Release 1.1.0
Release Date: 22/09/2023
eSign Portal may require additional licensing |
Key features
Time Partitioning
Enhance your data analytics experience by effortlessly organizing information in time frames. With 'Time Partitioning', you have the flexibility to group your analytical data by year, month, day, or even hour.
This feature empowers you to gain valuable insights, make informed decisions, and harness the potential of time-based analysis.
Widget Fullscreen Mode
Every widget can now effortlessly transition to fullscreen mode. This enhancement significantly improves the readability and simplifies navigation through your analytics data. Enjoy a more immersive and user-friendly experience as you explore your insights.
Click on the 'settings' button of a widget and select 'Expand widget':
The widget will than be expanded to fullscreen mode:
Some widgets even change the way data is presented in fullscreen to include additional information.
Document Types
Introduced the capability to easily filter your analytics information by document type. This feature provides you with precise control over your data, allowing you to focus on the insights that matter most to you.
Streamline your analytics experience and gain deeper insights about each type of document signed in eSign.
Support for SSO Authentication
Now, you can effortlessly log in to the eSign Portal using your organization’s credentials.
eSign Portal introduces integration with SAML2.0 specification, boosting security.
See how to configure here.
Show Cumulative Usage
You can now track your cumulative usage of submitted documents per month, providing you with valuable insights into the growth of your eSign usage.
Gain a clearer understanding of your business evolution and make informed decisions as you monitor your submitted documents over time.
Features
-
Added time range limits to protect against large data sets.
-
Introduced default filter of 'current year' in the dashboard.
-
Added pagination of data inside widgets when the number of entries exceed the available widget side.
-
Improved tooltips to present more detail about the information being hovered.
-
Lookup analytics for specific document types with autocomplete.
Security Vulnerabilities
Known vulnerabilities
Dependency | Severity | Vulnerability | Description |
---|---|---|---|
snakeyaml.jar |
CRITICAL |
CVE-2022-1471 |
SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. |
okio-2.8.0.jar, okio-jvm-3.2.0.jar |
HIGH |
CVE-2023-3635 |
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. |
Whitelisted vulnerabilities
Dependency | Vulnerability | Description |
---|---|---|
h2 |
CVE-2022-45868 |
These vulnerabilities only affect H2 databases, which are intended for demo purposes only and should not be used in production environments |
jackson-databind |
CVE-2023-35116 |
"The vendor’s perspective is that the product is not intended for use with untrusted input." |
jetty-http |
CVE-2023-40167 |
At the date of the release the provider had not provided any fix for the vulnerability. |
spring-web |
CVE-2016-1000027 |
Spring dismissed this CVE: "The vendor’s position is that untrusted data is not an intended use case. The product’s behavior will not be changed because some users rely on deserialization of trusted data." |