Skip to Content
ChangelogsCBAS Web

CBAS Web Changelog

Welcome to the CBAS Web Changelog. Here you will find a comprehensive list of updates, improvements, and bug fixes for each version of the CBAS Web application. Stay informed about the latest changes and enhancements to ensure you are always up-to-date with the newest features and fixes.

19.x.x

1-17-2020

Security patches

  • Apache 2.4.x Multiple Vulnerabilities
    • A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211)
    • An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217)
    • An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215)
    • In addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies.
  • Upgrade Apache2 server to ver. 2.4.41, where the above vulnerabilities have been fixed.
  • Disability of phpmyadmin - SQL injection (SQLi) vulnerability exists in phpMyAdmin due to improper validation of user-supplied input

1-12-2019

Updates to Version 19.0.1

  • Added more options for the mass import of access control cards through means of cvs spreadsheet.
  • New interface for uploading mass collection of pictures for access cards.
  • Added feature to select access control group on mass import.
  • New operation tools for multiple selection of access cards.
  • Distributed new access control badge templates
  • Support for Ubuntu 16 and above provided.

4-10-2019

Released Version 19.0.1

  • Vulnerability found by Security Company Applied Risk. Patched in this release.
  • Removed aggregate authentication mode
  • Strong passwords enforcement
  • Improved security on the following:
    • Cookies
    • Cross-origin Resource Sharing
    • HTTP Public Key Pinning
    • HTTP Strict Transport Security
    • Redirection
    • Referrer Policy
    • Subresource Integrity
    • X-Content-Type-Options
    • X-Frame-Options
    • X-XSS-Protection
  • Defended against html injection on the Login and Reset Password pages
  • Removed user enumeration issue on failed logins.

3-20-2019

Released Version 19.0.0

18.x.x

4-10-2019

Released Version 18.0.1

  • Vulnerability found by Security Company Applied Risk. Patched in this release.
  • Removed aggregate authentication mode
  • Strong passwords enforcement
  • Improved security on the following:
    • Cookies
    • Cross-origin Resource Sharing
    • HTTP Public Key Pinning
    • HTTP Strict Transport Security
    • Redirection
    • Referrer Policy
    • Subresource Integrity
    • X-Content-Type-Options
    • X-Frame-Options
    • X-XSS-Protection
  • Defended against html injection on the Login and Reset Password pages
  • Removed user enumeration issue on failed logins.

2-8-2019

Released Version 18.0.0

  • First version that supports Ubuntu 16 LTS and above

17.x.x

No changelog available.

16.x.x

No changelog available.

15.x.x

4-10-2019

Released Version 15.0.1

  • Vulnerability found by Security Company Applied Risk. Patched in this release.
  • Removed aggregate authentication mode
  • Strong passwords enforcement
  • Improved security on the following:
    • Cookies
    • Cross-origin Resource Sharing
    • HTTP Public Key Pinning
    • HTTP Strict Transport Security
    • Redirection
    • Referrer Policy
    • Subresource Integrity
    • X-Content-Type-Options
    • X-Frame-Options
    • X-XSS-Protection
  • Defended against html injection on the Login and Reset Password pages
  • Removed user enumeration issue on failed logins.

4-22-2019

New feature

  • Added support for Ubuntu 16 and above

2-5-2019

New feature

  • Bill tax switch for the accounting module
  • Operate group on multiple cards selected
  • Progressive picture uploading
  • Mass import of pictures for access control cards
  • Assign floor to selection of cards
  • Highcharts widgets available

9-10-2018

Bug fixes

  • Filtered slashes accordingly with setting for the cbas card diffs page
  • Added date to debug files.
  • Filtered out form inputs that depend on card format being used or not.
  • Getting card picture independently of the special chars in the name
  • DPU alive ajax callback.
  • Added settings flag to display or not the maintenance tools.
  • Improvements to check dpu.
  • Fixed access, no access check boxes re-direction.
  • Added red warning banner in case the dpu goes offiine
  • added enable disable back slashes removal, to support names with special characters.
  • Fixed the Access No Access check boxes in the card reports.
  • Added toggle setting to use or not CARD_FORMAT

