Release Request

.github/ISSUE_TEMPLATE/bug_report.md

@@ -8,7 +8,7 @@ assignees: ''
 ---
 
 **Describe the bug**
-A clear and concise description of what the bug is.
+__Always use an Incognito / Private browser__ and then give a clear and concise description of what the bug is. 
 
 **To Reproduce**
 Steps to reproduce the behavior:
@@ -25,14 +25,13 @@ If applicable, add screenshots to help explain your problem.
 
 **Desktop (please complete the following information):**
  - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
+ - Browser  & version [e.g. Safari v89.17, Chrome v123.456]
 
 **Smartphone (please complete the following information):**
  - Device: [e.g. iPhone6]
  - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
+ - Browser  & version [e.g. stock browser, Safari v89.17, Chrome v123.456]
+ - Canvas App & version [Staff v75, Student v23.15]
 
 **Additional context**
 Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -8,7 +8,7 @@ assignees: ''
 ---
 
 **Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+A clear and concise description of what the problem is. For example, I'm always frustrated when [...]
 
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.

CODE_OF_CONDUCT.md

@@ -0,0 +1,33 @@
+# Code of Conduct
+
+To make this a positive environment:
+
+- Be respectful and considerate in language and actions
+- Welcome differing viewpoints and experiences
+- Give and accept constructive feedback
+- Focus on what is best for the community
+- Show empathy towards others, you don't have to be an expert to join in
+- Respect privacy
+
+Do not:
+
+- Harass, discriminate, troll, insult or undertake any other kind of inappropriate or unprofessional behaviour
+
+The above applies within all project spaces: PRs, discussions, issues etc.
+
+Maintainers have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned to
+this Code of Conduct.
+
+Any unacceptable behaviour should be reported to the maintainers; the privacy and security of the reporter
+will be upheld. Maintainers may take any action they deem appropriate.
+
+---
+
+
+
+## Attribution
+
+This Code of Conduct is adapted from the
+[Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1.

CONTRIBUTING.md

@@ -0,0 +1,107 @@
+# Contributing
+
+Thanks for your interest, we welcome bug reports, improvements, and suggestions for enhancement.
+
+Please take a moment to read this guide before opening an issue or pull request.
+
+---
+
+## Ways to Contribute
+
+You can help by:
+- Reporting bugs
+- Suggesting enhancements
+- Improving documentation
+- Submitting code changes
+
+
+---
+
+## Before You Start
+
+- Check existing **issues** and **pull requests** to avoid duplicates
+- Make sure your idea aligns with the project’s goals
+- Be respectful and constructive (see `CODE_OF_CONDUCT.md`)
+
+---
+
+## Reporting Bugs
+
+When reporting a bug, please include:
+- What you expected to happen
+- What actually happened
+- Steps to reproduce
+- Relevant logs, screenshots, or error messages
+- Environment details (OS, version, etc.)
+
+Clear reports help us fix issues faster.
+
+---
+
+## Suggesting Enhancements
+
+Enhancement suggestions are welcome. Please:
+- Explain the problem you’re trying to solve
+- Describe the proposed solution
+- Note any alternatives you’ve considered
+- If possible, include a mock-up of your proposal
+
+We cannot promise to do anything but are very interested in good ideas.
+
+---
+
+## Pull Requests
+
+### General Guidelines
+- Keep changes **focused and minimal**
+- Follow existing coding style and conventions
+- Write clear, descriptive commit messages
+- Update documentation where relevant
+- Add or update tests if applicable
+
+### Process
+1. Fork the repository
+2. Create a branch from the default branch
+3. Make your changes
+4. Ensure the project builds/tests successfully
+5. Open a pull request with a clear description
+
+---
+
+## Review Process
+
+- Use Copilot (or equivalent) to generate an initial review - address any sensible issues that are raised
+- Maintainers will review pull requests as time allows
+- Feedback may be requested before merging
+- Pull requests may be declined if they:
+  - Are out of scope
+  - Add unnecessary complexity
+  - Conflict with the project’s direction
+
+Please be patient, sometimes we have higher priorities which take precedence.
+
+---
+
+## Code Style & Quality
+
+- Match the existing code style
+- Avoid unrelated refactors
+- Prefer clarity over cleverness - add comments where appropriate
+- Keep dependencies minimal - check licensing
+
+---
+
+## Licensing
+
+By contributing to this project, you agree that your contributions will be licensed
+under the same license as the project.
+
+---
+
+## Getting Help
+
+If you have questions:
+- Open a discussion (if enabled)
+- Open an issue with a clear description
+
+Thanks again for contributing — your help is appreciated!

SECURITY.md

@@ -0,0 +1,76 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of this project are currently supported with security updates:
+
+| Version | Supported |
+|--------|-----------|
+| main / release | ✅ |
+| older versions | ❌ |
+
+If you are using an unsupported version, please upgrade before reporting issues.
+
+---
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability, **please do not open a public issue**.
+
+Instead, report it privately using one of the following methods:
+
+### Option 1: GitHub Security Advisories (preferred)
+- Go to the **Security** tab of this repository
+- Click **Report a vulnerability**
+- Fill in the details
+
+### Option 2: Email
+- Email: canvas@it.ox.ac.uk
+- Please include:
+  - A description of the vulnerability
+  - Steps to reproduce
+  - Potential impact
+  - Any relevant logs, screenshots, or proof-of-concept code
+
+---
+
+## What to Expect
+
+After you report a vulnerability:
+
+- We will acknowledge receipt as soon as possible
+- We will investigate and assess the issue
+- We may request additional information
+- We will work on a fix and coordinate a responsible disclosure
+
+We ask that you give us reasonable time to address the issue before making any public disclosure.
+
+---
+
+## Disclosure Policy
+
+We follow a **responsible disclosure** process:
+
+- Security issues will be fixed as quickly as reasonably possible
+- A public advisory will be published once a fix is available
+- Credit will be given to reporters where appropriate (unless anonymity is requested)
+
+---
+
+## Scope
+
+This security policy applies to:
+- This repository’s source code
+- Official releases and artefacts
+
+Out of scope:
+- Issues caused by unsupported versions
+- Third-party dependencies (please report these to the relevant upstream project)
+- Misconfiguration by end users
+
+---
+
+## Thanks
+
+We appreciate the efforts of security researchers and users who help keep this
+project and its users safe.

aws/rds.yaml

@@ -152,6 +152,10 @@ Resources:
         log_output: "FILE"
         long_query_time: "5"
         slow_query_log: "1"
+        # 16MB. This is a reduction from the RDS default, which seems tuned for larger instances.
+        innodb_log_buffer_size: "16777216"
+        # 96MB. Shave a little off the default of 128MB to free some memory.
+        innodb_buffer_pool_size: "100663296"
 
   #dbOptionGroup:
   #  Type: "AWS::RDS::OptionGroup"