Release 11.47

What's New

Senders

• Can create standalone co-browsing sessions: When this new feature is enabled on a transaction, a signer can ask the sender to arrange a co-browsing session for the transaction. The signer must provide their telephone number and preferred contact time, and they may add a comment. The API then transmits this information to the sender via an event notification. The sender can then arrange a co-browsing session with the signer. Note: (1) This is a paid feature. To purchase it, please contact our Sales Team. (2) This feature must be activated for your account. To activate it, please contact our Support Team.

• Standalone co-browsing requests have timezone labels: When a recipient makes a standalone co-browsing request, a timezone now appears for each "possible callback time" they select. Timezones are also displayed to the sender and other recipients of the transaction. Providing all participants with this information avoids misunderstandings about when the co-browsing session will take place.

• Can configure many BackOffice settings: Before this release, many Account, Feature, Package and Signing settings had to be configured by our Support Team, using OneSpan Sign BackOffice. Senders can now configure these settings directly from the Sender part of the New User Experience. Note: (1) These "self-serve" settings include most of BackOffice's Account, Feature, Package and Signing settings that are Boolean and non-paid. (2) Senders can access these self-serve settings under Admin > Account Configuration. (3) This feature is enabled by default for Account Owners and Account Managers. To change this feature's configuration, please contact our Support Team.

• Improved guidance on ID Verification: We improved our guidance to senders on how to configure ID Verification. In particular, senders now see the following message: The First Name and Last Name that you enter for the recipient must match those that appear on the ID document that the recipient will upload for ID Verification.

Signer Experience

• External signers can have same name and email: Different external signers can now have the same first name, last name and email address. This possibility was developed to accommodate those rare cases in which relatives or spouses share the same name and email address. This option is disabled by default. It can be enabled by our Support Team using BackOffice, or by Senders using their Account Configuration page. Note: "External signers" are signers who do not have an email account attached to a Sender or other OneSpan Sign role. This feature applies only to external signers.

Accessibility

• Enhanced zoom buttons: Formerly, tooltips for the zoom buttons in the Signer Experience did not specify if the buttons zoom in/out of the current document, or in/out of the entire screen. That ambiguity has been removed, since those tooltips now say Zoom into the document and Zoom out of the document. In addition, the button that zooms in now supports higher magnifications (up to 400%).

Evidence Summary

• Transaction status more visible: A transaction's Evidence Summary now records the transaction's status.

SMART Docs

• SMART Doc Audit Trail logs 'unpopulated' events: The Audit Trail for SMART Docs now logs unpopulated events. This functionality was required for Freddie Mac to consider OneSpan an authorized vendor of the eClosing process.

Bug Fixes

Signer Experience

• PB-83384: Fixed the following issue. When trying to confirm signed documents (accessible or not), the Confirm button sometimes failed to respond when it was clicked. This occurred only if the name in one of the documents' Signature Fields contained a period (.).

• PB-74520: Fixed an issue in which signers encountered the error message "The field’s value is too long", even if only one character was entered in a Text Field. This issue occurred only when the associated transaction was prepared via the API or an SDK. It occurred because the system was misinterpreting the meaning of the values 0 and NULL for the maxLength property of Text Fields. Going forward, 0 and NULL will mean 4000, which is a Text Field’s maximum permissible value.

• PB-79425: Fixed the following issue. In an in-person transaction, the message "Please pass the controls back to the host of this transaction" was confusing when the host had just finished signing. We changed this message to "Click the button below to continue the transaction".

• PB-83007: Fixed an issue in which a signer using the Uanataca Trusted Service Provider could not apply multiple signatures to a transaction's multiple documents.

• PB-84021: Fixed an issue in which signing via the Uanataca Trusted Service Provider failed in the US1 Production environment.

• PB-81257: We had received some complaints about the legibility of placeholder text in the Signer Experience. We fixed this issue by increasing the font size and weight of that text.

Senders

• PB-79838: Fixed an issue that involved searching for a transaction by date in the sender part of the New User Experience. The sender entered a date in the From field, and then pressed TAB to place their cursor in the To field. The problem was that doing so cleared the sender's entry in the From field.

• PB-78637: Fixed an issue involving the tooltip for the info icon on the Designer page. After a user collapses a tooltip by pressing the ESCAPE key, they should be able to expand it again by pressing the ENTER key or the Spacebar. The problem was that after the user collapsed this tooltip, expanding it again required navigating away from the icon and then back to it.

• PB-82017: Fixed the following issue, which occurred when an account’s Roles and Permissions feature was enabled. A user encountered an "unauthorized access" error when they tried to access the Signer Experience as a sender via a Fast Track URL.

• PB-80511: Fixed the following issue, which occurred when an account’s Roles and Permissions feature was enabled. A user encountered an "unauthorized access" error when they tried to access the Signer Experience as a sender via an email link.

• PB-83688: Fixed an issue that arose when a signer repeatedly failed to authenticate themselves via ID Verification, and was locked out of a transaction. When the sender subsequently viewed that signer’s status in the New User Experience, they should have seen a “locked signer” icon. The sender could then interact with that icon to unlock the signer, and resend the transaction. The problem was that the icon was not appearing, so the signer could not be unlocked.

