Month: November 2023

Truyo Product Release Version 6.10.0

Upcoming Features:

  1. Extension Options for Do Not Sell Requests in CCPA (12037):
    • Introducing optional extension days selection for DNS requests across all regulations supporting DNS. Users can choose 15 or 45 days, without impacting default extensions unless explicitly checked.
  2. Compliance Reports (8925):
    • A comprehensive report by regulations showcasing request types, including amounts received, accepted, rejected, and average days to complete.
  3. Rejected Status for Assessments (11950):
    • Users can now designate the “Rejected” status for assessments, enhancing transparency in assessment outcomes.
  4. French Translations for Truyo Terms of Service and Privacy Statements (11841):
    • Truyo’s Terms of Service and Privacy Statements are now available in French for users with French browser settings.
  5. Automatic Extension Functionality (11840):
    • When selected, this feature automatically extends requests two days prior to their due date, streamlining request management.
  6. Vendor Listing Page Enhancements (11959):
    • Added assessment status column for vendor assessments (complete, in progress, not started).
    • Introduced tiles for total completed assessments, in-progress assessments, and assessments not started.
    • Added a column for the expiration date of assessments.
    • Removed the Security Assessment column.
  7. Consent and Class Naming Enhancement (11834):
    • Consent and class names will now begin with unique identifiers to avoid existing website conflicts and organization.
  8. Dashboard Tile Additions (11911):
    • Added two new tiles on the Dashboard for Verification Review and Data Approval, highlighting items in “In Review” and “Final Review” status.
  9. Utah’s Data Privacy Requests (11473):
    • Do Not Sell is now part of the default request types for Utah’s data privacy requests.
  10. Proactive Reporting of Quiklink Failures (11700):
    • Similar to SMTP failures, the system will proactively open a support ticket for Quiklink failures, ensuring prompt attention to potential issues.
  11. Request with No Account Flow Layout Update (11427):
    • If more than 8 requests are supported in a regulation, a dropdown selection option is now available for improved user experience.
  12. French Translations for Truyo Terms of Service and Privacy Policy (11841):
    • French translations of Truyo’s Terms of Service and Privacy Policy are now presented for users with French language preferences.
  13. Verification Review and Data Approval Tiles (11991):
    • If the Review or Data Approval options are utilized, additional tiles on the Dashboard page provide insights into associated data.
  14. Reject All Optional Cookies Button (12036):
    • Introduced a “Reject All” button on the detailed cookie banner for streamlined user consent management.
  15. Production Scalability for MySQL Scramble Jobs (10911):
    • Improved scalability of MySQL scramble jobs for enhanced production efficiency.
  16. Proactive Alerts for Quiklink Failures (11700):
    • Proactive support ticket alerts will be generated for Quiklink failures, ensuring timely resolution.

Security Updates:

  • CSRF vulnerability on password change has been addressed (11897).

Security Patch:

  • No security patches are included in this release.

Infrastructure Updates:

  • No infrastructure updates are included in this release.

Bug Fixes:

  1. Topics and Cookie Updates Sync with Plugin (11833):
    • Ensure seamless synchronization of topics and cookie updates with the plugin, maintaining consistency across the platform.
  2. Gateway Design Bugs and Inconsistencies (11477):
    • Resolved design bugs and inconsistencies in the gateway.
  3. Manual Consent Cookie Dialog Overlaps Form Validation with Plugin Configuration (11650):
    • Fixed the issue where the manual consent cookie dialog was overlapping with form validation in plugin configuration.
  4. Business Partner CSV Upload Function Not Working (12043):
    • Fixed the issue where the Business Partner CSV upload function was not functioning.
  5. “Fully Branded Sub-Brands” Option Display Issue (12071):
    • Addressed the display issue where the “Fully Branded Sub-Brands” option was erroneously showing on the parent consumer page.

Hot Fixes (Impacting Release Version 6.9.0):

  • Issues fixed and merged to production:
    1. Create Download Request Failing Due to Too Many Requests (12070):
      • Resolved the issue causing the failure of creating download requests due to excessive requests.
    2. Scramble Table Run Reflecting Current State (12072):
      • Ensured the scramble table reflects the current state even before completing/failing a job.
    3. Some Organizations Logos Not Displaying (11695):
      • Fixed the issue where logos for some organizations were not displaying.

Upcoming Features:

  1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
  2. Assessment Improvements:
    • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
    • Framework Assessments for AI with Scanning Capabilities.
    • DOD Scoring for CMMC Assessments.
    • Data Mapping Enhancements.
    • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
  3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
  4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
  5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.

