Actions

Release notes/9.3.4

From Convention Master Documentation

< Release notes

NOTE: This page contains release notes for a past release of Convention Master. The current version is 10.1.7.

Convention Master 9.3.4 was released 2018-02-23. This is a bugfix release for users of the 9.3.x series, to fix issues discovered since release.

Purpose of Patch

This patch contains the start of what will be a major change to how CM operates. This patch includes a new kiosk step called 01_get_uid_username which allows your kiosk users to create a much more secure username and password.

While the old kiosk methods are still currently available for use, attendee accounts that use the 01_get_uid_username step to create usernames and passwords will no longer be visible to older kiosk modules like 01_get_uid_v2.

Once again, any user with a "Kiosk username" will be unable to be searched for by first and last name, effectively hiding them from the name login kiosk.

This code has been released in a rushed in response to a article written which raised three major concerns.

1) If you know the real name of the person you are looking for, you will be able to determine their fan name. This concern was in fact very accurate and we previously released version 9.3.3 as quickly as possible to address this concern, and as of 9.3.3, this was much much more difficult to do, but not impossible. 9.3.4 removes this concern entirely with the username/password step.

2) If you know the real name of a person, you could in some cases determine whether or not they are going to be attending a particular event. This concern was in fact very accurate, and we released previously version 9.3.3 as quickly as possible to address this concern, and as of 9.3.3, this was indeed impossible to do.

3) If you know the real name of a person, you could in some cases determine whether or not they have ever been entered into the CM database. This was not corrected by version 9.3.3, and this is the primary issue that this 9.3.4 release is resolving.

With version 9.3.4 if you replace the 01_get_uid_v2 step of any kiosk with 01_get_uid_username step, users will no longer be able to see the information as mentioned in item number three above. However, for this step to work, email sending must be near immediate. The unique emails with access links that get sent as a result of this step last only 10 minutes, so your email crontab or email sending jobs must be upped if it is too slow for that.

Customers with rate-limited email sending ability will be affected by this. Additionally, the reason why this isn't a more major version release is that this code is not yet complete. As of right now, we feel that any convention that plans to use 01_get_uid_username at con is going to have a bad day.

The reason why the name search/Security-question solution was so popular with many of our customers was that so many of the con attendees were unable to remember a password that they only used once a year or even less frequently.

Conventions attempting to use the 01_get_uid_username at con should expect to have to pay more money for their internet connection from the hotel to ensure fast and timely email delivery, and expect to employ at least double the front end reg staff to handle the increased in requests for password resets.

CivetSolutions is currently looking into ways of making the at-con kiosk experience more functional as we go on, so for those cons who are not within the next few weeks, please stand by while we research better ways to address the password reset at-con concern.

UPGRADE WARNING: This release has special instructions about the upgrade process below. Please make sure you read them before performing an upgrade.

List of changes

Changes made and bugs fixed in 9.3.4 include:

  • [Ticket #843] Added username/password step to kiosk system.
  • [Ticket #833] Corrected display bug with List Registrations where too many page links appeared.


Upgrading

Before starting an upgrade, we recommend that you backup your Convention Master database and files.

To perform the upgrade, run a Subversion update in the folder that contains your Convention Master installation:

$ svn up /path/to/convention_master


When this has completed, log in to the staff console [yoursite.com/console] with an account that has the "Perform DB and System Upgrades" permission to automatically trigger any pending schema updates. DO NOT FORGET THIS STEP, otherwise it will leave your install in a locked upgrade state.

For fuller/more complete information on upgrading your Convention Master installation, please see our upgrade documentation.

If you have any questions or comments, please email us at support@civetsolutions.com.

Categories