Developers

• PB-81184: Fixed the following issue that involved our Digital Mortgage and Digital Lending solutions. Once the effort to store a document in an e-Original vault suffered a non-recoverable error, no email notification was sent to the transaction sender. Senders now receive emails about such failures.

• PB-85688: Fixed the following issue. After the failure of a developer's request for a transaction, the system changed the transaction’s status from SENT to DRAFT.

• PB-85045: Fixed the following issue. Between the 11.45 and 11.46 releases of OneSpan Sign, a change caused the font size of text inserted via Field Injection to shrink. The 11.47 release has restored the functionality of the 11.45 release. As a side effect of this fix, when a signed document is viewed in the application after signing is complete, some content in a Text Area might appear to be truncated. Note that this rendering behavior in our application does not affect the associated PDF’s actual content. The PDF contains the full text content, which displays properly when the PDF is viewed in a standard PDF viewer. We recommend that any problematic templates or layouts created in the 11.46 release be: (1) edited to adjust the font size to the Text Area; (2) saved again.

User Authentication

• SAA-12609: Formerly, when a recipient was authenticating their identity via ID Verification, the following message appeared on the "Capture Image" page: If this page doesn't go away after you finish capturing your images, click NEXT. That message was wrong. It has now been replaced by the following message: If this page does not refresh after you have taken all requested pictures, click IMAGE CAPTURE COMPLETE.

• PB-80302: Fixed an issue in which a sender configured Q&A Authentication so that the answers typed by the recipient would be visible to the recipient. The problem was that the typed answers were masked.

• PB-79541: Fixed an issue in which the Phone Number page was displayed twice to a recipient during ID Verification.

• PB-85687: Fixed the following issue, which occurred when the following features were enabled for an account: (1) Roles and Permissions; (2) SAML; (3) Auto-Provisioning. A new user in the account was assigned Single Sign-On Authentication (SSO), and their third-party Identity Provider assigned them a specific role. When that user subsequently logged into OneSpan Sign for the first time via SSO, they should automatically have been assigned that role. The problem was that this didn’t happen.

In-App Reporting

• PB-82588: Fixed an issue in which downloaded Account Reports were empty. This issue occurred only in Sandbox environments.

• PB-77375: Fixed an issue in which the Download button for Transaction Reports failed when only one report was selected for download. A single report can now be downloaded.

• PB-85129: Fixed the following Transaction Reports issue. In rare cases, an erroneous value appeared in the Signer Status column (e.g., CURRENT_SIGNER or FUTURE_SIGNER appeared instead of COMPLETED).

Accessibility

• PB-80643: Fixed the following issue involving an accessible transaction. Upon signing, a signer encountered an error message which correctly reported that the signer had failed to interact with a required field. The problem was that the link in that message did not take the signer to the required field.

Audit Trail

• CAPA-111: Fixed a clock-synchronization issue that could cause events in an Audit Trail to appear out of order.

Performance

• PB-81784: Fixed an issue in which certain race conditions were causing deadlocks.

Technology Updates

• PB-78771: We have migrated the OneSpan Sign Document Converter from Windows Virtual Machines to Linux containers. For the next few releases, every environment will run two converters in parallel — one on a Windows VM, the other in a Linux container. The Windows VM will continue to convert documents, just as before. The Linux container will do "mock conversions" of the same documents, while simultaneously logging processing information in log files. This strategy will enable us to study those logs to determine when we should switch over to using Linux containers alone. TIP: We strongly recommend that during this evaluation period, customers embed in their documents any fonts that are not supported by OneSpan Sign. A list of the fonts supported by OneSpan Sign can be found in our Supported Fonts section. The procedure Using PDF/A Documents describes how to create a PDF with embedded fonts from a Word document.

• PB-84027: On October 1, 2022, Microsoft will begin removing the ability to use Basic Authentication in Exchange Online. OneSpan Sign relies on Microsoft Exchange to send outgoing email messages to signers. Accordingly, we have modified our code to enable its Java Mail library to use OAuth 2.0 token-based authorization. For more information, including a description of actions we advise you to take, click here.

Known Issues

• PB-83687: The following sequence of events has created an issue. (1) A transaction template is created that adds a placeholder recipient, and assigns that recipient ID Verification. (2) A sender creates a transaction from that template, but replaces ID Verification with SMS authentication for an actual recipient. (3) The sender adds KBA authentication for the recipient, and sends the transaction. When the recipient accesses the transaction, they should be assigned only two authentication methods (SMS, KBA). Instead, they’re assigned all three methods (ID Verification, SMS, KBA).

• PB-86988: When a transaction’s multiple documents are viewed in a Chrome browser, the second document has no Signature Blocks. This is due to a recent change in how Chrome manages cookies. Effective workarounds include: (1) using another supported browser (e.g., Firefox); (2) closing and reopening the Signer Experience. This issue will be fixed in an upcoming release.

• PB-83928: Swisscom AIS is failing to sign any document whose name contains one or more non-Latin characters. This impacts the following supported languages: Arabic, Greek, Japanese, Korean, Russian, Simplified Chinese, and Traditional Chinese.

• PB-86778: When a user searches for a transaction in the Sender part of the New User Experience, the system mistakenly returns no results. The workaround is to: (1) press Clear; (2) search again. This issue will be resolved in Release 22.R3 (11.48).