Behavior Changes for this Release
The following changes in product behavior are included in this release.
America/Vancouver time zone updated to reflect permanent GMT-7 offset. Because British Columbia no longer observes daylight saving time, the America/Vancouver time zone has been renamed from GMT-8 to GMT-7 to reflect the permanent offset.
Planned for a Future Release
Here are some of the new features, changes, and enhancements that will be coming in one of our upcoming releases.
Sender as Signer Verification: To enhance transaction security, senders from a different account who need to sign will be required to authenticate if an authentication method is specified during transaction creation. Senders from the same account can still proceed directly to the signing ceremony.
OTP via SMS Updates: We are updating the terminology for SMS authentication. Existing customized strings will not be impacted.
In the sender UI, "SMS" will be replaced by "One Time Passcode".
In the signer UI, the message will be updated to "A one-time passcode has been sent via SMS to [XXXXX1234]. Enter it below to access your transaction"
The request link will change to "Resend code via SMS".
For In-Person Signing the word SMS will be replaced by OTP.
What's New
Here are some of the new features and enhancements we have made for this release.
Not In Good Order Document Validation - NIGO (Early Access)
We are proud to introduce NIGO - Not In Good Order Document Validation. When requesting an attachment as part of a transaction, senders can now select the expected document type from a dropdown. For example, a driver's license or passport. When the signer uploads a document, the system classifies it and checks whether it matches the requested type, providing in-ceremony signals to the signer if a correction is needed. The system also performs basic verification checks, including whether all required fields are present, whether image quality is sufficient, and whether the document is expired or outdated. Senders can preview attachments directly and review associated verification results (Pass, Warning, or Fail).
Also, as part of NIGO Document Validation senders can now mark previewed attachments as Reviewed. This action is recorded in the audit trail and can be undone.
This feature is disabled by default and is currently available as Early Access only. To try out this feature, contact our Support Team.
Specifying a Recipient
Our new Specify Recipient feature allows you to use placeholder recipients in transactions. Senders can now create transactions with placeholder recipients whose identity is not yet known when the transaction is sent.
If you intend to use one of OneSpan's SDKs to use this feature, you must install the latest version of SDKs. To install the latest SDKS see Downloading SDKS. This feature must also be enabled for your account. To do this, contact our Support Team.
A designated Recipient Specifier is then responsible for providing the actual recipient's information before the transaction proceeds to the signing ceremony.
Additional New Features
Signing links can now be set to expire. Senders can configure signing links to expire after a specified number of days directly from the sender interface. For Free Trial accounts, signing links expire after 3 days by default; the expiry period can be adjusted but cannot be disabled.
Bounce email handling now supported when using an SMTP server. The platform can now receive and process bounce emails when a custom SMTP server is configured. To enable this feature for your account, contact our Support Team.
Package message variable now supported in additional email templates. The $PACKAGE_MESSAGE variable is now supported in the expiry, lock.signer, and evidence.summary email templates sent to transaction owners.
Expiry Date variable now displays in the transaction time zone. The $EXPIRY_DATE variable in email templates now shows the expiry date in the transaction's time zone instead of GMT.
Expiry Date variable are now available in expiry warning email templates. Senders can now include the transaction expiry date — displayed in the transaction's time zone — as a variable in expiry warning email templates. To update your email template to use this variable, contact our Support Team.
You can now set SMS as the default notification method. This allows users to receive critical information promptly, enhancing communication and keeping them connected. It's especially useful for those who prefer notifications on their mobile devices, providing immediate access to important messages.
You now have the option to hide the document pane that appears in the Signer Experience. By doing this you can:
Enforce sequential document signing (one document at a time)
Prevent signers from skipping or jumping ahead
Prevent signers from going back on previous documents
Improve completion rate and signer confidence
Added support for ASEAN time zones. The following time zones are now available:
Asia/Singapore
Asia/Kuala_Lumpur
Asia/Manila
Asia/Makassar
Asia/Jayapura
Bug Fixes
The following issues were resolved in this release.
Duplicate field IDs are no longer generated when updating an approval. We have fixed an issue where updating an approval could result in duplicate IDs being assigned to more than one field.
An error no longer appears when a group signer opens a signing link. An issue where an error message was briefly displayed when a group signer accessed a transaction via an email link no longer occurs.
Conditional logic on list fields now applies correctly for all selections. Conditional logic defined on a list field is now correctly applied when any option other than the last item in the list is selected.
Mobile signature option no longer appears when the feature is disabled. The mobile signature option is no longer visible in the sender UI when the corresponding account feature has been disabled.
Focus now returns correctly to signature field after closing the Capture Signature panel. We have fixed an accessibility issue where canceling out of the Capture Signature panel did not return keyboard focus to the signature field.
PCC install prompt no longer reappears after browser refresh. A recent Chrome update caused the PCC installation popup to reappear after it had already been installed. This no longer happens.
Corrected IDV evidence summary language for French transactions. The IDV supplemental information in the evidence summary now correctly appears in French when the transaction language is set to French.
Removed extra permission requirement for API Access page. The Account Configuration permission is no longer required to view the API Access page.
Conditional logic now applies correctly to radio button groups. Conditions defined on radio buttons within the same group are now evaluated correctly.
Syntax errors when adding transaction owner as a recipient no longer occur. Adding the transaction owner as a recipient no longer causes an error when their email address uses a different letter case than the one on record.
Download Evidence Summary button now respects feature availability. The Download Evidence Summary button no longer appears in the Usage Summary report when the feature is disabled.
We have improved the performance of subaccount API key retrievals. Calls to /api/account/subaccountApiKeys are now significantly faster on accounts with a large number of subaccounts.
Evidence summary format is now consistent across delivery methods. The evidence summary now has the same format whether it is downloaded from the transaction view in the web UI or received by email.
We have improved system performance when downloading signed documents via API. A performance bottleneck that affected signed document downloads through the API has been resolved.
Document Engine now validates whether the NeedAppearances = true PDF property is genuinely required during document upload. Many PDF generators set this flag unnecessarily, leading to false upload rejections. The system now checks form field annotations to see if the flag is needed. If form fields have visual appearance streams, the flag is ignored, allowing normal uploads. If the flag is required due to missing visual data, the document is rejected, as those fields can't be rendered reliably.
Vulnerabilities
This release also includes important security and vulnerability fixes.