Changelog
Click To Pay - 2.1.0 - May 6th, 2025โ
๐ง Bug Fixesโ
User Deletion in Admin Panelโ
- Fixed a backend issue preventing deletion of users due to foreign key constraints.
- Verified across multiple deletion scenarios including reset password workflows.
Cancel Password Change Redirectโ
- Updated behavior so canceling a password change returns the user to the last visited screen instead of logging them out.
Deposit Screen Detailโ
- Enhanced the customer payment screen to display specific deposit types and related record IDs (e.g., Boat ID, Contract ID), consistent with DMPay.
New User Login Behaviorโ
- Maintained PCI-compliant password reset requirement for first-time logins, confirming this behavior aligns with compliance policy.
Invalid ZIP Code Handlingโ
- Corrected an issue where entering an invalid ZIP code during payment caused unexpected logout.
- Users are now properly notified of invalid input.
Prospect Searchโ
- Fixed the prospect search functionality in Terminal to correctly return results for valid IDs.
UI Label Cleanupโ
- Removed the misleading "No Invoices Selected" label from deposit-only payment screens for a cleaner user experience.
Backend Credential Loggingโ
- Eliminated backend logging of sensitive user credentials to improve security.
Work Order Descriptionsโ
- Restored long opcode descriptions in work order invoices on the customer payment screen, improving transparency.
ACH Default Payment Typeโ
- Updated default selection logic to prefer ACH as the payment method when supported, including for links accessed via email.
โ Improvementsโ
Work Order Operation Detailsโ
- Added detailed operation descriptions for work order invoices to the customer payment screen, improving clarity and itemization.
DockMaster Flow (DMF) v2.0.0 - April 2nd, 2025โ
Overview:โ
This release includes key security enhancements aligned with PCI DSS 4.0, improved user management, updates to login and authentication flows.
info
Users will be prompted to update their password upon first login after the release if their current credentials do not meet the new PCI compliance standards.
๐ Compliance & Security Enhancements (PCI DSS 4.0 Alignment)โ
Weโve updated our platform to meet the latest security standards outlined in PCI DSS 4.0, focusing on password policies, session controls, and account protection.
๐ Password & Access Policy Updatesโ
- Minimum Password Length: 12 characters (mandatory).
- Password Complexity: Must include a mix of letters, numbers, special characters, and capital letters.
- Password History: Users cannot reuse their last 4 passwords.
- Password Expiration: Expires after 90 days, prompting a mandatory update.
๐ Account Securityโ
- Lockout After Failed Attempts: Accounts lock after 6 incorrect login attempts.
- Lockout Duration: 30 minutes.
- Session Timeout: Users are logged out after 15 minutes of inactivity.
- Inactive Account Handling: Accounts automatically disabled after 90 days of inactivity.
- Super Admin User is disabled.
tip
๐ If you experience any issues logging in, please contact support for assistance.
Click To Pay - 2.0.0 - April 2nd, 2025โ
Overviewโ
This release includes key security enhancements aligned with PCI DSS 4.0, improved user management, updates to login and authentication flows, and a wide range of bug fixes to optimize performance and usability.
๐ Compliance & Security Enhancements (PCI DSS 4.0 Alignment)โ
Weโve updated our platform to meet the latest security standards outlined in PCI DSS 4.0, focusing on password policies, session controls, and account protection.
info
Users will be prompted to update their password upon first login after the release if their current credentials do not meet the new PCI compliance standards.
๐ Password & Access Policy Updatesโ
- Minimum Password Length: 12 characters (mandatory).
- Password Complexity: Must include a mix of letters, numbers, special characters, and capital letters.
- Password History: Users cannot reuse their last 4 passwords.
- Password Expiration: Expires after 90 days, prompting a mandatory update.
- User Group MFA Option: MFA can now be enabled at the user group level. When turned on, users must log in with their email and password, plus a 6-digit verification code sent to their email.
warning
MFA is required under PCI DSS 4.0 for all non-console administrative access and privileged accounts.
๐ง Email-Based Multi-Factor Authentication (MFA) Steps:โ
To enhance login security, weโve introduced email-based MFA:
- After entering your username and password, a 6-digit code is sent to your email.
- Enter the code to complete login.
- You can resend the code after 30 seconds.
- Up to 6 attempts are allowed before account lockout.
๐ Account Securityโ
- Lockout After Failed Attempts: Accounts lock after 6 incorrect login attempts.
- Lockout Duration: 30 minutes, or can be reset by admin user in User Maintenance
- Session Timeout: Users are logged out after 15 minutes of inactivity.
- Inactive Account Handling: Accounts automatically disabled after 90 days of inactivity.
๐ง Email-Based Multi-Factor Authentication (MFA)โ
To enhance login security, weโve introduced email-based MFA:
- After entering your username and password, a 6-digit code is sent to your email.
- Enter the code to complete login.
- You can resend the code after 30 seconds.
- Up to 6 attempts are allowed before account lockout.
๐ Monitoring & Access Reviewโ
- Authentication Logging: All login activity is now recorded for auditing.
โจ Feature & UX Improvementsโ
Login & Password Resetโ
- Updated login, forgot password, and reset password screens for clarity and ease of use.
- Improved validation and messaging for empty or invalid inputs.
๐ Bug Fixesโ
๐ณ Payments & Invoicingโ
- Mandatory Field Validation: Payment requests for specific deposit types now correctly enforce all required fields.
- Duplicate Invoice Fix: Resolved an issue where invoices were appearing twice on the payment screen without user selection.
- Zero-Balance Request Error: Fixed an error that occurred when creating payment requests for customers with no outstanding balance or invoices due.
๐งพ Terminal & Client Maintenanceโ
- Smart Action Link Display: Terminal action links are now automatically hidden when no matching terminal ID or name is found, improving UI clarity.
- Record Deletion Fix: Addressed a system error that previously occurred when deleting records under client maintenance.
๐ฅ User Operationsโ
- Fixed: User deletion functionality now works as expected.
- Fixed: Clear error handling for invalid login credentials.
- Fixed: DM API credentials are now securely hidden from all frontend interfaces to prevent exposure and protect sensitive information.
tip
๐ If you experience any issues logging in, please contact support for assistance.
Click To Pay - 1.26.1 - 3/17/2025โ
Fixes & Improvementsโ
โ SMS and Payment Link Fixesโ
- Fixed: SMS messages for invoices and deposits now display the correct $ amount. (In progress)
- Fixed: The "Message Sent" confirmation was displayed when sending SMS payment links, but customers were not receiving them. This issue has been resolved. (Waiting for release)
- Fixed: Some users experienced failed SMS payments when sending links. This issue has been corrected. (Waiting for release)
โ Payment Link & Deposit Enhancementsโ
- Fixed: Clicking a payment link for a deposit redirected users to the full invoice page instead of the deposit amount. Now, it takes you directly to the correct payment page. (In progress)
- Fixed: Deposit request links were throwing an error due to an issue with empty values. This has been addressed. (Waiting for release)
- Fixed: Errors at the time of payment were not triggering payment notifications or receipts for clients. All notifications and receipts now work as expected. (Released to Prod on March 10)
โ Login & Billing Fixesโ
- Fixed: Customers were unable to log in using their billing ZIP code from their file. This issue has been fixed, and customers can now log in correctly. (Released to Prod on March 5)