With the recent upgrade to version 6.6.0 (63814/e6f49d562d), transaction data for Fidelity Cash Management accounts (synced via Mastercard Data Connect [a/k/a Finicity]) is now misaligned in the main transaction table. Specifically:
- Some rows display the Payee in the Category column.
- Other rows display a pricing statement (e.g., "12.34 SPAXX shares @ 1 .0000") in the Category column.
- Clicking “Edit Transaction” shows all fields correctly, indicating that the underlying data is correct, but the table display is corrupted.
Real-life example, with erroneous cells in bold:
Date | Payee | Category | Amount |
|---|
[date for row 1] | (blank) | [payee for row 1] | [amount for row 1] |
[date for row 2] | "SPAXX" | "12.34 SPAXX shares @ 1.0000" | [amount for row 2] |
[date for row 3] | (blank) | [payee for row 3] | [amount for row 3] |
[date for row 4] | [payee for row 4] | [category for row 4] | [amount for row 4] |
[date for row 5] | [payee for row 5] | [category for row 5] | [amount for row 5] |
[date for row 6] | (blank) | [payee for row 6] | [amount for row 6] |
Suspected cause:
- It appears that, in preparing the data for display, a delimiter present in the incoming data stream from Mastercard/Fidelity is not properly escaped or parsed. This may be causing column misalignment in the transaction table.
- Notably, the underlying data appears to be intact, as editing any transaction brings up the appropriate data in the appropriate fields. It is only the display of the table (and the formatting of exported CSV data) that are broken.
Impact:
- The transaction table becomes unreadable for Fidelity Cash Management accounts.
- Based on the suspected cause, this may also represent a security vulnerability, as specially crafted input data could be misinterpreted by the parser, which in other contexts might allow injection of executable code.