Release Date: 12 July 2022 | Updated 09 May 2024
Status: Released to Production
For detailed information on Aztec 3.22.0 please view a section below.
Important Release Information
This section contains important information about upgrading to Aztec 3.22 and should be understood by Customer Administrators of Aztec
Update to original release 01 July 2022
Remove requirement to force change Aztec password upon upgrade - AZT-775
This removes the requirement developed originally in 3.22.0 to force a user to change their password upon upgrade to Aztec 3.22+. When Aztec is upgraded to 3.22 they will not now be prompted and forced to change their password
This new version of Aztec contains changes to Password functionality and there are tasks that are recommended to be carried out immediately on upgrade to 3.22 for both Head Office users and Site users, including Single Site Master users.
There are some optional features which are described in our new features guide in terms of password policy.
-
The first Head Office user to log in, should update their Password Policy so that any other users logging into Aztec will use their configured Password Policy and not Aztec’s default.
Why are we implementing this change?
Zonal wish to improve the security of our customer’s applications and thus have introduced a secure storage of passwords using ‘BCrypt’. The previous way of securing passwords using “MD5” is being phased out.
BCrypt stores the password in a more secure format so that it cannot be retrieved maliciously. This means that upon upgrade, all passwords will be encrypted.
Recommended Approach
Zonal Customer Aztec Administrator
-
Be ready for the Head Office upgrade and understand what Aztec Password Policy you wish to implement ahead of upgrade.
-
Communicate to all users for Head Office and sites that their sites are being upgraded. Include dates if possible.
-
Communicate to all users what the new password policy will be so they are aware when they choose to change their password or a forced to change their password by another user..
-
On morning of Head Office / Single Site Master / Site upgrade, log in, it is recommended that you set your Password Policy immediately.
The process for any forgotten passwords is for the staff member to ask a manager within their business with appropriate permissions to reset a password, or to contact the company IT department. Resetting of passwords is not carried out by the Zonal Help Centre
Default Password Policy
Upon upgrade the following rules will be in place:
| Configuration | Pre Aztec 3.22 | Aztec 3.22+ (upon upgrade) |
|---|---|---|
| Minimum Password Length | Anything between 6-20 characters | Default 10 characters, but this is now configurable between 6-20 characters |
| Maximum Password Length | Anything between 6-20 characters | Default 20 characters, but this is now configurable between 6-20 characters |
| Special Character Required | It was possible to have a Special Character, but this was not enforced | Special Character required is on by default, but this can be de-selected |
| Password Expiry (days) | N/A | This is off by default (ie a password does not expire) |
| Password Notification (days) | N/A | This is off by default |
| Preventing a password from being the same as the username | It was possible to have the Aztec username and password to be the same | This is a mandatory requirement and is not configurable |
| Passwords cannot be the same as the current password | It was possible to keep the same password when changing the password | This is a mandatory requirement and is not configurable |
Users will not be permitted to use a password the same as the user name
Password policy will have a minimum set of requirements
When changing another user's password, the requirement that the password cannot be the same as the existing password does not apply
New Features Summary
For more information on any of the features introduced in this release click the > to navigate.
Updated Hotfix 09 May 2024
Hotfix 503944 - This Hotfix is to address bug 501444 for an Aztec Import issue causing Theme XML generation errors to occur.
This hotfix is for 3.22.0 and should be applied to Head Office and Single Site Master Only
Updated Hotfix 13 September 2023
Bug 457651: Stocks to mitigate bad PH Default Included Item data input. This hotfix is for Aztec3.22.0 and can be applied to Site and Single Site Master
Updated Hotfix 03 July 2023
440729: Hotfix 415602 - Customer is unable to view the Recipe make up report due to a Primary Key error. This hotfix is for Aztec 3.20.0, 3.22.0 and 3.24.0 and can be applied to Head Office, Site and Single Site Master
Updated Hotfix 20 December 2022
Bug 375070 CommsUpDn wrong for ac_User
This hotfix is for 3.22.0 only and is to be applied to Head Office only
Aztec Password Configuration Page to be added to Staff & Security - AZT-678
A new configuration page called Password Policy has been added to Aztec Head Office Staff & Security for all of the Aztec Password security configurations. All of the configurations are configured per Estate and can only be edited if the user has the new role permission Edit Password Policy .
