• No specific security updates included in this release.

• No infrastructure updates in this release.

• Automated extensions not applying deadlines correctly (14839)

• Session cookies not removed properly by delete_cookie function (14756)

• Incomplete data in download metrics (14844)

• Deleting sub-pages affected domain-level scan integrity (14794)

• Scan progress message remained post-completion (14733)

• IAB details not loading in preview (14202)

• API responses included login credentials (14873)

• Inconsistent display of zero counts for purposes, features, and Google vendors in IAB popup (14504)

• “Show more” link intermittently not working in vendor tab of IAB (14913)

• Truyo cookie banner causing outages in isolated instance (14893)

• Cookie domain scan failures resolved (14842)

• SSO login issues for organizational users (unspecified ID)

• 401 errors on adding Quick Links in SSO-enabled organizations (14496)

• Errors when switching domains without content load in cookie plugin settings (14500)

• HTML links not rendering correctly in Cookie Bar content (14519)

• AI users are unable to work on AI use case assessments with SSO turned on (14922)
• Reports not showing data (14917)
• URL unique error for logo and favicon upload (14904)

Infrastructure Upgrades
Ongoing upgrades to Spring Cloud, Spring Boot, JDK, Swagger, and JUNIT to enhance performance and security.

Vendor Management
Comprehensive vendor risk management tools, including AI usage assessments.

User Features & Permissions Updates
Gradual rollout of advanced role-based access controls.

Preference Management – Language Support
Support for auto-translation and user-friendly localization options.

SharePoint Content Scanning
New capabilities for scanning content within SharePoint environments.

UI/UX Enhancements
Continued design updates for improved user interaction and navigation.

Scramble Jobs – Hierarchical Data Handling
Better support for complex, hierarchical data structures within scramble processing tasks.

No specific security updates in this release.

No infrastructure updates included.

• Issues with custom user group creation, assignment, and domain visibility (14655, 14652, 14653, 14658)

• Errors with AI assessments completion (14646)

• Request form name wrapping issue (14674)

• IAB banner showing no data in tabs (14568)

• Cookie scan issues:

  • Unable to set monthly auto scan (14495)

  • Auto scan settings not refreshing immediately (14498)

  • Empty values during deep scans (14709)

  • UI freezes during cookie scans (14726)

  • Auto scan entries not deleted properly after domain removal (14729)

• Errors saving Branding/Interface settings (14671)

• Compliance Officer role error after password reset (14710)

Infrastructure Upgrades
Updating Spring Cloud, Spring Boot, JDK, Swagger, JUNIT for better performance and security.

Vendor Management
Full vendor risk management including AI usage assessment.

User Features & Permissions Updates
Rollout of enhanced role-based access control.

Preference Management Translations

Support auto translation as well as more UX friendly translation capabilities.

SharePoint Content Scanning
New support for SharePoint data scanning.

UI/UX Enhancements
Ongoing improvements to user experience and design.

Hierarchical Data Handling in Scramble Jobs
Better processing of complex data structures in scramble tasks.

• No specific security updates in this release.

• No infrastructure updates included in this release.

• Vanilla-Picker Hosting on Truyo CDN (14541)

  • Static files for Vanilla-Picker are now hosted on Truyo CDN for improved reliability.

• Publisher Restrictions: Save Settings Issue (14499)

  • Resolved issue where saving settings failed when selecting all or a large number of vendors for publisher restrictions.

• SSO Login Issues for Organization Users (Fix applied)

• 401 Error When Adding Quick Links for SSO-Enabled Organizations (14496)

• DataTables Warning When Switching Domains in Cookie Plugin Settings (14500)

• Cookie Bar Content Not Rendering HTML Links Properly in UI (14519)

Infrastructure Upgrades

• Planned updates to core components, including Spring Cloud, Spring Boot, JDK, Swagger, and JUNIT, to enhance performance and security.

Vendor Management 

• From onboarding vendors to detecting and assessing their usage of AI, a complete vendor risk workflow.

Compliance Advisor

• Provide the ability to scan your web domains and validate required links for data privacy regulations. In addition analyze your cookie banner functionality for any compliance issues.

User Features & Permissions Updates

• Ongoing rollout of enhanced role-based permissions for better access control.

SharePoint Content Scanning

• Upcoming support for scanning SharePoint content for improved data visibility.

UI/UX Enhancements

• Continued improvements to optimize user experience and interface design.

Hierarchical Data Handling in Scramble Jobs

• Improved processing of hierarchical data structures within scramble jobs.

• No specific security updates in this release.

• No infrastructure updates in this release.

• Resolved console error related to i18next plural resolver (14293)
• Custom JS content is not saving in the org portal (13893)
• Missing tag for Right to opt-out request completed with rejections|Privacy account email template (14314)
• Internal server error when trying to submit a request using the business partner form (14386)
• Default regulation selection does not work on the request form (14315)

• Various performance and stability improvements.

Infrastructure Upgrade

• Planned upgrades to core components, including Spring Cloud, Spring Boot, JDK, Swagger, and JUNIT, to enhance performance and security.

Assessment Improvements

• Improved verification questions based on request type, origin, and attributes.

User Features & Permissions Update

• Enhanced role-based permissions for better access control being rolled out in stages.

SharePoint Content Scanning

• Upcoming support for scanning SharePoint content for improved data visibility.

UI/UX Enhancements

• Ongoing updates to refine user experience and interface design.

Hierarchical Data Handling in Scramble Jobs

• Improved processing of hierarchical data types in scramble jobs.

No specific security updates included in this release.

No infrastructure updates included in this release.

• Missing request processing email templates for Right to Obtain requests (14013).
• Inconsistent dates in Request Details reports (14024).
• WAF errors in Consent Metric Period Reports (14083).
• Password prompt shown when adding a new user with SSO enabled (13990).
• truyoConsentUpdate event incorrectly triggered on every page load when GPC is enabled (14231).

