Changes in Behavior
Here are some of the changes in behavior that you might want to be aware of.
Regrouping of Signature and Initial signature types: For clarity and ease of use we regrouped our signature fields that appear in the Signature Type drop-down list so that the Click to Initial signature type no longer appears with the other signature types (Click to Sign, Capture Signature, Mobile Capture). (refs PB-116287)
Clearer OFAC event description: The text within the email.ofac.event email and in the Evidence Summary has been changed from which is located in a country blocked by your account ({country}) to which is geo-located in a country blocked by your account ({country}). (refs PB-116908)
Updated sender email address when reassigning signers: We have updated the From email address of the default email.reassign.new.Signer email template. This field now says signers@ instead of transactionnotifications@. (refs PB-118047)
Signature Type descriptions: We have added brief descriptions to each signature type to help you differentiate between the types. These descriptions now appear in the Designer, the ADA Wizard, and the Account Configuration page. (refs PB-118684)
Clearer upload description: The aria label on the Welcome page and for the Uploads menu item within the left panel was changed from View list of supporting documents the sender requested you to upload to View list of documents the sender requested you to upload. (refs PB-118826)
Upcoming Changes
Here are some of the new features, changes and enhancements that we will be introducing in an upcoming release.
Default In-App Documentation: The in-app documentation widget introduced in Release 25.R4 will soon be enabled for all non-white labelled accounts (accounts that have not overridden the default Sender UI logo). (refs PB-119755)
Compressed files will no longer be allowed to be uploaded: In an upcoming release, compressed file types (ZIP, RAR, 7Z) will be added to the list of blacklisted files. You will no longer be allowed to upload these file types as transaction documents, supporting documents, or signer attachments. (refs PB-118307)
Name change for SMS OTP in Evidence Summary: If you are an API integrated user you should be aware that we will be changing the name of the SMS OTP event that appears in the Audit Trail section of the Evidence Summary. (refs PB-113072)
Existing event name: Sent SMS
Upcoming event name: Sent SMS code
Deprecation of IDV Workflow Configuration APIs: In an upcoming release, the following IDV Workflow Configuration APIs will be deprecated, and no longer available for use. (refs PB-116894)
What’s New
Here are some of the new features and enhancements we have made for this release.
Ad Hoc Groups
We have added support for Ad Hoc Groups within Java and .NET SDKs! (refs PB-108658)
All existing authentication types can be associated with Ad Hoc Group members. (refs PB-108507)
Supporting Documents
With our new Supporting Documents feature, you can now include additional documents to your transaction, like photos, reference files, terms and conditions, or policy documents. These documents will not have any signature fields on them, but could provide context, clarity, or any other additional information a signer may find useful. For example, financial reports, survey plans, or even photos.
These documents are only viewable after they have been downloaded by the signer.
To enable this feature, contact our Support Team. (refs PB-115046)
This feature is not available in FedRAMP environments.
SFTP Integration
We have added a new integration to connect eSignatures to your favorite business applications. By connecting OneSpan Sign for SFTP, organizations can efficiently manage their eSignature processes and document storage, benefiting from SFTP’s robust cloud content management capabilities.(refs PB-117948)
Improved oAuth2 Authentication
Changes to oAuth2 implementation: We now support oAuth2 implementation when the clientId and clientSecret are sent in the request either in the body (form-data) or as a basic authentication header.
To enable this feature, contact our Support Team. (refs PB-117414)
New oAuth2 Open API calls: We have added API calls to allow integrators to generate oAauth2 tokens. The following can now be done using our Interactive APIs: (refs PB-119233)
Get list of oauth2 clients
Create new oauth2 clients
Generate new credentials for oauth2 client
Delete oauth2 client
Get new oauth2 token
SMS Notifications - now in General Availability!
The SMS notification feature was released in Beta in OneSpan Sign Release 25.R4 and is now available in General Availability in this 25.R5 release. (refs PB-108033)
To enable this feature please contact our Support Team.
In addition to all the great features introduced with our Beta release of this feature, we have also introduced the following enhancements:
Updated email templates: We have refreshed some of the wording in the following email templates, for clarity:
Improved welcome text behavior: Instead of receiving a welcome SMS for each transaction, a signer will now only receive the welcome SMS once per account that they are a member of, assuming they use the same phone number for every transaction. Changing phone numbers will result in a new welcome SMS being sent.
SMS Notification Limit: To prevent any misuse and excessive sending of SMS notifications, we are introducing a limit of 50 SMS notifications per transaction. Once the limit of 50 SMS notifications is reached for a particular transaction, a message will be displayed in the user interface, and the customer will no longer be able to send any more SMS for that transaction. For Java and .NET integrators an alert about 'SMS notification limit reached' can be obtained during a package retrieval.
Configurable Default Settings
Due to internal policies or external regulatory requirements transactions often require configuration settings that differ from the OneSpan Sign default settings. Failure to configure transactions correctly can lead to non-compliance, legal exposure, or even security vulnerabilities such as impersonation due to incorrect authentication settings. As such, Senders use to have to manually adjust these settings, introducing the possibility of oversight.
