Gliding New Zealand

Club admins can change a member's primary club

Feature · 17 May 2026

If you are an admin of one or more clubs, the member edit page now lets you change a member's primary club directly. Previously this required emailing the GNZ treasurer. The dropdown shows the clubs you administer, plus the member's current primary club so it stays visible if you do not administer it.

Members without admin rights now see a short message explaining that their club's secretary or admin can make the change for them, rather than being directed to the GNZ treasurer.

Help docs added at /docs

Feature · 17 May 2026

We've added a documentation section to gliding.net.nz. It covers how to sign in and register, manage members and ratings, run events, use tracking, send bulk emails, and what to do when you see a confusing error page like Page Expired.

Most pages are placeholders today and will be filled in over time. If a topic you need isn't covered yet, please open an issue on GitHub.

This change also redesigned the changelog. Entries are now stored as individual Markdown files and rendered at /docs/changelog (the old /changelog URL redirects there). The "Recent changes" widget on the home page continues to show the three most recent entries.

NZ clubs list restored on the homepage

Bug fix · 17 May 2026

The list of New Zealand clubs on the gliding.net.nz homepage had silently disappeared a few weeks ago and was no longer visible to visitors. It is now restored.

New-device login emails turned off

Bug fix · 15 May 2026

Some members were receiving "logged in from a new device" emails on every login, even though they hadn't changed devices. This was caused by mobile networks and home internet connections handing out a different IP address each session — normal behaviour, not a real security event. These new-device emails have been turned off so they no longer arrive as false alarms. Login history continues to be recorded and is available to administrators.

Reliable delivery for membership-wide email

Bug fix · 12 May 2026

Sending email to the full membership list could silently deliver to only some recipients due to SMTP timeouts. Emails are now queued and sent individually to each recipient, so all members reliably receive the message.

Flashed status messages pop up automatically

Bug fix · 8 May 2026

Status messages flashed by the server (for example after deleting an event or updating your account) now pop up automatically. Previously they were hidden behind the bell icon until you clicked it.

Return to the events list after deleting an event

Bug fix · 8 May 2026

After deleting an event you are now taken back to the events list instead of being left on a page for an event that no longer exists.

Confirmation before deleting an event

Bug fix · 5 May 2026

Clicking Delete Event now asks for confirmation before removing the event. If you dismiss the prompt, the event is kept.

Event delete permission check restored

Bug fix · 21 April 2026

A permission check that prevents unauthorised users from deleting events was accidentally disabled. It has been restored — only users with edit rights on an event (its creator, club members, or contest administrators) can now delete it.

Dates of birth display in DD/MM/YYYY

Bug fix · 17 April 2026

Dates of birth on member profile pages were showing as a raw timestamp (e.g. 1965-02-15T00:00:00Z) instead of a readable date. They now display in the expected DD/MM/YYYY format (e.g. 15/02/1965).

Tracking pages are faster

Performance · 14 April 2026

Live tracking now reuses local terrain data during each request instead of reloading it for every aircraft point. This reduces repeated work behind the scenes and helps both the tracking map and timesheet views stay more responsive when lots of aircraft are active.

We also removed an experimental tracking query path that was slowing down some tracking requests in production, especially on busy day tables.

Tracking pages stay available during terrain data resets

Bug fix · 14 April 2026

A bug that could make the live tracking and timesheet pages fail while terrain height data was being reused behind the scenes has been fixed. Tracking pages should now stay available even when a local terrain data file needs to be reset.

Changelog page added

Feature · 1 April 2026

We've added this changelog so you can see what has changed on gliding.net.nz. Major features, bug fixes, security improvements, and performance changes will be documented here going forward.

Multi-Factor Authentication (MFA) introduced

Security · 27 March 2026

gliding.net.nz now testing Multi-Factor Authentication with a small group of people before being rolled out to everyone. When enabled, after entering your email address and password, you will be sent a six digit code to your email address. You must enter this code to complete login. This only happens once, per device, every 30 days.

Why MFA? gliding.net.nz holds sensitive information including member contact details, medical currency, and ratings records. MFA protects against credential stuffing attacks using your stolen email address and password (which might already be public from a data breach).

Additionally, the office of the Privacy Commissioner has publicly stated:

"Two-factor authentication is a bare minimum we would expect for small businesses or organisations that hold or share personal information digitally. If you are a small business that has a cyber-related privacy breach and don’t have at least two factor-authentication in place expect to be found in breach of the Privacy Act."

As an additional security measure, all members are now notified when someone logs into their account from a new device.

Tracking map: unregistered trackers automatically hidden

Bug fix · 8 February 2026

The GNZ tracking site recently experienced an issue where a FLARM (likely running in competition mode) constantly changed its ID and appeared as hundreds of unregistered trackers (like *AB, *CD, *EF) on the map. This drowned out real aircraft and created a safety risk by obscuring real traffic.

To address this, the tracking site now automatically hides all unregistered trackers when too many of them are present. If this happens, you can unhide them by clicking the cog icon in the top left.

Stronger password requirements

Security · 17 December 2025

We now align with NIST recommendations - requiring passwords that are at least 15 characters long, and not requiring special characters. Passwords are checked against the Have I Been Pwned database to ensure that they have not appeared in a data breach. It is your responsibility to protect everyone's data by using a unique and strong password - ideally generated by and stored in a password manager, or written down somewhere secure.

Existing passwords are not immediately affected, but you will be prompted to update your password if it doesn't meet the new requirements when you next reset it. You must change your password if it is easy to guess or has been reused elsewhere.

Ratings and medical currency report improvements

Feature · 3 October 2025

Administrators can now export a spreadsheet of BFR and medical currency records, including awarded and expiry dates. The ratings report now includes ICRs and all medical certificate types, and the export now lists members in a consistent order.

Platform upgraded to supported software versions

Security · 22 August 2025

gliding.net.nz now runs on fully supported versions of its core platform components: PHP 8.3 and Laravel 12, on a supported Ubuntu LTS server. Running supported software means we receive ongoing security patches, reducing the risk of vulnerabilities.

The front-end UI libraries (Vue.js and Bootstrap) are currently out of date and are planned to be upgraded in a future update.