AtlasOA Changelog

Security and privacy

• Atlas K-12Completed and re-verified the platform-wide security review. Every school-and-district boundary, integration safeguard, and data-handling protection from the prior release was re-checked against the live application and confirmed in place.
• Atlas K-12Made the unencrypted-network startup warning more reliable so operators are always alerted when the platform is reachable over plain HTTP on a local network, even when a custom address is configured. Running behind TLS (proxied mode) remains the recommendation for any non-trusted network.

Compatibility

• Atlas K-12No customer action is required after updating. Existing data and configuration are preserved.

Security and hardening

• AtlasOAExtended role and permission enforcement to every management area including lab tracking, badges, certification alignment, graduate tracking, course evaluations, evidence portfolios, institutional-effectiveness dashboards, advisory boards, file attachments, and proficiency scales, so create, edit, issue, and delete actions follow each account's assigned permissions.
• AtlasOAReinforced administrator-only screens so configuration and destructive actions require an administrator account, not merely a signed-in one.
• AtlasOAImproved API access-key handling. A new key is shown once at creation and is no longer retained in the browser session afterward.
• AtlasOAStandardized sign-in responses so they no longer reveal whether a particular username exists, with consistent protection across all sign-in screens.
• AtlasOAStrengthened sign-in rate limiting and account lockout so repeated failed attempts are counted reliably and limited per account as well as per source.
• AtlasOAAutomatically re-secures stored email (SMTP) passwords in protected storage during upgrade.
• AtlasOAAdded optional signed-update enforcement so a deployment can require authenticated update packages, plus a clear notice when the application is reachable over the network without encrypted transport.
• AtlasOAAdditional input and output hardening across request validation, the data-import workflow, and report file generation.

Compatibility

• AtlasOAAll changes are backward compatible. Existing data, license keys, and API keys continue to work without manual steps.
• AtlasOANo customer action is required after updating, aside from optionally enabling signed-update enforcement.

Security and privacy

• Atlas K-12Strengthened school and district boundaries across account management, dashboards, group tools, data imports, survey insights, care teams, and review queues so staff only see and act on records within their authorized school or district.
• Atlas K-12Tightened account-management controls for creating, editing, and deactivating staff accounts, including stronger safeguards around elevated and special-purpose roles.
• Atlas K-12Hardened single sign-on so sign-in identity checks more consistently restrict access to approved organizations and domains.
• Atlas K-12Improved student information system integrations with stricter server verification, safer file handling, protected credential storage, and corrected setup screens for reliable credential entry and saving.
• Atlas K-12Protected exported reports by sanitizing spreadsheet and CSV output so stored text is not interpreted as active content when opened.
• Atlas K-12Updated Compass privacy controls around answer handling, caching, and review workflows so district information stays separated and corrected content refreshes appropriately.
• Atlas K-12Hardened family and student survey links with stronger single-use and expiration handling.
• Atlas K-12Strengthened web response and deployment safeguards with additional browser protections, transport-security settings, input and output escaping, installer signing, and network-configuration checks.

Reliability and accuracy

• Atlas K-12Restored dashboards and group views for all staff roles by correcting a defect that could affect non-district administrator accounts.
• Atlas K-12Improved attendance and chronic-absenteeism reporting by correcting calculation and duplicate-record handling so at-risk students are surfaced more accurately.
• Atlas K-12Improved alert and email reliability so risk-alert notifications and alert-tier handling reach the right staff more consistently.
• Atlas K-12Made intervention progress tracking and survey submission more resilient when records include incomplete or out-of-range data.
• Atlas K-12Improved credential diagnostics so configuration issues are reported clearly instead of silently continuing.

Compatibility

• Atlas K-12Student-data privacy was the central focus. The update strengthens FERPA-aligned boundaries while preserving existing data and workflows.
• Atlas K-12No customer action is required after updating.

Security and hardening

• AtlasOATightened permission enforcement across administrative tools, data-import actions, and record-deletion workflows so each action follows the account's assigned role and permissions.
• AtlasOAStrengthened protection for stored API access keys. Keys are now kept in a protected, non-reversible form, and existing keys continue to work while upgrading automatically.
• AtlasOAImproved handling for credential and secret fields so sensitive values stay hidden from built-in data tools and cannot be edited through general-purpose screens.
• AtlasOAHardened backup management with stricter file-name validation and administrator-only backup actions.
• AtlasOAProtected exported reports by sanitizing spreadsheet and CSV output so imported text is not interpreted as active content when opened.
• AtlasOAImproved encrypted transport handling. Optional HTTPS enforcement now applies consistently, and offsite backup transfers plus external system integrations use stricter certificate and host verification by default.
• AtlasOAAdded safer software-update checks so update packages are verified for integrity before they are applied.
• AtlasOAReduced service privileges and improved install behavior by using a lower-privilege service account, restricting application-data access, and reporting installation status more accurately.
• AtlasOAImproved first-run account security. New installations now require the default administrator password to be changed before use, and repeated failed sign-in attempts are limited per account.
• AtlasOAHardened web responses with tighter content-security and session-cookie settings, plus sign-in requirements for several internal status endpoints.
• AtlasOAExpanded input and output hardening with additional escaping and validation across user-facing screens and reports.
• AtlasOAImproved dependency and build hygiene by pinning dependencies to known-good versions and removing internal-only assets from the distributed package.