Now though, OneSpan Sign allows you to define default values for the most commonly used transaction settings. This feature helps organizations align with internal standards, reduce the risk of human error, and ensure consistent compliance without relying on individual Senders to manually adjust settings for each transaction. (refs PB-117447)
The following settings can now be configured with your own default settings:
Email Delivery
Change Signer
Set Signing Order
Download Evidence Summary
Review before completion
Default Country Code for SMS
Designer Page Signature "Capture Signature" From File
To enable this feature and to configure your defaults, contact our Support Team.
Note:
The new default settings will be applied to all transactions, templates, senders, and Ad Hoc Groups created AFTER the default settings were added.
The new default settings will NOT be applied to all transactions, templates, senders, and Ad Hoc Groups created BEFORE the default settings were added.
These default values can be overridden for specific transactions using either the Sender UI, or when using APIs.
When using APIs or integration, if a Sender does not mention a value, the default Admin value will be used.
When using APIs or integration, if a Sender DOES mention a value, the default Admin value will be overriden.
Introducing AI Answers
Our Analytic dashboards now come with an AI-powered question bar, which allows you to ask questions about the data in any of your dashboards (Transaction Performance, Transaction Velocity, or Transaction Volume). (refs PB-108401)
Understand transaction performance through natural, text-based inquiries to easily narrow into need-to-know insights.
Response formats including text-based answers and charts to demonstrate trends.
Provide feedback on how on your questions was answered.
Bug Fixes
The following issues were resolved in this release:
Ad Hoc Groups
You were sometimes required to click Add Group Member more than once when attempting to add a member within a template. This is no longer required. (refs PB-117291)
Integrators
We now validate packageIDs to ensure that the string ‘src’ does not appear. Previously, including this string would trigger a security vulnerability error. (refs PB-118213)
When adding Conditional Fields using an API, a slight parsing error would result in Senders being unable to preview a document. This would occur if there was no space before or after the symbols ‘==’. This has been fixed. (refs PB-118662)
Senders
You can now copy and paste fields even if your copied fields are no longer selected. Previously you had to maintain the selection in order to paste the copied fields. (refs PB-114472)
If No Signature Fields has been enabled for an account, an error message would appear if you refreshed a transaction and then attempted to add additional fields to a document. You can now add fields without any issue. (refs PB-114623)
We have updated the error message that appeared when attempted to use Bulk Send with a file that contained non UTF-8 characters. Previously, the message said "Something went wrong and your request could not be completed. Please try again." For clarity, we have changed the message to "An error occurred while parsing the CSV file. Invalid characters were found at row 1." (refs PB-115124)
Previously entered search criteria no longer appears when returning to the Templates page. (refs PB-117131)
The colors and sizes of icons displayed in the top menu of the Sender UI are no longer inconsistent. (refs PB-117201)
Error messages are now properly displayed in front of the Notary Commission dialog. (refs PB-117586)
We have corrected the alignment on the Sender Login page. (refs PB-117679)
When using a mobile device, the Sender UI would not always fit to the proper screen size when switching orientation, or when zooming in or out. This no longer happens. (refs PB-117791)
Fixed an issue where the buttons in the sender UI were smaller and the text was not bolded when the Cookie Consent banner was present on the page. (refs PB-118018)
An error message no longer appears when attempting to navigate directly to Sender UI transaction page when not logged in (for example, after a session time-out). You are no directed to the Login page. (refs PB-118150)
We have corrected a spelling mistake that occurred within the French version of the recipient unlock tooltip. (refs PB-118065)
Markdown formatting is now properly applied to the Transaction Expired error page. (refs PB-118180)
The In-App Documentation widget no longer blocks the Conditional Fields section of the Designer. (refs PB-118204)
Dates in the Usage Summary Reports are now passed in UTC time zone, instead of the browser time zone. (refs PB-118236)
Attempting to load any Transaction folder before the current folder loaded, would result in the second folder opening on a page other than the first. For example, clicking Transactions and then Drafts before the Transaction page had loaded might result in transactions from the second page of the list of Draft transactions being displayed. (refs PB-118319)
Attempting to interact with the Sender UI after the sender session has expired will result in the sender being redirected to either their custom session expiry URL, or to the Login page. Previously, you could continue to interact with the Sender UI not realizing that your session had expired. (refs PB-119293)
Signer Experience
Counter signing no longer fails within a delegation session. (refs PB-117182)
It was sometimes possible for a signer to accidentally disable conditional logic applied to fields, resulting in fields being available for signing when they should not have been. This no longer occurs. (refs PB-118441)
During the Signing Ceremony date fields would sometimes shift slightly upwards. They now appear in their proper location. (refs PB-118597)
An Unhandled Server Error message would sometimes appear if a delegated signer with a capture signature defined attempted to access the Signing Ceremony. The signer can now access the Signing Ceremony without issues. (refs PB-118903)
Using special characters in a Signer’s name would result in the strings <code> and </code> appearing in the Signer Experience. This has been fixed, and signer names now appear as they should. (refs PB-119509)
Known Issues
Attempting to modify an existing window or dialog box with markdown formatting (italics, bold, etc.) does not work. (refs PB-119208)
The Requires my signature count in the Dashboard and the Requires my signature filter in the Inbox do not return transactions in which the logged sender has required signatures solely as an ad hoc group member. (refs PB-118618)
Vulnerabilities
This release also includes important security and vulnerability fixes.