet templating code will now escape all variables by default. If you need to output HTML in a variable directly, you will need to escape it with the safe filter, e.g. [% some_html | safe %].

Version 2.6

• Security:
  • Fix XSS vulnerability in admin report edit page.
• New features:
  • (Optional) auto-suggestion of similar nearby problems,
    while reporting, to discourage duplicate reports. #2386
• Front end improvements:
  • Track map state in URL to make sharing links easier. #2242
  • Default to unchecked for show name checkbox. #347
• Email improvements:
  • Header image file name can be customised
• Admin improvements:
  • Include moderation history in report updates. #2379
  • Allow moderation to potentially change state. #2381
  • Spot moderation conflicts and raise an error. #2384
  • Allow searching for in admin.
  • Make staff JavaScript more self-contained.
  • Alow staff user to be associated with multiple areas.
  • Improvements to admin checkbox display.
• Bugfixes:
  • Check cached reports do still have photos before being shown. #2374
  • Delete cache photos upon photo moderation. #2374
  • Remove any use of my $x if $foo. #2377
  • Fix saving of inspect form data offline.
  • Add CSRF and time to contact form. #2388
  • Make sure admin metadata dropdown index numbers are updated too. #2369
  • Fix issue with Open311 codes starting with ‘_’. #2391
  • Add parameter to URL when “Show older” clicked. #2397
  • Don't ask for email on alert signup if logged in. #2402
  • Filter out hidden reports from top 5 list. #1957
  • Add space below "map page" contents on narrow screens.
  • Use relative report links where possible. #1995
  • Improve inline checkbox spacing. #2411
  • Prevent duplicate contact history creation with Unicode data.
  • Show all Open311 extra fields in edit admin.
  • Proper bodies check for sending updates.
  • Check better if extra question has values.
  • Stop filter category overriding chosen category.
  • Allow things to reset if "Pick a category" picked.
  • Stop category_change firing more than it should.
  • Fix extra question display when only one category.
  • Fix superusers creating anonymous reports. #2435
  • Ensure non_public reports aren't exposed at /open311 endpoint.
  • Escape body name in admin title.
  • Use REQUEST_URI, not PATH_INFO, to infer path.
• Development improvements:
  • Make front page cache time configurable.
  • Better working of /fakemapit/ under https.
  • Improve Open311 error output on failing GET requests.
• Backwards incompatible changes:
  • If you wish the default for the showname checkbox to be checked,
    add sub default_show_name { 1 } to your cobrand file.
  • The admin body and user sections have been refactored – if you have
    custom templates/code, you may need to update links to those.

Version 2.5.1

• Security:
  • Fix XSS vulnerability in admin report edit page.

Version 2.5

• Front end improvements:
  • Simplify new report/update sign in flow. #642
  • Simplify /auth sign in page. #2208
  • Clearer relocation options while you’re reporting a problem #2238
  • Enforce maximum photo size server side, strip EXIF data. #2326 #2134
  • Don't require two taps on reports list on touchscreens. #2294
  • Allow moderation to work without JavaScript. #2339
  • More prominent display of "state" on report page #2350
  • Improved report/update display on contact form. #2351
• Admin improvements:
  • Allow moderation to potentially change category. #2320
  • Add Mark/View private reports permission #2306
  • Store more original stuff on moderation. #2325
  • Sort user updates in reverse date order.
  • Improve update display on admin report edit page.
  • Keep all moderation history, and show in report/update admin. #2329
• Bugfixes:
  • Restore map zoom out when navigating to /around from /report. #1649
  • Don’t escape HTML entities in report titles pulled in by ajax. #2346
  • Show reopening/fixed questionnaire responses lacking updates. #2357
• Open311 improvements:
  • Fix bug in contact group handling. #2323
  • Improve validation of fetched reports timestamps. #2327
• Development improvements:
  • Add option to symlink full size photos. #2326
  • default_to_body/report_prefill permissions to control default report as/prefill behaviour. #2316