Smartstaff, administrator
3,321
edits
Changes
→Updated TLS to Enforce 1.2 for Added Security
==Overview==
Watch this video to get a general overview of the new features in this release. {{#ev:youtube|bABdVKpzxHg}} ''Video summary coming soonTo watch this video in full screen, please click on the '''full screen''' button on the bottom right.''
==Global System Upgrades==
====Enforcing Deny Permissions for Portal Pages on Common Role====
Changed the behavior of the '''Deny Access''' permission setting for pages on the '''Common''' portal. This setting will now deny access to the portal page for any roles selected. Previously, the '''Deny Access''' permission hid the link from view in the main header menu but the page was still accessible via a portal shortcut. If you want to hide a portal page but still allow people to access the portal page via a shortcut, toggle off '''Display As Header Link'''. To see the affected setting go to '''Global Settings''' > '''Users''' tab > '''Portals''' > '''Common''' > Edit a '''Portal Page''' > '''Permissions''' tab.
[[File:2022-11-ticket-142111-1.png|thumb|none|800px|The '''<strong>Deny Access''' </strong> permission settings will be enforced on the common role.]]
[[File:2022-11-ticket-142111-2.png|thumb|none|800px|The setting that controls visibility of portal pages in the header.]]
<!-- 142111 - Still access portal sections using link if role based permissions applied -->
====Enhanced Multi-Factor Authentication====
Moved multi-factor authentication (MFA) settings from the user roles to '''Global Settings''' > '''Security''' tab > '''Password and Activation Policies'''. In this new location, you can enable MFA and assign MFA options to some or all roles from a single central location. Additionally, there is also a new toggle called '''Enable Trusted Device'''. If you enable trusted devices, you can set the time period in which a person who has authenticated into the system can bypass entering the MFA verification code. To learn more on MFA setup, read [[Multi-Factor Authentication|our article on multi-factor authentication]]. '''Note''': in an effort to enhance everyone’s security we will by default enable multifactor authentication for all roles in 2023.
<!-- Ticket ID139210 - MFA remember my computer (trusted device) functionality. -->
[[File:2022-11-ticket-139210-1.png|thumb|none|800px|Multi-factor authentication (MFA) settings have moved and are defined globally instead of on the role.]]
Added system filters to the basic search '''Filter''' drop down. Previously, system filters were only visible when '''Advanced Search''' was toggled on. We also added the ability to set system filters as configuration only. Setting a system filter as configuration only will hide the system filter from the '''Filter''' drop down on the search for end users, but still allow system administrators to select the system filter while configuring their system. Additionally, if you have permission to edit a system filter, you will also see an edit button beside the filter name in the dropdown.
<!-- 133656 - List views and filter improvements (include system filters in basic search) -->
[[File:2022-11-ticket-133656-1.png|thumb|none|800px|'''<strong>System Filters''' </strong> will now appear in the basic search drop down.]][[File:2022-11-ticket-133656-2.png|thumb|none|800px|'''<strong>System Filters''' </strong> can be flagged as configuration only and then they will not show up in the basic search drop down.]]
===Minor Updates===
====Added Ability to Specify a Role as External Only====
Added the ability to tag a role as exclusively external in order to prevent that role from being assigned to internal users. Specifically, the '''Internal User Role Only''' toggle has been replaced with a dropdown called '''Availability RestrictionAvailable to'''. This new setting can be used to specify if a role should restrict roles so they can only be only given to an internal or an external userusers. To see this setting, go to '''Global Settings''' > '''Users''' tab > '''Roles''' > Edit a '''Role'''.
<!-- 125839 - Enhancement Request: 'External Role Only' option on roles External -->
[[File:2022-11-ticket-125839-1.png|thumb|none|800px|Setting to restrict roles so they can only be given to internal or external users.]]
====Added Ability to Create Folders from Autoloader/Scheduled Report Settings Pages====
Added ability to add a new Smart/Configuration folder directly from the autoloader and scheduled report settings pages if the user has permission. Previously, if the desired folder was not yet created, users would have to go to the '''SmartFolders''' to create a folder and then return to the settings page in order to select the newly created folder. To see the new '''Create Folder''' button, in the Autoloader, go to '''Autoloaders''' > Edit an autoloader > '''General''' tab. The new button appears beside the '''Processing Folder''' input.
