SECURITY

• Clickjacking protection added: Impact now includes an HTTP security header that prevents the application from being embedded in unauthorized external sites — protecting logged-in users from a class of UI-based attacks.

• File path vulnerabilities fixed: Multiple instances where user input could be used to access unintended files have been identified and resolved across the application.

• Performance vulnerability patched: Problematic code patterns that could allow a specially crafted input to freeze the application have been rewritten, protecting against denial-of-service scenarios.

• URL validation hardened: URL trust checks have been rewritten to properly parse and inspect web addresses, closing potential paths for redirect or request-forgery attacks.

ACCESSIBILITY

• Keyboard-accessible search clear buttons: Search fields in Balance and Impact data grids now include a clear button that can be reached and used without a mouse.

• Recipient List page header fixed: A layout issue with the header on the Impact Template Recipient List page has been corrected.

DATA IMPORTS

• Large ZIP file support for recipient photo imports: Bulk photo imports now handle large ZIP files without errors.

• Photo file size validation: Photo imports now check file sizes before processing and surface a clear error message if a file exceeds configured limits.

• Class Year validation updated on Q&A imports: Class Year is now a warning (not a hard error) on Q&A page bulk imports, consistent with other import types.

BUG FIXES

• Duplicate import error fixed: Re-importing a recipient/fund/reporting period combination that already exists across multiple reporting periods no longer causes an error.

• Fund Value now shows the correct value: The Funds view was incorrectly showing the contributed value instead of the actual fund value. This has been corrected.

• "Null" constituent name display fixed: Constituent names were appearing as "null" in some cases. A fix has been applied.

• Raiser's Edge NXT sync issue resolved: An issue preventing nightly syncs with the RE NXT integration has been resolved. Further improvements are in progress.

• Flex page white space fixed: Unexpected white space on Flex pages has been corrected. If your template is affected, contact Support to apply the fix.