We are releasing this to fix a critical security flaw discovered last week. Thank you goes to Andrew Noble of Ivanhoe Girls' Grammar School for the discovery last week. The issue affected the WebDAV server built into Schoolbox and has been in existence for at least 2 years. If you would like more information about potential impacts of this please contact support. In addition, an important new policy has been added to allow visibility of student contact details to be locked down to staff only, avoiding issues with parent visibility of contacts.
Admin
- SA-453 Added new policy to allow control of student contact visibility between staff and parents
Core
- SA-902 *SECURITY* Fixed critical security flaw in webdav browser
- SA-737 Fixed issue accessing user profile of student when teachers have been deleted
External Connectors
- SA-923 Added new Double First Engage SIS connector
- SA-705 HumanEdge: Fixed issue where staff could not see classes in some cases at Dubbo
- SA-744 HumanEdge: Fixed students showing up in wrong classes
LMS
- SA-427 Fixed error when importing course that contains rubric descriptors which have been unassigned
Custom
- SA-742 CISPL: Made class codes case insensitive because the ISAMs codes can be in different cases
- SA-564 STK: Fixed EOTC event showing in dashboard calendar component for all users, not filtering on campus
- SA-662 STK: Fixed EOTC superusers unable to see approved/cancelled EOTCs
- SA-716 StPauls: Fixed sync script crashing mid run due to unknown year groups