OneSpan Sign Release Notes

RELEASE 11.37

What's New

New Signer Experience

• Zoom level is displayed: The zoom level of a viewed document is now displayed to signers.
• Removed secondary color: The secondary color was dropped from the palette of branding options, since it didn't add much value. We replaced the secondary color with a shade of the primary color.
• Improved performance: Formerly, when New User Experience was accessed from Internet Explorer, an input field's tooltip was dynamically positioned above or below the field. Now the tooltip is always displayed below the field. This change to a static position improved the performance on Internet Explorer.
• Redesigned authentication pages: We redesigned the authentication pages in the New Signer Experience. These pages support: (1) the Q&A, SMS and KBA authentication methods; (2) multi-method authentication for an individual user. All strings in the New Signer Experience can be customized by contacting our Support Team. If you were already using customized strings on the authentication pages in the New Signer Experience, please contact our Support Team to ensure that those customizations are reflected on the redesigned authentication pages. Note: We did not change the authentication pages for Senders.
• Change Signer accepts same email for a different recipient: Using the Change Signer feature, an external recipient can now change to a recipient who shares their email address, but has a different name.
• Fast Track accepts users with same email: The Fast Track feature now supports adding to a transaction external recipients who share the same email address, but have different names.

Senders

• Improved expiry dates: When the transaction-expiry feature is configured in a template for a number of days, the system no longer calculates an expiry date. Instead, the expiry date for a transaction created from such a template is calculated from: (1) the transaction's creation date; (2) the number of days before expiry that are specified in the template. To reflect this change, we removed the expiry date from the List page for such templates.
• Configure in-person Welcome page: Enabled Senders to show or hide elements of the Welcome page for an in-person transaction.
• Configure in-person Thank You page: Enabled Senders to show or hide elements of the Thank You page for an in-person transaction.
• Configure e-Notary Welcome page: Enabled Senders to show or hide elements of the Welcome page for an e-Notary transaction.
• Configure e-Notary Thank You page: Enabled Senders to show or hide elements of the Thank You page for an e-Notary transaction.
• Removed product name from the application version: Formerly, the New User Experience displayed the application version as "OneSpan Sign <version #>". We changed this to "Version <version #>" in order to white-label the application, and thus avoid confusing Senders.

Developers

• Multi-doc support for Digital Mortgages: If a mortgage transaction has one SMART Document and one or more PDFs: (1) an eOriginal vault can now store all those documents for the transaction; (2) eOriginal's Audit Trail now lists all events related to the transaction and its multiple documents.
• Multi-doc support for Digital Lending: If a transaction has multiple loan documents: (1) an eOriginal vault can now store all those documents for the transaction; (2) eOriginal's Audit Trail now lists all events related to the transaction and its multiple documents.
• Create reports about your account: The following new API calls create various reports about your account: (1) reports/sender-transaction-summary returns a list of Senders, with a summary count of their transactions by status (can be filtered by date range); (2) reports/transaction-summary returns a list of transactions, with summary information per status (can be filtered by date range and senderId); (3) reports/transaction-detail returns the details of a specific transaction (must pass the transactionId as a parameter).
• Specify the Designer page's language: When the Designer is integrated into an iFrame, the Designer page's language can now be specified by adding a parameter at the end of the associated URL.

Account Owners & Admins

• Enhanced Self-service Data Management: We improved the page that manages data retention. The four main settings on this page are now as follows. (1) Total Transaction Lifetime: This setting is new in this release. It specifies how long after its creation any transaction will be stored (e.g., if this lifetime is 30 days, a transaction created on January 1 will be deleted on January 31). (2) Archived: Specifies how long archived transactions will be stored. No other retention setting affects archived transactions. (3) Incomplete Transactions: Specifies how long incomplete transactions will be stored (their state is Draft, Declined or Expired). Note that the storage life of transactions in the state Sent is managed on a separate page called Sent Transactions Expiry Time. (4) Completed Transactions: Specifies how long completed transactions will be stored. The Data Retention page also has a section of Advanced Settings for Incomplete Transactions. This permits the specification of smaller retention values for incomplete transactions in particular states (Draft, Declined or Expired). If inconsistent deletion dates are specified, the date that occurs first takes effect. For example, suppose the Total Transaction Llifetime is 100 days, while Draft is 20 days. If a transaction is in the Draft state for 20 days, it will be deleted even though the Total Transaction Lifetime is 100 days. IMPORTANT: Customers with the Business Plan can change all data-retention settings. Customers with the Professional Plan can change all the settings except Total Transaction Lifetime and Incomplete Transactions.

• New permission: Transaction visibility for delegates: We added a new permission that enables a delegate to see all the transactions on the account they have been delegated to manage. Without this permission, a delegate can see only the transactions that are in draft, are in progress, or were completed during the period of their delegation.
• Determine if notifications are sent to a delegate: When a delegate is added to an account, Admins can now determine if they will be sent copies of all future email notifications that concern that account.

Security

• Private Encryption KMS supports sub-accounts: The Private Encryption Key Management Service (KMS) introduced in OneSpan Sign 11.36 now supports accounts with sub-accounts.

Bug Fixes

New Signer Experience

General

• PB-61124: Fixed an issue in which the Decline button failed to be disabled when the decline reason exceeded the maximum length (4000 characters).
• PB-61168: Fixed the following issue. If a signer tries to sign without selecting a required radio button, the border around that button is highlighted in red. Once the signer selects that button, the red border is supposed to disappear. The problem here was that the red border failed to disappear after the signer selected the required button.
• PB-60305: Fixed an issue in which input-field text on the Reassign Recipient panel was not vertically centered when the user's browser was Internet Explorer.
• PB-61513: Fixed an issue in which a signer who accessed the Signing Ceremony when it was not their turn to sign incorrectly saw documents as "accepted" (instead of seeing the message: It is not your turn to sign).
• PB-61515: Fixed an issue in which Signers A and B had correctly been assigned the same priority in the signing order. The problem was that Signer B could not even review their documents until Signer A had finished signing their documents.
• PB-61527: Fixed an issue in which signers couldn't download documents that had either the same signing priority, or a non-sequential signing order.
• PB-50742: Fixed an issue in which some countries or areas failed to be translated in the Country - Area list on the Reassign Recipient authentication panel.
• PB-50743: Fixed an issue in which for some languages, some countries or areas in the Country - Area list on the Reassign Recipient authentication panel were not sorted in the correct order.
• PB-62495: Fixed some issues with the Japanese translation of text in the New Signer Experience.
• PB-61359: Fixed the following issue with the Capture Signature feature on mobile devices. Formerly, when a signature was captured on a mobile device, the signer was wrongly returned to the transaction's first document. Now the signer's position in the current document is maintained.

Accessibility

• PB-61072: Fixed an issue in which NVDA screen readers failed to vocalize a warning message about blank e-Notary Journal entries.
• PB-60445: Fixed the following issue. When a user focused on a required field that had been assigned a value, screen readers failed to vocalize that the field is required.
• PB-60451: Fixed an issue in which screen readers on Safari failed to vocalize the errors that appeared below input fields on the Reassign Recipient panel.
• PB-35476: Fixed an accessibility issue in which the Placeholder attribute in the Decline transaction panel sometimes led to confusion. We replaced it with a label over the Other Reason text area.

Senders

• PB-62496: Fixed some issues with the Japanese translation of text for Senders in the New User Experience.
• PB-61724: Fixed an issue with the Client Apps feature that requests a short-lived API Token to authenticate a Sender. The system failed to find the Sender if their submitted email address contained any upper-case letters.
• PB-43722: Fixed an issue in which a template's specification of a notary failed to be inherited by transactions that were created from that template.
• PB-61911: Fixed an issue in which the specified order for signers failed to work properly if the signers shared the same email address.
• PB-61542: Fixed an issue in which the new British Columbia area code 672 was not recognized as valid when a recipient entered it as part of their phone number for SMS authentication.
• PB-61681: Fixed an issue in which the controls Review before completion and Enable screen reader accessiblity were wrongly aligned on the Transaction details page.

Developers

• PB-41878: Fixed a memory leak that caused the New User Experience to crash when it processed HTTP GET requests with the URL /uiux/dashboard.
• PB-59066: Fixed the following issue. After a hand-drawn signature had been captured on a document, the JSON response on a GET call reported an invalid string for the value of the captured signature.

Account Owners & Admins

• PB-61811: Fixed an issue in which a OneSpan Sign BackOffice Admin could not reactivate a canceled account.
• PB-62443: Fixed an issue in which an Admin could not delete a Sender from an account, even after all the Sender's transactions, templates, and layouts had been permanently deleted.
• PB-60817: Fixed an issue with the Japanese translation of text in the default email.complete template.
• PB-41930: Fixed an issue in which roles could not be deleted.
• PB-43425: Fixed an issue in which predefined roles could not be enabled or disabled.

Performance Improvement

• Faster conditional logic: To improve the performance of our conditional logic feature, we refactored its code. It now takes 50% - 70% less time to configure conditional logic among a document's fields, depending on the number of affected fields and conditions.

Known Issues

• When a signer tries to accept a signature, the system validates the fields associated with that signature (e.g., additional fields that the signer must sign). If any issues are found, an alert displays a list of errors. Previously, when the signer fixed an issue, the alert was updated to remove the associated error. In the 11.37 release, the system is not updating the error alert. This issue will be resolved in an upcoming release.

• When two signers participate in an in-person accessible transaction via the New User Experience, the first signer can enable screen-reader accessibility, but the second signer cannot. This issue will be resolved in an upcoming release. Until the issue is resolved, an effective workaround is to reload the Signing Ceremony.

RELEASE 11.36

What's New

New Signer Experience

• Improved authentication panel for Reassign Recipient: To prevent unnecessary information from appearing when a signer is being changed, if only one authentication method is available, the radio buttons will now be hidden on the authentication panel for Reassign Recipient (also known as Change Signer).
• More Actions menu hidden when no options available: To prevent unnecessary information from being presented to signers, the More Actions menu will now be hidden if no options are available within the menu.
• Enabled a Help option: Enabled the display of a Help option. Customers can customize the content and formatting of the text that appears when a signer clicks Help (e.g., the text could provide your contact information, so signers can reach out to you if they require assistance). To enable this option and customize its associated text, contact our Support Team.
• Display document list to signers: Senders can now configure an option that automatically displays to each signer the list of documents they need to review. When this option is enabled, the signers' left menu is expanded by default. To configure this option, contact our Support Team.