<!-- 133982 - Autoloader improvements (folder picker) -->
<!-- 127215 - Group Email Recipients -->
[[File:2022-11-ticket-127215-1.png|thumb|none|800px|Primary Contact option now surfaced on UTA Group Emails.]]
====Added Ability to Lookup Email Templates in Group Emails====
Added ability to lookup email templates for group emails. Previously, you could select email templates using a drop down but now you can also search for email templates in the dropdown which is helpful if you have many templates. To see this feature, go to '''UTA''' > Select desired records > Click '''Group Email''' > Select users and click '''Next''' > Click the '''Template''' field to see a new lookup field. This feature is also available for group emails sent from the record contacts page.
<!-- 138069 - Enhancement - Improve Template Selection in the New Email/Message Centre -->
[[File:2022-11-ticket-000-1.png|thumb|none|800px|When creating a group email, type to filter available email templates making it easier to find that desired email template.]]
====Added Invitation Details Button====
<!-- 134367 - Default/Custom page layout option for web page view fields -->
[[File:2022-11-ticket-134367-1.png|thumb|none|800px|New web page view option to always have the latest and greatest template or choose custom to see and modify the template.]]
====Added Tab for for Failed E-Signatures to Queue====
====Added New Button Color Classes====
Added a new setting for save, submit and delete buttons which gives you the ability to adjust the visual priority of buttons. Buttons can now be color-coded using predefined styles. For example, you could make all continuation actions green while negative actions red. A neutral color could be used for secondary buttons. To configure default, save and delete buttons go to '''Global Settings''' > '''Branding''' tab > '''Colors and Styles'''. To configure custom save and submit buttons go to the desired '''UTA''', '''Organization''',''' User''', or '''Transaction''' tab and click the '''Submit and Save Buttons''' link.
<u>'''Note:'''</u> Button colors will not apply to configuration pages. After applying button colors, it is recommended that you log out and clear your browser cache to see changes.
<!-- 127822 - Capability to change button colors -->
[[File:2022-11-ticket-127822-1.png|thumb|none|800px|Adjust the visual priority of buttons with color classes.]]
====Updated Report Builder Support====
Updated '''Report Builder''' to support <code>SS_FUNC.ADDBUSDAYS</code>, <code>SS_FUNC.COUNTBUSDAYS</code>, <code>SS_FUNC.COUNTWEEKDAYS</code> functions functions to assist with complex date calculations.
<!-- 141877 - MySQL Function Support -->
====Updated TLS to Enforce 1.2 for Added Security====
Updated "Transport Layer Security (TLS)" references to enforce version 1.2 for improved security. TLS 1.0 and 1.1 are no longer supported.
<!-- 140404 - HP Fortify - Insecure Transport: Weak SSL Protocol -->
====Invalid Characters in E-signature File Names Replaced with Underscores====
Invalid characters for e-signature file names will be replaced with underscores to ensure the signing process completes successfully.
<!-- 142043 - Signed Contract Not Received from Adobe -->
==Service Packs==
===February 23th 2023 (202302.03)===
====Fixes====
* Fixed memory issue for the service process manager (Gort Automation).
<!-- 146147 - Gort locked on image compressing task -->
===February 16th 2023 (202302.02)===
====Fixes====
* Fixed an issue with''' Advanced Data Tables''' where cells were not populating on initial load under some circumstances.
<!-- 141737 - ADT not show information in calculated columns-->
* Fixed an issue where changing a user to a''' Global Administrator''' was not retained.
<!-- 145408 - Global Admin toggle not sticking on internal contact -->
* Fixed an issue with the '''Text Box – Date and Time''' custom field where the time was not rounding correctly when the time was converted to another time zone.
<!-- 145622 - DateTime field incrementing by 30minutes on save -->
====Other Changes====
* Updated missing Spanish translations for group emails and the password activation page.
<!-- 145670 - The generate password page is not translated -->
<!-- 145286 - Group Email window header translation -->
===February 9th 2023 (202302.01)===
====Fixes====
* Fixed an issue with the delete permissions on the duplicate check user/organization page so users with permission are able to delete an organization/user while merging.
