3.22.0 - Production
The following information details this release of Aztec.
Release Topics
Release Schedule
| Production |
|---|
| 12 July 2022 |
What's New
New Features
The following new features have been introduced in this version of Aztec.
| Feature | Description |
|---|---|
|
Password Configurations, Rules & Expiry
|
To facilitate the introduction of enhanced passwords a new configuration page 'Password Policy' has been added where settings across the estate can be managed by a user that has been the permission of Edit Password Policy Enhanced password rules can now be configured by a Head Office user for an estate. All of the password rules can be configured by an Aztec Head Office user with the relevant role permission in Staff & Security | Configuration | Password Policy A Head Office user with the relevant permissions in Aztec Head Office in Staff & Security | Configuration | Password Policy can now configure when a password is due to expire in number of days. There is a further configuration to allow a notification that the password is expiring which is also configured in number of days |
|
Change Own or Another User's Password
|
Security enhancements have been made to changing a user's own Aztec password and also the ability for a user at Head Office or Site to change another user's password |
|
Forgotten Password Hint |
A link label has now been added to the Aztec Login screen to assist the user of who to contact if they have forgotten their password |
|
Display Additional Information on Pickup Account screen
|
The Account pickup screen on the POS now always displays the Account number regardless of whether Table number, Customer name, HELD status, POS in standalone mode, a delayed order, employee park account are also displayed |
|
BYOD QR Code on Bill Prints (USA)
|
For USA loyalty schemes a change has been made to Aztec to enable a QR code to be printed on bills |
|
Hard Deleting Deleted Promotions
|
All deleted promotional records are currently held in the Aztec database and are never removed. These records build up over time and can impact Aztec functionality including reconfigures and slow previews. This feature provides a configuration Promotion Details Maintenance which supports allowing deleted promotions to be "archived" from the promotion tables and an option to restore within a period of time. Any deleted promotions that are out with a retention period are hard deleted from the Aztec database |
Technical Changes
The following new features have been introduced in this version of Aztec.
| Feature | Description |
|---|---|
|
BCrypt Secure Storage for Aztec Passwords |
Introduces Enhanced Password Encryption Security for Aztec. This feature changes the storage of Aztec passwords from being encrypted using MD5 only to using both MD5 and BCrypt At both Head Office and Site, post upgrade, when a user first logs in, they will be prompted to change their password (which will then be stored using both MD5 and BCrypt formats). Pre Aztec 3.22.0 sites (non-upgraded sites) will continue to use existing MD5 encryption for passwords until they upgrade Upon upgrade to Aztec 3.22.0 sites will no longer be able to access the Rewards for Reservations module via the Aztec shell. The application can still be used using Aztec password, but will need to access this out with the shell (such as via icon on desktop) Upon upgrade to Aztec 3.22.0, if using APOS from within the Aztec shell, when you open the APOS module, you will be prompted to authenticate again using the same password |
|
Aztec installer upgrade improvements |
Improvements to the EPoS upgrade process to minimise installation failures as a result of SeverEPSUpgarerDLL.dll load (Error 126). |
|
Using Obfuscation of passwords to Delphi in Shell |
As part of the Aztec Password security development, this feature introduces AES-128 encryption to the command line used to open certain modules from the Aztec Shell. The command line is used to allow starting of these modules without having to re-authenticate whilst logged into the Aztec shell. |
|
Aztec Service watchdog - adding ZBS File Transfer and ZBS File Executor |
The following ZBS services are currently added manually to the Aztec Service watchdog
Both of these services have now been automatically added to the Aztec Service watchdog. |
|
Remove requirement to force change Aztec password upon upgrade |
When Aztec is upgraded to 3.22.0 operators will not be prompted and forced to change their password Any password policies (including any default password configurations) will only be applicable when either a user chooses to change their password or is forced to changed their password by another user
|
Additional Information
Update to original release 01 July 2022
Feature: Remove requirement to force change Aztec password upon upgrade
This removes the requirement developed originally in 3.22.0 to force a user to change their password upon upgrade to Aztec 3.22+. When Aztec is upgraded to 3.22 they will not now be prompted and forced to change their password
This new version of Aztec contains changes to Password functionality and there are tasks that are recommended to be carried out immediately on upgrade to 3.22 for both Head Office users and Site users, including Single Site Master users.
There are some optional features which are described in our new features guide in terms of password policy.
The first Head Office user to log in, should update their Password Policy so that any other users logging into Aztec will use their configured Password Policy and not Aztec’s default.
Why are we implementing this change?
Zonal wish to improve the security of our customer’s applications and thus have introduced a secure storage of passwords using ‘BCrypt’. The previous way of securing passwords using “MD5” is being phased out.
BCrypt stores the password in a more secure format so that it cannot be retrieved maliciously. This means that upon upgrade, all passwords will be encrypted.
Recommended Approach
Zonal Customer Aztec Administrator:
-
Be ready for the Head Office upgrade and understand what Aztec Password Policy you wish to implement ahead of upgrade
-
Communicate to all users for Head Office and sites that their sites are being upgraded. Include dates if possible
-
Communicate to all users what the new password policy will be so they are aware when they choose to change their password or a forced to change their password by another user
-
On morning of Head Office / Single Site Master / Site upgrade, log in, it is recommended that you set your Password Policy immediately
Default Password Policy
Upon upgrade the following rules will be in place:
| Configuration | Pre Aztec 3.22 | Aztec 3.22+ (upon upgrade) |
|---|---|---|
| Minimum Password Length | Anything between 6-20 characters | Default 10 characters, but this is now configurable between 6-20 characters |
| Maximum Password Length | Anything between 6-20 characters | Default 20 characters, but this is now configurable between 6-20 characters |
| Special Character Required | It was possible to have a Special Character, but this was not enforced | Special Character required is on by default, but this can be de-selected |
| Password Expiry (days) | N/A | Off by default (ie a password does not expire) |
| Password Notification (days) | N/A | Off by default |
| Preventing a password from being the same as the username | It was possible to have the Aztec username and password to be the same | This is a mandatory requirement and is not configurable |
| Passwords cannot be the same as the current password | It was possible to keep the same password when changing the password | This is a mandatory requirement and is not configurable |
Users will not be permitted to use a password the same as the user name
Password policy will have a minimum set of requirements
When changing another user's password, the requirement that the password cannot be the same as the existing password does not apply