• Resolved portal logout issue when editing an AI risk (14020).
• Fixed incorrect display of the last scan date (14032).
• Removed duplicate text in the AI detection engine description (14034).
• Limited the Auto-Translate setting to the AI Usage section (14038).
• Fixed issues preventing the addition of content scanning data sources (14039).
• Addressed issue where secure vendors were incorrectly being changed to open vendors (14061).
• Regulation activation no longer auto-enables all requests by default (14087).
• Increased API match content size for vendor scans (14077).

Infrastructure Upgrade
Planned upgrades to core components, including Spring Cloud, Spring Boot, JDK, Swagger, JUNIT, and related elements, to improve performance and security.

Assessment Improvements

• Enhanced data mapping capabilities.
• Improved verification questions tailored to request type, origin, and attributes.

User Features and Permissions Update
Enhanced role-based permissions for better access control.

SharePoint Content Scanning
Upcoming support for content scanning within SharePoint.

UI/UX Enhancements
Ongoing updates to improve user experience and interface design.

Hierarchical Data Handling in Scramble Jobs
Enhanced processing capabilities for hierarchical data types in scramble jobs.

• No specific updates in this release.

• No infrastructure updates included in this release.

• DataLayer event ‘truyoConsentUpdate’ not firing until GPC is enabled for GPC use case for Cookie plugin (14016)

• Double error page after too many requests open modal (13961)
• Dark theme not showing visible text on left nav when selected (14023)
• Consumer dispute box does not show error message if left blank (13954)
• Task file upload for text files too large for WAF due to encryption (13993)

• Some instances conditional outputs not being honored (13987)
• Import functionality not working on vendors section (14007)
• Unable to upload files on framework assessments (14026)

Infrastructure Upgrade:

• Planned upgrades to core components including Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and other elements to enhance performance and security.

Assessment Improvements:

• Enhanced data mapping capabilities.
• Improved verification questions tailored to request type, origin, and attributes.

User Roles and Permissions Update:

• More granular role-based permissions for better access control.

SharePoint Content Scanning:

• Upcoming support for content scanning within SharePoint.

UI/UX Enhancements:

• Ongoing updates to refine and improve the user experience.

Hierarchical Data Handling in Scramble Jobs:

• Enhanced processing capabilities for hierarchical data types in scramble jobs.

• No specific updates in this release.

• No infrastructure updates included in this release.

• Resolved issue preventing AI managers from navigating the AI Governance Module (13818).

• Fixed cases where essential cookies were being unintentionally deleted (13858).
• Resolved issue where SSO users could not access the left navigation bar (13879).

Infrastructure Upgrade:

• Planned upgrades to core components including Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and other elements to enhance performance and security.

Assessment Improvements:

• Enhanced data mapping capabilities.
• Improved verification questions tailored to request type, origin, and attributes.
• Introduction of customizable assessment questions within the Data Privacy Assessment module.

User Roles and Permissions Update:

• More granular role-based permissions for better access control.

SharePoint Content Scanning:

• Upcoming support for content scanning within SharePoint.

UI/UX Enhancements:

• Ongoing updates to refine and improve the user experience.

Hierarchical Data Handling in Scramble Jobs:

• Enhanced processing capabilities for hierarchical data types in scramble jobs.

• Session invalidation upon password change (11894)
• Endpoint restriction for email templates access (13640)
• Vertical privilege escalation prevention for Data Review (13641)
• Rate limit enforcement for reset email prevention (13642)
• JavaScript library update for improved security (13643)
• HTML injection prevention (13697)
• Cross-site scripting prevention (13711)

• No infrastructure updates are included in this release.

• Resolved issues with logo/favicon upload (13589)
• Fixed data approval rejection workflow when rejection reason is omitted (13734)
• Addressed request type save issues (11957)
• Corrected language selector visibility in cookie consent banners (13447)
• Fixed multiple Privacy Center validation issues and GPC handling (13626, 13627)
• Addressed multiple org portal issues, including counts, date validation, and metrics accuracy (13628)
• Cookie plugin – isolated custom button properties from other site buttons (13768)
• AI managers cannot navigate the AI module (13818)

• Conditional outputs on the systems page now saved with wildcard functionality (13740)
• Right to Obtain request has been separated into its own workflow (13736)
• Resolved save issues on the request processing page (13757)

Infrastructure Upgrade:

• Planned upgrades for Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related components to enhance performance and security.

Assessment Improvements:

• Data Mapping enhancements.
• Improved verification questions by request type, origin, and attributes.
• Customizable assessment questions for the Data Privacy Assessment module.

User Roles and Permissions Update:

• Refined permissions with more specific role-based access.

SharePoint Content Scanning:

• Upcoming content scanning support for SharePoint.

UI/UX Enhancements:

• Continued improvements for a more intuitive user interface and experience.

Hierarchical Data Handling in Scramble Jobs:

• Improved handling of hierarchical data types in scramble jobs.

Upcoming Regulations:

• New Hampshire, New England, and Nebraska

Vendor Assessment Directive:

• Options for organizations to automatically trigger vendor assessments upon web scan completion or initiation, regardless of AI detection.

• No security updates are included in this release.

• No infrastructure updates are included in this release.

Privacy Center Fixes:

• Wildcard cookies not being captured correctly (13445)
• GPC opt-out count not updating if “Show GPC Processed Message” is disabled in plugin settings (13443)
• ${BRAND_NAME} tag not pulling in the parent org branding on sign up verification emails when branding option 2 is selected in the organization portal (13540)
• Pagination showing on AI consent page if nothing was listed (13421)
• Getting 403 Forbidden error when trying to save Custom CSS/code (13451)
• After edit save on edit risk you get logged out (13420)

• QL Scramble GW : Encountering error w/ JWT token on scramble run (13607)

• None with this release

Infrastructure Upgrade:

• Planned upgrades for Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related components to enhance performance and security.

