New Features
- No new features announced for this quarter.
Improvements
- Admin item view: Admins can now view items directly from the Admin Portal item list.
- API endpoint performance (Core): LINQ query optimisations applied across multiple endpoints to improve overall API response times.
- Removal of Admin Google Login: Google login has been removed from the Admin Portal login flow.
- FE support for API performance improvements: Frontend updated to align with backend API performance changes.
- Active logout invalidates session token (FE): User-initiated logout now invalidates the webapitoken cookie, ending the session cleanly.
- Shortened cookie expiry time (Core/FE): Cookie expiry windows have been reduced to limit session exposure.
Bug Fixes & Stability
- PII removed from session cookie (FE): Personal identifiable information has been stripped from session cookies.
- API endpoint PII remediation: Five endpoints identified as returning unnecessary personal identifiable information have been patched. Responses now restrict PII based on user role, with exposed fields removed, masked, or replaced with non-sensitive identifiers across all affected endpoints.
- Sub-merchant page access with permitted roles (FE): Sub-merchants with the correct permissions can now access their designated pages without error.
- Timezone not reflecting in exported CSV: CSV exports now correctly apply the admin-configured timezone.
- CSV date format corrected: Export dates now display as DD/MM/YYYY instead of a Unix timestamp.
- Extra empty column removed from CSV export: A redundant column with no data has been removed from exported CSV files.
- PII exposure in API endpoints: API endpoints have been patched to prevent any inadvertent exposure of personal identifiable information.