Head Office Configuration
-
At Head Office, open Staff & Security | Configuration | Password Policy
-
To enable a Back of House role with permissions to edit the Password Policy screen, this can be enabled in Staff & Security | Back of House Roles | [Select Role Name] Assign Permissions | Staff & Security roles | Configuration | Password Policy
If a user doesn't have the "Edit Password Policy" role permission they will still be able to view the Password Policy screen, but will have no option to edit
If the role has read only access, there is no option to Save or Discard.
Enhanced Passwords - Password Rules - AZT-40
Enhanced password rules can now be configured by a Head Office user for an estate. All of the password rules can be configured by an Aztec Head Office user with the relevant role permission in Staff & Security | Configuration | Password Policy.
Configurations that are included in this release are:
-
Minimum password length (currently supporting 6-20 characters)
-
Maximum password length (currently supporting 6-20 characters)
-
Special characters required (from a subset)
In addition to the configurations listed above, this feature also includes some enhancements that aren't configurable:
-
Preventing a password from being the same as the user name
-
Password cannot be the same as the current password.
-
There is now a hint to advise of password rules configured Show password policy rules.
Any existing passwords will be valid until a password is changed
Any Aztec pre 3.22.0 sites will not be included in any password configuration policies
Head Office Configuration
There are some configurations within Password Policy which are enabled by default in this version of Aztec. These configurations can be changed as described below.
-
At Head Office, open Staff & Security | Configuration | Password Policy.
-
Within the new Password Policy page Password Rules configurations will be available to configure.
-
Once you have configured your password policy, you will need to save your changes.
Password Policy configurations are configurable on a per Estate basis
Minimum Password Length
Minimum password length is enabled by default to 10 characters. This can be changed to an absolute minimum of 6 characters and a maximum of 20 characters.
You will not be allowed to set Minimum password length to less than 6 characters.
It is recommended that the minimum password length is set as no less than 10 characters
You will be alerted and prevented if you try and change the Minimum password length to be greater than the Maximum password length
Maximum Password Length
Maximum password length is enabled by default to 20 characters. If the Maximum password length is changed the maximum length allowed can be set to be the same or higher than the minimum password length. The absolute maximum password length is 20 characters.
You will not be allowed to set Maximum password length to more than 20 characters.
You will be alerted and prevented if you try and change the Maximum password length to be less than the Minimum password length
If you don't make changes to the minimum and maximum password lengths, then the defaults will apply
Special Characters Required
Special characters required is enabled by default which requires a user to include a special character from a subset (listed below) in their password.
The following special characters that are supported for Special Character required are !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
If you de-select Special Character required, it is still possible to include a special character in your password, but it wont be enforced
Special characters required is enabled by default
Head Office Configuration - Send Changes to Sites
For the new settings made at Head Office to take effect at site, perform a communications job to the required sites.
For detailed information on running communications jobs click here.
At Site
After a password policy configuration has been made at Head Office and successfully sent to an upgraded site, when a user logs onto Aztec, they will be prompted with the below dialogue box where they will be required to enter their existing (old) password, followed by entering a new password and then confirming the new password.
When a password policy has been configured or changed, a hint will be provided to the end user via a link label to assist them when changing their password.
When you click on the Show password policy rules hints will be provided based on what has been configured at Head Office. Please see example below.
If you fail to meet the criteria set when changing your password, you will be provided with a further notification to assist of what is still required.
