Hotfix 1.9.12
Release Date: 27/10/2022
Key features
Private variables
Determine which custom variables of documents and fields are considered private.
A private variable is never sent to the frontend (eSignViewer) nor is it returned in REST APIs that provide details about the document.
All variable prefixed with # are considered private.
"variables" : [
{
"name":"my_var", (1)
"value": "<public information>"
},
{
"name":"#my_var", (2)
"value": "<sensitive information>"
}
]| 1 | Public variable |
| 2 | Private variable (prefixed with #) |
Support for Content-Security-Policy
Added support for browser CSP configurations, allowing to enforce rules such as:
-
Block opening eSign inside iframes of unknown domains (whitelist/blacklist domains)
-
Block javascript from unknown domains inside eSign
Added configuration property "server.filters.headers.csp" that can contain a list of CSP entries (empty by default)
Features
-
Owner information is now returned in the
/document/<id>/dataRest API -
[DevOps-23805] Added configuration properties to enable/disable logging filters ("server.filters.logging.enabled")
-
[DevOps-24018] Added configuration property to force the signature selection pop-up to appear even when only one option exists ("server.viewer.signmethods.modal.showalways")
-
[DevOps-28975] Added configuration property to determine which signature methods should NOT include a watermark ("signature.exclude.watermark")
Fixes
-
[DevOps-21669] Fields bookmark was not being opened automatically even when configuration "server.viewer.bookmark.autoopen" or variable "AUTO_OPEN_BOOKMARKS" were set to 'true'
-
[DevOps-25878] Rendering signatures in ill-formatted pdfs would leave the viewer permanently in a loading state
-
[DevOps-18018] eSign will now reject incorrect dates in the signDate field of the sign a document service
-
[DevOps-23837] Fixed a bug where updating the "security.local.users" would fail if said value was already deleted and updated once before
-
[DevOps-26672] Hidden sign methods configuration would hide the ones defined and returned by SignMethodAddin
-
[DevOps-27610] Fixed validation of license files when parsing dates in machines with different set locales/regions
-
[DevOps-24150] Increased OwnerIds size from 50 to 2000 to allow for larger owner user/role names
-
[DevOps-28837] Fixed the property "signature.include.watermark" so it would not place a watermark on non included signature methods
-
[DevOps-28299] Creating a contract with a text block would fail on linux systems when no font was specified (due to Arial font not existing on the system)
-
[DevOps-17811,17812,17813,17814,17597,17622,17627,18829,19748,19236,19235,19491,19548,17816,17818] Improved error messages and http codes for several services.
Important changes
Below are a list of breaking changes:
Changed default Font
To ensure compliance with linux-based setups (namely the official docker image), Helvetica is now default font instead of Arial.
This change may affect:
-
Textblocks added to a document using the eSign’s create API (when no font type is defined in the request)
-
Font used in signature details (eg: OTP, SMARTCARD, TFA, …)
If you wish to keep using Arial in the signature details, add the following property to your esign.config:
"signature.font" : "Arial"Signature watermark configurations
The default value of the property "signature.include.watermark" was changed to <NULL>, and property "signature.exclude.watermark" was added with value ["HANDWRITTEN", "TRANSCRIPTION"].
This means by default all signatures will contain a background watermark except for ["HANDWRITTEN", "TRANSCRIPTION"]. If this behavior does not fit your use-case, you will need to change the values of these properties.