• External Signer Verification: Added support for External Signer Verification. Formerly, this feature was available only in the Classic Signing Ceremony.

• Session expiry warning : The following warning can now be configured to appear to signers when their session is about to expire: Your session will expire in x minutes, press 'extend' to extend the session. To configure this option, contact our Support Team.

Senders

• Multiple signers can have same email address: The same email address can now be used by different recipients — i.e., recipients whose first names and/or last names differ. When a single email address is shared by multiple recipients, the system: (1) sends a separate email for each recipient; (2) gives the recipients separate signatures. This feature can be configured via the REST API or the Sender part of the New User Experience. Note: (1) this feature is available only for external recipients — i.e., recipients who do not have a OneSpan Sign account; (2) this feature is not yet supported for Fast Track, Change Signer, or SSO login — that support will be added in future releases.

When using this feature, we strongly recommend that Senders enforce an Authentication Method other than Email Address to uniquely identify each signer. Using such a method will ensure the probative value of the contract.

• Specify max # of files per attachment: The maximum number of files per attachment can now be specified for a given transaction or template. This can be done via the REST API or the Sender part of the New User Experience.
• Senders redirected to Signing Ceremony on login: After clicking a signing link in an email, and then logging in to OneSpan Sign, Senders are now auto-redirected to the Signing Ceremony for the relevant transaction. This saves them from having to search for the transaction they want to sign.
• Update recipient Role names from the UI: Senders can now view or update the Role names of recipients within the New User Experience, and they can use these names to perform ad hocText Tag Extractions and Document Extractions.

Developers

• Email templates support local languages: Added support for "local" languages to all signer-facing email templates, which are: email.remind.signer, email.expire.warning, email.reassign.newSigner, email.notify.mobile, email.attachment.rejected, email.unlock.signer, email.complete.
• Removed "user-agent" from callbacks: As anticipated in the Customer Notice of 11.35's Release Notes, the "user-agent" header has been removed from callbacks.

Account Owners & Admins

• Customize the signature stamp for delegates: Enabled the stamp of signatures applied by delegates to reflect their role as delegates. For example, the customized stamp could say: E-SIGNED by <delegate> on behalf of <delegator> on <date>. To customize the signature stamp for delegates on your account, contact our Support Team.
• Enable/disable recipient history: Account Admins can now configure either of the following: (1) enable Senders on their account to see the account's recipient history; (2) disable Senders on their account from seeing the account's recipient history. To configure this setting, contact our Support Team.

Security

• More secure encryption of data "at rest": We have leveraged Amazon's Key Management Service (KMS) to encrypt all OneSpan Sign customer data that is stored on our servers. That service resides outside the application, and ensures a seamless one-year rotation of all cryptographic keys.
• Attachments scanned for malware: Attachments added by signers are now immediately scanned for malware. If malware is detected, the system will not upload the infected document or attachment.

Bug Fixes

New Signer Experience

• PB-59174: Fixed an issue in which the user's inputs to a field were not saved if the user had : (1) failed to tab out of a previous field; (2) then scrolled through document pages.
• PB-43412: Fixed an issue in which the position of the Recipient history drop-down menu shifted whenever a character was entered in the Recipient Email field.
• PB-56602: Fixed an issue in which the Customize page crashed if a BackOffice Admin had specified an invalid language key in the signing.logo resource.
• PB-59173: Fixed an issue in which the Signing page could not be accessed from the Admin menu.

• PB-60292: Fixed an issue in which the Signature Sticky option failed to be hidden on the Signing Customization page.

• PB-41710: Fixed an issue in which the Decline option was available for a recipient who was merely a Reviewer.

• PB-60122: Fixed an issue in which the Date Picker field failed to appear with the exact dimensions it had been given in the Designer by the Sender.

• PB-59845: Fixed an issue in which the List field failed to appear with the exact dimensions it had been given in the Designer by the Sender.

Senders

• PB-59184: Fixed the following issue. Formerly, when a transaction was created from a template, the transaction inherited the template's expiry date. If that date was in the past, the transaction could not be created. Now the transaction's expiry date is its creation date plus the number of days specified in its source template. This more sensible expiry date never blocks the creation of a transaction from a template.
• PB-50611: Fixed an issue in which an SMS authentication message was sent in the wrong language after a Reassign Recipient operation.
• PB-42068: Fixed the following issue. When a Sender tried to download a file that a Signer attached and subsequently deleted, the application crashed. Now in that situation: (1) the error message "File was deleted by Signer" appears; (2) the file is no longer available for download.
• PB-59973: Fixed an issue in which an incorrect error message appeared after the Sender tried to add an unsupported document type to a transaction.

Developers

• PB-60185: Fixed an issue in which the Done button failed to be hidden when a template was loaded into an iFrame.
• PB-59849: Fixed an issue in which the Java SDK threw an error when it tried to process users' email addresses that contained an apostrophe.
• PB-43382: Fixed an issue in which a new transaction could not be created when Single Sign-On Authentication was added for a recipient via the REST API or SDKs.

Account Owners & Admins

• PB-59715: Fixed an issue in which the User Interface failed to refresh after a Role was deleted.
• PB-43425: Fixed an issue in which the system failed to enable/disable predefined Roles.
• PB-38944: Fixed an issue in which selected Role check boxes failed to refresh properly after the system successfully enabled or disabled those Roles.

Accessibility

• PB-58815: Fixed the following issue that occurred with the JAWS screen reader on Chrome. The Country drop-down menu failed to expand within the Reassign Recipient authentication panel.
• PB-37069: Fixed an issue in which the screen reader failed to read a field's tool tip when accessibility mode had been enabled in the New Signer Experience.
• PB-59767: Fixed the following issue with the toggle button on the Reassign Recipient authentication panel. The focus on that button failed to comply with accessibility guidelines.

Enhancement

• Starting with this release, all new PAdES B-B signatures applied in our European environment will be LTV-enabled.

Known Issues

• The signing process does not work properly if multiple recipients share the same email address, and they have the same priority in the signing order (i.e., they share the same index in the signing order). This issue will be fixed in the next release.

RELEASE 11.35

What's New

Classic User Experience

• Deprecated the Sender interface: The part of the Classic User Experience for Senders and Administrators has been deprecated. If a Sender or Admin tries to use it, they will be redirected to the corresponding part of the New User Experience. Note: The Classic Signing Ceremony — i.e., the part of the Classic User Experience for Signers — is still supported.

New Signer Experience

• Added notarized signing: Added support for the e-Notary feature. This feature must be enabled for both the Sender and their account.

• Added delegate signing: Added support for delegate signing. This feature is not yet accessible.
• Can change signer: Added support for the feature called Reassign Recipient, also known as Change Signer.

• Enhanced optional signatures: Enabled reassignment to a new signer when only the optional signatures of an original signer remain to be signed.

• Added reminder about attachments: After a user confirms the last document in a transaction, but has not uploaded any attachments, a dialog box now asks if they want to upload any attachments. If they click Yes, they are redirected to the Uploads pane. If they click No, the document will be confirmed, and they will exit signing.

• Added a calendar button: Added a helpful calendar button within the Date input field. This button is not yet accessible.

• Localized Consent document name: Enabled the name of the default Electronic Consent Document to appear in the recipient's language.

• More unified branding colors: Made the New Signer Experience's default branding colors match OneSpan's branding colors more closely.

• Improved document zooming: Enhanced the clarity of the text that appears when users zoom into a document.

New User Experience

• Convenient downloading: Enabled users to employ the More Actions menu to download signed documents. To download attachments and the Evidence Summary, see the Transaction Details page.

• Can download specific attachments: Enabled Senders to download specific attachments that signers have uploaded. If Senders wish, they can still download all of a transaction's attachments at once.

Senders

• Can manually resend invitation email: Enabled Admins, Senders, and Integrators to resend an invitation email to a user in the state Pending. That user can accept the invitation, and create a OneSpan Sign account. When that account is registered, the user is moved out of the state Pending.

• Notification email to delegates: When a Sender adds a delegate to their account, the delegate is now notified about this change by email. This feature required a new email template called email.delegation.activate.

• Enforce Authentication for SSO: The Enforce Authentication feature will now be applied to recipients if Single Sign-On Authentication is configured for the Sender's account.

• Improved Send Reminder feature: Enhanced the command "Send reminder to recipients" so reminders are sent only to recipients who can access the Signing Ceremony (e.g., where a Signer Order has been imposed, perhaps a Reviewer and Signer 1 can currently access the ceremony, but Signer 2 cannot).

• Enhanced Transaction Complete emails: Enabled a Personal Message to be included in Transaction Complete emails (both email.complete and email.transaction.complete).

Developers

• Digital Mortgage Solution: We have created a Digital Mortgage Solution that can store an e-Note from a mortgage transaction in a digital vault. For a given transaction, OneSpan Sign vaults a single e-Note in SMART Document format. Certain REST API settings associated with a OneSpan Sign transaction can specify which document should be vaulted, and in which organization and vault it should be stored. After being vaulted, the original SMART document is deleted from OneSpan Sign's database.
• Digital Lending Solution: We have created a Digital Lending Solution that can store a loan or other related document (e.g., a contract, chattel paper) in a digital vault. Certain REST API settings associated with a OneSpan Sign transaction can specify which document should be vaulted, and in which organization and vault it should be stored. After a document's authoritative copy is vaulted, it is replaced in OneSpan Sign's database by either a watermarked Non-Authoritative Copy (default) or a blank document.
• Improved Bulk Signing: Improved the Bulk Sign feature by enabling it to skip already-signed signatures.
• Configure Decline reasons: Enabled localized Decline reasons to be configured for the New Signer Experience via SDKs.
• Configure Handover URL: Enabled a localized Handover URL to be configured for the New Signer Experience via SDKs.
• Enhanced Out Of The Office emails: Added Server Response code to the email.ooto template. The template can be edited at the account level to remove or add that code.

Account Owners & Admins

Enterprise Administration

• Roles & Permissions for integrators: Added the APIs for Roles and Permissions to the Java SDK and .NET SDK, and made these APIs publicly available via our interactive Open API Specification.
• Sub-accounts for integrators: Added the APIs for sub-accounts to the Java SDK and .NET SDK, and made these APIs publicly available via our interactive Open API Specification. Note: Sub-accounts are not supported for OneSpan Sign connectors.
• SSO support for sub-accounts: If a user has multiple sub-accounts, when they first log in via Single Sign-On Authentication (SSO), they are brought to one of those sub-accounts. They can then switch to any of their other sub-accounts via a provided menu. When that user next logs in via SSO, they will be brought to the last sub-account viewed in their previous SSO login.