Truyo Product Release Version 6.9.0

Upcoming Features:

  1. Consent Metrics (11825):
    • We’ve introduced consent metrics to provide detailed insights into consent-related data.
  2. All Regulations Option for Quiklink Rules Configuration (11762):
    • Quiklink rules are configurable for all regulations, offering more comprehensive rule management.
  3. Multi-Selection of Vendors (11815):
    • Multi-selection of vendors, supporting vendor assessment-only functionality.
  4. Import/Export of Vendors (11824):
    • Import and export vendors in bulk, simplifying the process of adding vendors with minimal information and saving them without immediate assignment to a system or request type support. Additionally, this feature allows the export of vendors to a CSV file.
  5. Internal Comments in Verification Review (11835):
    • The capability to include internal comments in the verification review reject request response, enhancing communication and record-keeping.
  6. Task Table Update (11837):
    • When tasks are closed via an API, the last modified information is now recorded in the task table.
  7. Cookie Panel Dropdown (10994):
    • A dropdown for the cookie panel type has been added, improving user interaction.
  8. GAP Assessment Regulation Removal (11850):
    • You no longer need to select a regulation when landing on the GAP assessment page. Instead, you can create a “named” assessment.
  9. Consent Requests Dropdown Style Update (11890):
    • The selection view on the consent requests dropdown section has been updated to match the product’s style for a cohesive user experience.
  10. Audit Log Enhancement (11852):
    • A consent summary has been incorporated into the Audit log, providing a comprehensive overview of consent-related activities.
  11. Global JavaScript Variable Update (11832):
    • The Cookie Consent plugin has been refined, including the renaming of the global JavaScript variable for improved integration and functionality.
  12. Persistent Page During Cookie Re-Categorization (11932):
    • To enhance user experience and continuity, active pages will now be retained during the cookie re-categorization process.
  13. Oracle Database Integration (10912):
    • The Oracle database has been added to the list of supported databases for data scrambling, enhancing data security and compliance.
  14. Scramble Database Table Transition (11768):
    • We have transitioned to new database tables for defining the scramble job and storing historical data, optimizing data management.
  15. Scramble History and Dashboard (11769):
    • The Scramble feature now includes a basic history and dashboard page, offering a comprehensive view of data scrambling activities.
  16. Scramble Job Details Page (Completed, Failed, In Progress) (11770):
    • We’ve introduced a dedicated job details page for completed, failed, and in-progress data scramble jobs, streamlining data management and analysis.
  17. Scramble Job Details PageĀ  (11771):
    • A new job details page has been created for data scramble activities, facilitating better monitoring and control. This includes Database information section, Details to include full error details, table, fields and configuration in read only mode with pagination. No filtering added at this time.

Security Updates:

Our proactive security measures continue to ensure robust protection. No reported security breaches or attacks are associated with the addressed issues.

  • Stored XSS on the portal name functionality corrected (11895)
  • Stored XSS on Domain and Ban Email list corrected (11913)
  • Stored XSS on Access Control Page under Privacy portal corrected (11944)
  • HTML injection vulnerability in Verification Questions corrected (11908)
  • Stored XSS on Request forms functionality (11893)
  • Stored XSS on Privacy Portal details (11945)
  • Blacklist based file upload bypass (11901)

Security Patch:

  • No security patches are included in this release.

Infrastructure Updates:

  • There are no infrastructure updates in this release.

Bug Fixes:

  1. Send Test Email Button (11670):
    • The “Send test email” button on the email settings page is no longer throwing an error while successfully sending emails.
  2. Domain Ban Email List (11907):
    • Unwanted translation tabs have been removed from the domain ban email list.
  3. Download Request Report (11800):
    • CSV download request reports no longer include blank rows that previously interfered with sorting capabilities.
  4. Quiklinks Visibility (11763):
    • Org portal users can now consistently see Quiklinks with Azure AD OpenID Connect, resolving sporadic visibility issues.
  5. Cookie Plugin Preview (11723):
    • The cookie plugin preview now functions as expected, ensuring a seamless user experience.
  6. Account and Verification Sidebar Styling (11963):
    • Styling on the account and verification sidebars now consistently matches the product’s style.

  7. GPC Signal not working as expected with GTM Integration (12045)

Hot Fixes:

  • The following issues have been addressed from the 6.8.0 release:
  1. Cookie Auto Scan (11931):
    • Cookie auto scan functionality now works correctly.
  2. Task Emails for System Owners (11905):
    • System owners no longer receive task emails with auto-rejection rules set up due to rule priority.
  3. Naming Correction (11933):
    • Duplicate naming for “Right to Object/Opt Out” has been corrected to “Right to Opt Out” and “Right to Object” to align with descriptions.
  4. Vendor System Editing (11929):
    • Users can now edit brands, entities, and dependencies for a new vendor system.
  5. Open Vendors File Upload (11978):
    • Open vendors can now successfully upload files.

Upcoming Features:

  1. Infrastructure Upgrade: Upcoming upgrades for components such as Spring Cloud, Spring Boot, JDK, Swagger/JUNIT, and related elements are set to improve performance and security.
  2. Assessment Improvements:
    • SSP Generation for CMMC (Cybersecurity Maturity Model Certification).
    • Framework Assessments for AI with Scanning Capabilities.
    • DOD Scoring for CMMC Assessments.
    • Data Mapping Enhancements.
    • Privacy Risk Register allowing organizations to track and mitigate risk across multiple projects or initiatives.
  3. Email Template Editor: An advanced template editing and viewing feature for email templates will be introduced, enabling tailored communications.
  4. Verification Questions Enhancement: The verification question system will be fortified, offering different questions based on request type, origin, and attributes. Support for conditional questions, answer formatting, and required fields will be included.
  5. Data Privacy Assessment Editor: Organizations will gain the ability to customize assessment questions within the Data Privacy Assessment module, enabling tailored evaluations.