HOC3 Release Notes 13.1.0

HOC3v13.1.0 (Released: 11/13/2025)

Overview

This release is all about security, stability, and reliability. We’ve tackled urgent registration errors, upgraded core libraries, and made significant improvements to site security headers and vulnerability mitigation.

🚀 Features & Improvements

  • Security Library Upgrades
    Updated core JavaScript libraries to address vulnerabilities and improve stability:

    • jQuery-UI: v1.13.0 → v1.13.3

    • jquery.datatables: v1.10.18 → v1.13.8

    • moment.js: 2.29.1 → 2.30.1

    • CKEditor: 4.18.0 → 4.22.1 (with additional mitigations for known vulnerabilities)
      (LHH-22248, LHH-22284, LHH-22333)

  • HTTP Security Headers
    Added and improved HTTP headers for HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, and Permissions-Policy to boost site security. (LHH-22321, LHH-22345)

  • CKEditor Security Hardening
    Disabled vulnerable plugins and applied configuration changes to mitigate XSS and other risks, with per-site controls for safe mode. (LHH-22284, LHH-22333)

🛠️ Bug Fixes

  • 500 Errors on Volunteer Registration
    Fixed widespread 500 errors affecting new volunteer registration across multiple sites. Added validation and default settings to prevent recurrence. (LHH-22263, LHH-22264, LHH-22265)

  • Sign-Up Confirmation Count
    Fixed an issue where the confirmation message displayed the wrong number of shifts when signing up for multiple shifts. (LHH-22268)

📝 Security Epic Completion

  • DFW Volunteer Website Security Updates
    Addressed and closed out all items reported by DFW’s cybersecurity team, including JavaScript library updates and HTTP header improvements. (LHH-21894)

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.