Other

• Disable delivering documents via email: Enabled Admins to disable the option of delivering signed documents to signers as attachments in an email.
• Limit # of files per attachment: The maximum number of files that can be uploaded per attachment can now be specified. This currently requires contacting our Support Team, but the next release will enable it via the New User Experience and REST API.

• Specify a default signature type: Enabled the specification of a default signature type. This can be specified for a given account by contacting our Support Team.

Accessibility

• Warning about IE: The following warning now appears to users who access the New User Experience using Internet Explorer: OneSpan does not support using Internet Explorer with screen readers. On desktops and laptops, we strongly recommend using Chrome with JAWS or NVDA or Firefox with NVDA.

• Reading order preserved after signing: After an accessible PDF with interactive fields has been signed, the fields remain accessible, and can be navigated through in the original order.

Connectors

• Enhanced the Box connector: Enhanced OneSpan Sign for Box by enabling it to work with: (1) the Sender part of the New User Experience; (2) the platforms US FedRAMP Sandbox and US FedRAMP Production.

Security

• Added SHA256 for SSO: Enabled Single Sign-On Authentication via SAML to be encrypted using a SHA256 certificate.

Bug Fixes

New Signer Experience

• PB-38594: Fixed a layout issue that occurred when users accessed an in-person accessible transaction on an iPad.
• PB-37988: Fixed an issue in which a second "\n" in markdown formatting failed to create a new line.
• PB-38346: Fixed an issue in which the loading icon failed to appear when users loaded a transaction or switched between documents.
• PB-42380: Fixed an issue in which the Enable Accessibility option was missing from the More Actions menu after a signer completed signing.
• PB-39552: Fixed an issue in which the New Signer Experience failed to display properly at very high resolutions.
• PB-42539: Fixed an issue in which a blank page appeared when conditional logic either set a List field as Required, or removed that setting.
• PB-41088: Fixed an issue in which a transaction owner was presented with signatures for Groups to which the owner did not belong.
• PB-40756: Provided missing translations for the Signing Customization page.
• PB-38314: Fixed an issue in which the owner of an in-person transaction appeared in its Recipient list, though the owner had not been added as a recipient.

Classic Signing Ceremony

• PB-39587: Fixed an issue in which errors appeared in the Console when users accessed the Classic Signing Ceremony.

Signers

• PB-40717: Fixed an issue in which the system failed to throw an error when a user tried to POST or PUT declineReasons with an empty body.

• PB-40949: Fixed an issue in which, after being clicked on, Signature Boxes failed to disable further clicks until the system finished processing the associated action (e.g., Click to Sign).

• PB-42045: Fixed a Mobile Signing Ceremony issue in which an inappropriate error message appeared after a user entered an incorrect passcode for SMS authentication.
• PB-39215: Fixed an issue with the layout of the in-person Welcome screen when users resized their Internet Explorer window.
• PB-41911: Prevented a very long name in the drop-down Document Name menu from overlapping with the menu's expand/collapse arrow.
• PB-37934: Fixed an issue in which an inappropriate error message appeared when two attachments with the same name were added to a transaction for a Group recipient.
• PB-40545: Fixed an issue with Mobile Capture signatures in which an inappropriate dot appeared on the Capture Signature screen after a user: (1) clicked Cancel on the Capture Signature screen; (2) then clicked No in the resulting dialog box.
• PB-40758: Provided missing translations of the error message that appears when users try to upload invalid documents.

Senders

• PB-41692: Fixed an issue in which recipients with an email address in the .inc domain could not be added to a transaction.
• PB-41162: Fixed an issue in which customized signing logos on the New User Experience's Sender interface were not sorted in the correct order.
• PB-41465: Fixed the following issue. On Chrome browsers, the dialog box for uploading files opened twice, when the Bulk Send button on the Template Edit page had been activated only once.
• PB-41207: Fixed the following issue. When a recipient opened the Transaction Details page of a notarized transaction, an empty Action bar erroneously appeared in the upper-right corner of the page.
• PB-40676: Fixed an issue in which Firefox and Chrome browsers failed to recognize CSV files that had been created for Bulk Send operations.
• PB-37152: Fixed an issue in which toggle buttons that had been manually enabled for a Group were subsequently disabled by the system.

• PB-40606: Fixed an issue in which a Personal Message added to an email reminder via a POST call failed to be included in the sent reminder.

• PB-40986: Fixed a Data Retention issue in which transactions were visible to Senders after the transactions' purging date had passed.
• PB-42028: Corrected the spelling of British Columbia in a drop-down menu on the Personal Information page.

Developers

• PB-41273: Provided missing Greek translations for the $RECIPIENT_ROLE$ parameter in email templates.

• PB-40956: Fixed an issue in which date-input validation failed to function properly when an invalid date was specified via the API.

• PB-40750: Removed a cookies warning that needlessly appeared when the Designer page was integrated in an iFrame on Chrome 80.

Account Owners & Admins

• PB-41171: Fixed an issue in which an Admin whose My Account page should have displayed only the Reports option, also displayed the Admin option.

Accessibility

• PB-37736: Fixed an issue in which an error wrongly appeared when a layout was being saved on a non-accessible transaction or template, while in the packageSettings resource the default setting for accessible transactions was true.

• PB-40542: Fixed an issue in which screen readers read incorrect text for the language of a customized signing logo.
• PB-41762: Fixed an accessibility issue with the More Actions menu after the user closed a side panel.
• PB-40480: Fixed an issue in which error messages were not automatically vocalized by screen readers within the New Signer Experience.
• PB-40759: Provided missing translations for strings read by screen readers on the Welcome screen within in-person transactions.

Known Issues

• On the Signing Customization page (Admin > Signing), the option to customize a Signature Sticky appears. This should not be displayed.

Changed Behavior

• PB-43311: Removed Opt Out from the Data Retention dialog box. Updating data-retention settings for the Declined option will now update the settings for: (1) transactions in the Declined state; (2) transactions in the Opt Out state.

Expected Behavior

• If a sender right-clicks a folder within their Box account to send multiple documents for signing via OneSpan Sign for Box, all documents to be sent must be at the top level within that folder. They cannot be in sub-directories of that folder.

Customer Notices

• Starting with Release 11.36, the user-agent header will be removed from callbacks. Currently, the user-agent header is present with an empty value. Any existing integration that uses the empty user-agent header must be modified accordingly.

RELEASE 11.34

What's New

New Signer Experience

Signers

• Previews appear of files being uploaded: When a signer is uploading a PDF file or image file (JPG, GIF. etc.) as an attachment, a preview of the file appears. This feature is available on all devices, including mobile ones.

• Uploaded Files list shows thumbnails: After a PDF file or image file (JPG, GIF. etc.) is uploaded as an attachment, a thumbnail of it appears on the list of uploaded files. This feature is available on all devices, including mobile ones.

• Can do In-person signing: Added support for in-person signing.

• Can do group signing: Added support for group signing.

• Can use stylus pens: Enabled signers to use stylus pens on touchscreen devices to complete all actions in the Signing Ceremony (including Capture Signature).

• Improved the Navigator: The Signature Navigator in the New Signer Experience now iterates through all required signatures and fields in a top-bottom manner.

• Required fields are highlighted: A visual indicator now highlights to signers a document's required fields.

• Erroneous fields are highlighted: When signature validation fails, the system now visually highlights to signers the fields that have errors.

• Account-level whitelist for attachments: Enabled account owners to define a whitelist of file types that may be uploaded as transaction attachments by signers on the account. This list cannot include file types on the global blacklist (see the next bullet).

• Global blacklist for attachments: To prevent signers from uploading malicious code, the following file types cannot be uploaded as attachments to a transaction: EXE, DLL, MSI, DMG, SO. This blacklist supersedes all account-level whitelists.

Account Owners & Admins

• Can customize the logo: Enabled Account Admins to customize from the New User Experience's sender interface the logo that appears in the New Signer Experience. Admins need no longer contact our Support Team to customize that logo.

• Can upload the logo as an SVG file: Enabled account owners to upload their customized logo for the New User Experience as an SVG file. Such files provide crisper images than some other formats.

• Can format text on the Decline panel: Enabled Account Admins to use Markdown to format text on the Decline panel that will be viewed by the account's signers.

• Can specify a language for Decline reasons: Enabled the Decline reasons that appear to signers to be displayed in a specified language for a given account (this feature is not available at the transaction level). To configure this feature, Admins should contact our Support Team.

• Can specify a Handover URL per language: Enabled Admins to specify different Handover URLs for different languages (this feature is available at the account level, not at the transaction level). To configure this feature, Admins should contact our Support Team.

Developers

• Can specify a language for Decline reasons: Enabled our REST API to specify the language of the Decline reasons that appear to signers for a given account (this feature is not available at the transaction level).

• Can specify a Handover URL per language: Enabled our REST API to specify different Handover URLs for different languages (this feature is available at the account level, not at the transaction level).

Signers & Senders

• Updated footer links: Updated several links in the application's footer to make them point to pages on our new Community Portal website.

Senders

• New default SMS service: Twilio Verify V2.0 is now the default SMS service in all environments. Note: SMS messages cannot be customized with Twilio Verify 2.0, but customers can arrange for their brand name to be included in SMS messages by contacting our Support Team.

For SMS codes, note the following:

• SMS codes can only be used once.
• By default, SMS codes expire 5 minutes after being sent. However, SMS codes can be configured to expire after different times, ranging from 1 to 10 minutes. The maximum expiry time is 10 minutes. To change the expiry time for your SMS codes, please contact our Support Team.

• The default number of times that a user may attempt to enter an SMS code is three. However, this can be configured to allow up to five attempts. If a user does not successfully enter the SMS code within the defined maximum number of attempts they will be blocked from any further attempts until the current SMS code expires.

• A valid SMS code will have between four and ten numbers.

• The SMS message received by signers will be set to “Your SMS verification code is: <passcode>”. The SMS portion of the message can be customized per account by contacting our Support Team. The replacement string must be between 1 and 30 characters.

• Better feedback for Bulk Send: When a sender successfully configures a Bulk Send operation, a message now appears in the middle of the screen, informing them that their transactions have been queued, and will be sent to recipients at a certain time. Formerly, the feedback lacked most of this information, and was only a small message in the bottom-left corner that disappeared after a few seconds.

