This maintenance fixed a few bugs, upgraded some of our node dependencies to fix security vulnerabilities, and added a few new administrator features.

Security Patches:

• glob-parent updated
• normalize-url updated
• Fixed a bug where by gaining access to an administrator’s UUID one could make themselves an administrator without needing to have a valid session with administrator permissions by feeding that UUID to correct API endpoints.

New features:

• Administrators are now able to toggle the entirety of the Assignment Canvas service on and off with one click. This causes all API endpoints except administrator specific ones to return an error message, and all URLs except the login page to return an error screen. This is likely to be used when Assignment Canvas is undergoing extensive maintenance to protect user data from being corrupted by a badly timed request from a user or other things.
• Assignment Canvas is now protected by Cloudflare. Cloudflare provides us with DDoS protection, better flexibility to prevent malicious bots/IPs from accessing APIs and services, and also SSL. If you have strict HSTS checking enabled, you may need to flush our previous certificate from your browser before being able to use the service again.
• Your Assignment Canvas UUID is now shown at the bottom of your user page (https://canvas.toddr.org/user). This UUID should be kept secret, though it does not authenticate you so your account would not be at risk if it was leaked. If you would like a new UUID due to a security leak or for another reason please contact support@toddr.org