Assessment Improvements:

• Data Mapping Enhancements
• Enhanced verification questions based on request type, origin, and attributes.
• Data Privacy Assessment Editor
  • Allows organizations to customize assessment questions within the Data Privacy Assessment module.

User Roles and Permissions Update:

• Refined user roles and permissions for more specific access based on role and function.

SharePoint Content Scanning:

• Upcoming content scanning feature for SharePoint.

UI/UX Enhancements:

• Ongoing updates to improve user interface and experience.

Hierarchical Data Types Handling in Scramble Jobs:

• Enhanced the scramble job process for improved handling of hierarchical data types.

New Regulations:

• Saudi Arabia, India

• No security updates are included in this release.

• No infrastructure updates are included in this release.

i19next Configuration Debug Mode Issue (13363)

• Resolved an issue where the i19next configuration was incorrectly set to debug mode.

Cookie Popup Customization Issue (13368)

• Fixed issues related to cookie popup customization.

Privacy Center Popup WCAG and ADA Compliance (13387)

• Improved WCAG and ADA compliance for the Privacy Center popup.

Opt-in/Opt-outs Metrics Dropdown Issue (13409)

• Fixed a display issue where the domain dropdown for opt-in/opt-out metrics was taking up the whole page.

Dropdown Item Limitation (13484)

• Limited dropdowns to display only the first 5 items, with a scroll option for additional entries.

Ethics and Principles Assessment Special Character Issue (13338)

• Corrected an error message that appeared when using special characters in Ethics and Principles assessments.

Ethics and Principles Export Corruption Message (13339)

• Fixed a corruption warning message when exporting Ethics and Principles data.

Reviewer comments on assessments do not appear anywhere in the UI (13373)

ADA Compliance for Cookie Module Footer (13052)

• Fixed an issue with the Cookie Module footer not focusing correctly for ADA compliance.

AI Governance Module Access for SSO Users (13402)

• Resolved an issue preventing AI managers and users from accessing the AI governance module pages when using SSO.

Infrastructure Upgrade

• Planned upgrades for Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related components to enhance performance and security.

Assessment Improvements

• Data Mapping Enhancements.
• Enhanced verification questions based on request type, origin, and attributes.

Data Privacy Assessment Editor

• New feature allowing organizations to customize assessment questions within the Data Privacy Assessment module.

User Roles and Permissions Update

• Refined user roles and permissions handling for more specific access based on role and function.

SharePoint Content Scanning

• Upcoming content scanning feature for SharePoint.

Azure DevOps Source Code Scanning

• Planned support for source code scanning in Azure DevOps.

UI/UX Enhancements

• Ongoing updates to improve the user interface and experience.

Hierarchical Data Types Handling in Scramble Jobs

• Enhanced the scramble job process to better handle hierarchical data types.

• No security updates are included in this release.

• No infrastructure updates are included in this release.

• GCP users are not able to make changes in the Quiklink section (13044)
• Downgrade Access request email body updates (13089)
• Empty state not displaying in sign-up workflow if the consumer does not belong to any regulation (13085)
• Subject line inaccurate for the restriction request completed|Privacy account template (13121)
• Missing Virginia Appeal statement in Right to Opt out of automated decision-making request with rejections|No Account (13127)
• Extra space on conditional output listing page giving a larger click area (13183)
• Redirecting to the dashboard section when the user clicks on a build AI notice button (13196)
• Cookie consent language selector does not appear in the cookie banner or popup (13214)
• Subject line not translating while using the auto-translate function (13126)
• IF Statement code appearing in email to consumers (13128)
• Regulation links are not working in some instances (We removed the links) (13219)
• Unable to edit existing rejection reasons after the last update (13230)
• Bulleted lists in email templates are converting to numbered lists (13263)
• Font for bulleted/numbered lists in email templates are different (13264)
• Remove extra grey padding for the consent popup (13236)
• GPC Opt-out count not updating if the “Show GPC Processed” message has been disabled

• ADA: Footer on the cookie module not focusing correctly (13052)
• Wildcard cookies not working correctly by not allowing more characters (13257)

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • Data Mapping Enhancements.
3. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes.
4. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
5. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 
6. Content scanning capability for SalesForce and Hubspot

• No security updates are included in this release.

• No infrastructure updates are included in this release.

• WAF Not Allowing Emails with “Having” or “Havings” (12915)
• Salesforce Quiklink Does Not Support ALL Regulation in the UI (12954)
• Florida Right to Opt-out of Sensitive Data Request Email Not Mapped to Proper Template (12953)
• Restore Email Template Click Area Too Long (13101)
• Other/None Regulation content is incorrectly displaying the Utah text (13065)

• None at this time

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • Data Mapping Enhancements.
3. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes.
4. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
5. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 

• No security updates are included in this release.

• No infrastructure updates are included in this release.

• Quiklink Gateway column names are incorrect in the Gateway list (12664)
• Quiklink Mparticle connector failing on Data Fetch requests (12975)
• WAF error for specific email addresses with the keyword “having” or “havings” anywhere in the email address.

• Allow cookie addition using a wildcard (12718)
• Quiklink errors when the requester has special characters in the email address.
• CMMC Artifacts updates in the Assessment Module.

1. Custom request forms to be mobile friendly
2. Enhanced the responsiveness of the requester workflow, ensuring a mobile-friendly experience for consumer request flows, including employment processes
3. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
4. Assessment Improvements:
   • Data Mapping Enhancements.
5. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
6. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes.
7. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
8. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 

• No security updates are included in this release.

• No infrastructure updates in this release.

• Categories of information are not stored on Right to know abbreviated task after acceptance (12642)

• Add pre-check on customer if duplicated on destination system (12633)

1. Custom request forms to be mobile friendly
2. Enhanced the responsiveness of the requester workflow, ensuring a mobile-friendly experience for consumer request flows, including employment processes
3. Email templates to support multiple languages
4. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
5. Assessment Improvements:
   • Data Mapping Enhancements.
6. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
7. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes.
8. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
9. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 

• No security updates are included in this release.

