A stability, security & polish release — stronger passwords and hardened ownership checks, sanitized rich-text notices, ledger-accurate accounts & fees, and a broad sweep of fixes across the admin, teacher, and student panels.
Changing a password from the student and teacher portals now requires at least 8 characters with 2 or more special characters — the same policy already enforced in the admin panel.
Ownership comparisons are now type-safe, so a student reliably sees their own fee receipts and documents. String-vs-integer mismatches that could return a 403 or 404 on a record the student actually owns have been fixed.
Notices authored in the rich-text editor are now cleaned with HTMLPurifier and rendered as formatted HTML across the teacher, student, and public theme views — headings, tables, and figures display properly instead of showing raw tags, with unsafe markup stripped out.
Admins now see a New badge on tickets they have not opened yet, stamped the first time a ticket is viewed. For submitters, the Open status is relabeled Awaiting Reply on the teacher and student panels so it is not mistaken for already handled.
The accounts dashboard's Year/Month filter now also drives the Account Balances In/Out figures, and payroll summary cards total the entire filtered dataset rather than only the current page — so the headline numbers match what you are actually filtering.
The Fee Dues list now defaults to outstanding (unpaid & partial) dues, with an explicit All (incl. Paid) option. Deleting a fee collection reverses the due it settled instead of leaving a phantom Paid record, and a due that still carries a recorded payment can no longer be deleted until the collection is voided.
The AJAX-populated Class and Subject selections now survive a validation error and re-select themselves on both the admin and teacher question-bank forms, so a failed submit no longer wipes your choices.
Route model binding is fixed so edit, update, and delete act on the real record instead of an empty model — no more 500 on edit or silent no-op on delete. Class-less questions are guarded, the Class/Subject cascade dropdowns work again, and marks entry now explains when no subjects are available instead of showing a disabled dropdown.
The Delete button is now hidden for exams that already have student attempts (where deletion always failed), and Archive shows only for non-archived exams that have attempts.
The student mobile API now groups teachers by teacher rather than by assignment row, so a teacher with multiple subjects no longer appears as duplicates and the dashboard Teachers count is accurate.
The contact-messages table is now responsive, the mailto reply subject is URL-encoded, monitoring stat cards shrink and ellipsize long values without cramming, the teacher list scrolls horizontally instead of using an ambiguous expander, and the ID Cards search icon is no longer clickable.
The active-link underline in the public header is pinned to the bottom edge again — the taller logo no longer leaves the blue bar floating in mid-header.
The Master Data group stays open and active on the Fee Types page, a soft-deleted student's class roll is freed so it can be reused within the same class and section, and a mobile number is now required — with a visible marker — when creating or editing students and staff.
Looking for an earlier release? Browse the release archive.