Version 2.6

by Matthew, on 29 April 2019

Image © Ben Waddington

Today we have released version 2.6 of FixMyStreet.

This release fixes a cross-site scripting security issue where someone could create a report through the site with a specially constructed query parameter, and then viewing that report on the admin report edit page would allow the report creator to run their own JavaScript. We have also released version 2.5.1 which is identical to 2.5 including this fix.

There’s a new, optional, feature to auto-suggest similar nearby problems while reporting, to discourage duplicate reports; and the map state is now updated in the URL to make sharing links easier. A bit more work has been done on moderation, spotting conflicts and showing moderation history to staff on report pages, as well as in the admin.

Mostly this release is bugfixes, please see the changelog for full details.

Upgrading

The admin body and user sections have been refactored – if you have custom templates/code, you may need to update links to those.

If you wish the default for the showname checkbox to be checked, you can add sub default_show_name { 1 } to your cobrand file.


If you have any questions, or problems installing the code, please do get in touch, or post on our mailing list.