You will also be prompted if you don't correctly enter your old password first
Aztec Password Expiry - AZT-641
A Head Office user with the relevant permissions in Aztec Head Office in Staff & Security | Configuration | Password Policy can now configure when a password is due to expire in number of days. There is a further configuration to allow a notification that the password is expiring which is also configured in number of days.
Password Expiry configurations are configurable on a per Estate basis
Head Office Configuration
This feature does not operate by default in this version of Aztec, it must first be configured as described below.
At Head Office, open Staff & Security | Configuration | Password Policy.
There are 2 configurations that are applicable for Password Expiry:
Password expiry (days)
This allows a Head Office user with relevant role permissions to configure the number of days before a password expires.
The configuration is set at 0 days by default which means that it doesn't expire.
The minimum number of days that this can be configured for is 0 days and the maximum number of days before a password will expire is 999 days.
The default of 0 days is set (ie the password doesn’t expire). This is the recommended setting.
Once you have configured your password policy, you will need to save your changes.
Password notification (days)
This allows a Head Office user with relevant role permissions to configure the number of days where you will be notified before your password will expire .
The configuration is disabled by default.
When this configuration is enabled, the default is 1 day. Please note that if changing from the default, the minimum number of days that this can be configured is 1 day and the maximum number of days before a password will expire is 14 days.
There is a hint to explain this configuration
Once you have configured your password policy, you will need to save your changes.
It is not possible to set the Password expiry notification to be greater than or equal to the Password Expiry period
It is not possible to set the Password expiry period to be less than or equal to the Password Expiry notification
To prevent having to change your password on the same day as when it was last changed, it is not possible to set Password expiry to 1 day
Please note that if the Password expiry is set at 0 days (ie that it won't expire), then you will not be able to set a notification period
Head Office Configuration - Send Changes to Sites
For the new settings made at Head Office to take effect at site, perform a communications job to the required sites.
For detailed information on running communications jobs click here.
At Site or at Head Office
When a password expiry has been configured along with a password notification, a user will be notified when their password is due to expire. Before the existing password has expired, there is an option to change the password (selecting Yes) or continue without changing the password (selecting No).
The message is slightly different if the password is due to expire that day.
If the password has already expired, the following message will be displayed to the user. If the user selects No, then they will be taken back to the login screen. They will be unable to continue until they select Yes and change their password.
Password Enhancements - Ability to change own or another user's password - AZT-650
Some security enhancements have been made to changing a user's own Aztec password and also the ability for a user at Head Office or Site to change another user's password.
There are already existing ways that a user can change their own Aztec password. It is currently possible to change their own existing password either:
-
Via the Aztec Shell, File | Change Password.
-
Within Staff & Security | Users.
-
A user has changed someone else's password either at Site or Head Office and then using the check-box to force a user to change password on the next login. Please note that this checkbox is now enabled as default, but can be deselected.
There are some enhancements included in this release to increase password security in this area:
Via the Aztec Shell, File | Change Password
When an Aztec user changes their password via Aztec Shell, File | Change Password
In addition to entering a new password, you will also now be prompted to enter your existing password first.
Staff and Security | Users | Back of House Login Details Change
A user can change their own password in Staff and Security | Users | select the user from the list of users on the left hand side and then click on Change
In addition to entering a new password, you will also now be prompted to enter your existing password first
A user has changed someone else's password at either Site or Head Office and then using the checkbox to change password on the next logon
The checkbox Change password at next logon is now enabled by default. This can be unchecked if required.
When changing another user's password, the requirement that the password cannot be the same as the existing password does not apply.
It is recommended to avoid changing password on non-upgraded (lower than Aztec 3.22.0) sites until upgraded so any password policies persist after being set.
When adding a new user in Staff & Security | Users | Add New User
When a new user is added in Staff & Security, any password policy rules that have been configured, will also apply to the passwords entered here.