• Update to the latest version of jquery.datatables and Jquery-ui (11900)
• Update Elastic Search to Version 8.12 (12409)
• Upgrade nginx to helm release 4.7.5

• Cookie topic description cannot be edited if “Is Necessary” is toggled on (12425)
• Truyo Cookie banner JS not minified (11461)
• Client custom connector for inbound activities count not verifying whether data has been returned (12468)
• Residency Classification custom content updates not updating immediately as expected (12481)

• when fully branded sub brands are enabled the parent org is not getting tasks created (12465)
• ${BRAND_NAME} tag not filled in when email is sent for “all brands” (12556)

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • Data Mapping Enhancements.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
6. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 

• No security updates are included in this release.

• No infrastructure updates are included in this release.

1. SMTP Configuration Update Issue:
   • Implemented a reset to default link for changing settings to Truyo SMTP settings, preventing interruptions in service due to old credentials.
2. Modal Display Issue with Cookie Scan Successful Message (12381):
   • Fixed the issue where the successful cookie scan modal was positioned too low and remained on the screen.

• Org users are not shown verification questions when submitting a request on behalf of a customer
• Org user creating a request for an existing requester is not seeing the verification questions
• Consumers are not able to complete verification questions when a request is submitted from a CSR and they skip the verification questions and submit.

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
6. Enabling AI governance feature to scan source code repositories, structured content, unstructured content and emails for presence of AI
7. Update of the users roles and permissions handling to be more specific per user role and functions accessibility 

• Rate Limits for Password Reset (11892):
  • Rate limits added to password reset functionality.

• No security patches are included in this release.

• Cassandra Support Upgrade (12263):
  • Support for the latest version of Cassandra in APIs and Quiklinks.

• Disabled regulations with underlying enabled request types still appearing in all configuration pages (12038)
• Access Requests completed with no data getting two completion emails (12095)
• Consumer only requests show “All Brands” in the brands field (12117)
• Azure monitor alert MySQL production query alert (12130)
• “Add your first vendor” not showing up in the correct location (12157)
• Verification questions are displaying on the request details page after the request creation when they are in disabled mode for the organization (12160)
• Client favicon is replaced with the Truyo default when logged into the portal (12167)
• Cookie name selection showing it is selectable when it is not on the topic page (12204)
• View Assessment link showing internal server error (12207)
• Compliance report misspellings (12299)
• Requesters able to submit requests with an invalid email addresses format (12300)
• New Zealand misspelled in the default regulation summary (12303)
• Secure Vendors cannot see verification questions/answers for requests with portal accounts (12304)
• Org users are not shown verification questions when submitting a request on behalf of a customer (12345)

• Getting an error in Truyo when trying to make an extension (12228)
• Prod download request report not sent out (12251)
• Support not receiving email alerts/tickets for SMTP errors (12260)
• Errors when sending test emails while the emails have actually been sent (12262)
• Hide/Accept only necessary button showing multiple times on step 4 in the consent workflow (12265)
• Unable to delete erroneous conditional output rule and create a new one (12266)

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
6. Enabling AI governance feature to scan source code repositories, structured content, unstructured content and emails for presence of AI

• CORS Trusting Arbitrary Origin and ACAC (11899):
  • Addressed the issue of Cross-Origin Resource Sharing (CORS) trusting arbitrary origin and Access-Control-Allow-Credentials (ACAC) vulnerabilities.
• CORS Misconfiguration (11891):
  • Resolved the CORS misconfiguration, ensuring a more secure system.

• No security patches are included in this release.

• No infrastructure updates are included in this release.

1. XMLHttpRequest Issue with Cookie Plugin (12172):
   • Resolved the XMLHttpRequest issue preventing the loading of the cookie plugin due to access control checks.
2. Default Population of Cookie Banner Local Storage Key (12203):
   • Fixed the issue where the cookie banner was populating the truyoConsentOptOut local storage key by default.
3. Cookie Banner Topic Rename (12168):
   • Addressed the topic rename issue in the cookie banner for improved clarity and consistency.

• Delete Subscription Topic Failure (90):
  • Fixed the error causing the failure of deleting a subscription topic.
• Cookie plugin not backwards compatible for launching popup dialog (12222)

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.
6. Enabling AI governance feature to scan source code repositories, structured content, unstructured content and emails for presence of AI

• CSRF vulnerability on password change has been addressed (11897).

• No security patches are included in this release.

• No infrastructure updates are included in this release.

1. Topics and Cookie Updates Sync with Plugin (11833):
   • Ensure seamless synchronization of topics and cookie updates with the plugin, maintaining consistency across the platform.
2. Gateway Design Bugs and Inconsistencies (11477):
   • Resolved design bugs and inconsistencies in the gateway.
3. Manual Consent Cookie Dialog Overlaps Form Validation with Plugin Configuration (11650):
   • Fixed the issue where the manual consent cookie dialog was overlapping with form validation in plugin configuration.
4. Business Partner CSV Upload Function Not Working (12043):
   • Fixed the issue where the Business Partner CSV upload function was not functioning.
5. “Fully Branded Sub-Brands” Option Display Issue (12071):
   • Addressed the display issue where the “Fully Branded Sub-Brands” option was erroneously showing on the parent consumer page.

Hot Fixes (Impacting Release Version 6.9.0):

• Issues fixed and merged to production:
  1. Create Download Request Failing Due to Too Many Requests (12070):
     • Resolved the issue causing the failure of creating download requests due to excessive requests.
  2. Scramble Table Run Reflecting Current State (12072):
     • Ensured the scramble table reflects the current state even before completing/failing a job.
  3. Some Organizations Logos Not Displaying (11695):
     • Fixed the issue where logos for some organizations were not displaying.