• Guest Login page is customizable: The text that appears on the Guest Login page can now be customized at the account level. This applies to both the Classic Signing Ceremony and the New Signer Experience.

• More supported email addresses: Expanded the application's list of valid email-address domains to include the "llc" domain. For a link to all supported email domains see List of Domains.

Account Admins & Owners

• Self-service data management: Enabled certain users to specify how long transactions in any of the following states will be retained on OneSpan Sign's servers: Draft, Opted out, Declined, Expired, Completed, Archived. By default, the retention period for all existing customers is unlimited. When transactions are about to be purged, the New User Experience will indicate that fact at least 7 days before the purge. All data-retention settings for an account can be changed by its Owner (if the Roles and Permissions feature is off), or by its Admin and Manager (if the Roles and Permissions feature is on). In addition, a particular Data Management permission can be assigned to an account user. Data-retention rules can be specified either via the New User Experience's Admin pages or via the REST API. Transactions in the state Sent cannot be assigned a retention period, but they can optionally be assigned a default expiry period and a maximum expiry period.

A transaction's deletion might be delayed, and happen after the date specified using self-service data management. This will be resolved in the next release, 11.35.

• New permission: Sub-Account Management: Added a new permission that enables any associated Role to use the REST API to: (1) create a new sub-account; (2) update an existing sub-account.
• New permission: In-Person Signing: Added a new permission that enables any associated Role to access the In-Person Signing feature via the New User Experience and the REST API.

Developers

• Second authentication method for API calls: Customers can communicate with OneSpan Sign from within their own system via REST API calls. Formerly, the system authenticated those calls in only one way — each call had to provide a secure API Key . The system can now use an alternative authentication method for such calls — an API call can provide a secure but short-lived API Token. To enable this feature, you must contact our Support Team. Once this feature is enabled: (1) the account owner will see a Client Apps section on the API Access page for Admins; (2) third-party integrators will be able to use the Client Apps feature to connect to OneSpan Sign's API via API Tokens.

• Can embed Transaction Edit page: The Transaction Edit page can now be embedded in an iFrame. However, this feature is available only on non-mobile devices.
• Unsupported scenario prevented: Created validation steps that prevent Form Fields from being added to Accept-only documents (e.g., Disclosure Documents) when the latter are uploaded to transactions via the API.

Accessibility

• Cookie Policy more accessible: Improved the accessibility of the Read More link within the Cookie Policy notice. This improvement was made in the Classic Signing Ceremony and in the Sender part of the New Signer Experience. The next release will make this improvement in the New User Experience.

• Better feedback when adding tagged PDFs: If a user adds to a transaction a tagged PDF that has no form fields, the user is now informed that the PDF contains no fields that require assignment.

• Better handling of pie chart: Because the pie chart on the home page of the New User Experience is not accessible, it is now hidden from screen readers. Instead, next to the chart is an accessible legend for it.

Mortgages

• Better workflow for mortgages: We now support ARC sections within the SmartDoc templates that OneSpan Sign uses for transactions involving mortgages. This feature is required by the USA's Federal Home Loan Mortgage Corporation (also known as Freddie Mac), and is becoming an industry standard.

Bug Fixes

New Signer Experience

• PB-38629: Fixed an issue that caused the uploading of an attachment via Chrome to fail sometimes if the file was larger than ~ 10 MB.

• PB-38636, PB-38868: Fixed an issue that triggered an error message when a user tabbed to the input Search field for roles, and typed the first letter of a role.
• PB-38093: Fixed an issue in which the Zoom and Exit Signing buttons erroneously appeared in the More Actions menu when accessed from an iPad running iOS 13.
• PB-39676: Fixed an issue in which the Zoom buttons and the More Actions menu erroneously appeared on the Transaction Declined page.
• PB-39111: Fixed an issue in which a user couldn't capture their signature using a Safari browser on macOS.
• PB-38537: Fixed an issue in which a user couldn't scroll on the Cancel Capture Signature screen.

Signers

• PB-39084: Fixed an issue that prevented customized text for the Electronic Disclosures and Signatures Consent document from appearing in the Classic User Experience. Instead, the default text appeared.

• PB-31618: Fixed an issue that prevented Evidence Summaries from correctly displaying the Greek language (accented characters appeared as question marks).

Senders

• PB-37769: Fixed an issue that caused Bulk Send operations to fail when they processed a CSV file with more than ~ 28,000 rows (~ 4 MB).

Developers

• PB-38563: Fixed an issue that caused an "unhandled error" when a signed Signature Block on a confirmed document was undone using the REST API.

• PB-35931: Clarified the description of the API call named /packages/{packageId}/roles.

Accessibility

• PB-35936: Fixed accessibility errors with certain buttons and tabs on the Transactions page.

• PB-38671: Fixed an issue that prevented mapped Form Fields (in documents added to accessible transactions) from displaying as recipients' OneSpan Sign fields.
• PB-37166: Fixed an issue in which items in the More Actions menu were not being read properly by screen readers on Android devices.
• PB-37853: Fixed an issue in which screen readers processing the Classic Signing Ceremony failed to announce that a handwritten signature already exists in a Signature Box if that signature had been applied automatically in the New User Experience.

Sandbox

• PB-38485: Fixed an issue in which the email received by a user after signing up for a Sandbox account failed to include a link to the Sandbox Login page.

Known Issues

• There is an issue with NVDA screen readers and iFrames, where on occasion: (1) the content of the iFrame is not read; (2) the Enter button for selecting items does not work; (3) using the arrow keys to navigate reads the content of the previous page. To address this issue, a ticket has been logged with NVDA.

• In an in-person transaction, the affidavit screens are cut off when Landscape Mode is switched to Portrait Mode. This will be resolved in an upcoming release.
• There is an issue with iOS 13 in which dialog-box titles are not being read by VoiceOver software.
• There are issues with the layout of an in-person transaction in accessibility mode on iPads. This will be resolved in an upcoming release.

• There is an issue with the layout of the new Welcome screen within an in-person transaction on Internet Explorer when the browser size is decreased. This will be resolved in an upcoming release.

• There is an issue with deleting transactions using self-service data management. While transactions will eventually be deleted they may not be deleted at the time specified on the Data Retention page. These transactions may be deleted at any time after the defined deletion period. Transactions WILL NOT be deleted before the period of time defined on the Data Retention page. This will be resolved in the 11.35 release.

• There is an issue with transaction visibility using self-service data management. Even after the date specified for a transaction's deletion has passed, the transaction might still be visible. This will be resolved in an upcoming release.

• An error is thrown when a recipient with SSO authentication is added as part of a transaction-creation call via the REST API or an SDK. The temporary workaround is to: (1) first create the transaction; (2) then add the recipient with SSO authentication.

Changed Behavior

• PB-36622: When a sender creates a transaction, they can click an Enable accessibility button. To improve the accuracy of the button's label, it has been changed to "Enable screen-reader accessibility".

Release 11.33 (Coming 24 March - 1 April 2020)

What's New

New Signer Experience

New Features

• Can remove signatures: If a Signer wants to remove a signature that has not been confirmed, they can do so by clicking the Undo Signature button on top of the signature.
• Can upload attachments: Signers can now: (1) upload one or more supporting documents to a transaction before the transaction is completed; (2) upload multiple documents in a single attachment.
• Enabled Mobile Capture: Added support for the Mobile Capture signature type. This type requires the Send to Mobile feature, which can be enabled by our Support Team.

Feature Enhancements

• Enhanced "conditional fields": Now: (1) when a field is disabled by a condition, that field reverts to the original value assigned to it by the Sender; (2) when a field or signature marked as Required is disabled, it must be enabled and acted on before the associated document can be confirmed; (3) when a Sender removes a condition or field that disabled another field, the latter's Disabled flag is removed.
• "Conditional logic" actions are recorded: All actions involving conditional logic are now recorded in the Evidence Summary.
• Enhanced the Signature Navigator: Among other things, now: (1) the Navigator displays all actions Required by conditional logic; (2) when the Navigator is off, the Progress Bar indicates progress, but it cannot be clicked to move to another page; (3) after a document is confirmed, all Navigator buttons are removed.

Signers & Senders

• Cookie Policy notice: Improved the Cookie Policy notice by including a link to OneSpan's detailed Cookie Policy.

Senders

• Improved "bounced email" replies: Improved the replies which announce that an email has "bounced" (see email.bounced). Those replies now say why the email bounced by providing standard bounce errors for email servers.
• Can hide logo with PCC: Added the ability to hide the logo that appears in the background of a Signature Block if the block is signed using the Personal Certificate Client.

Admins

• Clearer presentation of options: Formerly, the New User Experience's Integration page enabled administrators to: (1) view their API Key; (2) configure Event Notifications. For clarity, these quite different options have been placed on separate pages — the API Key and API Token page, and the Event Notification page.

Developers

• Can customize logo: Enabled our API and SDKs to customize the logo that is displayed in the New Signer Experience.

Accessibility

• Improved navigation: In the New User Experience: (1) after accessing a page, screen readers now begin their focus in the navigation bar on the top left of the page; (2) the top of every page now has a Skip to Main Content option.
• Navigator more accessible: In the New User Experience, we improved how screen readers present the following elements of the Signature Navigator: (1) Progress Bar; (2) Done and Required Actions buttons.
• Designer more accessible: In the Designer: (1) keyboards can now access all buttons; (2) the visibility of certain buttons was improved by increasing their color contrast.
• Menu more accessible: Screen readers now announce when the Admin drop-down menu is expanded or collapsed.
• Links remain clickable: In accessibility mode, links as body text remain clickable even after users sign the PDF and request Text View Only. In that context, such links are no longer displayed as simple text.

Bug Fixes

New Signer Experience

Accessibility

• PB-35735: Fixed an issue in which users could not tab in or out of a Text Field or Text Area in accessibility mode if the transaction was created via the SDKs.
• PB-35475: Fixed an accessibility issue in which screen readers failed to announce the opening or closing of the Decline panel.
• PB-35477: Fixed an accessibility issue in which the Decline panel was missing a header tag.
• PB-35544: Fixed an accessibility issue in which the system failed to respond appropriately when a user clicked the Next Error button.
• PB-36526: Fixed an issue in which switching between documents failed to retain a zoom level selected by the user. Among other things, this fix means that visually impaired users will not have to manually change the zoom level on every new document they view in a transaction.
• PB-38000: Fixed the following accessibility issue. A user tabbed to Skip to document, and then pressed Enter. The screen reader should then have read the title of the page that appeared, but it did not.