8-27-2018

New features

  • Unregistered cards links to create card interface
  • New access control maintenance interfaces
  • New interface to check areas associated with each card
  • New interface to check readers schedules and areas on the web server and on the DPU
  • New interface to register a card from the access control report
  • Fixed bug downloading reader areas association

8-21-2018

Bug fixes and new features

  • Fixed card conversion, implemented support for automated re-directions to authorized areas editing.
  • Added work flow settings in access control
  • Implemented input support for JOB_CODE, CARD_NUMBER and CARD_FORMAT for access control group admins.
  • Implemented automated redirection to Add New Card interface from Guess Card Format page.
  • Fixed point counting information on Pull Points page.
  • Added profile Add/Subtract for group allowed areas editing.
  • Reduced left margin for content on the official Dark Theme.
  • fixed the white color on active state input, where we could not see the text.

8-20-2018

Bug fixes and new features

  • Fixes in the card format conversion
  • Fixed Change Identity for a tenant
  • Fixed the point ordering background color
  • Implemented Guess Card Format Report
  • Added profile Add/Subtract to mass operation on Add Remove Areas page
  • Added convert card format checkbox and javascript to narrow down format options
  • Support for Key Fobs format and modal for card format info
  • New Guess Card Format page and convert format checkbox

1-9-2018

Bug fixes

  • implementation of Logout button in CBWgraphics
  • CBWgraphics log files now created with 777 mode.
  • Updating existing generic card in cbas.
  • Support for pull graphics for CBAS 17.
  • fixed DPU pull for more than one DPU, mysql handle and image dir making.
  • Added support for mask multi-state points in CBWg.

8-4-2017

New features and bug fixes

  • Implemented progress bar dialog for heavy back end processes.
  • Theme selection on CBW graphics.
  • Better written card grant reasons.
  • Fixes in the Visitor Tracking Interface
  • Implemented cross check for duplication on job_code/card_number when editing a card.
  • changed use_landing_lookup to convert_floor setting name
  • Added timestamp to log files,
  • Added debug information in import AC data from DPU and Refresh Cards from DPU.
  • implemented Other Mores For This Point algorithm.
  • Adding new widget - Simple Point Commander.
  • Heatmap View Editor implementation.
  • Fixed landing lookup aka vip floor, or elevator destination dispatch system.
  • Improvements on the bades module and also, added bootstrap pop ups with redirection links.
  • Added JQuery time picker to the expire date on new cards.
  • New badges implementation based on Single Page Application.
  • head php file renaming
  • Added debug information in the Overtimes Import from DPU
  • New marketing logo on the white theme
  • Improvements on the official dark theme
  • Watch List Email Notification.
  • Implemented watch list settings.
  • Updated sql schema to support Watch List.
  • Adding Visitor Tracking page
  • Adding JQuery autocomplete
  • Fixed revoked passes information
  • Adding Dark Theme schedules.

12-12-2016

Bug fix

  • Fixed bug in user insertion of admin and system
  • Added missing kiosk column in users table
  • Fixed Dashboards horizontal margins in page wrapper for the Dark Theme.
  • Fixed menu banner not showing while logged out in dark theme.
  • Fixed dark theme in system and hardware
  • Fixed dark theme in preferences.
  • Kiosk mode toggle implementation
  • Restored horizontal menu banner none

