Change Log

v6.14.2

12 Jun, 2026

Bug Fixes

Cloned class publishing — publishing a class that was created by cloning another class no longer produces a class missing its content, and no longer alters the original class's scheduled sessions or enrollments. The new class now gets its own independent copy of all content and sessions, leaving the source class untouched.
Image uploads now accept AVIF, WebP, and HEIC/HEIF formats.
Strengthened security headers across all services: HTTPS-only transport is now enforced on every response, and headers that disclosed server technology have been removed.

v6.14.1

10 Jun, 2026

Bug Fixes

Certificates — fixed an error that prevented some completion certificates from opening. Certificate templates containing a formatting mistake are now caught and reported when saved, so certificates render reliably.

v6.14.0

9 Jun, 2026

Improvements

Cross-view deep links — opening a link or bookmark to an organization page while you're in Department view (or vice versa) now switches you to the correct view and shows the page, instead of redirecting you away. Applies only when your role already grants access to that view.
Quiz integrity — text in quiz questions can no longer be selected or copied.

Bug Fixes

Closed a flaw where an account with limited administrative access to a user could view that user's training transcript and completion certificates from departments outside its own.
Closed a flaw in internal reporting that could return user names, email addresses, and training statistics belonging to a different organization.
Closed a flaw in the legacy drag-and-drop file upload that allowed attaching a file to another user's account.
If the app encounters a fatal error while running an outdated cached version, it now automatically reloads onto the current version instead of showing a blank screen.
Fixed an issue that could prevent some JWPlayer-hosted training videos from loading.

v6.13.0

5 Jun, 2026

New Features

Vimeo video support — classes can now include Vimeo-hosted videos as training content, alongside the existing YouTube and uploaded-video options.
SFTP User Sync — keep your roster automatically in sync with your HR system via secure SFTP file drops. Available per organization on request — contact your Prodigy representative to activate.
PDF zoom — zoom controls when viewing PDF documents in the in-app viewer.

Improvements

The "resume where you left off" notice now sits directly beneath the video in every player.
The class player now shows a friendly placeholder when a segment has no overview content.
Class names are trimmed of stray leading/trailing whitespace when saved.
Faster class list loading when filtering by purchased classes.
More reliable SCORM Cloud syncing with timeouts and automatic retries.

Bug Fixes

Two-factor login — users with 2FA enabled are no longer bounced back to the login page after entering a valid verification code.
Stuck on an old version — browsers stranded on an outdated cached copy of the app (left over from a previous app migration) now automatically update to the current version.
Exporting submissions for very large surveys no longer fails.
Hardened the forgot-password flow so it can no longer be used to discover whether an email address has an account.
File uploads are now validated server-side against a strict list of allowed file types.
Closed a flaw that allowed a user in one organization to delete class documents belonging to another organization.
Hardened legacy profile pages against script injection through user-supplied name and email fields.
Reduced unnecessary internal detail in error responses and logs, per our annual security review.

v6.12.2

22 May, 2026

Bug Fixes

Impexium SSO login — closed an authentication-bypass vulnerability in the Impexium single sign-on callback, flagged by our security pentest, that could allow an unauthenticated visitor to obtain a logged-in session. Normal Impexium SSO logins are unaffected.

v6.12.1

15 May, 2026

Improvements

Profile fields — EMS ID and phone number are now independently optional. Users without an EMS ID can save a phone number on its own, and vice versa.
Session lifetime — authentication cookies are now capped at a 14-day maximum lifetime so unattended or stolen sessions can't remain valid indefinitely.