Other

• PB-35823: Fixed a performance issue in which a multi-page document with hundreds of fields would hang when a user tried to focus on an input field.
• PB-34544: Fixed an issue in which date fields added via the SDK were not functional.
• PB-35612: Fixed an issue that prevented icons from displaying properly when users on a Safari browser zoomed in.
• PB-35850: Fixed an issue in which PDFs containing annotations were displayed with a large gap at the bottom of the page.

Signing Ceremony

• PB-32149: Fixed a Signing Ceremony issue that caused content for radio buttons and check boxes to be improperly aligned in final signed documents. This fix applies to both the Classic Signing Ceremony and the New Signer Experience.
• PB-35181: Fixed an issue in which the Access Denied page failed to appear when users first accessed the Signing Ceremony for a transaction that is unavailable (because it has expired or been deleted, for example). This fix applies to both the Classic Signing Ceremony and the New Signer Experience.
• PB-36363: Fixed the following problem. The following items were successively placed on top of a signature: (1) a label that displayed a random Field ID associated with the signature; (2) a new logo, placed there by OneSpan Sign. Legality required that the ID always be visible, but the logo hid the ID. This problem was solved by making the logo transparent. This fix applies to both the Classic Signing Ceremony and the New Signer Experience.

• PB-36748, PB-35851: Corrected the Japanese translation of some text that appears in the Classic Signing Ceremony.

Designer

• PB-36635: Fixed a Designer issue that arose in scenarios like the following. A user creates a layout from Document 1, and applies that layout to Document 2. The user then interacts with the system to change a recipient in Document 2, but the system changes the recipient in Document 1 (the wrong document).
• PB-36634: Fixed a Designer issue in which clicking a page thumbnail in one column cleared all page thumbnails in another column.

Admins

• PB-36197: Fixed an issue in which personal information about transaction owners failed to update correctly when Fast Track was used.

Developers

• PB-35941, PB-35942: Fixed an issue that was assigning the same time stamp to successive signatures of the same signer inside a document. The fix ensured that the auto-fields in Text Tags are bound to specific signature fields. Fixing a related issue required binding the Input Fields in Text Tags to specific signature fields.

• PB-39625: Fixed an issue in which the local language specified by an SDK failed to appear in the email sent to signers.

Accessibility

• PB-37618: Fixed an issue in which the accessibility Document Import wizard failed to work for documents whose only fields were Signature Fields (e.g., no Form Fields).

Security

• PB-38259: Fixed some issues with KBA Authentication that arose when a custom Equifax account was used.

Known Issue

• The ability to upload attachments is not fully functional in this release. Full support for mobile devices will be added in an upcoming release.

Customer Notice

• New Signer Experience only: Starting with Release 11.34, the configuration of the Handover URL and Decline reasons will: (1) support localization; (2) be moved from the transaction level to the account level.

Release 11.32.2 (Coming 2-18 March 2020)

Bug Fixes

Senders

• PB-38166: Fixed an issue in which an error message appeared when a user tried to send a transaction after deleting a conditional field in a document with Text Tags.

• PB-38497: Fixed an issue in which the Assign Delegates list was not displaying properly.

New Signer Experience

• PB-38165: Fixed an issue in which the signer's email address was exposed in the document Feedback Bar if the user clicked "Click here to complete signing" in the Thank You dialog box.
• PB-38101: Fixed an issue in which the New Signer Experience failed to appear within an iFrame on mobile devices running iOS 12 or iOS 13.

Release 11.32

What's New

New Signer Experience

• Enabled "conditional fields": Enabled senders to configure IF-THEN conditional logic among two or more fields in a document. For example, a sender can specify that IF a specific Text Field is not empty, THEN a particular Signature Field will be enabled — i.e., the signer must add text to the Text Field before they can sign the Signature Field. To enable this feature for your account, please contact our Support Team.

• Conditions cannot be applied to Custom Fields, Notary Fields, Auto-populated Fields (e.g., Name, Title, Date), Labels, or attachments.
• Conditional logic cannot be applied across documents or across signers.
• This feature is also available via the REST API and SDKs, but not via the Classic User Experience.

• Added a Signature Navigator: Implemented a Signature Navigator that within a given document: (1) facilitates navigation between a user's multiple signatures; (2) displays the number of the user's unsigned signatures. By default, the Navigator: (1) appears when the document contains non-accepted signatures; (2) does not appear otherwise.
• Improved messaging for optional signatures: Improved the feedback to signers when they're viewing a document that contains only optional signatures.

Senders

• SSO is configurable for sender recipients: Formerly, upon accessing the Signing Ceremony, sender recipients were forced to authenticate themselves using Single Sign-On Authentication (SSO) if SSO was enabled for their account. This type of authentication is now configurable for individual sender recipients, as it has been for individual signer recipients.

• Failed email is resent: If an error occurs when the system first trys to send an email to a recipient, the system will now try to resend the failed email up to 5 additional times. This increases the chance that recipients will receive their email.

• Can select default values: We have made it easier for senders to use the Designer to specify a default value for a list. Formerly, senders had to type the default value in a separate input field. Now, from a drop-down list of all values, they select one to be the default.

Admins

• Can create Global Roles: Enterprise Administration supports both Predefined and Custom roles (the Predefined roles are Admin, Manager, & Sender). The Admin of a Master Account can now create Custom roles at that top account level, and have them automatically propagated to all that account’s sub-accounts. Such “global roles” have been developed to spare Admins from having to create the same role repeatedly at multiple levels.

• Can assign/de-assign Custom roles Enterprise Administration supports both Predefined and Custom roles. Formerly, OneSpan Sign BackOffice Admins could assign or de-assign any Predefined role to/from a user. This is still possible, but now those Admins can also assign or de-assign any previously created Custom role.

• Cannot edit own permissions: Formerly Admins who have the Roles & Permissions feature could edit their own permissions via the New User Experience. That is no longer possible. This will ensure that related abuses cannot occur.

• Added Completion Date to templates: Added the transaction's Completion Date parameter to the following email templates: (1) email.complete; (2) email.evidence.summary; (3) email.transaction.complete. Thus emails about completed transactions will state when the transaction was completed.

• Added Expiry Date to templates: Added the transaction's Expiry Date parameter to the following email templates: (1) email.activate; (2) email.notify; (3) email.reassign.newSigner; (4) email.reassign.sender; (5) email.remind.signer; (6) email.notify.mobile. This will increase signers' awareness of how long they have to sign.

Accessibility

• Made snackbars accessible: Ensured that the system's snackbar messages can be read by screen readers.

• Made headings more accessible: Improved navigation for disabled senders by making the My Account heading H1, while making the following headings H2: Personal Information, Signature, Access Delegation, Custom Fields, e-Notary.

• Account Registration more accessible : When a new user is invited to join your account, the Account Registration page with which they interact is now fully accessible.

Security

• Improved signer privacy: To protect signer privacy, the signer's email address has been removed from the Handover URL in the Classic Signing Ceremony and the Mobile Signing Ceremony. WARNING: The integration of integrated customers will be at risk if their integration uses the signer's email address in the Handover URL.
• Account Registration more secure : When a new user is invited to join your account, the Account Registration page with which they interact now requires the user to enter a strong password.

Bug Fixes

New Signer Experience

• PB-34337: Fixed an issue in which users could not decline a transaction when text with more than 4000 characters was entered for the Other reason on the Decline screen.

• PB-34121: Fixed an issue in which a Network Lost notification failed to appear after the application lost its connection to the network.
• PB-32685: Fixed an issue in which documents viewed on an iOS device would not resize properly when the device was rotated to Landscape Mode.
• PB-34498: Fixed an issue in which the Download button failed to appear automatically after signing was complete for a transaction.
• PB-28771: Fixed an issue in which users were unable to view or download completely signed documents.

Senders

• PB-22192: Fixed an issue in which the Cookie Policy banner appeared under instead of above another banner when the zoom was set to 200%.
• PB-35140: Fixed an issue in which the value of the Is Optional checkbox failed to be saved during the Field Import process.
• PB-35304: Fixed an issue in which the Designer failed to visually represent the user's prior selection of multiple fields.
• PB-34150: Fixed an issue in which the Next button on the Transaction Edit page displayed an incorrect tooltip.
• PB-36172: Fixed an issue in which senders could not access the document options (e.g., Rename, Remove) for long documents expanded in the Designer.
• PB-34904: Fixed an issue that allowed senders to assign the same ID to multiple fields in a document.

Admins

• PB-33570: Fixed an issue in which the system failed to send the PACKAGE_READY_FOR_COMPLETE event notification. This occurred when attachments were associated with a signer who subsequently reassigned their signing responsibility to another user.
• PB-34991: Ensured that a transaction's record (e.g., the record of when the transaction was last updated) is not altered when expiry notifications, reminders, and other related email actions are performed.

Accessibility

• PB-34306: Fixed accessibility issues on the confirmation prompt that appears when documents are being confirmed, but optional signatures have not been signed.

• PB-34220: Fixed an issue in which screen readers failed to read the New Signer Experience notification about cookies.
• PB-35024: Fixed a New Signer Experience issue in which tapping the Enable accessibility button on an Android device failed to enable accessibility.
• PB-35469: Fixed New Signer Experience issues with the accessibility of the Main Menu button.
• PB-34756: Fixed a New Signer Experience issue in which screen readers failed to automatically read an error page's title after that page appeared.
• PB-35427: Fixed a New Signer Experience issue in which the contrast between the left panel's white background and its very light purple areas was not enough for visually impaired users.
• PB-33897: Fixed an accessibility issue with the Decline screen in the New Signer Experience.
• B-35206: Fixed a New Signer Experience issue in which error alerts were not being automatically read by the JAWS screen reader.
• PB-35471: Fixed a New Signer Experience issue in which the screen reader failed to announce that the Main Menu has a sub-menu.

Known Issues

New Signer Experience

• On Safari version 12.1.2, documents do not stay centered when the application's zoom feature is applied. This issue is traceable to the browser, and is resolved in Safari version 13.
• Cannot tab in or out of a Text Field or Text Area in accessibility mode if the transaction has been created via the SDKs.
• Cannot sign when the Date Picker field exists, and the transaction has been created via via the SDKs.
• Custom messages defined via the SDKs fail to appear in the New Signer Experience.

