Fabasoft eGov-Suite 2023 September Release (23.9.0)Permanent link for this heading

Build 23.9.0.280.27 (September 5, 2024)Permanent link for this heading

eGov16804

The XSS vulnerability via the name of an object when creating a process can no longer be exploited

Build 23.9.0.280.26 (July 29, 2024)Permanent link for this heading

eGov16750

An XSS attack via the name of a redaction is no longer possible

Build 23.9.0.273.24-25Permanent link for this heading

Internal builds

Build 23.9.0.273.23 (June 11, 2024)Permanent link for this heading

eGov16581

The vulnerability CVE-2024-4367 in PDF.js can no longer be exploited

eGov16395

Fixing annotations for rotated PDFs now works correctly again

Build 23.9.0.273.22Permanent link for this heading

Internal build

Build 23.9.0.273.21 (March 14, 2024)Permanent link for this heading

eGov16303

Fixed a performance error that recalculated the list “All Collections for Templates and Presettings” of the object “Templates and Presetting” when logging in or refreshing the browser with F5. This error caused a longer waiting time for the actions mentioned. Furthermore, the list “All Collections for Templates and Presettings” is only updated with the Refresh menu. In the improved search query, the values of the property “Search Defaults” from the User Environment are used. If the property “Object Limit” is not set, the value "100" is used

Build 23.9.0.266.18-20Permanent link for this heading

Internal builds

Build 23.9.0.266.17 (March 4, 2024)Permanent link for this heading

eGov16242

When calling web services via the Fabasoft Protocol Manager (FSCPROTOCOLMANAGER@15.1001) and using Basic Authentication, the flag “Add information on basic authentication as \”Authorization\” to the HTTP header” (FSCPROTOCOLMANAGER@15.1001:basicauthorizationasheadervariable) was added. Accordingly, if login information Is to be added to the HTTP header during the web service call in the variable “Authorization”, this flag must now be set explicitly. Previously, the Authorization header was not set at all and some web services (e.g. PVP Stammportal in Austria) could no longer perform basic authentication

Build 23.9.0.266.16 (January 25, 2024)Permanent link for this heading

eGov16138

When importing a file via GMM, the check to determine whether it is a normal XML file or an X-Rechnung is done much earlier than before, as this has led to unexpected behaviors

Build 23.9.0.266.14-15Permanent link for this heading

Internal builds

Build 23.9.0.266.13 (December 15, 2023)Permanent link for this heading

eGov15950

In addition to adapting the creation of the “Personal Transactionbuffer” (DEVEXT@15.1001:transactionbuffer) in the User Environment, its use has now also been adapted so that only one finalization can take place at a time. When starting a finalization, the system now waits for the “Personal Transactionbuffer” to be released for use by the current finalization. The timeout can be configured on the Current Domain/Tenant with the property “Timeout to lock the transaction buffer property on the user environment” (DEVEXT@15.1001:transactionbufferlocktimeout). If no value is set 30000 (30 seconds) will be used

This extension allows parallel accesses that use the “Personal Transactionbuffer” to be processed better

Technical information:

  • To determine the current “Personal Transactionbuffer”, the action DEVEXT@15.1001:GetTransactionBuffer must be used. This action must be called on the affected user
  • To determine and lock the current “Personal Transactionbuffer”, the action DEVEXT@15.1001:GetAndLockTransactionBuffer must be used. This action must be called on the affected user
  • To apply the current “Personal Transactionbuffer” for a transaction, the action DEVEXT@15.1001:TakeoverTransactionBufferForTransaction must be used. This action must be called on the affected user

Build 23.9.0.266.12 (December 7, 2023)Permanent link for this heading

No changes

Build 23.9.0.266.11 (November 29, 2023)Permanent link for this heading

No changes

Build 23.9.0.256.10Permanent link for this heading

Internal build

Build 23.9.0.256.9 (November 13, 2023)Permanent link for this heading

eGov15886

A check against XSS attacks has been introduced when creating the tree view in the PDF export

eGov15921

When executing ELAKTrans calls, Subfiledocuments (Layer1) can now also be sent without a File (Layer3). The empty Layer3 node is now skipped and continued with the payload it contains (Edition AUT)

eGov15898

The setting of the property “Personal Transactionbuffer” (DEVEXT@15.1001:transactionbuffer) in the User Environment has been adjusted. The attribute has been set “Lockable” and is now locked using the action DEVEXT@15.1001:LockTransactionBufferAttribute and a timeout. The timeout can be configured on the Current Domain/Tenant with the property “Timeout to lock the transaction buffer property on the user environment” (DEVEXT@15.1001:transactionbufferlocktimeout). If no value is set 30000 (30 seconds) will be used

This extension improves the creation of “Personal Transactionbuffer objects and the parallel access. The object is not mutually locked

eGov15757

When using the Standard Delivery (DLVDUAL@15.1001:DispatchDualApp), the Cost Center is now also taken into account as with the delivery via hpcDUAL and stored in the node “BillingToken” of the metadata. The evaluation hierarchy is defined as follows and is the same as for delivery via hpcDUAL:

  • Respoinsible Organization
  • Delivery Profile
  • Domain/Tenant

(Edition AUT)

eGov15795

When processing Return Receipts from the Vendo delivery service, the following data is now read out for Hybrid Return Receipts and stored in the Return Receipt in the property “Postal Return Receipt” (FSCGOVDLV@1.1001:paperreturnreceipt):

  • Abgabebereich -> Deposit Base Postal Code (FSCGOVDLV@1.1001:prdepositbasepostalcode)
  • Datum -> Deposit Date (FSCGOVDLV@1.1001:prdepositdate)
  • DatumFrist -> Begin Period(FSCGOVDLV@1.1001:prbeginperiod)
  • Hinterlegungsort -> Delivery Deposit Message (FSCGOVDLV@1.1001:prdeliverydepositmsg)
  • Abholfiliale -> Pick-up Branch (FSCGOVDLV@1.1001:prpickupbranch)

The new attribute “Pick-up Branch” (FSCGOVDLV@1.1001:prpickupbranch) has been added. In addition, the return receipt status “Delivered” is no longer used for the deposit but “Deposited” (Edition AUT)

Build 23.9.0.251.8 (October 23, 2023)Permanent link for this heading

eGov15812

Fixed an error that occurred when canceling the import in Register Sheets (Edition CCA, Edition DEU)

eGov15873

Signature verification via Governikus Data Pavonis has been revised and now uses a temporary file for the signature verification (Edition DEU)

Build 23.9.0.242.7Permanent link for this heading

Internal build

Build 23.9.0.242.6 (October 12, 2023)Permanent link for this heading

No changes

Build 23.9.0.226.5 (October 4, 2023)Permanent link for this heading

eGov15622

As of version September 2023, the use of all directory paths without restrictions is no longer possible. For security reasons, stored paths must be defined and whitelisted to be used

(Note: Additional properties and paths may exist that must be whitelisted. Error messages, indicating an error accessing directory paths may indicate additional properties that require whitelist approval)

Additional paths can be created using the kernel options CONTENTRESTRICTPATHRW for read and write and CONTENTRESTRICTPATHRO for read only

eGov15772

When a Document is inserted into a Register Sheet, the Document is no longer stored in the Register Sheet (Edition CCA, Edition DEU, Edition CHE)

Build 23.9.0.226.4 (September 15, 2023)Permanent link for this heading

Release