Released beginning on December 12, 2022. The release is rolled out to groups of accounts over a span of several days. Consequently, some changes may not appear on your account until after the release date.
The Version 8.0 release includes the following changes and enhancements.
Security updates
This release includes a number of updates to improve security and reduce spam.
Traffic encryption is now required
To protect yourself and your members, Wild Apricot will be requiring traffic encryption for all our client sites. This means that all site pages and all page content must use URLs that begin with HTTPs rather than HTTP.
The change will only affect you if you are:
- using a custom domain without a security certificate
- using a custom domain with a security certificate but you haven't set your encryption option to Always
- using links or displaying content that starts with HTTP rather than HTTPS
For the steps you need to take if one of these apply to your site, click here.
JavaScript whitelist
WildApricot has begun implementing Content Security Policy (CSP), a security standard introduced by browsers as an added layer of protection to prevents certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
CSP works by detecting calls to external URLs then comparing those calls against a whitelist of verified and approved sites. Calls to sites not on the whitelist are blocked.
To comply with CSP, we are assembling a whitelist of trusted domains, and providing you with the ability to add other domains that you trust to your own custom whitelist.
Beginning on February 1st, we will start blocking any JavaScript that is hosted on external domains not included in your whitelist.
To view your whitelist, and add to it, click the Settings option within the Website module then click the JavaScript whitelist option.
From the JavaScript whitelist screen, you can:
- view a list of trusted domains already verified by Wild Apricot
- add domains that you are trust to your custom whitelist
To add a domain to your whitelist, either:
- click the Add to whitelist link beside the domain name within the Detected domains on account section,
or - enter the domain name in the field within the Custom whitelisted domains section at the bottom of the screen and click the Add domain button
To enable your whitelist, so that JavaScript from unverified domains are blocked immediately, click the Enable whitelist toggle so that it appears blue.
For more information on the JavaScript whitelist screen, click here.
New dashboard
The new dashboard is now available for all administrators, including full and read-only administrators. Some dashboard widgets will not appear for all types of administrators.
As well, we've added the following widgets to the new dashboard. Currently, the new dashboard only appears to limited administrators.
Account summary widget
The account summary widget provides an overview of your Wild Apricot account.
The account summary widget appears for full administrators and read-only administrators.
Newsletters widget
The newsletters widget displays a summary of your most recent manual emails.
The newsletters widget appears for full administrators, read-only administrators, and newsletter administrators.
Online store widget
The online store sales widget provides an overview of your online store sales.
The online stores sales widget appears for full administrators, read-only administrators, and store managers.
Upcoming events widget
The upcoming events widget displays a summary of the next 3 upcoming events.
The upcoming events widget appears for full administrators, read-only administrators, and event managers.
Terminology changes
In response to client input about confusing terminology, we have changed the following terms.
Existing term | New term |
---|---|
Payment tender | Payment type |
Registration type | Ticket type |
Menu name changes
To more accurately reflect their functions, we have renamed the following menus and menu options:
Existing name | New name |
---|---|
Dashboard menu | Account menu |
Overview option | Dashboard option |
Account option | Billing option |
Existing name | New name |
---|---|
Account menu | Profile menu |
Bug fixes
A number of issues identified by our clients have been fixed, including but not limited to the following:
- Renamed macro {Bundle_Administrator_Name} is no longer replaced by bundle coordinator name
- Exporting invoice line items return blank fields under item price, amount columns