<!-- 144732 - Security issue with org deletion -->
* Fixed an issue with the processing of negative numbers for Norwegian krone (NOR) and Swedish krona (SEK) currency where the negative indicator on the currency value was stripped.
<!-- 145047 - Issue with negative numbers in the system -->
* Fixed an issue with comparing dates for autoloader file processing.
<!-- 144908 - Autoloader appears stuck. Status is 'running 2023-01-12 12:25:04' -->
* Fixed an issue with how the''' Forgot Password''' screen was rendering on mobile devices.
<!-- 144106 - Forget Password Link - Android and Apple Mobile Browsers -->
* Fixed an issue with the '''Message Center''' where a file could not be removed from a selected template if it contained a single quote ( ' )in the filename.
<!-- 138660 - Cant remove file with Message Centre if it has single quote in the name -->
====Other Changes====
* Updated the user’s personal settings to no longer display the time-based one-time password (TOTP) key and QR code that was associated with multi-factor authentication (MFA). This was hidden to enhance security. The '''TOTP Secret Key''' and '''TOTP QR Code''' are now only visible when you first set up TOTP. You can generate a new secret key and QR code by going to the desired user profile record and clicking '''Actions''' >''' Edit roles and access''' > '''Reset TOTP'''.
* Updated the''' Web Page View''' field to have a toggle for SmartFields. By enabling the SmartFields template, the HTML and CSS used to create a PDF of the fields on this record will be automatically generated. This is recommended over adding the SmartField template manually as you will not be required to update existing templates in the future.
<!-- 145592 - Web page view, don’t hide template by default -->
<!-- 121945 - Update two-factor process -->
* Updated email behavior on backup servers to allow the sending of multi-factor authentication (MFA) verification codes as well as password resets. Other emails on backup servers will not be sent.
<!-- 140928 - securing all email sending functions in the system on backup environments (MFA) -->
* Enhanced system security by adding additional checks and blocking uploads of files with certain extensions.
<!-- 144430 - SmartFolders - File upload security and general issues -->
* Updated missing translation country names for Danish, Spanish, and Catalan.
<!-- 143763 - Country options not displaying as user's language -->
* Updated cookie policy to reflect the new cookie used to support trusted devices when multi-factor authentication (MFA) is enabled.
<!-- 143518 - Update to cookie policy page to reflect fact we no longer just have session-based cookie -->
* Deprecated the '''RSA Disconnected Token''' option from the multi-factor authentication (MFA) dropdown on user roles.
<!-- 139685 - Deprecate the RSA disconnected token option for MFA -->
===January 19th 2023 (202301.02)===
====Fixes====
* Fixed an issue with the query for finding custom field ID from the custom field name to improve the speed of validation using SmartCheck.
<!-- 145040 - SmartCheck Validation Slowness -->
* Fixed an error in the '''Archive Scheduler'''.
<!-- 141637 - Archive not placing files on our SFTP -->
===January 12th 2023 (202301.01)===
====Fixes====
* Fixed an issue where reports that were not set to be publicly accessible were able to open web page views externally. After this release if you want a web page view to be publicly available via a report you must set the report to be internet enabled and then go to the web page view custom field and allow public access.
<!-- 144055 - Searching on Bing returns results that should not be publicly accessible -->
* Fixed an issue with displaying the '''Lookup - Autocomplete Options''' field in a list view where only the first of multiple selected options were visible.
<!-- 117079 - Lookup - Autocomplete field not showing all data in list view
-->
* Fixed an issue with duplicate SmartCheck validation messages displaying under a file upload field.
<!-- 140019 - Double Validation Message Appearing in Application
-->
* Fixed an issue with the group email wizard where the''' From''' address and attachments were not preserved if the user clicked the '''Preview''' button and then clicked the '''Back''' button.
<!-- 141725 - Group email from address reverted if you click preview, then back
-->
* Fixed an issue with the download files feature where the generated file was empty if the field was stored to another field.
<!-- 143499 - Download files feature generating empty zip files
-->
* Fixed an issue with the aspect ratio of thumbnails in the '''Media Library''' at lower resolutions.