Bug Fixes

Dashboard — bundles no longer appear twice in the My Account widget when the bundle is assigned through more than one path.
Account merge — merging two user accounts no longer leaves the resulting user with duplicate copies of the same class or training-plan assignment.
Organization Users — the Department filter on the Organization Users page now stays in sync with the URL, so navigating Back from a user detail page returns you to the same filtered view.
Shared certificates — Training Officers can now update a certificate that is shared with departments outside their reach, without hitting a "no access to assigned departments" error.
Rich text editor — pasting from external sources (Mailchimp, Outlook, web pages) now strips images and scripts that aren't part of Prodigy, so pasted content can't pull in external assets or unsafe markup.
Certificate template preview — malformed template syntax now returns a clear validation error instead of an unhandled server error.
Class player — classes that used to show two quiz tiles (a duplicated tile left over from a legacy migration) now show a single canonical quiz tile. Affected 15 active classes including Anti-Harassment, Cardiac Arrest, Pain Management, and Back Injury Prevention.
Embedded fonts, avatars, and trackers — the HubSpot feedback widget font, the Facebook Pixel script, instructor Gravatar avatars, and a small set of embedded third-party class content (Action Pact Training Group, BigCommerce-hosted images, www.google.com) now load reliably across pages.
HubSpot integrations — content served from HubSpot's regional CDN shards now loads reliably regardless of which region serves the script.
Login on browsers that block analytics — login no longer fails when Google Tag Manager is blocked by an ad blocker or content blocker.
Hardened certificate-PDF generation — the image fetcher now blocks requests to private and internal addresses and to cloud-metadata endpoints, closing a server-side request forgery vector flagged by our annual pentest.
Hardened internal GraphQL endpoint — additional safety limits (query depth, query complexity, introspection control, rate limiting) applied to the Node service's GraphQL endpoint per this year's pentest.
Hardened two-factor authentication cookie — the 2FA cookie is now HttpOnly, so it can no longer be read by client-side scripts (defense-in-depth against cross-site scripting).
SAML sign-in observability — failed SAML sign-in attempts now generate tracked error events so we can detect identity-provider misconfigurations faster.

v6.12.0

11 May, 2026

New Features

Training plan completion date — the recertification snapshot report now shows the date each user finished a training plan once their progress reaches 100%, alongside their renewal date. Historic completions are backfilled at upgrade time.

Bug Fixes

Training plan deletion — fixed an intermittent server error when deleting a training plan that had been assigned across both organization and department scopes (the duplicate assignment row caused a strict-count mismatch and rejected the entire delete).
Training plan editing — fixed a race that could submit a stale snapshot of the form when saving training-plan changes, occasionally causing the wizard's Finish step to reject the submission with a "categories required" error right after adding a category.
Embedded class content — extended page security policy coverage so embeds from Litmos, Phia, Blink, Traumasoft, FireHouse247, the HubSpot feedback widget, the HubSpot collected-forms tracking script, and Google support pages all load correctly inside class descriptions.
Hardened JWPlayer webhook — the media-available webhook now verifies a JWPlayer HMAC signature, closing a path where any caller who knew the public JWPlayer property ID could mark uploaded videos as available without JWPlayer having actually processed them.
Hardened SCORM completions — SCORM Cloud postbacks now require HTTP Basic authentication, closing a path where unauthenticated callers could mark SCORM courses complete by replaying a known registration ID.
Hardened auth cookies — array-shaped session-token cookies (`Cookie: token[]=…`) are now rejected before reaching the auth backend, eliminating a side path that surfaced as internal 500s and produced an inconsistent error signature.

v6.11.10

8 May, 2026

New Features

Riverside podcast audio — class authors can now embed audio files hosted on Riverside (hosting-media.riverside.com) into class content.

Improvements

Self-hosted Google Fonts — typography assets are now served from Prodigy's own domain instead of fonts.googleapis.com, improving page-load privacy and reliability for customers behind restrictive corporate networks.
Future-proof TLS — production load balancers now negotiate post-quantum cryptographic ciphers when supported by the client, hardening against "harvest now, decrypt later" attacks.
Reliable third-party tracking embeds — extended page security policy coverage so Google Analytics, Google Tag Manager, Google Ads conversion pixels, JWPlayer audio, HubSpot scripts, and Facebook Pixel images all load correctly across more regions and on Safari 15.4. The Google country-domain allowlist now refreshes automatically on every build instead of being patched in reactively.

