IMPORTANT
Below are listed both minor and major changes implemented between Versions 188 - 190.
Minimum Credit
Amendments have been made to the Text Message Alerts payment item to ensure the minimum price to pay is £2.80. Should the Payer attempt to submit an amount below this threshold an error message will appear, the maximum amount has also been amended to £10.50 which is the equivalent of 150 SMS texts.
Report Amendments
Several reports have been updated following reports that a school manager could execute a search when the end date was before the start date. As a corrective measure running the following reports now triggers an error message to appear on the page:
- Payment Report
- Failed Bank Transfer Report
- Gift Aid Report
Date Extension of London FSM Entitlement
The Mayor of London has announced an extension to the London Free School Meal (LFSM) entitlement program for the Academic Year (2024/2025). Additionally, the cost per meal for pupils entitled to LFSM has been adjusted from £2.65 to £3.00 per meal:
- Existing pupils who continue to meet the criteria for LFSM will continue to receive their entitlement throughout the 2024/2025 Academic Year.
- New pupils who meet the LFSM criteria will receive LFSM until the end of the 2024/2025 Academic Year.
- The cost attributed to LFSM will remain £2.65 until 31st August 2024, and will then increase to £3.00 from 1st September 2024 onwards.
Parent Account Debt
After an investigation it was discovered that Parent Account debt was not being presented clearly during the payment process for Parent Account users.
To address this an extra 'Pay Parent Account Debt' line has been added to the order summary within the Basket alongside a breakdown of Parent Account credit showing in the Order Review.
The Parent account top-up amount will show on the Payment receipt displayed once payment has been made, and in the Email receipt sent to the Payer.
Weak Password Policy
It was identified that the existing password requirements across ParentPay applications (Parent, School Manager, Group Manager, Caterer, LA) did not enforce adequate password requirements (password length, strength and complexity).
Previously passwords needed to be:
- Case sensitive
- Between 8-20 characters
- At least one letter and one number
This approach raised concerns regarding users using common password leaving them vulnerable if an attacker was to exploit the system when executing a brute-force logon attack, which could potentially result in ParentPay accounts being compromised.
To mitigate the risk, the Password Policy has been reviewed and updated to add an additional requirement to add a special character to all account passwords The updated Password Policy will require the following when creating a password for ParentPay web application accounts:
- Passwords must contain between 8-20 characters
- Passwords must contain at least one number (digit)
- Passwords must contain at least one upper case and one lower case letter
- Passwords must contain at least one special character
Angular Tab Welsh Language Translation
An issue was identified where three tabs within the Parent application was not correctly translating to Welsh if the user selected the Welsh translation option from the Login page. An update has been rolled out to ensure that the Welsh translation for following Angular side tabs is correct:
- 'Bank accounts' now translates to 'Cyfrifon banc'.
- 'Login details' now translates to 'Manylion mewngofnodi'.
- 'Multi-factor authentication' now translates to 'Dilysu sawl ffactor'.