<!-- 142550 - Media Library Images Aspect Ratio Issue in MS Edge on Mac OS -->
<!-- 142703 - QA Issue: Issues with media files being unplayabale -->
* Fixed an issue with charts where the x-axis was displaying the store value instead of the display value.
<!-- 142666 - Bug on Charts? Showing dropdown 'code/number' instead of 'option text' -->
====Other Changes====
* Updated multi-factor authentication to be more secure and easier to set up. Roles using the time-based one-time password (TOTP) will now automatically be brought to a new instruction screen after being activated. Resetting a user's TOTP MFA must now be done by going to the desired users profile and selecting''' Actions''' > '''Edit roles and access''' > '''Reset TOTP'''. There is also a new permission on roles called '''Roles this role can reset TOTP for'''. This new permission is used to specify which roles can reset a user's TOTP.
<!-- 143115 - MFA Email/Text Code allowed attempts and Lockout Duration -->
* Updated autoloader behavior where when new users and organizations are created via the autoloader, no country will be set if no default country is specified. Previously new users or organizations would be given the country value of Canada if no default value was set.
<!-- 143525 - Users created with wrong country -->
* Added a new option to set which fields should be refreshed upon changes to a record in a linked record list. To see this new setting, edit a '''Special - Linked Record List''' custom field and the setting is called '''Refresh On Update'''.
<!-- 130352 - L1 form doesn't refresh when changes are made to a L2 in a modal window -->
<!-- Implemented various measures. -->
<!-- 142337 - Netcraft pen test 202208 section 7 -->
<!-- 143863 - NOV2022 - Burpsuite Security Scan results -->
<!-- 144428 - Security Vulnerability - Cross Site Scripting -->
<!-- 144124 - The Home Depot Foundation - Synack Vulnerability - IDOR to edit+delete any status -->
<!-- 143534 - Add option to 'Link Device' on TOTP MFA code screen -->
* Updated labels for '''System Visibility Permissions''' found on the '''People''' tab which are related to hiding items in the '''User Menu'''. Specifically, the labels for items found under the '''Manage''' heading in the user menu have changed (Profile, Password, Personal Settings, Roles and Access, Filters, and Resource).
<!-- 141534 - Not sure Personal Settings - Menu Access is working as expected -->
* Updated some elements used in portal configuration for improved UX. Specifically, the portal page content type is now surfaced in the '''Portal Page''' list view and the content type called '''Single Page''' has been renamed''' Direct Link'''.
<!-- 113759 - UX and behaviour problems with portal config -->
* Updated the look of aggregate shortcuts to automatically reduce the size of text to accommodate up to 14 characters on desktop resolutions.
<!-- 124202 - aggregate shortcuts with big numbers -->
* Updated '''Report Builder Help''' to include functions used with business day calculations. Specifically, SS_FUNC.ADDBUSDAYS, SS_FUNC.COUNTBUSDAYS, and SS_FUNC.COUNTWEEKDAYS which are found under the platform options tab in the help.
<!-- 143021 - Adding ss_func syntax to report builder help -->
* Updated T2P tool by removing the email broadcast table. Email broadcasts created on a dev environment will no longer be promoted to production environments.
<!-- 143602 - T2P Tool update for email broadcast table -->
* Deprecated the SmartSimple mobile app.
<!-- 140599 - Deprecate the mobile app -->
===December 1st 2022 (202211.03)===
====Fixes====
* Fixed an issue with records opening in a modal window rather than a full window in a portal.
<!-- 143441 - Issue when opening applications from portal -->
* Fixed an issue where workflow tasks were not adding new roles to users because certain permissions were not found.
<!-- 143604 - Update Role WF Task not adding role to users -->
===November 24th 2022 (202211.02)===
====Fixes====
* Fixed an issue with line breaks in autoloader files not working when encapsulated in double quotes.
<!-- 143244 - Line Breaks in Autoloader file not working with double quotes -->
* Fixed an issue with the '''Start Date''' and '''End Date''' fields when using '''Quick Edit''' on '''Transactions'''. This affected users that had a different timezone than the server.
<!-- 131006 - Stamping of date issue when changed through Quick Edit button on Publication tab -->
====Other Changes====
* Updates to Danish and Portuguese translations.
<!-- 143586 - November translations for Danish and Portuguese -->