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • Framework Assessments for AI with Scanning Capabilities.
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
   • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.

Our proactive security measures continue to ensure robust protection. No reported security breaches or attacks are associated with the addressed issues.

• Stored XSS on the portal name functionality corrected (11895)
• Stored XSS on Domain and Ban Email list corrected (11913)
• Stored XSS on Access Control Page under Privacy portal corrected (11944)
• HTML injection vulnerability in Verification Questions corrected (11908)
• Stored XSS on Request forms functionality (11893)
• Stored XSS on Privacy Portal details (11945)
• Blacklist based file upload bypass (11901)

• No security patches are included in this release.

• There are no infrastructure updates in this release.

1. Send Test Email Button (11670):
   • The “Send test email” button on the email settings page is no longer throwing an error while successfully sending emails.
2. Domain Ban Email List (11907):
   • Unwanted translation tabs have been removed from the domain ban email list.
3. Download Request Report (11800):
   • CSV download request reports no longer include blank rows that previously interfered with sorting capabilities.
4. Quiklinks Visibility (11763):
   • Org portal users can now consistently see Quiklinks with Azure AD OpenID Connect, resolving sporadic visibility issues.
5. Cookie Plugin Preview (11723):
   • The cookie plugin preview now functions as expected, ensuring a seamless user experience.
6. Account and Verification Sidebar Styling (11963):
   • Styling on the account and verification sidebars now consistently matches the product’s style.

7. GPC Signal not working as expected with GTM Integration (12045)

• The following issues have been addressed from the 6.8.0 release:

1. Cookie Auto Scan (11931):
   • Cookie auto scan functionality now works correctly.
2. Task Emails for System Owners (11905):
   • System owners no longer receive task emails with auto-rejection rules set up due to rule priority.
3. Naming Correction (11933):
   • Duplicate naming for “Right to Object/Opt Out” has been corrected to “Right to Opt Out” and “Right to Object” to align with descriptions.
4. Vendor System Editing (11929):
   • Users can now edit brands, entities, and dependencies for a new vendor system.
5. Open Vendors File Upload (11978):
   • Open vendors can now successfully upload files.

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • Framework Assessments for AI with Scanning Capabilities.
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
   • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.

• We continue to proactively implement security measures as part of our comprehensive security plan. To date, there have been no reported security breaches or attacks related to the addressed issues.

• No security patches are included in this release.

• There are no infrastructure updates in this release.

1. Cookie Preference Module Theme Color Fix (11453):
   • The toggle on the cookie preference module now correctly matches the organization’s theme colors.

• The following issues have been resolved from the 6.7.0 release:

1. Special Characters for French Translations (11801, 11796):
   • Special characters have been enabled to support accurate translations for French in verification answers and email template subject lines.
2. Special Characters in Vendor Names (11797):
   • Special accent characters are now accepted in vendor names.
3. Language-Specific Character Issue (Not Specified):
   • An issue where special accent characters for certain languages were not displaying correctly in name fields has been addressed.
4. Quiklink Display Issue with Azure AD OpenID Connect SSO (11763):
   • Quiklink now consistently displays when using Azure AD OpenID Connect SSO.
5. French Translation Rendering Issue for Name Fields (11819):
   • French translations now render correctly in name fields.

6. Need QPSA Conditional Output Rules to save if rejection reason has special characters (11831)

   1. Allowed accent characters to be used for rejection reasons

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • Framework Assessments for AI with Scanning Capabilities.
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
   • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.

• A continuous implementation of proactive security measures has been underway as part of our comprehensive security plan. No confirmed security breaches or attacks have been reported for the addressed issues to date.

• A security patch has been applied to resolve potential vulnerabilities associated with the Resend Verification email link (11663).
• External calls have been reduced to enhance security. (11573)

• The consent traffic flow has been optimized to reduce load on the product.

1. Carriage Returns Allowed (11564): Carriage returns are now permitted, ensuring proper formatting of content.
2. Responsive Custom Content with reCAPTCHA (11306): Custom content is now responsive on pages with reCAPTCHA enabled.
3. Updated Request Names/Descriptions (11525): Names and descriptions of requests within the organization portal have been aligned with actual regulation naming conventions.
4. Centered Icons on Assessment Action Items (11590): Icons on assessment action items are now properly centered for enhanced visual consistency.

• Production updates (6.6.0) have been applied to address various issues, including completion of Account download tasks (11617), random parameter addition to client image URLs (11600), and rendering of text areas for authorized agents (11494).

1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
2. Pre-Categorization of Cookies: Enhancements to the cookie scanner will enable automatic categorization of cookies, streamlining data management.
3. Assessment Improvements:
   • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
   • Framework Assessments for AI with Scanning Capabilities.
   • DOD Scoring for CMMC Assessments.
   • Data Mapping Enhancements.
   • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
4. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
5. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
6. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.

Continual implementation of aggressive and proactive security measures as part of our comprehensive security plan has been ongoing. No confirmed security breaches or attacks have been reported concerning the addressed issues to date.

Infrastructure Updates:

• The default SMTP URL has been updated from Sendinblue to Brevo to ensure uninterrupted email service.

Data Use Text Areas Character Limit (11557)

• The character limit for data use text areas has been increased to 3,000 from 300, and carriage returns are now allowed, offering users more flexibility in inputting data.

Inconsistent Table Setting Header (11585)

• Header consistency has been restored in the Security and Vendor Assessments pages, ensuring a cohesive visual experience.

Quiklink Displaying “Not Found” (11702)

• The issue causing Quiklink to display “Not Found” on the listing page has been resolved.

Duplicate Requests Message in Guest Mode (11474)

• Guest mode requesters will now receive a duplicate requests message when attempting to process a request of the same type that is already being handled.