Classic Signing Ceremony

• There is a known issue with the Improved signer privacy feature in the What's New section above. If in the Classic Signing Ceremony the Handover URL is clicked from within the feedback bar of a completed document, the signer's email address is still passed as a parameter to the Handover URL. This issue will be fixed in Release 11.32.1.

Release 11.31

All transactions created before November 11, 2018 on the environment US 1 (e-signlive.com) will now be accessible only in Read Only mode. If there is an active transaction created before then that still needs completion, a new transaction must be created.

What's New

New Signer Experience

• Enabled accessibility: Enabled people with disabilities to use the New Signer Experience.
• Color customization via SDKs: Enabled the Java and .NET SDKs to customize the colors of UI elements in the New Signer Experience.
• Better text wrapping: Made text wrapping within Text Area fields of both the New Signer Experience and Classic Signing Ceremony more consistent and reliable across all browsers and devices.
• Better localization logic: Improved the logic of localizing the button caption and tooltip for the Handover URL in the New Signer Experience. In the new logic: (1) The system initially looks for a suitable customized string within the resource nsc.ui.messages. That search is first conducted for a string in the desired language. If that fails, the search is conducted for a string in English. (2) If no such string is found within nsc.ui.messages, the system falls back to the string defined within the account's resource packageSettings. (3) If no such string is found, the system falls back to the OneSpan Sign default (Continue).
• Support for optional signatures: Enabled optional Click-to Sign, Click-to-Initial and Capture Signature signature types within the New Signer Experience.
• Support for handwritten signatures: The New Signer Experience now supports the Capture Signature signature type.

Senders

• Merged document views: The list and thumbnail views of documents on the Designer page have been merged in a single view pane. This view will be expanded or collapsed by default, based on the configuration in the resource settings.designer. To configure this default, please contact our Support Team.
• Made more pages accessible: Updated the following pages to make them accessible: Login, Reset Password, Document Visibility, Account, Account Sign Up, My Account (Delegation, Custom Fields, Password), Admin (Custom Fields, Senders), Transaction List, Template List.

Admins

• Enterprise Administration: We've released a new Enterprise Administration feature that enables organizations' Account Administrators to effectively manage users, groups and accounts for their lines of business. This feature leverages the following items:
  • Roles and Permissions — When a user is added to an account, the Account Administrator assigns them a role with an associated set of permissions that determine the actions available to the user. Roles make it easy to manage the access rights of a large number of users without having to change permission options on an account-by-account basis. Thus the following default roles are available within every account (each with its associated set of permissions): Administrator, Manager and Sender. These default roles are not customizable, and they cannot be deleted. Account Administrators can nonetheless: (1) create customized roles, assigning a customized set of permissions to each one; (2) make a customized role available within specified accounts or sub-accounts.
  • Sub-accounts — The sub-accounts feature enables an organization to create child accounts within the organization's master account. For example, an organization might want to create child accounts on the basis of its departments, geographical locations, or lines of business. Accounts can be created on three levels (parent > child > grandchild), enabling an organization to manage many account types under its master account.

  Please contact our Support Team to configure Enterprise Administration for your accounts. The configuration options include: (1) activating roles and permissions for specific accounts; (2) activating the sub-accounts feature; (3) converting an existing account into a sub-account under an existing master account.

  Sub-accounts are not supported for OneSpan Sign connectors.

• Customizable password-expiry notifications: An account owner can customize the email notifications that the account's senders will receive when their password is about to expire. Such notifications can be: (1) toggled on/off; (2) sent a total of 0-5 times; (3) timed to first appear 7 or 14 days before the password expires. To customize the notification message, please contact our Support Team.
• Support for "local" languages: Enabled an account owner to specify a "local" language (e.g., Polish) for: (1) the Thank You dialog box that appears in the Classic Signing Ceremony; (2) the Thank You Summary that appears in the New Signer Experience; (3) the email templates email.activate, email.expire.warning, and email.complete. To enable these account-specific features, please contact our Support Team.

Developers

• Event Notifications: Added support for authenticating Event Notifications using OAuth 2.0 for Salesforce.

Performance Improvement

• Faster Bulk Sending: Decreased Bulk Sending's response time by 35%.

Bug Fixes

Accessibility

• PB-32353: Fixed an issue in which the default calculated Expiry Date was not being read by the screen reader.

• PB-32359: Fixed an issue in which the Close button for the Settings pane of a field was not being read by the screen reader.

• PB-32883: Fixed an accessibility issue in which the border was missing around the Is Optional toggle switch when a user focused on this Designer element.

• PB-32586: Fixed an accessibility issue in which the More Actions drop-down menu failed to close after a field was duplicated within the Designer.

New Signer Experience

• PB-32963: Fixed a New Signer Experience issue in which the background color for check boxes and radio buttons was missing.

• PB-32962: Fixed a New Signer Experience issue in which list fields were shifted down slightly from their intended positions within documents.

• PB-32964: Fixed a New Signer Experience issue in which the text within read-only fields (e.g., Custom Fields, Auto-fields, Labels) failed to be center-aligned in the vertical direction.

• PB-32755: Fixed a New Signer Experience issue in which markdown formatting on alerts was not being applied after the browser was resized or refreshed.

• PB-34405: Fixed an issue in which the Signing URL generated via SDKs took recipients to the Classic Signing Ceremony instead of the New Signer Experience.

• PB-33119: Fixed a New Signer Experience issue in which a Lost Network Connection alert was not being displayed in certain scenarios.

Mobile Signers

• PB-27206: Fixed a Mobile Signing Ceremony issue in which German translations of the labels Tap to Sign and Tap to Initial failed to appear.

• PB-33067: Fixed a Mobile Signing Ceremony issue in which markdown formatting was not being applied.

• PB-29339: Fixed an issue in which a recipient failed to receive an SMS passcode on their mobile device.

Signers — General

• PB-32826: Fixed an issue in which In-Person and e-Notary signing on a tablet failed to render within an iFrame.

• PB-32575: Fixed a typo that appeared in the German hover text for the Next Document button.

• PB-33549: Fixed a problem that custom Equifax accounts were having with the Equifax service.

Senders

• PB-28223: Fixed the following problem. When a radio button was duplicated in the Designer, the new button overlapped with existing radio buttons.

• PB-32782: Fixed a problem in which the header for the Designer's Settings section failed to appear for check boxes and radio buttons.

• PB-30722: Fixed an issue in which a transaction's Timezone and Transaction Expiry settings based on a template were not reset when that template was deleted.

• PB-31295: Fixed the folliowing issue. For a transaction created from a template, Text Tag Extraction failed to extract the last Text Tag.
• PB-38039: Fixed an issue in which the Document Visibility settings failed to appear in the language selected by the Sender.

Admins

• PB-33135: Fixed an issue on the Users page of the Enterprise Admin in which the Username was plain text instead of a link or a button.

Developers

• PB-30596: Fixed an issue in which trying to create a transaction from the REST API failed if the transaction ID contained the string SRC (case-insensitive).

Known Issues: New Signer Experience

• The Date Picker field does not work if it has been created via the SDKs. This will be addressed in an upcoming release.

• If the Capture Signature panel is accessed in accessibility mode on a touch tablet, the screen reader does not read the message that tells recipients to: (1) turn the screen reader off ; (2) rotate the tablet.

Changed Behavior: New Signer Experience

• In the previous release, when Form Field validation errors occurred: (1) a Go to field button appeared in the relevant alert; (2) clicking that button took recipients to the erroneous field. In this release: (1) that button has been removed; (2) the error message is a hyperlink that takes recipients to the erroneous field.

• The top bar in the New Signer Experience no longer depends on the property .withoutSessionBar if the Signer Experience is created via the SDKs.

Release 11.30

What's New

Accessibility

• Made column headers clickable — The column headers on the Transaction Edit and Transaction Template Edit pages are now clickable buttons that facilitate navigation for screen readers.
• Facilitated actions on list items — Enabled screen readers to act more quickly on a list item within the page that lists transactions. Instead of having to navigate to the top or bottom of a list to perform an action, screen readers can immediately access the actions available for each list item.
• Enabled Bulk Sending — Enabled users with disabilities to do Bulk Sending.
• Improved Tool Tips — Made Designer tool tips and help tips accessible via the keyboard.
• Senders informed when signature needed — Improved the accessibility of the dialog box Requires your Signature. A person with disabilities who sends a transaction that needs their signature will now be informed that a transaction is waiting for their signature.

Other

• New Signer Experience — We've released a new intuitive signer interface that acccelerates the e-signing process, uses a Responsive Web Design, and enables clients to customize their signing interface with their own corporate brand. For more information, see Our New Signer Experience.
• Drag-and-drop to upload documents — Enabled users to add documents to a transaction or template by dragging and dropping files.
• Evidence Summary records KBA lock/unlock events — The Evidence Summary now records: (1) when a recipient using KBA Authentication is locked out of signing; (2) when they are unlocked; (3) if the unlock was manual or automatic.
• Rebranded all email templates — Rebranded all default email templates from eSignLive to OneSpan. This rebranding changed the logo, the colors, and the "from" email sender address. Note: This feature will not impact customers' existing email templates.
• Enhanced the time-based expiry feature — If when creating or updating a transaction a sender specifies that the transaction should expire after a certain number of days, the date the transaction expires will now be displayed to users.
• New mechanism to notify transaction owners about completed transactions — We added a new email template (email.transaction.complete) to notify a transaction's owner once their transaction has been completed. Note: By default, the new template is turned off. To enable it, contact our Support Team.
• Improved usability of field settings — When New from the Designer, all field settings and actions now appear in a single right pane. Formerly they appeared in a drop-down menu.
• More clarity on available actions — Provided more clarity about the actions users can take on the pages that list transactions and list templates (e.g., transactions currently "In progress" cannot be archived).
• Unified the pattern for more actions — Gave the list view on the Designer page the same pattern for more actions that the pages which list transactions and list templates have.
• Improved Bulk Send & Fast Track for templates — Removed the Bulk Send and Fast Track options from the top and bottom of the page that lists templates. These options now appear in the row for each template, making it easier for senders to send the template they want.
• Transaction/template settings accessible in the Designer — Added transaction and template settings to the Designer page. Note: This feature is present by default, but can be turned on/off by contacting our Support Team.
• Password policy for accounts — Enabled administrators to specify a password policy for an account. That policy specifies: (1) the password complexity; (2) the minimum age before a password can be changed; (3) the password expiration age; (4) a history of previous passwords; (5) an upper limit on the number of invalid login attempts.
• Configurable date range for Reports — To create an Account Summary Report, users must now select a date range, and then click a Run Report button. Formerly, a report was automatically created for a date range of one month when a user clicked the Reports button.