Bug Fixes

Class player on Safari 15.4 — fixed a regression that caused the class player to fail to start on older Safari builds when launching a video segment.
Department Training Officers can create certificate templates — fixed an error that blocked Training Officers whose role is granted at the department level (rather than the organization level) from creating new certificate templates.
Legacy resources/department pages — fixed a server error that intermittently broke the legacy resources, department, and "my resources" pages on direct page loads.
Legacy session/certificate URLs — fixed a server error that occurred when malformed UUIDs were passed to legacy session and certificate routes.
Hardened SAML login — removed a public test identity provider that was accidentally trusted by production, closing a critical sign-in vulnerability.
Hardened auth logging — verification tokens and 2FA cookies are no longer written to internal logs.
Hardened admin authorization — corrected a defense-in-depth filter in the department admin role check that was silently bypassed (no exploit path; corrected to prevent future regressions).
Hardened SSO redirects — encoded and validated tenant identifiers in the Impexium SSO login flow to close a query-string injection vector.
Hardened CSV exports — neutralized formula-leading characters in transcript CSV exports so spreadsheet apps don't auto-execute embedded payloads when files are opened.
Hardened security headers — added X-Content-Type-Options to all responses to prevent MIME-type sniffing attacks.
Patched axios — closed two prototype-pollution advisories in a transitive build-time dependency.

v6.11.9

30 Apr, 2026

Bug Fixes

VR Patients launches — clicking "Launch on VR Patients" from a class scenario now opens the simulator correctly. Previously the popup tab opened blank with no network activity because the page's security policy was blocking the launch redirect.
Status widget — the embedded status indicator in the frontend footer now loads correctly (was silently blocked by the page's security policy).

v6.11.8

27 Apr, 2026

Bug Fixes

Class titles containing apostrophes or ampersands (e.g. "Nero's Law", "IM Epi Check & Inject") now render correctly in completion certificate PDFs

v6.11.7

26 Apr, 2026

Improvements

Renamed the "CAPCE Category" field on the class builder to "Topic" for consistency with industry terminology
Added an inline clear button to the Topic picker so it can be reset back to "no topic"

Bug Fixes

Fixed a layout regression that caused class descriptions, segment URLs, and training plan images to render oversized or pushed off screen when the underlying text contained non-breaking spaces (affected the Ventura County EMS Resuscitation Protocols course in particular)
Faster Class Assignments report — the per-row registrations query now uses indexed lookups
More reliable background job processing during deploys (graceful SIGTERM handling prevents orphaned cron alerts)

v6.11.6

23 Apr, 2026

New Features

Public API — new public REST API for integrations, authenticated via per-organization access tokens; covers user transcripts, certificates, and details with auto-generated OpenAPI 3.1 documentation
CAPCE Category on Classes — Training Officers can now tag a class with a CAPCE category from a prepopulated, alphabetically-sorted list when building or editing it
Outside Completion enhancements — record an instructor name and a class description on outside completions
Class Wizard video preview — segment editor now shows a preview of the previously uploaded video so authors can confirm the right asset is attached before publishing
Status page widget — the in-app footer now embeds a live status indicator linked to status.prodigyems.com

Improvements

Removed the CAPCE-specific language from the default certificate notes template so non-CAPCE certificates render with neutral wording out of the box

Bug Fixes

Mobile class catalog now shows pagination controls correctly below the last class card instead of overlapping the footer
Department-scoped training plan assignments no longer leak into the organization-level assignments view
Class catalog "Newest first" sort handles classes with no last-modified date instead of dropping them from the list
Quiz attempts no longer race when a learner submits answers in rapid succession (prevents stale answer submission and duplicate attempt rows)
Email verification endpoint is now idempotent — duplicate clicks on the verification link no longer error
Role hierarchy is now strictly enforced when assigning roles (a Training Officer cannot promote anyone to Admin, and Admin-level changes require an Admin caller)
Outside Completion form spacing and date-input sizing fixed for a tighter layout

v6.11.5

10 Apr, 2026

Bug Fixes

Exclude incomplete quiz attempts from class statistics so averages reflect only finished submissions
Faster certification expiration alerts for large organizations

v6.11.4

8 Apr, 2026

Improvements

Organization-level admins can now bulk-complete classes for any user in their organization

Bug Fixes

Clean up orphaned training plan data when assignments or certifications are removed
Faster survey answer search (previously could take up to 8 seconds)
Bulk-delete training plan assignments now uses a single request instead of one per row, dramatically speeding up large deletions
Class image grid no longer collapses to a sliver of space on narrow screens
Display a friendly error message when the PDF viewer fails to load, instead of a blank page
Faster class catalog loading

v6.11.3

7 Apr, 2026

Bug Fixes

Dramatically faster class catalog loading (previously could time out after 111 seconds)
Training plan completion packets now show dates in Eastern time
PDF viewer no longer fails after new app versions are deployed (version-mismatch issue)
SAML login pages now display styles correctly
Resolved a race condition that could cause training plan statistics to be skipped on save
Faster overall app performance from removing 17 unused database indexes

v6.11.2

4 Apr, 2026

Bug Fixes

Background job reliability improvements (suppress spurious PHP warnings)

v6.11.0

3 Apr, 2026

New Features

Class Materials — upload and manage supplementary files (PDFs, images, handouts) for any class
User Training Hours report — new report showing per-user training hours across a selected date range
Certificate layout editor — JSON-driven certificate template system with a live preview so admins can design custom layouts
Server-side pagination on the class catalog for much faster loading in large orgs
User Last Login date is now tracked and shown in user detail views
"Terms of Use" renamed to "Terms of Service" on the login page

Bug Fixes

Friendlier error when an Impexium SSO account is missing credentials
Deactivated user emails are now properly excluded from lookups
Users can only modify their own outside completions (security)
Hardened the legacy media download endpoint with session validation (security)
Fixed XSS issues in legacy PHP templates (security)
Fixed intermittent page load failures after release deployments
SCORM courses now handle unknown completion statuses gracefully
Department city is now included in CAPCE certification submissions
Consistent payment page theming, plus Stripe Link support for saved cards
Seat-based bundle activation dates are now calculated correctly
Prevent duplicate payment processing on rapid clicks
Automatic retries improve SSO login reliability

v6.10.1

27 Mar, 2026

Bug Fixes

Fixed black screen on YouTube video playback caused by autoplay/seek behavior

v6.10.0

16 Mar, 2026

New Features

Bulk class completion — training officers can complete a class for many users at once
Content Security Policy fallback directives for better browser compatibility

Bug Fixes

Certification expiration filter no longer includes already-expired certifications
Fixed a crash in the dashboard when certifications had invalid date ranges
Assignments report no longer shows duplicate rows
Slow survey summary query (previously up to 80 seconds) now loads quickly
Deactivated users are now consistently hidden from user lists, department views, reports, and resources
Class content defaults to English when a language is not explicitly set
Employee ID lookups correctly exclude deactivated users
Invalid report date filters now return a clear error instead of a 500
Deleted certificate templates no longer appear in the Class Builder picker
Fixed certificate creation using the wrong name for the signer
Added server-side validation for pagination parameters

v6.9.0

4 Mar, 2026

Bug Fixes

Completion packets now include the approval letter
SCORM progress is now parsed correctly from the documented postback payload
Deactivated users can no longer accept invitations
Concurrent training plan statistics updates are now handled safely
The training plan page and downloadable snapshot now show consistent data

v6.9.1

4 Mar, 2026

Bug Fixes

Fixed an edge case in the training plan service when certificate IDs were missing

v6.8.6

2 Mar, 2026

Bug Fixes

Fixed translation errors across French and Arabic
SSO via Auth0 now supports additional claim namespace formats
Fixed "No valid certification found" error when a certification had no issue date
Faster training plan loading (query optimizations on eligible class lookups)
SAML sessions now correctly use the secondary database connection for reads

