This update significantly improves the security of forms created with the Form Builder, specifically addressing potential vulnerabilities related to file uploads and textbox fields.

To combat this, the following measures have been implemented:

• Output Encoding for Textbox Fields: A new approach using output encoding has been adopted to mitigate XSS (Cross-Site Scripting) storage vulnerabilities in textbox fields. This ensures that any potentially malicious HTML or script tags are safely rendered as plain text, preventing them from executing. This method is officially documented as an accepted approach by Salesforce and OWASP.
• Server-Side File Extension Validation: The system now includes robust server-side validation for uploaded files, ensuring that only permitted file extensions are accepted. This prevents the upload of potentially harmful file types.

These changes are designed to protect against security risks and provide a more secure experience when using forms on your website. A setting has also been added to allow the new behavior to be turned on or off.

Deployment to Production: February 6, 2025.

This update resolves an issue in forms where, when a picklist field using a list view was set to read-only, the form would display the internal ID of the picklist value instead of its user-friendly name. Additionally, a problem was identified where saving values for read-only picklist fields could result in data loss.

To address these issues:

• Logic has been added across the view, client-side, and server-side to ensure that read-only single and multi-picklist fields correctly display their intended names instead of IDs.
• The bug causing data loss when saving values for read-only picklist fields has also been resolved.

These improvements ensure that forms with read-only picklists display correctly and maintain data integrity.

Deployment to Production: February 6, 2025.

This update resolves an issue where the Advanced Registration System (ARS), when assigned to a specific occurrence, would incorrectly execute for other occurrences during signup, even if those other occurrences did not have ARS assigned. This could lead to unexpected registration flows for users.

A bug in the system's logic has been identified and fixed. Now, the correct ARS will be applied only when the user signs up for an occurrence that explicitly has ARS assigned, or when they sign up with a team, ensuring a precise and intended registration process.

Deployment to Production: February 6, 2025.

This update resolves an issue where the "Export to CSV" button was missing from Listing Blocks when using the new CMS layout. This primarily affected opportunity pages and reports sections, preventing staff from exporting data.

The fix addresses the underlying problem, which was the omission of the "buttons.html5.min.js" library in the new layout. This library is crucial for the export functionality. With this adjustment, the "Export to CSV" button is now correctly displayed and functional, allowing users to export data from Listing Blocks.

Deployment to Production: February 6, 2025.

This update provides a resolution for multiple issues affecting registration and team creation forms. Previously, volunteers encountered errors when attempting to add team members without an email or phone number, and also experienced issues with saving edits to the "Team Description" field in the Team Creation Requirements form.

Specifically, the following has been addressed:

• Team Member Registration Errors: The system no longer incorrectly requires an email and/or phone number for all team members when creating a new team, allowing for the registration of minors without this information. This resolves the "Error Please enter an Email and / or Phone for all team members" and "Error The action cannot be completed, reload the page and try again" messages.
• Persistent "Team Description" Field: The bug preventing the removal of the "Team Description" from the Team Creation Requirements form has been fixed. The field will now correctly remain hidden after saving edits. This was caused by default settings marking removed fields as required, which has now been corrected.

These fixes ensure a smoother and more flexible experience for volunteers creating teams and managing team member information.

Deployment to Production: February 6, 2025.

This update resolves an issue in the new CMS Layout where the "Field to Write to" functionality within the Listing Block was not working. This prevented users from properly configuring how data was written to fields.

The problem was caused by the new CMS client-side logic loading events to populate these "Write To" related fields only after the data had already loaded, meaning the inner items weren't populated when the "Write To" button was activated.

The client-side logic has been updated to ensure events load properly, and the selector has been adjusted for compatibility with the new CMS settings. This ensures the "Write To" field now functions as intended.

Deployment to Production: February 6, 2025.

This update resolves an issue experienced by a couple of clients, where volunteers were unable to sign up for shifts and were stuck on a "please wait" status with a loading circle.

