v1.3.3-alpha.1

docs/pages/announcements/firebase-storage-2024.mdx

@@ -137,7 +137,9 @@ _All Firebase components service usage (including those not used by ACAP) will o
 Yes. <u>Some of the latest core deliverables</u> implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security flaws**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which had strictly followed [security guidelines](/security) and adhered to best practices in web development security, effectively preventing these issues. Based on the following criteria, the new security flaws introduced in version 2.0 resulted in a **60% reduction in the established security from version 1.0**.
 
 <Callout>
-> "With ACAP 2.0+, the <u><b>new main code Maintainer</b></u> introduced a more flexible Firestore database approach to speed up development. While this improved iteration speed, it also loosened security rules, introducing concerns not present in version 1.0. <u><b>The same Maintainer</b></u> is aware of these trade-offs and is the <u>best point of contact for security improvements</u>, as they have the <u>most insight into the changes and potential fixes</u>".
+> With ACAP 2.0+, a <u><b>new code maintainer and lead programmer</b></u> took over core development. You can check the [ACAP repository](https://github.com/acap-bicol/acap-bicol-v2/issues/52) for more details.
+>
+> To speed up development, they introduced a more flexible Firestore database setup. However, this also loosened security rules, raising concerns not present in version 1.0. The <u><b>same lead programmer</b></u> is aware of the trade-offs, and <u>since they made these changes, they’re the best person to contact for security updates and fixes.</u>
 </Callout>
 
 | Criteria | Purpose | ACAP [1.0](/changelog/#version-1-acap-10) | ACAP [2.0](/changelog/#version-2-acap-20) |

docs/pages/changelog.mdx

@@ -62,7 +62,7 @@ Version 2.0 and later versions may have new requirements that will thrive on new
 
 <FAQBoxError title="💀 Version 2.0 - 2.1 Security Technical Debts">
 <div id="acap-2-security-debts" />
-1. **Flexible Firestore Database Use:** Version 2.0+ adopted a more flexible approach for handling data management, facilitating faster feature development by performing _<u>WRITE operations to the database directly from the web front end</u>_ coupled with more _<u>lenient Firestore database Rules</u>_. However, this shift also introduced the potential for data to enter the database without the usual front-end controls through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). While this was not an issue in Version 1.0, it emerged as part of the effort to enhance development speed and feature delivery starting with Version 2.0.
+1. **Flexible Firestore Database Use:** Version 2.0+ adopted a more flexible approach for handling data management, facilitating faster feature development by performing _<u>WRITE operations to the database directly from the web front end</u>_ coupled with more _<u>lenient Firestore database Rules</u>_. However, this shift also introduced the potential for data to enter the database without the usual front-end controls through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). While this was <u><b><i>not an issue in Version 1.0</i></b></u>, it emerged as part of the effort to enhance development speed and feature delivery starting with Version 2.0.
 2. **Cross-Site Scripting (XSS) Vulnerability in Crop Recommendations:** Related to item 1, the new process for editing WYSIWYG HTML-form crop recommendations input may allow unsafe or inaccurate content due to limited validation through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Risks associated with this were recognized early in the process, but the focus on delivering core features led to a delay in integrating security measures.
    <AnchorModal
      anchorText="XSS Vulnerability Awareness in ACAP 2.0"
@@ -74,7 +74,7 @@ Version 2.0 and later versions may have new requirements that will thrive on new
 3. **Crop recommendations data integrity:** Ensuring that data presentations in PDF bulletins remain unaltered, trustworthy, and accurate is crucial for users and future developers. This priority stems from the concerns identified in items 1 and 2.
 4. **Firestore database pollution:** Also related to item 1, the new **"Support Services"** data with insufficient validation, if pushed through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/), can potentially allow writing unlimited key-value pairs with unlimited text or Object content length in Firestore Documents or creating Collections/Documents recursively outside the developer's intended schema or structure. If left unchecked, this can speed up the consumption of the Firebase standard plan quota (or drive up the billing if subscribed to the Firebase Blaze plan) in the long run.
 
-> These issues, raised during the early 2.0 development phase (June 2024), have been communicated to the new main ACAP code Maintainer, who is also the new primary developer/programmer leading the creation and enhancement of new features for Version 2.0. The new code Maintainer has made thoughtful decisions for balancing development speed with feature delivery, reflecting their understanding of the project's scope and the perceived security needs. They are open to addressing these issues as time and priorities allow within the ACAP project timeline.
+> These issues, raised during the early 2.0 development phase (June 2024), have been communicated to the new main ACAP code Maintainer, who is also the [new primary developer/programmer](https://github.com/acap-bicol/acap-bicol-v2/issues/52) leading the creation and enhancement of new features for Version 2.0. The new code Maintainer has made thoughtful decisions for balancing development speed with feature delivery, reflecting their understanding of the project's scope and the perceived security needs. They are open to addressing these issues as time and priorities allow within the ACAP project timeline.
 
 **Related topic:** [Security Concerns](/announcements/firebase-storage-2024#security-considerations)
 </FAQBoxError>