acaptutorials · acaptutorials · Feb 16, 2025 · Feb 16, 2025
diff --git a/docs/pages/about.mdx b/docs/pages/about.mdx
@@ -13,3 +13,5 @@ This site offers a more organized and structured approach to documenting the sof
 <Callout>
 As of <u>July 2024</u>, **ACAP 2.0**, which includes new features and upgrades, is the latest version of ACAP and will be referred to simply as **"ACAP"** until further notice.
 </Callout>
+
+Check out the [ACAP Changelog](/changelog) page for information about the ACAP versions developed and released from 2022 to 2024.
diff --git a/docs/pages/announcements.mdx b/docs/pages/announcements.mdx
@@ -5,7 +5,7 @@ import { Cards, Image } from 'nextra/components'
 <br />
 
 <Cards num={1}>
-  <Cards.Card arrow title="Firebase Storage Pricing Updates" href="/announcements/firebase-storage-2024">
+  <Cards.Card arrow title="Firebase Storage Pricing Updates 2024" href="/announcements/firebase-storage-2024">
     <>![Documentation theme](/assets/docs-theme.png)</>
   </Cards.Card>
 </Cards>
diff --git a/docs/pages/announcements/firebase-storage-2024.mdx b/docs/pages/announcements/firebase-storage-2024.mdx
@@ -134,16 +134,20 @@ _All Firebase components service usage (including those not used by ACAP) will o
 <div id="security-considerations" />
 <FAQBox title="Are there security considerations that I should be aware of?" color="text-red-700 dark:nx-text-red-200">
 
-Yes. <u>Some of the latest core deliverables</u> implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security considerations**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which followed a more rigid [security](/security) model that adhered to best practices in web development security. The security changes in **version 2.0** resulted in a **measured reduction in coverage compared to version 1.0, <u>based on established criteria.</u>**
+Yes. <u>Some of the latest core deliverables</u> implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security considerations**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which followed a more rigid [security model](/security) that adhered to best practices in web development security. The security changes in **version 2.0** resulted in a **measured reduction in coverage compared to version 1.0, <u>based on established criteria.</u>** (see table below)
 
 <Callout>
 > With **ACAP 2.0+**, core development transitioned to a <u><b>new lead programmer</b></u> who <u>made changes to improve development speed</u>. As part of this effort, they introduced a <u>more flexible Firestore database setup</u>, which streamlined workflows. While these adjustments optimized workflows, they also <u><b>altered security rules, introducing new considerations that require further refinements</b></u> to align with [best practices](/security).
 >
-> The <u><b>lead programmer</b></u> is aware of these trade-offs, and <u>since they made these changes, they remain the best point of contact for security updates and fixes.</u>
+> The <u><b>lead programmer</b></u> is aware of these trade-offs, and <u>since the lead programmer made these changes, they remain the best point of contact for security updates and fixes.</u>
 >
 > For more details on these changes, refer to this GitHub [issue](https://github.com/amia-cis/acap-v2/issues/57) in the parent **acap-v2** repository, which provides a summary of the <b>lead programmer's</b> <u>upcoming fixes and improvements.</u>
 </Callout>
 
+##### ACAP Security Criteria
+
+This table shows the overall security criteria ensured and accounted for by ACAP's best practices in its recommended [security guidelines](/security).
+
 | Criteria | Purpose | ACAP [1.0](/changelog/#version-1-acap-10) | ACAP [2.0](/changelog/#version-2-acap-20) |
 | --- | --- | :---: | :---: |
 | User authentication | Authorized, allowed, and predictable operations access to resources | ✅ | ✅ |

diff --git a/docs/pages/security.mdx b/docs/pages/security.mdx
@@ -47,7 +47,7 @@ ACAP's [Firestore Security Rules](https://firebase.google.com/docs/firestore/sec
 ```
 
 <Callout type="warning">
-[ACAP 2.0](/changelog/#version-2-acap-20) allowed users to <u>edit crop recommendations, a new feature</u> introduced in **version 2.0** through <u>weak Firestore Security Rules</u>, making it vulnerable to **Cross-Site Scripting (XSS)**. This lets **unauthorized clients** (e.g., Postman) <u><i>modify WYSIWYG-form data without protection</i></u> if accessed from the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Allowing these in the Firestore Security Rules contradicts the best practices outlined in the [Database](#database) section.
+[ACAP 2.0](/changelog/#version-2-acap-20) allowed users to <u>edit crop recommendations, a new feature</u> introduced in **version 2.0** through <u>weak Firestore Security Rules</u>, making it vulnerable to **Cross-Site Scripting (XSS)**. This lets **unauthorized clients** (e.g., Postman) <u><i>modify WYSIWYG-form data without protection</i></u> if accessed from the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Allowing these in the Firestore Security Rules contradicts the best practices outlined in the [Database](#database) section, which advocates for data mutation with thorough <u>data validation</u> in the **Node backend**.
 
 For more details, refer to GitHub Issues in the parent **acap-v2 repository** ([[1]](https://github.com/amia-cis/acap-v2/issues/34), [[2]](https://github.com/amia-cis/acap-v2/issues/57)) or check the **Firebase Storage Announcements 2024** under the [Are there security concerns I should be aware of?](/announcements/firebase-storage-2024#security-considerations) section for information and reference.
 </Callout>
@@ -91,6 +91,14 @@ ACAP's [Firebase Storage Security Rules](https://firebase.google.com/docs/storag
    These Security requirements carry over and apply to **ACAP 2.0**, even if the Software documents were written for **ACAP 1.0**. Since no new Software documents are available for the updates made in ACAP 2.0, you may <u>consult the new lead programmer</u> responsible for implementing ACAP 2.0 <u>about detailed upgrades specifics made to the system</u>.
    </Callout>
 
+## Node Package Libraries (NPM)
+
+ACAP, a web application built with Firebase, Express, React/Next.js, and Node.js, relies on open-source development libraries from the **Node Package Manager (NPM)** for its **client** and **server** applications.
+
+Since ACAP's initial development in 2022, many of these libraries may have become outdated as newer versions are released.
+
+Developers maintaining ACAP are encouraged to <u>monitor and update these dependencies as needed</u> to benefit from performance improvements, security patches, and new features, possibly requiring using <u>newer Node versions</u>.
+
 ## Related
 
 - [Server Notes](/directories/server)