The problem was caused by incorrect validation in the JavaScript for the next steps in the Advanced Registration System (ARS) signup process. This fix addresses the validation logic after the "Signup" button is clicked, allowing volunteers to successfully complete the signup process without encountering the "Please Wait" loop.

Deployment to Production: February 6, 2025.

This update resolves an accessibility issue with the Volunteer Activities Table where elements like filters were executable but not identifiable as such by screen readers. This prevented users relying on assistive technologies from fully interacting with the table.

The fix involves adding the necessary aria-label attributes to the filters, ensuring that screen readers can correctly identify and interpret these interactive elements. This improves the overall accessibility and usability of the Volunteer Activities Table.

Deployment to Production: February 10, 2025.

This update resolves an issue where their Featured Opportunity Block was incorrectly displaying "City, State" and "dates/times," even when these options were explicitly unchecked in the CMS. This was problematic as the organization is single-location and many opportunities are ongoing, making the displayed date misleading.

The underlying error in validation has been identified and corrected. The Featured Opportunity Block will now accurately reflect the selected display settings, ensuring that location and date/time information are hidden when intended.

Deployment to Production: February 10, 2025.

This update resolves a bug with the Image Slider Block where, even after being configured for a specific URL, it would incorrectly display on all pages.

The fix ensures that the Image Slider Block now correctly adheres to its configured URL settings, appearing only on the intended pages.

Deployment to Production: February 10, 2025.

This update resolves a navigation issue experienced on corporate private opportunity pages). Previously, after viewing a specific opportunity on these pages, clicking the back button would incorrectly redirect users to the invitation code entry page instead of the previous list of opportunities.

The issue was related to cache headers in HOC4. This fix ensures that users can now navigate back to the opportunity search results page without needing to re-enter the invitation code.

Deployment to Production: February 14, 2025.

This update resolves a critical issue affecting the Volunteer Opportunity page on Partner Portals. Users were experiencing problems where the page would not fully load, preventing them from viewing all applicants or navigating through pages. In some cases, a second search bar also appeared.

The problem was identified as a bug in the rendering of filters via JavaScript. The fix includes adjustments to validate the conditions that caused this issue, ensuring the page loads correctly and displays as intended. This resolves issues such as the page not completing its load, inability to navigate through applicant pages, and the presence of duplicate search bars.

Deployment to Production: February 14, 2025.

This update resolves an issue where the column filters in Listing Blocks, specifically those using date and time fields, were not sorting values correctly. The system was treating these values as strings, leading to an incorrect order.

The fix involves modifying the sorting logic to correctly transform string values into datetime values before sorting. This ensures that date and time filters now display values in the accurate chronological order.

Deployment to Production: February 14, 2025.

This update resolves an issue in the Listing Block where using SOQL (Salesforce Object Query Language) with the "select all" option to update multiple records was failing. Previously, the system would report "no rows to update" even when multiple records were selected in a batch. Individual selections would work correctly.

The problem was identified as the checkbox header event in the listing CMS not correctly triggering the inner events for each row, leading to no changes being detected in the table. The event logic has been refactored to address this issue.

Deployment to Production: February 14, 2025.

This update resolves an issue where occurrences were not displaying in the correct order in search results. Previously, the system would incorrectly default to "Distance" sorting, and users were unable to change this default, leading to upcoming occurrences not appearing as the next ones.

The fix addresses the underlying logic that caused the incorrect sorting, particularly in "border cases" where the "Include Full Occurrence" feature was activated. This ensures that occurrences are now displayed in the correct chronological order, providing an accurate view of upcoming events.

Deployment to Production: February 18, 2025.

This update resolves an issue where the payment type field was not appearing correctly on forms. The issue affected the conditional logic intended to display one of two payment fields based on a picklist field.

The issue has been identified as being related to the field that retrieves data from Salesforce. Adjustments have been applied to correct this behavior, ensuring that the payment type fields now display according to the configured logic.

Deployment to Production: February 18, 2025.