Compatibility

• AtlasOABackward compatible update. Existing data, license keys, and API keys continue to work without manual steps.
• AtlasOANo customer action is required after updating, aside from setting a new administrator password on brand-new installations.

What's new

• SharedAdded Infisical-backed secret storage support for on-prem school-server installs where the vault is hosted by the customer, district, or institution.
• AtlasOAJenzabar, Canvas, Blackboard, and Moodle credentials can now be stored in a local self-hosted Infisical instance instead of the application config file when deployments enable Infisical mode.
• AtlasOASMTP passwords, SFTP backup passwords, and S3-compatible backup secret keys now use the same credential backend, keeping operational service secrets behind the same vault boundary.
• AtlasOASaved credential references are no longer echoed into password fields. Leaving a credential field blank keeps the existing saved secret, while entering a new value rotates it through the active backend.
• Atlas K-12SIS integration credentials can now be stored in a local self-hosted Infisical instance instead of the application database when deployments enable Infisical mode.
• Atlas K-12SQLite stores only safe credential references when Infisical is configured, reducing plaintext exposure for API keys, SIS client secrets, SFTP passwords, tokens, and other integration credentials.
• SharedExisting encrypted ENC: credentials remain compatible. Local encrypted Fernet storage stays available by default for development and local installs, while new or rotated credentials can use INFISICAL: references in server deployments.
• SharedAdded deployment documentation for Infisical configuration so IT teams can choose the credential backend that matches their server environment.

Validation

• Atlas K-12109 focused checks passed: 13 credential/SIS tests, 22 security and migration tests, 15 packaging/installer tests, 15 SIS integration/importer tests, and 44 auth/security tests.
• Atlas K-12Runtime smoke confirmed /login returned 200.
• AtlasOAFocused credential-vault tests passed for local Fernet fallback, Infisical reference creation, secret resolution, reference reuse on rotation, and connector-side decrypt.
• AtlasOASyntax checks passed across the credential store, LMS/SIS adapters, SMTP mailer, offsite backup module, and main Flask app.

Company milestone

• SharedMissouri retail sales license issued. AtlasOA, LLC received its Missouri retail sales license on April 9, 2026.

Company milestone

• SharedAtlasOA, LLC founded. AtlasOA, LLC was founded on January 12, 2026.

What's new

• SharedFounder partner program launched. Free first year, locked-in founder pricing for the life of the license.
• Shared54 marketing pages, 47 security controls, 64 database tables, 9 LMS / SIS adapters ready for production.
• AtlasOADirect Jenzabar SQL Server integration (STUDENT_CRS_HIST, NAME_MASTER, SECTION_MASTER) for institutions running JICS or J1.
• Atlas K-12Atlas K-12 launched as a separate program (not a module) for K-12 districts, with Compass local AI assistant, 788-technique whole-child catalog from IES / WWC / PBIS / CASEL / NCII, four-pillar dashboard.
• SharedSelf-hosted backup tool producing single-ZIP backups suitable for institutional backup targets.

What's new

• AtlasOAAnnual planning workflow. Program leads can author an annual plan, link it to outcomes, and roll forward year over year.
• AtlasOACo-curricular activity tracking. Capture participation, link to institutional outcomes, publish to the student record.
• AtlasOADrilldown view for outcome reports. Click any aggregate number, see the underlying student-level scores.
• AtlasOAProficiency scales of any size. Earlier versions hard-coded a 1-4 scale; you can now define any-size scales and link them to specific outcomes.

What's new

• AtlasOAREST API for outcomes, assessments, and reports. API token management in admin.
• AtlasOACurriculum mapping visual. Course-to-program-to-institution outcome map with gap detection.
• AtlasOAAssignment linking. Tie individual assignments to specific course outcomes for direct evidence collection.

What's new

• AtlasOAClosing-the-loop documentation built into the assessment cycle. A cycle cannot be marked "complete" without a closing-the-loop record.
• AtlasOAAudit log. Every change to outcomes, alignments, scores, and reports is logged with user, timestamp, and old/new value.
• AtlasOABranding admin. Customer-facing reports use your institution's logo and colors.

What's new

• AtlasOAAccreditation evidence templates. HLC, SACSCOC, MSCHE, NWCCU, WSCUC, and ACCJC templates produce accreditor-ready evidence packages from your assessment data.
• AtlasOARubric scoring at scale. Bulk-score artifacts against a shared rubric; calibrate raters with double-scored samples.

What's new

• AtlasOAMulti-tenant data import. CSV imports for outcomes, programs, courses, sections, students, and historical assessment data.
• AtlasOAProgram review workflows. Standard 3-year and 5-year program review templates.

What's new

• AtlasOASLO and PLO authorship and alignment. Course outcomes link to program outcomes link to institutional outcomes.
• AtlasOAInitial reporting suite. Achievement reports, distribution reports.