Skip to main content
Skip table of contents

6.0.59.x Release Notes

Release Date

Features

  • 6027 – URL parameter tampering security feature

    • Prevents Consumer users from accessing other accounts and bonds by modifying the URL.

  • 6028 – Enhanced security to prevent posts for actions inaccessible to the user

    • Prevents users from altering post to do actions not allowed by their security role.

  • 6029 – Enhanced security to prevent user roles from having access to unauthorized functions

    • Prevents users from getting into areas of the application not allowed by their security role by tampering with the URL.

  • 6030 – Cross-site forgery

    • Disallows posts from outside of the application take make changes to protected areas.

  • 6031 – Cross-site scripting

    • Disallows cross-site scripting from the e-SURETY™ Store.

  • 6032 – Changed handling of error messages

    • Error messages generated within e-SURETY™ production instances will no longer contain stack trace errors, but rather a simpler error message. This is due to the vulnerability of exposing the content of the stack trace error message. However, these error message will remain the same in UAT instances.

  • 6033 – Developed CAPTCHA user verification for consumer roles on e-SURETY™ Store

    • For the e-SURETY™ Store when creating a new consumer type user, a CAPTCHA entry will be required to verify the authenticity of the entry.

Due to security needs, for e-SURETY™ Stores not using the Preliminary Accounts feature, the consumer registration will now not be done at the bond purchase, but immediately after selecting ‘Buy a Bond’ for the desired configuration.

  • 6034 – User Enumeration using SearchPeople

    • For security purposes, access to API methods that allow querying of people by email or AccountId are locked down for consumer roles.  For consumer roles, people are found based on the account.

  • 6035 – Force Weak Password with Forged Post

    • Disallows forged posts to change a user’s password to a password that does not meet password standard during the password reset process.

  • 6187 – Added a Duplicate Person Rule

    • A new system rule has been added to avoid duplicate entries for the same person. This rule will search for people existing people in the e-SURETY™ system with the same social security number or e-mail address.

To set up this rule, set the option to = False. This will cause the rule to pass if there is no other person within the system with the entered social security number or e-mail address. There is an existing person with the entered social security number or e-mail address, the application will be referred.

NOTE: This rule is only applicable to bond type applications (Bond, Category, Class, and Root). This rule is not designed to be used on account applications.

Fixes

  • 6198 – Fixed Payment Profiles Error when Editing

    • An error was being caused with editing a payment profile for an account. This has been modified to allow editing of the basic information of the payment profile.

  • 6233 – Fixed the Credit Score Rule which would refer bond applications incorrectly

    • If a bond applications had two or more people, the credit score rule was only considering the last person on the application. The credit score rule now evaluates all people’s credit score, and passes the rule if one of the scores passes the rule’s criteria.

  • 6246 – Fixed Error for Web Service Call

    • Corrected an issue during the TransSync process where the object reference was ‘NULL’ during the first attempted to pull causing an unsuccessful pull.

  • 6308 – Fixed the Test Mode feature, which was turning off if certain actions were taken on the bond configuration.

    • Certain actions taken on a bond configuration that is already in Test Mode, would cause the Test Mode feature for the bond configuration to be turned off. Test Mode now cannot be turned off indirectly by actions taken on the bond configuration, except for the Test Mode controller found at: All>Maintain Bond> [Choose Bond Configuration]>Assign Agencies.

  • 6371 – Fixed the ClearTestAgencies Job

    • When test type agency accounts contained a dairy note, the job would not complete. This has been fixed to remove the dairy note along with the account and bonds as long as the account is from a test type agency and the account is not flagged to not be deleted by the ClearTestAgencies job.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close