Status Change Issue for “Start Request” Button (11549)

• The “Start Request” button status in the GCP environment now changes correctly, improving the overall user interface functionality.

Favicons and Logos Display Issue (11588):

• We have identified and corrected the issue where favicons and logos are not displaying correctly.

Colorado Data Privacy Act Regulation Request Extension Missing (11601):

• We have noted that the Colorado Data Privacy Act regulation lacks the ability to extend requests, which is an essential feature to accommodate varying user needs. We deeply value compliance with relevant regulations, and addressing this oversight is of utmost importance to us.

Updates to production have been made for items in release 6.4.0, including the handling of duplicate task creation in specific scenarios and enabling Quiklinks for administrators based on appropriate permissions settings in the database.

Infrastructure Update:

• Components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to be upgraded to their latest versions, ensuring improved performance and security.

Compliance Reports – Embedded:

• Organizations will gain the ability to embed compliance reports onto public-facing web pages, facilitating transparency and accessibility for stakeholders.

Pre-categorization of Cookies:

• Enhancements to the cookie scanner will enable it to provide “best guess” categorization of cookies, streamlining data management processes.

Assessment Improvements:

• SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
• Enhanced ISO Framework Assessments.
• Framework Assessments with Scanning Capabilities for Potential Cross-population Analysis.
• DOD Scoring for CMMC Assessments.
• User Groups Functionality for Assessments.
• Data Mapping Enhancements.
• Records of Data Processing Activity.

Email Template Editor:

• A more robust template editing and viewing feature for email templates will be introduced, enabling organizations to tailor communications effectively.

Verification Questions:

• The verification question system will be strengthened, allowing for different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.

Data Privacy Assessment Editor:

• Organizations will be empowered to customize assessment questions within the Data Privacy Assessment module, facilitating tailored evaluations.

• Ongoing security updates:
  • Continual implementation of aggressive and proactive security measures as part of our comprehensive security plan.
  • No confirmed security breaches or attacks reported thus far in relation to the addressed issues.

• Migration to MySql 8 (11352)
  • Transition to MySql 8, improving the platform’s underlying database infrastructure.

• Resolution of employment URL redirection issues (11240)
  • Rectification of URL inconsistencies causing incorrect page redirections.

• Updates implemented for release 6.4.0, addressing specific issues.
• Updates to the consent module to enhance performance (11440)
  • Optimizations made to the consent module to improve overall system performance.

• Infrastructure update:
  • Upgrading components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements to their latest versions.
• Compliance reports – embedded:
  • Introduction of the ability for organizations to embed compliance reports onto public-facing web pages.
• Pre-categorization of cookies:
  • Enhancement of the cookie scanner to provide “best guess” categorization of cookies.
• Assessment Improvements:
  • SSP generation for CMMC (Cybersecurity Maturity Model Certification).
  • Enhanced ISO framework assessments.
  • Framework assessments with scanning capabilities for potential cross-population analysis.
  • DOD scoring for CMMC assessments.
  • User groups functionality for assessments.
  • Data Mapping enhancements.
  • Records of Data Processing Activity.
• Email template editor:
  • Introduction of a more robust template editing and viewing feature for email templates.
• Verification questions:
  • Strengthening of the verification question system, allowing for different questions based on request type, request origin, and other attributes.
  • Inclusion of support for conditional questions, answer formatting, and required fields.
• Data Privacy Assessment Editor:
  • Empowering organizations to customize assessment questions within the Data Privacy Assessment module.

Ongoing security updates: 

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release

Employment URL’s pointing to the wrong content (11240)

Not all requests being pulled when running an external report (11304)

Updates fixed to release 6.3.0

Default regulation is not honoring the configured response times (11295)

View files instead of downloading within the Egnyte platform (11083)

Egnyte QL scanning not completing properly (11124)

Data use section changes are not storing in the Quiklink rules page (11184)

Org users are not able to update the intake form success/error state messages (11313)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• Enhanced ISO framework assessments
• “Scan” framework assessments for potential cross population
• DOD scoring for CMMC
• User groups for assessments
• Data Mapping
• Records of Data Processing Activity

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: 

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Enabling WAF in all lower environments (10403)

Fixing PHP depreciated values (11031)

Unable to toggle field level data fetch options (11158)

Languages selection will display in the correct language on the consumer portal (11113)

Custom CSS not working for other languages (11112)

Sub Brand portal

Updates fixed to release 6.2.0

Consumer can’t disable”Sale Cookie” without first disabling “Advertising cookies” (11111)

Sub Brand portal are re-directing to the login page when guest mode is enabled (11190)

Spanish accent letters are appearing as symbols when emails are sent out. (11191)

APC settings only showing if an organization has parent only org set (11207)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• Enhanced ISO framework assessments
• “Scan” framework assessments for potential cross population

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: 

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None with this Release

CDPA Opt Out of Targeted Advertising email templates tied to Right to Consent process flow (10978)

New organizations not respecting mapping of regulations/requests (11155)

Redirecting to the requester search page after clicking Submit new Request button using the CSR flow (11032)

Breadcrumb position is not consistent on Custom content section pages (11033)

Update selection pointer to hand pointer when the mouse hovers over to skip the upload link in the Authorized agent workflow skipping a document upload (11141)

Consumer cannot disable “Sale Cookies” without first disabling “Advertising Cookies” (11111)

Updates fixed to release 6.1.0

Copy/paste functionality not working in verification questions (11103)

Employment brand not allowing a user to create the brand from the admin portal (11107)

Updating functionality of the continue button on forms using custom CSS (11127)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• Enhanced ISO framework assessments
• “Scan” framework assessments for potential cross population

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Handling of MSO365 OAuth settings

• Ability for an organization to set their email OAuth to use MSO365

Ongoing security updates: 

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Potential cross site scripting issue addressed in the forgot password flow for employment and consumer portals (10976)

Upgraded jQuery version for cookie plugin (56)