Forgotten Password Hint - AZT-751
Display Account Number, Table Number and Customer Name on Account Pick-Up Screen - AZT-736
The Account pickup screen on the POS now always displays the Account number regardless of whether Table number, Customer name, HELD status, POS in standalone mode, a delayed order, employee park account are also displayed.
This is not a configurable setting. Account number will show on the POS post upgrade to Aztec 3.22.0
If there are more than 3 items to be displayed on the account such as Acc No, Table, Customer Name and Held status some of this information will be displayed intermittently
US Locale will show Acc No. as Chk No (as per wording on the order display)
BYOD Support printing of QR code on every bill - AZT-715 (US only)
This feature is a supporting change for a US loyalty specific integration that will print a QR code on the bill which does require some configuration in Aztec.
This is a US only customised feature for a specific loyalty integration only. This is not for general use.
Head Office Configuration
This configuration does not operate by default.
This can be configured at Aztec Head Office Theme Modelling | Site Setup | Printing Print QR code for Check Payment.
Print QR Code Code for Check Payment is configurable on a per site basis and will be off by default.
UK locale name for this configuration is Print QR Code for Bill Payment
It is also possible to configure the text that prints above and below the QR code on the bill/check. This can be configured in Theme Modelling | Estate Setup | MessageDisplay.
UK locale name for this configuration is Print QR Code for Bill Payment
It is possible to enter 5 lines of text that will appear above the QR code and 4 lines of the text below the QR code. It is also possible to format the text: Alignment, Bold, Double-Width and Double-Height.
Head Office Configuration - Send Changes to Sites
For the new settings made at Head Office to take effect at site, perform a communications job to the required sites.
For detailed information on running communications jobs click here.
At Site
When a bill is printed at site, a QR code will also be printed which can then be used to pay the bill.
Hard Deleting Deleted Promotions - AZT-690 (Promotion Details Maintenance)
All deleted promotional records are currently held in the Aztec database and are never removed. These records build up over time and can impact Aztec functionality including reconfigures and slow previews. This feature provides a configuration Promotion Details Maintenance which supports allowing deleted promotions to be "archived" from the promotion tables and an option to restore within a period of time. Any deleted promotions that are out with a retention period are hard deleted from the Aztec database.
Promotion Details Maintenance configuration is off by default
Head Office Configuration
At Head Office, open Theme Modelling | Estate Setup | Global Configs.
Promotion Details Maintenance checkbox is disabled by default. When enabled, this will allow a retention period (in days) of how long a deleted promotion will be archived in the database during which time it is possible to restore the promotion. Out with the retention period any deleted promotion will be permanently deleted from the database.
The minimum retention period that can be set is 3 months (90 days) and maximum retention period that can be set is 36 months (1096 days).
When Promotion Details Maintenance check box has been enabled, a default retention period of 13 months (395 days) is applied
A hint is provided to the end user.
It is possible to change the Retention Period (days) either by typing the number directly into the box or by using the arrows to the right of the box
When Promotion Details Maintenance has been enabled with a configured retention period, note that when the Promotions module is first run there will be a slight delay as the maintenance to the promotion tables is carried out.
When Promotion Details Maintenance has been configured with retention period, the first run of the Promotions module by a user each day where you see the Please Wait messages briefly may take slightly longer than at other times whilst this process of permanently deleting and archiving promotions are carried out
The first comms link to sites post configuration may also take slightly longer due to updates of archiving and deleting of promotion tables
There is a new View Deleted button added to the main Promotions screen which when clicked on, presents the user with all of the deleted promotions that are available to be restored within the configured retention period.
When there are no deleted promotions to restore, the View Deleted button will be greyed out
If there any deleted promotions available to be restored, the headers of these promotions will be displayed when you click on View Deleted.
Click on the deleted promotion that you wish to restore which will highlight the promotion in blue and click on Restore Selected
When a deleted promotion has been selected to be restored, a warning prompt will be displayed to make sure that you want to proceed (OK or cancel with X).
