A Kenyan technology platform Ushahidi has announced that its new version code named “Cairo” is now available. Both the Ushahidi and Crowdmap platforms have been updated with version 2.5.
The new version comes with several updates including Mapping and Security changes.
To assist current users of the platform to a smooth upgrade, the Ushahidi team announced that on August 8, 2012, they will be holding an upgrade office hours session where they can be reached via skype or IRC.
Below is some of the changes to the platform:
Mapping
The mapping code for the main page has been refactored and is no longer tied to the timeline. This means faster load times for your maps. We’ve consolidated the mapping code into a single JavaScript library; ushahidi.js. This library has an event system which is extensible.
The stock events can be triggered for actions such as zoom changes, resizing the map viewport, change of base layer etc. As a by the way, decoupling the timeline from the map effectively means that you can plug in your own timeline. The stock timeline is uses jqplot. This change affects those plugins that hook into the main map such the full screen map plugin.
Security changes
The following security issues were identified and fixed in 2.5. On July 1, members of the Open Web Application Security Project (OWASP) – Portland group and few of our team held an event to drill into the code. Here is a summary of those items we fixed.:
- Multiple SQL injections (Timothy D. Morgan, Kees Cook, postmodern)
- Missing authentication on comments, reports, email API calls (Kees Cook, Dennison Williams)
- Admin user hijacking through the installer (Wil Clouser)
- Stored XSS on member profile pages (Amy K. Farrell)
- User data exposed in comment API
These important security fixes are included in version 2.5. We have also made them available as stand-alone patch on our security site. Please update your deployments to ensure the most secure version is used. (Crowdmap has been updated with the latest version.)
Settings Table
The structure for the settings table has been modified so that data are stored as key/value pairs. Previously, this table only had one row and each setting was a column. In the new structure, there are only 3 columns: id, key, value. The settings model class (application/models/settings) has the necessary utility methods for retrieving and saving data from/to the restructured table. There is an upgrade script that shall effect this change on your schema.
For more information on more changes and upgrade procedures do visit the Ushahidi blog post.
