Product releases

The following product release is planned for October 9th, 2024

Sprint 53-54 - October 9th, 2024
  • Feature
Improvements in back-office
DESCRIPTION

We have been working with improving the back-office. Specifically, we’ve worked on improving the speed within multiple areas in the back-office.

  • Feature
Action plan to mitigate hacking attempts on AO platform
DESCRIPTION

Recently we have had some hacking attempts on our platform.

Quick overview of the hacking attempts: hacker mainly tries to exploit publicly available endpoints by querying them with a moderate number of requests. Typically, from a couple of minutes to an hour.

We have created an action plan to mitigate these attempts:

  1. Change the request signature algorithm

  2. Explore the possibility to obfuscate the request signature algorithm

  3. Review hacking attempts logs to assess the impact

  4. Implement a rate limiter (per IP per endpoint per API key) to prevent brute force attacks

  5. Implement a WAF (Web Application Firewall) to filter out malicious requests – ModSecurity for nginx is a good choice

  6. Revise a Content Security Policy (CSP) to prevent XSS attacks

  7. Revise a public endpoints code to prevent SQL injection

  8. Make the input validation for elastic search queries more strict to prevent garbage input

  9. Add ModSecurity metrics to the monitoring system and setup alerts

  10. Explore the possibility to implement a honeypot to distract hackers

  11. Discuss the possibility to block / grey-list IPs that show suspicious activity

No data
Sprint 52.5 - September 18th, 2024
  • Feature
Set Default Country Code to +47 for Phone Number Input
DESCRIPTION

When adding a phone number, the input field currently does not have a default country code set. To streamline the process and reduce manual entry, the system should automatically set the default country code to +47. This will save users time and reduce the potential for errors.

  • Feature
Tagging Of Courses
DESCRIPTION

Upon request, you should as a course admin be able to assign tags for courses based on which sub-division the course is relevant for.

This is so that a third-party application can use these tags in their API to connect the right sub-division to their respective calendars.

We do not intend to use this way tagging courses to place certain courses into course categories, but rather to showcase for which sub-divisions these courses are relevant for.

  • Feature
Import App for AO
DESCRIPTION

A stand alone application which can create Users/Members in the AO system via a CSV file.

  • Feature
Improved Front end performance
DESCRIPTION

 

No data
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages