03 March 2025

03 March 2025

Ontrack Hubs

BETA Only applicable to institutions using the BETA release. Note that BETA documentation may be incomplete or contain errors.

The new and updated features for the 4.47 release are as follows:

Concierge
Security

Concierge
Header	Business Impact	Affected Topics
Concierge - Applications	The Application Overview page now includes four additional tabs as follows: Interview Details Enables staff to view and update information related to a learner’s interview. Staff can monitor the interview status, make necessary changes, and record notes directly linked to the interview process. Qualifications Enables staff to review and manage the qualifications submitted by a learner. This includes adding new qualifications and confirming whether the learner meets the necessary requirements for the course. Requirements Enables staff to view the requirements set against the UIO and add additional criteria as needed. This functionality allows staff to assess whether the learner’s individual qualifications and needs align with the course requirements. Offers Enables staff to review any existing offers made to the learner. Staff can also issue new offers, helping determine whether the learner can proceed to enrolment following the interview process. Additional roles are required for staff to access and manage data within these tabs as follows: View or Edit Interview Details View or Edit Qualifications View or Edit Requirements View or Edit Offers	Concierge
Concierge - Interviews	Staff can use the new Interviews feature to search for existing interviews using search criteria such as event name, number of allocated learners, and so on. On finding the interview of interest you can view the learners allocated to that interview.	Concierge Find Interviews
Concierge - Enrolments	Staff can use the new Enrolments feature to search for existing enrolments and learners, create a new enrolment on behalf of a learner, invite applicants to create a learner account and then create enrolments for a learner. Staff can enrol a learner on a course by completing an Enrolment Form. Details required for each page of the enrolment form are summarised below: Personal Details Enables staff to enter the learner’s account information, contact details, and address. Further Details Enables staff to input information regarding the learner’s equal opportunities and support needs. Statements Enables staff to select statements that are applicable for the learner. Evidence Enables staff to upload any supporting documentation required for the enrolment. Data Protection Enables staff to record the learner’s consent for the use of their personal data. Payments Enables staff to view the total fee for the selected courses. When you have completed the enrolment process the Confirmation page will display.	Concierge Find Enrolments Create Enrolments
Application search results grid columns	In Concierge > Application > Search Results the Person Code, Surname, and Forename columns are now pinned to the left of the grid.	Not applicable

Security
Header	Business Impact	Affected Topics
Ontrack Content Security (CSP) security improvements	Ontrack security has been significantly enhanced by modifying the CSP (Content Security Policy) to block the execution of inline scripts. This change stops malicious scripts being injected into ontrack pages, offering stronger protection against XSS (Cross-Site Scripting) attacks. Genuine ebs scripts are marked with a unique value to identify these as safe to run. In order to facilitate the use of custom JavaScript by customers, scripts added in the following supported ways will also be considered authorised. It is therefore important to ensure that access to these locations is carefully controlled: Scripts in custom html controls in Designer. Scripts added to the translation and analytics folders. Should this security change cause unforeseen issues, ontrack can be reverted to allow the use of inline scripts by adding the value `unsafe-inline` in the Content-Security-Policy > script-src directive institution setting. Adding this attribute is not recommended and should only be considered as a short-term workaround. Default directives such as those relating to the use of the Google translate widget, have been removed from the out-of-the-box CSP, following the security principle of least privilege. If these were in use, the functionality will be blocked on upgrade. If the functionality is still required, use the Dev Tools features found in Chrome and Edge to review any console errors relating to the CSP, and add any missing domains to the appropriate content security policy directive. Two further new institution settings have been added to give greater control to institutions over the content and restrictions applied in the CSP: Content-Security-Policy base-uri directive. Content-Security-Policy worker-src directive.	Ontrack Institution Settings
Analytics snippet usage of head.cshtml to add in the <head> element	Google Tag Manager recommends that scripts are embedded in the `<head>` tag. To support this, the contents of a script named head.cshtml placed in the analytics folder will be included in the `<head>` tag of every page in Ontrack. Files with any other name will continue to be included in the `<body>` tag of each page.

Central and Shape

Learn about the features of Central and Shape, such as applications, learner, curriculum, and so on.

Ontrack Staff Hub

Learn about the the features of Ontrack Staff Hub, such as concierge, safeguarding, and so on.

Ontrack Learner Hub

Learn about the features of Ontrack Learner Hub, such as applications, enrolments, and so on.

Ontrack Contact Hub

Learn about the features of Ontrack Contact Hub, such as attendance, progress, and so on.

Tribal Communities

Learn about the Tribal products, knowledge bases, raising a support ticket, and much more.

Go to Tribal Communities