v6.8.3

25 Feb, 2026

Bug Fixes

Fix duplicate training plans showing on the dashboard
Training plan state filter now correctly honors the selected state
Require core profile fields even for existing users during SAML sign-in
Reject invalid or zero-duration YouTube videos during class creation
Fixed error when creating a certification with a past issue date
Training plans are now correctly scoped to the viewer's department
Video player no longer errors out when the browser blocks autoplay
Various training plan snapshot reliability fixes

v6.8.0

16 Feb, 2026

New Features

Report export warnings when data approaches row limits
Local (state-specific) training requirements now take priority over national requirements
Support for .mov (QuickTime) video uploads
Department names are now alphabetized across pickers
Class Builder accessibility improvements in the segment overview

Bug Fixes

Quiz results viewable for completed attempts even after the quiz is updated
Show a resume button when media playback encounters an error
Users no longer get incorrectly assigned to departments during bulk updates
Verify-email no longer blocks when the email is already verified by another user
Eliminated legacy group training plans that could leave users in inconsistent state

v6.7.4

29 Dec, 2025

New Features

Clone classes — duplicate any class, including its settings and content, as a starting point for new classes

Bug Fixes

Resolved a deadlock that could occur when editing certifications
Failed login attempts are now logged for diagnostics

v6.7.3

18 Dec, 2025

Bug Fixes

Training Plan Progress report no longer shows duplicate rows

v6.7.2

16 Dec, 2025

Bug Fixes

Saving a class as a draft now preserves the selected certificate template and survey
Corrected the "Verified" toggle alignment on user management
Certificate creation now correctly stores the hex ID
Scheduled jobs (reminders, notifications) run on their intended schedule

v6.7.1

11 Dec, 2025

Bug Fixes

Release stability — internal reliability improvements with no customer-facing changes

v6.7.0

9 Dec, 2025

New Features

Page number is preserved when navigating back in paginated lists
Terminology updated across the app from "employee" to "member"

Bug Fixes

Class category now appears correctly in the training plan snapshot
Editing a survey template no longer breaks surveys already in use by classes
PDF loading errors are now tracked so we can diagnose and fix them faster
More reliable background job check-ins

v6.6.0

1 Dec, 2025

New Features

Affiliate program — new affiliate tracking and payout workflow
Role selection when inviting users (previously required a separate step after invitation)
Document viewing and download in the class player
Anti-clickjacking headers across all pages (security hardening)
Export warning when report results hit a row limit

Bug Fixes

Improved reliability of certificate PDF generation with image-loading retries
Friendlier message when a bundle can't be purchased (e.g. already owned or out of stock)
Class headlines now wrap correctly instead of overflowing
Category picker in training plan builder now adjusts when a class becomes unavailable
Resolved various content security policy issues that blocked external assets

v6.5.7

3 Nov, 2025

Bug Fixes

Training plans no longer show blank space when a class is no longer available
Avoid re-queueing stale training plans in the background

v6.5.6

30 Oct, 2025

New Features

Assets now served through CloudFront for faster page loads globally

Bug Fixes

Invited users can now accept their invitation from within the app
Resolved a duplicate-key error that could occur on training plan generation

v6.5.5

22 Oct, 2025

Bug Fixes

Bulk user upload now provides clearer per-row error messages
Handle missing SAML mail attribute without errors

v6.5.1

8 Oct, 2025

Bug Fixes

Restore training plans that were hidden due to incorrect date filtering
Impexium SSO no longer errors when a user has no membership record

v6.5.0

7 Oct, 2025

New Features

Question Bank — build classes from a reusable pool of quiz questions
Bulk upload organization users — add many users at once via CSV
Generic picker field for custom forms
Impexium membership status check — automatic validation when members log in
Return-to-training-plan navigation after completing a class
Merge account links no longer expire