Bug Fixes

• PB-31811: Fixed an issue in which Single Sign-On Authentication (SSO) for senders who accessed the Signing Ceremony as signers worked only if the Force SSO Login feature was enabled on their account.
• PB-31048: Fixed an issue in which trying to delete a transaction twice using our Open API Specification resulted in an error message.
• PB-27782: Removed German words from a default out-of-the-office Spanish template.
• PB-30380: Fixed an issue in which not all SMS events in the Evidence Summary were properly translated.
• PB-30006: Fixed an issue in which users couldn't scroll down the Senders drop-down list on the Assign DelegatesA OneSpan Sign feature that enables users to delegate access to their transactions to one or more other users on their account. Specifically, delegates can sign documents on behalf of the delegator, and they can access the delegator's inbox, drafts, layouts, and templates. screen.
• PB-31598: Fixed an issue that prevented the text in certain email-template buttons from displaying properly. The button size was fixed, so languages that used longer words did not have enough space. Button size is now auto-set in response to the size of the text.
• PB-29721: Fixed an issue in which the size of the Electronic Consent Document was returned incorrectly when a transaction's properties were retreived using our Open API Specification. Note: This issue still exists when a transaction is created from a template. That behavior will be fixed in a future release.
• PB-31179: Fixed an issue in which, on creating a transaction from a template, the language of a recipient who is an account sender was not set to that user's current language. Instead, the displayed language was the one used to create the template.
• PB-29505: Fixed an issue in which a pop-up banner announcing the use of website cookies obscured the Accept and Opt-out buttons on the Consent page. This issue arose when the browser was the latest version of Chrome or Internet Explorer.
• PB-30556: Fixed an alignment issue with the Expiry Date field on the Create New Transaction and Create New Template pages.

Known Issues

The following known issues may affect signers using the New Signer Experience. They will be resolved in a future release.

• Field values may not be saved when scrolling a long document: If a signer enters a value into an input field, and then scrolls past the eighth page of a document without first tabbing out of that input field, the value that they entered into the field is not saved.
• Date input field may be cleared on iOS devices: On iOS devices, entering a dash symbol ( - ) into a date field will clear the field.

• Entering an invalid value for the day or month within a date input field will change the date field: For example, if you enter a value of 13 for the month, the system will add that extra month to the date and will increase the year. So entering 2019-13-31 will reset the date to 2020-01-31.

Release 11.29

What's New

Accessibility

• Enabled senders with disabilities to specify or change the signing order of a transaction's recipients.
• Enabled senders with disabilities to specify or change the order in which a transaction's documents must be signed.
• Enabled the addition of a notary to a transaction using the keyboard and/or a screen reader.
• Added more labels to the pages that edit transactions and edit templates, and improved keyboard navigation on them.
• Added more labels to the pages that list transactions and list templates, and improved keyboard navigation on them.

Other

• SSO login improvement for signers with a sender account — If Single Sign-On Authentication (SSO) is enabled at the account level, when a sender accesses the Signing Ceremony as a signer via an email link: (1) they will now be authenticated with SSO; (2) once authenticated, they will be taken directly to the Signing Ceremony. Any other Authentication Method specified for the sender at the transaction level will be overruled by SSO. To enable this feature, please contact our Support Team.

There is a known issue regarding the preceding feature — it won't work unless the Force SSO Login flag is enabled for the account. This issue will be addressed in Release 11.30.

• Default account-level language — Enabled an account owner to specify a default language for their account. This language will be used: (1) for all email sent to users who are not yet senders on the account — e.g. an email sent by an account owner to a user, inviting the latter to join the account as a sender; (2) as the default language of new account senders. To enable this feature, please contact our Support Team.
• Customize KBA Authentication failure message for signers — Enabled customization at the account level of the messages that appear when KBA Authentication fails. To enable this feature, please contact our Support Team.
• Improved message for locked-out KBA users — Enhanced the message that is sent to a signer when they are locked out of signing due to multiple failed KBA Authentication attempts. That message now specifies when the signer can try to log in again. However, this additional information will appear only if the "auto-unlock" feature is enabled for failed KBA authentications.

The “auto-unlock” feature was introduced in OneSpan Sign 11.28. It is an account configuration that is disabled by default. If enabled, it will automatically unlock a signer after a configurable period (default = 72 hours, as per KBA standards). To enable the “auto-unlock” feature, customers must contact our Support Team.

• Specify time-based expiry for transactions and templates — It was already possible to schedule when a transaction or template will expire by specifying a future date (e.g., it will expire on 01/18/2020). We added the ability to schedule this expiry by specifying a time interval (e.g., the transaction or template will expire 20 days after it was created).

To specify a time interval for a transaction via the New User Experience, see the Expiry Date parameter in this procedure. To specify a time interval for a template via the New User Experience, see the Expiry Date parameter in this procedure. To specify a time interval via the SDK, see the parameters withDefaultTimeBasedExpiry and withRemainingDays in this section.

By default, all new and existing accounts use "date-based" expiration. To change that setting for your account to "time-based" expiration, please contact our Support Team.

Bug Fixes

• PB-28858: Fixed an issue with the vertical scroll bar that occurred when the question-and-answer screen for KBA Authentication was displayed in an iFrame.
• PB-25996: Fixed an issue in which Custom Fields did not populate correctly.
• PB-29313: Fixed an issue with the account-level configuration of email reminders. Specifically, the Repeat Reminder toggle switch in the New User Experience was ON when it had been configured in OneSpan Sign BackOffice to be OFF.
• PB-29874: Fixed an issue in which copying and pasting a value (e.g., a field name) on the Field Settings screen didn't paste just that value, but duplicated the entire field from which the value was copied.
• PB-28366: Fixed an issue in which transactions were not sorted correctly if a user tried to sort by the last updated date.
• PB-29954: Fixed an issue in which an error was thrown when a field was deleted using the keyboard from the Designer page.
• PB-29846: Fixed a Mobile Signing Ceremony issue in which special characters were not displaying correctly within the Thank You dialog box.
• PB-29638: Fixed an issue in which a signer's language failed to be used on the signer's Resend SMS screen when the signer accessed that screen from a mobile device.
• PB-25712: Fixed an issue that occurred when users tried to extract from a document a Text Anchor that the document did not contain. Instead of displaying a suitable error message, the system created an invalid approval.

Known Issue

• PB-30571: Text extraction on accessible PDFs will fail if the text contains typographic ligatures. An effective workaround is to remove the ligatures from the PDF.

Release 11.28

What's New

Accessibility

• When a user is selecting a language for a transaction, template or recipient, screen readers will now vocalize the entire list of language names in the language the user has selected for the interface.

• Visually impaired users will now be told: (1) the maximum number of characters allowed for an input field on the Recipient Settings screen; (2) when they've reached that maximum number.

• Screen-reader support was added for the document-action buttons in a transaction's list of documents.

• Screen readers used by senders can now vocalize the content of their OneSpan Sign application in all supported languages.

Other

• When a user is selecting a language for a transaction, template or recipient, the entire list of language names will be presented in the user's currently selected language. For example: (1) if the user's interface currently uses English, the presented language names will be French, Spanish, etc.; (2) if the user changes the preferred language of their interface from English to French, the presented language names will become anglais, espanol, etc.
• Continued to expand our interactive Open API Specification. From there you can download the YAML file for our REST API, search for specific endpoints in that API, and even try a few calls yourself. Additional information about the calls can be found on the Developer Community website. That site’s Feature Guides may be especially helpful when you’re building your solution.
• Extended SDKs' GET transaction queries to enable retrieving only the GUIDs of associated transactions.
• Enabled the automatic or manual unlocking of a signer once they have been locked out of signing due to multiple failed KBA authentication attempts.
• Enabled the specification of advanced options (e.g., Personal Message, Change Signer, Email Delivery) for placeholder recipients.
• Enabled the specification of default settings for email reminders at the account level.
• Single Sign-On Authentication will no longer impose a session timeout. The session timeout will follow the value specified within the customer's IdP server.
• Improved the error message that is returned when an incorrect roleId is specified via integration.
• Updated how the Show shared layouts setting is saved for a sender. Previously, this setting was saved as soon as the sender accessed and closed the Apply Layout dialog box. Now the setting is saved only if the sender updates the setting AND applies a layout.
• Added the ability to align multiple document fields (top, bottom, left, or right) when a document is being prepared.
• Added Recipient Locked and Recipient Unlocked events to the Evidence Summary. The Recipient Locked event is triggered when a recipient gets locked out due to multiple failed authentication attempts. The Recipient Unlocked event is triggered when a sender unlocks a recipient after they have been locked out due to multiple failed authentication attempts.

The following are not tracked in the Evidence Summary: (1) the Recipient Locked event is not tracked for KBA Authentication; (2) the Recipient Unlocked event is not tracked when a user is automatically unlocked after a KBA Authentication failure.

• Enabled the specification of a font size for fields, transactions and templates (i.e., the font size that will be used for the text in a field when its parent document is printed). Known Issue: This feature does not work for accessible transactions.
• Enabled the export of selected OneSpan Sign BackOffice settings from one account to another account.

Bug Fixes

• PB-28782: Addressed an issue in which the SMS phone number of a sender in one account was being auto-populated when the sender was added as a signer in a different account.
• PB-22562: Fixed an issue in which the signing order of recipients was enabled when a recipient was added from the Designer.
• PB-21659: Fixed an issue in which the Share template setting was disabled after it was clicked twice.
• PB-21291: Fixed an issue in which changing a placeholder recipient to a regular recipient was generating an error.
• PB-20039: Fixed a Mobile Signing Ceremony issue in which clicking the Accept button multiple times caused an error.
• PB-28580: Fixed an issue in which the Signature Field was re-positioned on a document after it was set as optional.
• PB-28172: Fixed an issue in which Drop-down and Remove buttons were overlapping on the Field Settings screen.
• PB-26935: Fixed an issue in which an error was generated when a Fast Track transaction was created with the transaction owner's email.
• PB-26734: Fixed an issue in which the "show more" button within a list of transactions or templates was not translated into Spanish.
• PB-22624: Fixed an issue in which, during the creation of a transaction: (1) a template was selected and then removed; (2) the template's recipients were mistakenly added to the transaction.
• PB-27522: Fixed a Classic User Experience issue in which the name of a group of signers appeared incorrectly after another group of signers was created.
• PB-26814: Now when a radio button is duplicated, the parent radio-button group will not be duplicated. Adding a radio button to a group can now be done via the Add to group option.
• PB-28027: Fixed an issue in which the field name was being auto-populated when Document Extraction was performed. The field name will now remain blank.
• PB-26575: Fixed an issue in which the Evidence Summary was not recording the failure of an SMS Authentication due to an expired PIN.
• PB-25910: Fixed an issue in which the Evidence Summary was adding an extraneous comma at the end of the Data column for a Signer SSO event.