• Now using version 3.6.0

Fixed spacing on the conditional output page where we select to send and email to let the owner know the task was created (10954)

Customer requests have mismatched residencies (10943)

Custom CSS page ont functioning correctly (10995)

OpenID Connect SSO not working in the instance that both SSO settings were not set. This has been uncoupled in this update (11043)

General Email list not displaying if we revisit the page from other Organization Emails (11036)

Updates fixed to release 6.0.0

SMTP settings not visible on the Email settings page (10991)

Add new cookie not adding and getting stuck (10987)

Cookie getting an error with the import/export functionality adding a space to the name not letting it be recognized (11011)

Updated custom text not displaying in the employment portal (10950)

Logo’s not showing correctly in the employment portal (10993)

No tasks being created in pre production only when there is an Employment setup issue (11044)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release 

Assessment file upload naming not updating correctly if there was a space in the name (10790)

Unable to rename the Right to Limit the use and Disclosure of Sensitive Data  for CPRA (10786)

Updates fixed to release 5.9.0

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release 

Regulation summaries missing from the consumer portal (10705)

Rejection reason not showing in consumer logged in portal when request is declined during secondary verification (10822)

Consent clients unable to edit the cookie topic (954/CM-43)

Organization portal SSO settings could not be made without having to click in other areas to save updates (10785)

Sub brands cannot be disabled once they are enabled (10787)

Updates fixed to release 5.8.0

Email templates format fixes and added tags (10808)

Request and task rejection reasons not showing in the consumer portal (10772)

Auth agent flow : Request re-verification emails are not going to consumer / authorized agent when appeal accepted (10781)

New organizations are not able to see reports (10804)

Secure vendors were not getting appeal details (10806)

New organizations missing the Right to Object request type (10829)

Changes to one privacy portal account email template was also being made in others (10783)

New organizations supporting GDPR were not able to see the Right to Object request type (10829)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release 

Clicking Cancel on Delete Modal from Employment portal redirects user to Consumer portal (10745)

Updates fixed to release 5.7.0

Re-routing to the correct page after canceling or pressing an expired link from an employment request (10730)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release

None in this release

Assessment files not synching correctly (10710)

Open Vendor not able to upload documents (10711)

Unable to reassign task owners (10742)

Employment requests submitted by an authorized agent not getting verification emails (10735)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

• Updated Elastic Search to Version 7.17.7
• Helm chart update to Version 7.17.3

• None this release

Disable the Common controls tab under Assessments temporarily (10643)

Open vendor not able to upload a document (10711)

Verification questions missing in tasks (10662)

Support for apostrophe in the organization name for Privacy Policy Generator customers (10636)

Update button not showing on task details page (10685)

Authorized agent flow not working correctly (10687)

SMTP error handling for failed/bad credentials (10697)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None in this release

Better redirect for request form only organizations (10660)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC
• “Scan” framework assessments for potential cross population
• Support for flagging questions to specific users

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

None with this release

Unable to search users by alternate id’s from the user search flow (10612)

Better handling of email templates when HTML tags are not properly closed that previously prevented the user from restoring defaults and edit. (10630)

Updated the forgot password link for an organization to be sent and used as a permalink (10624)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC
• “Scan” framework assessments for potential cross population

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Data Privacy Assessment Editor

• Ability for an organization to customize questions on data privacy assessments

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Update Kubernetes to version 1.23.8 (10550)

Fixed a misspelling on the organization portal password change (10537)

Cursor on the forgot password link on the org portal was not using the hand icon (10538)

Wrong cursor on the organization forgot password link (10538)

Start request button for “Right to withdraw consent request” is not displaying for Utah residents in the consumer portal (10523)

Final review not showing tasks for the request details (10478)

Unable to edit/restore email templates if the HTML tags are not closed properly (10360)

Sorting by Default regulation on the requests and tasks page not being displayed when selected (10594)

Cache issue causing the status to not match when re scanning a QL connector (10569)

These fixes were added to Version 5.2.0 prior to its production deployment

Request tasks are not visible after completion of the request (10349)

Error message displaying when a vendor attempts to open a task to be completed (10399)

User unable to close tasks due to an error message (10429)

Auto save is not working for anything beyond the second page on on the requests screen (10510)

Both Start and Renew assessment buttons are displaying after completion of an assessment (10541)

Updated Data Privacy assessment page heading to match the left navigation to say Data Privacy Assessments (10540)

Wrong breadcrumb name displaying on the view past assessments page (10539)

Disable cache on the first call to get brand by filter (performance need) (10527)

Task information is not displayed when a user clicks on the TaskId from the Task tables (10499)

Unable to edit existing Session cookies-cookie consent (10494)

Right to Opt out Automation Request processing email template missing in the Org UI (10481)

Default regulation not allowing the requests to be extended after 45 days when the default is 60 days (10572)

Requests section on the reports pages not displaying information (10571)

Unable to configure the Employment portal (10564)

Systems getting renamed upon request closure and requests being dropped as the result (10596)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC
• “Scan” framework assessments for potential cross population
• Privacy Policy generator

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Truyo Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Implemented cache in the backend services for Quiklink (10415)

Updated the Quiklink API’s to reduce heap space (10467)

Organization email template, appeal from requester, where not being triggered normally (10476)

Final Review page not showing tasks (10478)

Quiklink rules displaying error (10485)

Cookie consent module – Unable to edit existing session cookies (10494)

Auto save not working on the second page of the regulations page (10510)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• SSP generation for CMMC Assessments
• “Scan” framework assessments for potential cross population
• ISO 27001, Soc-2 readiness and NIST 800-171 assessments

Expansion of Framework assessments – within Common Controls

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing
• Provide easy ways to update email templates
• Import/Export
• Workflow to visually see email triggers

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Truyo Assessment Editor

• Ability for an organization to customize questions inside Data Privacy Assessments