6-26-2016

New features and bug fixes

  • History replay implementation
  • Logs on medals
  • Fixed a bug updating the counter on page refresh
  • Added two new Fire Alarms widgets
  • Adding new Fire dashboard based on GETHR22.
  • Adding Ajax login
  • Adding log in method for iframe - to be used in dashboards.
  • Implemented privileged views filter to other users than admin group, to advanced reports.
  • Kiosk mode integration in the Dark Theme.
  • Implemented Card Format fixes, to allow awareness of card format in the editing cards interface, also in the ShowCBASCards function, a commented block will insert card_format in the ac_cards table, to be run once.
  • fixed bug in advanced settings description.
  • Modified colors in the calendar in accordance with the dark theme
  • Changed font in Speedometer to Maven Pro in the dark theme case.
  • Modified the Speedometer style for the dark theme, added js code to check if the dark theme is set and select the appropriate speedometer theme.
  • Implemented JQuery code to refactor buttons widths, updated the hardware css and js links to local modified css and js sources.
  • Added By Username filter to Forensic report.
  • Fixed bug in Forensic Reports, Card number and By user id filters are now working.
  • In Config and Preferences, replaced JQuery external links by localhost links, modified jquery-ui.css in accordance with the Dark theme
  • Adding icon thumbnails for the several themes available.
  • Added new icons, there are 3 not linked in the code: icon_leftnav_li.gif, icon_leftnav_li_red.gif and icon-trash-can.git.
  • Added new icon-set to CBWgraphics.
  • CSS update: input and select with the same widths.
  • Fixed bug when saving, bar-status lost value and units.
  • added MySQL test connection to CBWgraphics import mechanism.
  • Adding new graphics dark theme version

3-1-2016

New version release 15.0.0

14.x.x

4-10-2019

Released Version 14.0.1

  • Vulnerability found by Security Company Applied Risk. Patched in this release.
  • Removed aggregate authentication mode
  • Strong passwords enforcement
  • Improved security on the following:
    • Cookies
    • Cross-origin Resource Sharing
    • HTTP Public Key Pinning
    • HTTP Strict Transport Security
    • Redirection
    • Referrer Policy
    • Subresource Integrity
    • X-Content-Type-Options
    • X-Frame-Options
    • X-XSS-Protection
  • Defended against html injection on the Login and Reset Password pages
  • Removed user enumeration issue on failed logins.

4-6-2018

New feature

  • Chiller efficiency report implementation
  • Fix in the groups listing alphabetically.
  • Fixes in the contiguous overtime requirement.
  • Extend OT fixed.
  • fixes in metering.
  • Fixes in meter invoices, now only daily consumptions is accounted for.

7-20-2017

New features

  • Contiguous overtime rule implementation
  • Implemented ContiguousTimeDifferenceCustom function
  • Added information about possible overlapping overtimes so that other users can list overtimes within the same tenant
  • Added tarball download
  • Filter tax on footer of pdf invoices.
  • Added tax column on group_billing table.
  • Added tax switch
  • Re-organized System Settings tabs, added one more checkbox to not apply tax to meters, implemented filter on the accounting module.

1-17-2017

New features

  • Added daily consumption to the meters invoice.
  • Improvements on the meters report.
  • Implementation of the overtime notification via email.
  • Improvements on the maintenance log table and implementation of email notification for overtimes.
  • Implemented filtering for invoices, only tenants that had consumption will have linked html and pdf documents.
  • Front-end fixes.

12-15-2016

Bug fixes

  • Fixed header title in invoices
  • Only report or invoice on groups that had consumption
  • Added more space for the logo, so that it won’t overlap the tagline
  • added nocache headers
  • Fixes in invoices and in monitor titles for the new ot options
  • Fixed pdf links on accounting reports.
  • Fixed the MoresBill calculation support for version 1 and 2 of mores.

10-20-2016

New features

  • Implemented carry over for the free amount allowances.
  • Added switch to only display billing allowance menu option when its set for the tenant.
  • implemented extended version of overtimes for cbas-
  • Added one more column, server_id in the mores table.
  • Kill more and send message implemented.
  • Adding module to log maintenance outages
  • Implemented the contiguous overtime requirement.

10-6-2016

Bug fixes

  • Fixes in group review allowance
  • Fixes in dollar amount both bill proposed and restore seconds.
  • Fixes allowance restore
  • Fixed MoresBill used in Reports.
  • Updating mysql reference database
  • implemented new customizable function costs in commander_ot
  • Implemented more 2 extra BO functions in Edit Points.
  • Added support for 2 customizable billing options in groups and detached history settings to its own tab in settings.

7-20-2016

Released Version 14.0.0

CBAS Mobile