I ain’t afraid of no ghost

product updates

I ain’t afraid of no ghost

So, how was your trick-or-treating? While not busy eating bite-sized chocolate treats, we’ve been hunting ghosts in our server logs.


We’re happy to report that ghosts don’t exist, but we’re still not sure what happened to the lonely orphaned row we found hiding in one of the tables. You’ll be glad to hear we’ve found a new home for it, and it’s already sipping on a hot cocoa and warming its feet by the fireplace.

The rest of the week was quite uneventful, but here are the highlights of changes we’ve made this week:

  • 🐞 We’ve noticed that some of the validation messages for text fields were not matching the actual constraints on the API, which resulted in incorrect responses to text that was too large for those fields. We took out a tape measure and made sure everything is now reporting the correct allowed length.
  • 🕵 During our application security review, we noticed a couple of potential XSS exploits that were possible. As a consequence, we sweeped the entire code base for similar patterns and eliminated known exploits.
  • 📧 Resources whose avatar has changed no longer causes broken images in emails containing the old avatar.
  • 🛰 All static email assets are now served through the CDN, which should improve performance on native email clients.
  • 🐞 Fixed a bug where the project code was misbehaving when creating a project within the New Booking dialog.

Photo by Ariana Suárez on Unsplash