A confirmation message will be displayed that the selected promotion has been successfully restored.
The restored promotion will then be removed from Deleted Promotions list.
There is an option to filter on the deleted promotions available to restore.
Promotion Details Maintenance configuration is applicable to both Head Office created promotions and Site created Promotions
On multi-user environments, a user will be alerted if a deleted promotion is restored before another user tried to restore it
Technical & Supporting Changes
BCrypt Secure Storage for Aztec Passwords - AZT-511
Introduces Enhanced Password Encryption Security for Aztec. This feature changes the storage of Aztec passwords from being encrypted using MD5 only to using both MD5 and BCrypt.
At both Head Office and Site, post upgrade, when a user first logs in, they will be prompted to change their password (which will then be stored using both MD5 and BCrypt formats). Pre Aztec 3.22.0 sites (non-upgraded sites) will continue to use existing MD5 encryption for passwords until they upgrade.
Upon upgrade to Aztec 3.22.0 sites will no longer be able to access the Rewards for Reservations module via the Aztec shell. The application can still be used using Aztec password, but will need to access this out with the shell (such as via icon on desktop).
Upon upgrade to Aztec 3.22.0, if using APOS from within the Aztec shell, when you open the APOS module, you will be prompted to authenticate again using the same password.
Aztec installer upgrade improvements - AZT-638
Improvements to the EPoS upgrade process to minimise installation failures as a result of SeverEPSUpgarerDLL.dll load (Error 126).
Using Obfuscation of passwords to Delphi in Shell - AZT-731
As part of the Aztec Password security development, this feature introduces AES-128 encryption to the command line used to open certain modules from the Aztec Shell. The command line is used to allow starting of these modules without having to re-authenticate whilst logged into the Aztec shell.
Aztec Service watchdog - adding ZBS File Transfer and ZBS File Executor - AZT-738
The following ZBS services are currently added manually to the Aztec Service watchdog
-
ZBS File Transfer
-
ZBS File Executor
Both of these services have now been automatically added to the Aztec Service watchdog.
Remove requirement to force change Aztec password upon upgrade - AZT-775
When Aztec is upgraded to 3.22.0 operators will not be prompted and forced to change their password.
Any password policies (including any default password configurations) will only be applicable when either a user chooses to change their password or is forced to changed their password by another user
Bugs & Issues Resolved
| Zonal ID | Description |
|---|---|
| 354991 | Aztec BOH > Rest Service > Aztec Rest Service not populating cashback amount and folio indexes. |
| 340185 | EPOS Aztec > iZone Loyalty > Wrong credit card is charged if promotional footer with VoucherCampaignId on receipts is enabled |
| 318992 | EPOS Aztec > Terminal program does not get input from HID devices (card swipe or Dallas reader that is treated as a keyboard wedge) until touchscreen is pressed |
| 341766 | EPOS Aztec > Crash if large tip entered if promotional footer with VoucherCampaignId on receipts is enabled:-accountlistcallbackhandler.cpp, Line: 360 |
| 343314 | EPOS Aztec > Till crash if double clicking the Pizza Builder app button, action.cpp line 125 |
| 315947 | EPOS Aztec > Promotions > Quantitied Products shared across multiple Sale Groups in a Promotion with different pricing bands causes the Aztec EPoS Promotions Engine to calculate the promotion incorrectly across the account |
| 328257 | Installers > Aztec Prerequisites > 3.21.0 Release (3.21.0.49) Pre-Requisites installer fails to install Visual C++ 2015 Redistributables |
| 356497 | Error when reordering Promotion List grid |
| 375143 | Comms UpDn wrong for ac_User |
| 440729 | Customer unable to view the Recipe make up report due to a Primary Key error |
| 457651 | Retail Summary Report has total cost of sales difference between top and bottom of grid figures |
| 503944 | Theme Preview XML generation error - recurring issue |