eGov16804
The XSS vulnerability via the name of an object when creating a process can no longer be exploited
eGov16750
An XSS attack via the name of a redaction is no longer possible
Internal builds
eGov16581
The vulnerability CVE-2024-4367 in PDF.js can no longer be exploited
eGov16395
Fixing annotations for rotated PDFs now works correctly again
Internal build
eGov16303
Fixed a performance error that recalculated the list “All Collections for Templates and Presettings” of the object “Templates and Presetting” when logging in or refreshing the browser with F5. This error caused a longer waiting time for the actions mentioned. Furthermore, the list “All Collections for Templates and Presettings” is only updated with the Refresh menu. In the improved search query, the values of the property “Search Defaults” from the User Environment are used. If the property “Object Limit” is not set, the value "100" is used
Internal builds
eGov16242
When calling web services via the Fabasoft Protocol Manager (FSCPROTOCOLMANAGER@15.1001) and using Basic Authentication, the flag “Add information on basic authentication as \”Authorization\” to the HTTP header” (FSCPROTOCOLMANAGER@15.1001:basicauthorizationasheadervariable) was added. Accordingly, if login information Is to be added to the HTTP header during the web service call in the variable “Authorization”, this flag must now be set explicitly. Previously, the Authorization header was not set at all and some web services (e.g. PVP Stammportal in Austria) could no longer perform basic authentication
eGov16138
When importing a file via GMM, the check to determine whether it is a normal XML file or an X-Rechnung is done much earlier than before, as this has led to unexpected behaviors
Internal builds
eGov15950
In addition to adapting the creation of the “Personal Transactionbuffer” (DEVEXT@15.1001:transactionbuffer) in the User Environment, its use has now also been adapted so that only one finalization can take place at a time. When starting a finalization, the system now waits for the “Personal Transactionbuffer” to be released for use by the current finalization. The timeout can be configured on the Current Domain/Tenant with the property “Timeout to lock the transaction buffer property on the user environment” (DEVEXT@15.1001:transactionbufferlocktimeout). If no value is set 30000 (30 seconds) will be used
This extension allows parallel accesses that use the “Personal Transactionbuffer” to be processed better
Technical information:
No changes
No changes
Internal build
eGov15886
A check against XSS attacks has been introduced when creating the tree view in the PDF export
eGov15921
When executing ELAKTrans calls, Subfiledocuments (Layer1) can now also be sent without a File (Layer3). The empty Layer3 node is now skipped and continued with the payload it contains (Edition AUT)
eGov15898
The setting of the property “Personal Transactionbuffer” (DEVEXT@15.1001:transactionbuffer) in the User Environment has been adjusted. The attribute has been set “Lockable” and is now locked using the action DEVEXT@15.1001:LockTransactionBufferAttribute and a timeout. The timeout can be configured on the Current Domain/Tenant with the property “Timeout to lock the transaction buffer property on the user environment” (DEVEXT@15.1001:transactionbufferlocktimeout). If no value is set 30000 (30 seconds) will be used
This extension improves the creation of “Personal Transactionbuffer objects and the parallel access. The object is not mutually locked
eGov15757
When using the Standard Delivery (DLVDUAL@15.1001:DispatchDualApp), the Cost Center is now also taken into account as with the delivery via hpcDUAL and stored in the node “BillingToken” of the metadata. The evaluation hierarchy is defined as follows and is the same as for delivery via hpcDUAL:
(Edition AUT)
eGov15795
When processing Return Receipts from the Vendo delivery service, the following data is now read out for Hybrid Return Receipts and stored in the Return Receipt in the property “Postal Return Receipt” (FSCGOVDLV@1.1001:paperreturnreceipt):
The new attribute “Pick-up Branch” (FSCGOVDLV@1.1001:prpickupbranch) has been added. In addition, the return receipt status “Delivered” is no longer used for the deposit but “Deposited” (Edition AUT)
eGov15812
Fixed an error that occurred when canceling the import in Register Sheets (Edition CCA, Edition DEU)
eGov15873
Signature verification via Governikus Data Pavonis has been revised and now uses a temporary file for the signature verification (Edition DEU)
Internal build
No changes
eGov15622
As of version September 2023, the use of all directory paths without restrictions is no longer possible. For security reasons, stored paths must be defined and whitelisted to be used
(Note: Additional properties and paths may exist that must be whitelisted. Error messages, indicating an error accessing directory paths may indicate additional properties that require whitelist approval)
Additional paths can be created using the kernel options CONTENTRESTRICTPATHRW for read and write and CONTENTRESTRICTPATHRO for read only
eGov15772
When a Document is inserted into a Register Sheet, the Document is no longer stored in the Register Sheet (Edition CCA, Edition DEU, Edition CHE)
Release