Ongoing security updates: (None needed in this release)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Updated Cassandra to version 3.11.3 (10383)

Verification links taking employment portal requesters to the consumer portal (10371)

System display name text box max characters is larger than allowed in the database (10400)

Unable to de-select brands when raising a dispute request from the consumer portal (10408)

Request tasks are not visible after completion of the request (10349)

Error message displaying when a vendor attempts to open a task to be completed (10399)

User unable to close tasks due to an error message (10429)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC
• “Scan” framework assessments for potential cross population
• Privacy Policy generator

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Truyo Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (10287)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Quiklink consumer tasks were being created even if the connector was inactive (10134)

Links on the employment portal redirected to the consumer portal pages (10327)

Truyo request service not closing requests (10248)

Various Quiklink Automation user errors (10358)

User unable to add rejection reasons (10334)

Quiklink tasks being created even when a system has been deleted. (10134)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC
• “Scan” framework assessments for potential cross population
• Privacy Policy generator

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Truyo Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (9872, 10109, 10235)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

CSR role not able to create requests using a requesters phone number (10206)

“Not found” error on Quiklinks landing page after roughly 15 minutes (10178)

Quiklinks: Consumer tasks are being created even if a connector is inactive (10134)

Features and Regulations not showing in pre production environments (10273, 10288)

Business partner forms not showing request types (10196)

CSR’s not able to submit requests for requesters without an email address (10206)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC
• “Scan” framework assessments for potential cross population

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Verification questions

• More robust verification question system, allowing different questions based on request type, request origin and other attributes.  Including conditional question support and answer formatting, as well as required fields.

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Truyo Assessment Editor

• Ability for an organization to customize questions

• Assessment dashboard,  fixed incorrect count on assessments (10136, 10158)
• Media/binary files missing in the download zip file 4.12.0 (10171)
• Request page date range was limited to the past 12 months (10149)
• Allow reset after a rule is set on QuikLink. (10135)
• All selected request options not appearing for each regulation. (10148)
• Minio ingress update for responses to 400 error (10123)

• Egnyte authentication not retrieving the token after the 4.11.0 release (10157)
• Updated Egntye Authentication domain entry: format is: yourdomain@egnyte.com and the platform can auto-complete the remaining url portion (10155)
• Media/binary files missing from the download packet (10171)

Ongoing security updates: (10101)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

Ongoing security updates: (10106, 10107, 10154, 10102)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

No bug fixes in this update pertaining to the previous release

Unable to add verification questions (10122)

Ongoing security updates: (9870,9871,9880,9881,9882,9883,9884)

• As part of our ongoing aggressive and proactive security plan, we have continued to increase security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

• Unable to verify requests from users without an account from the org portal. (10038)
• Employment portal was not being activated (10057/10091)
• Large data fetch files failing in Quiklinks (10061)
• Quiklink data fetch response not returning as much data. (10017) – Related to 10061
• Unable to login from the privacy center subscriptions tab – Consent module. (10077)
• Breadcrumb was redirecting from “Review: Document Review” to the dashboard. (10078)

No Hot Fix items this go around

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

Assessment Improvements

• Plan of action and milestone report for CMMC

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Truyo Assessment Editor

• Ability for an organization to customize questions

Ongoing security updates: (9871, 9869, 9873, 9872, 9876, 9870)

• As part of our aggressive and proactive security plan, we have increased security around the platform.
  • To date, there have been no confirmed attacks related to the issues updated.

• Request type selection not saving for Quiklinks (9954)
• Rules page selection not showing in quiklinks table section (9979)

Fixes that were added to the 4.9.0 release: 

• Rules page not displaying at all in the QA environment. 
• Quiklink values are inconsistent with DB values (10019)
• Quiklink stuck in review status (10008)
• Quiklinks showing not found on the list page for SSO or Regular login organizations (9965)

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• The ability for an organization to embed compliance reports to public-facing web pages

Pre categorization of cookies

• The ability for the cookie scanner to “best guess” cookie category

CMMC Assessment Improvements

• Plan of action and milestone report
• Dynamic updates to metrics
• Dashboard specific to the assessments

Expansion of Framework assessments

• Support for over 100 different assessments based on standards
• Support for common controls framework also strict adherence to other framework types

Email template editor

• More robust template editing and viewing

Updated Right to Amend workflow

• Ensuring the workflow better fits our client’s needs to support their customers

Ongoing security updates (9874, 9875,9868,9896)

• As part of our aggressive and proactive security plan, we have increased security around the platform.
  • No confirmed attacks related to the issued updated to date. However, certain vulnerabilities could be exploited if the correct access was obtained.

Framework Assessment flow update (9845)

• During the add or renew flow we removed the modal that was being used to select the assessment. Now you are taken to a page that you select the available assessment.

Quiklinks stuck in scanning state intermittently (9942)

• On occasion a Quiklink connector would get stuck in scanning status due to how it was being tracked in the database causing an overwrite that was not correct.

Fixes to version 4.8.0

Slow loading task and request pages (9913)

• Added indexing to the task and request pages to help the performance

Infrastructure update

• Updating: Spring Cloud, Spring Boot, JDK, Swagger/JUNIT fixes, and related components

In App Help

• Providing fly out help menu for contextual help per page

Video Tutorials

• Provide a library of videos focused on specific feature training for the Truyo platform

Compliance reports – embedded

• Ability for an organization to embed compliance reports to public facing web pages

Pre categorization of cookies

• Ability for the cookie scanner to “best guess” cookie category

CMMC Assessment Improvements

• Plan of action and milestone report
• Dynamic updates to metrics
• Dashboard specific to the assessments

Expansion of Framework assessments

• Support for over 100 different assessments based off standards

Email template editor

• More robust template editing and viewing

Updated Right to Amend workflow

• Ensuring the workflow better fits our clients needs to support their customers

Reset password workflow

• Updating the reset password workflow to be more in line with the latest security standards