[ZendTo] Beta release 6.04-1 has overhauled "Request a drop-off" page

Wed Jul 22 18:19:20 BST 2020

Folks,

I have just released a new beta 6.04-1.
The main feature of this is I have overhauled the "Request a drop-off" 
page, and added date/time pickers so you can set precise start and end 
times for the request to be valid.

If you have a "Content-Security-Policy" header defined in your Apache 
config, that will need updating to allow "data:" URLs for images.
Fortunately I have written a tool to do that for you, and it is now run 
as part of "upgrade".

For more details, and how to download it, please see the beta page at
     https://zend.to/beta

*PLEASE* can you test the "request a drop-off" page on your favourite 
browsers, and tell me if it all looks okay, or if it doesn't. I've tried 
about 11 different browsers on 3 platforms, but that's only a sample.

The full Change Log for this beta is:
- Overhauled the "request a drop-off" page.
- Added new feature to requests: you can now set a start and end 
date+time. Outside those times, the request won't work.
- Fixed bug where admins logging in via SAML would not see statistics 
button in main menu. Alternative workaround is to list 'authAdmins' 
users in 'authStats' as well.
- Changed 'Content-Security-Policy' header definition in Apache config. 
Exact change is to replace "img-src *" with "img-src data: *", then 
restart Apache. Otherwise the date/time picker in the "Request a 
Drop-off" form will not display correctly.
- Subject in new drop-off form can now only be edited if you are logged in.
- Fixed bug in unlock-user to get all the reporting correct, and fix and 
improve logging. Thanks Marlon!
- Improved "upgrade" command so it warns you if you have *.rpmnew or 
*.dpkg-dist files in your templates dir that you need to move into place 
by hand, as you had modified the previous versions.
- Improved "upgrade" command so it checks you have a 
'Content-Security-Policy' header definition in your Apache config for 
the https ZendTo site. And if so, adds "data:" to the list of valid 
sources of images. Otherwise the date+time pickers in the "request a 
drop-off" page will look messed up. If it doesn't find the header 
definition at all, it suggests the change you need to make.

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

IMPORTANT: This email is intended for the use of the individual
addressee(s) named above and may contain information that is
confidential, privileged or unsuitable for overly sensitive persons
with low self-esteem, no sense of humour or irrational religious
beliefs. If you are not the intended recipient, any dissemination,
distribution or copying of this email is not authorised (either
explicitly or implicitly) and constitutes an irritating social faux
pas.

Unless the word absquatulation has been used in its correct context
somewhere other than in this warning, it does not have any legal
or no grammatical use and may be ignored. No animals were harmed
in the transmission of this email, although the kelpie next door
is living on borrowed time, let me tell you. Those of you with an
overwhelming fear of the unknown will be gratified to learn that
there is no hidden message revealed by reading this warning backwards,
so just ignore that Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and
your computer you can ensure that no harm befalls you and your pets.
If you have received this email in error, please add some nutmeg
and egg whites, whisk and place in a warm oven for 40 minutes.

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200722/44efe4a0/attachment.html>