Bug Fixes

Archived training plans no longer get stuck in processing
Fixed 500 error when duplicating a deleted certification
Bundle seat assignment flow now works reliably
Invitation links can no longer be reused after they've been accepted
Password reset tokens are cleared when accounts are merged
Email templates fall back to English when a translation is missing
Reset quiz link state when the quiz assigned to a class changes
Prevent unique constraint errors on email verification
Faster class availability checks via new database indexes

v6.3.2

4 Aug, 2025

New Features

Countdown timer shown while generating a training plan snapshot
Download option for the new PDF viewer
Training officers can now trigger password resets for their users

Bug Fixes

Training Plan Statistics report no longer includes deleted training plans
Fixed Impexium SSO timeout
Class statistics "Average Score" now displays correctly
Deleted assigned training plans no longer show for individual users

v6.3.1

25 Jul, 2025

New Features

SAML department mapping — configure which department users land in based on SAML attributes
Content Security Policy headers rolled out (security hardening)
Department name ordering is now consistent across the app
Verify-email links have a longer expiration window

Bug Fixes

SAML login now supports organizational-unit-name attributes
Assignments for deleted training plans are properly filtered out

v6.3.0

16 Jul, 2025

New Features

Two-Factor Authentication (2FA) — users can secure their account with TOTP
Offline detection banner — the app now notifies users when their network connection drops
Quiz pagination with progress saved between questions
Only the user who requested a training plan snapshot can download it
Quiz submit button now stays disabled until all required answers are provided

Bug Fixes

Fixed quiz answers persisting in local storage across attempts
Large class reports (previously up to 72 seconds) now load much faster
Training plan renewal dates now respect the user's timezone
PDF generation formatting: course type, credit hours, and approval number now render on separate lines
Correct ordering of class records by date
Elective categories now rank lower than required categories in training plans
Seat-based bundle user sorting fixed
Fixed certification alerts not surfacing for some users
Bulk upload data is now trimmed to avoid accidental whitespace errors

v6.2.6

18 Jun, 2025

New Features

Safari 15+ now fully supported

Bug Fixes

Removed inapplicable page-size control from the quiz player
Training plan required hours can no longer be negative
Various PHP 8.2 deprecation warnings resolved for smoother operation
Corrected certification level label and validation
Uploaded filenames are now sanitized for safety

v6.2.5

5 Jun, 2025

New Features

Same-day training assignments are now allowed
Autocomplete hints added to authentication forms
Viewport now allows zoom for better accessibility

Bug Fixes

Clearer "Launch Course" button label
Error stack traces are no longer exposed to end users
Training plan background regeneration reliability improvements

v6.2.4

4 Jun, 2025

New Features

Training plan dates now display in MM/DD/YYYY format

Bug Fixes

YouTube Shorts URLs are now recognized as valid videos
Force-regenerate training plans no longer gets stuck

v6.2.3

2 Jun, 2025

New Features

Certification attachment indicator shown in the certification list

Bug Fixes

Can now re-create a user whose email matches a soft-deleted account

v6.2.0

20 May, 2025

New Features

User Profile Redesign — refreshed profile page with cleaner layout and faster navigation
Quiz pagination with results saved between pages
Show live session location on the registration card

Bug Fixes

Assignment email now only goes to the newly-assigned user (not to all users)
Account-merge resend email now uses the correct parameters

v6.1.1

30 Apr, 2025

Bug Fixes

Certificate template now correctly allows optional signature images
Resolved a database name issue in legacy signature migrations

v6.0.0

9 Apr, 2025

Improvements

Major version release — see subsequent v6.x entries for customer-visible changes

v5.1.3

8 Apr, 2025

Bug Fixes

Fix reports failing when data contains quote characters
Archived training plans no longer trigger unnecessary background updates
Assignment initial and due dates now correctly respect user timezones
Resolved a crash when completion timestamps had not changed from their initial values

v5.1.4

8 Apr, 2025

Bug Fixes

Corrected a unique-index constraint on organization and department user records that could block adding users

Change Log

Comprehensive EMS Continuing Education and Training