Changelog
DockMaster Flow (DMF) v2.0.0 - April 2nd, 2025โ
Overview:โ
This release includes key security enhancements aligned with PCI DSS 4.0, improved user management, updates to login and authentication flows.
Users will be prompted to update their password upon first login after the release if their current credentials do not meet the new PCI compliance standards.
๐ Compliance & Security Enhancements (PCI DSS 4.0 Alignment)โ
Weโve updated our platform to meet the latest security standards outlined in PCI DSS 4.0, focusing on password policies, session controls, and account protection.
๐ Password & Access Policy Updatesโ
- Minimum Password Length: 12 characters (mandatory).
- Password Complexity: Must include a mix of letters, numbers, special characters, and capital letters.
- Password History: Users cannot reuse their last 4 passwords.
- Password Expiration: Expires after 90 days, prompting a mandatory update.
๐ Account Securityโ
- Lockout After Failed Attempts: Accounts lock after 6 incorrect login attempts.
- Lockout Duration: 30 minutes.
- Session Timeout: Users are logged out after 15 minutes of inactivity.
- Inactive Account Handling: Accounts automatically disabled after 90 days of inactivity.
- Super Admin User is disabled.
๐ If you experience any issues logging in, please contact support for assistance.
Click To Pay - 2.0.0 - April 2nd, 2025โ
Overviewโ
This release includes key security enhancements aligned with PCI DSS 4.0, improved user management, updates to login and authentication flows, and a wide range of bug fixes to optimize performance and usability.
๐ Compliance & Security Enhancements (PCI DSS 4.0 Alignment)โ
Weโve updated our platform to meet the latest security standards outlined in PCI DSS 4.0, focusing on password policies, session controls, and account protection.
Users will be prompted to update their password upon first login after the release if their current credentials do not meet the new PCI compliance standards.
๐ Password & Access Policy Updatesโ
- Minimum Password Length: 12 characters (mandatory).
- Password Complexity: Must include a mix of letters, numbers, special characters, and capital letters.
- Password History: Users cannot reuse their last 4 passwords.
- Password Expiration: Expires after 90 days, prompting a mandatory update.
- User Group MFA Option: MFA can now be enabled at the user group level. When turned on, users must log in with their email and password, plus a 6-digit verification code sent to their email.
MFA is required under PCI DSS 4.0 for all non-console administrative access and privileged accounts.
๐ง Email-Based Multi-Factor Authentication (MFA) Steps:โ
To enhance login security, weโve introduced email-based MFA:
- After entering your username and password, a 6-digit code is sent to your email.
- Enter the code to complete login.
- You can resend the code after 30 seconds.
- Up to 6 attempts are allowed before account lockout.
๐ Account Securityโ
- Lockout After Failed Attempts: Accounts lock after 6 incorrect login attempts.
- Lockout Duration: 30 minutes, or can be reset by admin user in User Maintenance
- Session Timeout: Users are logged out after 15 minutes of inactivity.
- Inactive Account Handling: Accounts automatically disabled after 90 days of inactivity.
๐ง Email-Based Multi-Factor Authentication (MFA)โ
To enhance login security, weโve introduced email-based MFA:
- After entering your username and password, a 6-digit code is sent to your email.
- Enter the code to complete login.
- You can resend the code after 30 seconds.
- Up to 6 attempts are allowed before account lockout.
๐ Monitoring & Access Reviewโ
- Authentication Logging: All login activity is now recorded for auditing.
โจ Feature & UX Improvementsโ
Login & Password Resetโ
- Updated login, forgot password, and reset password screens for clarity and ease of use.
- Improved validation and messaging for empty or invalid inputs.
๐ Bug Fixesโ
๐ณ Payments & Invoicingโ
- Mandatory Field Validation: Payment requests for specific deposit types now correctly enforce all required fields.
- Duplicate Invoice Fix: Resolved an issue where invoices were appearing twice on the payment screen without user selection.
- Zero-Balance Request Error: Fixed an error that occurred when creating payment requests for customers with no outstanding balance or invoices due.
๐งพ Terminal & Client Maintenanceโ
- Smart Action Link Display: Terminal action links are now automatically hidden when no matching terminal ID or name is found, improving UI clarity.
- Record Deletion Fix: Addressed a system error that previously occurred when deleting records under client maintenance.
๐ฅ User Operationsโ
- Fixed: User deletion functionality now works as expected.
- Fixed: Clear error handling for invalid login credentials.
- Fixed: DM API credentials are now securely hidden from all frontend interfaces to prevent exposure and protect sensitive information.
๐ If you experience any issues logging in, please contact support for assistance.
Click To Pay - 1.26.1 - 3/17/2025โ
Fixes & Improvementsโ
โ SMS and Payment Link Fixesโ
- Fixed: SMS messages for invoices and deposits now display the correct $ amount. (In progress)
- Fixed: The "Message Sent" confirmation was displayed when sending SMS payment links, but customers were not receiving them. This issue has been resolved. (Waiting for release)
- Fixed: Some users experienced failed SMS payments when sending links. This issue has been corrected. (Waiting for release)
โ Payment Link & Deposit Enhancementsโ
- Fixed: Clicking a payment link for a deposit redirected users to the full invoice page instead of the deposit amount. Now, it takes you directly to the correct payment page. (In progress)
- Fixed: Deposit request links were throwing an error due to an issue with empty values. This has been addressed. (Waiting for release)
- Fixed: Errors at the time of payment were not triggering payment notifications or receipts for clients. All notifications and receipts now work as expected. (Released to Prod on March 10)
โ Login & Billing Fixesโ
- Fixed: Customers were unable to log in using their billing ZIP code from their file. This issue has been fixed, and customers can now log in correctly. (Released to Prod on March 5)