Release 11.27.1

Bug Fixes

• PB-29371, PB-29376: Fixed two problems with signing-order assignments related to the Set signing order toggle switch and OneSpan Sign BackOffice.

Release 11.27

What's New

Accessibility

• Enabled visually impaired senders to request or require signers to add attachments to a transaction.
• Enabled visually impaired senders to delete recipients from a transaction.
• Enabled visually impaired senders to specify a recipient's recipient type.
• Enabled visually impaired senders to edit information about a transaction's recipients, leveraging Autocomplete functionality.

Other

• Introduced our new Open API Specification.
• Enabled senders to use the New User Experience to: (1) view the currently displayed language for each of their signers; (2) update that language.
• When a sender receives an email to inform them that a signer has been locked out, that email now displays the email address of the signer (see email.lock.signer).
• Formerly, after an attachment to a transaction was rejected, recipients received a separate email notification for each attachment thus far rejected, even if they had already received a similar notification about the attachment. Now, after an attachment is rejected, recipients receive a notification only about that attachment. Thus for each rejected attachment, recipients now receive only one notification.

• Removed the Send us your feedback link from the application. Hopefully, this will encourage our customers to direct all their requests and inquiries to our Support Team.

• Made the drop-down menu for the Designer's Signature Field list only those Signature Types to which the sender can switch. Previously, that menu listed all Signature Types, including the one that's currently selected.

• Enabled senders to duplicate fields in the Designer. When we created this functionality, we also changed how senders access the settings for fields. Now, when you add or select a field in the Designer, a drop-down menu appears to offer the following options: Settings, Duplicate, Delete, Is optional (for Signature Fields), and <Signature Types>.
• Added an account-level flag for administrators that determines if by default shared layouts will be displayed to the account's senders.
• When SMS Authentication is assigned to a recipient who is also an account sender, the SMS phone number will now be auto-populated from that sender's Personal Information within the My Account set of pages. Note: The phone number in that location must include the sender's country code and area code.
• Prevented a recipient's information (First Name, Last Name, etc.) from being changed once the recipient has started to sign.
• In the REST API, added the optional parameter fields to GET transaction queries. When its value is id, the system retrieves only the GUIDs of associated transactions. Note: The SDKs will soon offer equivalent functionality.
• Our Sender interface has never officially supported assigning the same place in the signing order to multiple recipients. However, this could have worked in certain cases when transactions were created using the REST API. This behavior will stop working in all use cases with this release. This change will enable us to: (1) enhance other features; (2) fully support enhanced signing-order functionality in a future release.
• Enhanced Bulk Send's performance by changing its code so that: (1) successive cron jobs are run every 15 minutes (instead of every 30 minutes); (2) each job processes a maximum of 200 CVS-file rows (instead of 100 rows). Bulk Send thus runs four times faster than it did before.

Bug Fixes

Accessibility

• PB-26179: Fixed an issue in which screen readers were reading certain dialog boxes twice.
• PB-26479: Fixed an issue in which screen readers failed to vocalize the text in a selector.
• PB-26487: Fixed a screen-reader issue in which an aria-label attribute was missing.
• PB-26078: Fixed an issue concerning the text read by iOS VoiceOver during the Signing Ceremony.
• PB-26578: With Enable accessibility on, mapping Form Fields to recipients did not work properly. Specifically: (1) a sender could map multiple recipients at once; (2) if the sender subsequently removed one recipient, the system removed all recipients.

Other

• PB-20971: Fixed an issue that prevented recipients from changing their displayed language if they accessed the Signing Ceremony from an iFrame.
• PB-20583: Fixed an issue that prevented the New Transaction button from displaying properly after a user narrowed their browser window.
• PB-18877: Fixed an issue that prevented senders from customizing the logo that would appear on the Thank You dialog box after a user signs on a mobile device.
• PB-26920: Fixed an issue in which the Required attribute of a Custom Field was not being saved.
• PB-27045: Fixed a Dashboard issue that prevented the proper formatting of text in certain languages.
• PB-26585: Fixed an issue that permitted a signer to decline a transaction when it was not their turn to sign.
• PB-26319: Fixed an issue in which the "signup email" to a new sender was not being sent in the sender's designated language (see email.signup).
• PB-25066: Fixed a Designer issue that left it visually unclear if the Accept Only option had been selected for a document.
• PB-25249: Fixed an issue in which the width of the Transaction Name column changed when sorting was applied to the Transaction List.
• PB-26483: Fixed an issue in which pressing the ESCAPE key on a list selected an item from the list instead of escaping the list.
• PB-27198, PB-26738, PB-27201: Fixed several issues concerning the numbering associated with the signing order for recipients.
• PB-26208: Fixed an issue in which fields were reset after a user clicked outside a selector.
• PB-26838: Fixed an issue that prevented user-entered text from being fully visible in the associated display.
• PB-26957: Fixed a problem that affected the configuration of email reminders for in-progress transactions.
• PB-26892: Fixed an issue in which a tool tip failed to appear after new account users clicked Next during their First Time Use Walkthough.
• PB-27165: Fixed an issue in which senders could not select a recipient from the Recipient History on a mobile device.
• PB-27296: Fixed a Mobile Signing Ceremony issue in which the Signature Field label was not in the language that had been specified for the transaction.
• PB-25849: Fixed an unhandled exception that occurred when an attempt was made to update a document's description via the REST API without providing the correct document ID.
• PB-27298: Fixed an issue in which the field name was being auto-populated with the field ID when Text Tag Extraction was performed. The field name will now remain blank.

Release 11.26

What's New

Accessibility

• Enabled visually impaired senders to add recipients to a transaction, and to edit recipients' information.
• When a sender creates a transaction or template, the value that initially appears in the New User Experience for the Enable accessibility toggle switch is now automatically set to the default value specified for the sender's account. That default value can be changed only by contacting our Support Team.

Other

• The Enforce Authentication option will now be ignored for account senders if Single Sign-On Authentication has been specified as the Authentication Method for their account. Thus no one will have to specify information for Authentication Methods that will not be used.
• Knowledge-Based Authentication questions and answers will be displayed in the recipient's language. Specifically: (1) the language for Equifax USA can be English or Spanish ( if the recipient has a different language, the fallback language is English); (2) the language for Equifax Canada can be English or French ( if the recipient has a different language, the fallback language is English).
• You can now search for transactions or templates using a recipient's first name, last name or email address; for the New User Experience, see the section Find Transactions).
• Increased the storage space available for email templates.
• When a sender creates a transaction or template, the value that initially appears in the New User Experience for the Enable in person signing toggle switch is now automatically set to the default value specified for the sender's account. That default value can be changed only by contacting our Support Team.
• To comply with the General Data Protection Regulation (GDPR), in every environment we removed all personal information from all reports created by OneSpan Sign BackOffice. Specifically, in the Transaction Report and Multi-Tenant Transaction Report, we: (1) removed all signers' information, package names, and package attributes; (2) added the Sender UID.

Bug Fixes

Accessibility

• PB-25479: Fixed an issue that prevented signatures signed by other recipients in a uploaded document from being presented to users in accessibility mode.
• PB-25353: Fixed the following issue. When the Add Recipients button was selected using the keyboard in accessibility mode, instead of hearing ADD RECIPIENTS button selected, users heard ADD RECIPIENTS button unavailable.
• PB-25719: Fixed a wrong presentation of the document Preview button in accessibility mode.
• PB-25986: Fixed an accessibility issue in which: (1) users were not notified that you cannot create a new transaction from an existing accessible transaction; (2) settings were not being inherited when a new template was created from an existing template via our Open API Specification.
• PB-26079: Fixed the following issue. When a recipient using Android TalkBack tried to complete a signature by double tapping the Confirm button, TalkBack read the OK button twice instead of once, and therefore highlighted that button twice instead of once.

Other

• PB-21959: Fixed an issue that prevented transaction counts from updating properly next to the Inbox and Drafts headings after a user deleted or archived a transaction from these lists.
• PB-20485: Fixed the following issue. Passing an invalid document ID while retrieving field values via the REST API returned an exception instead of an informative error message.
• PB-25880: Different environments (e.g., Sandbox, Production) were found to be using different default formats for the timestamps applied to signatures. Removing this inconsistency provided all environments with the default format yyyy-MM-dd HH:mm:ss z, where z is the timezone. If you want a different default format for your account, please contact our Support Team.
• PB-16839: Fixed an issue that permitted a recipient to decline a transaction even after confirming their signature.
• PB-26261: Fixed an issue in which switching to the Classic User Interface caused the page footer to overlap with the list of transactions. The fix keeps the footer at the bottom of the page.
• PB-25662: Fixed the following issue. Using Windows 7 and Internet Explorer 11, the top left of the Designer page failed to show the complete name of the current transaction when that name had fewer than 4 characters.
• PB-25837: Fixed the following issue. When a user of OneSpan Sign for iOS confirmed a document or switched between documents, the system's loading the new document sometimes hung.
• PB-26213: Fixed an issue that prevented users from using the keyboard's backspace key to update the maximum length of a text field or text area.
• PB-26221: Fixed an issue in which the did not support a proxyJava and .NET SDKs configuration of the method eslClient.signDocuments.

Release 11.25

What's New

• Updated our cipher suite for outgoing Callback Notifications and SMTP messages from the OneSpan Sign service to customers. For more information, see Enhanced Security Standards.
• When a user accesses the Signing Ceremony from an email link, if their original SMS passcode has expired, the system now automatically sends them a new SMS passcode.
• If a document fails to upload when a transaction is being created via the SDK call EslClient.createPackage, the system now automatically deletes the transaction from the Drafts folder.
• When using the REST API to retrieve a list of all groups in an account, the list can now be filtered by searching for a specific or partial group name. For more information, see our Open API Specification.
• When using a Java or .Net SDK to retrieve a list of all groups in an account, the list can now be filtered by searching for a specific or partial group name. For more information, see Managing Groups.
• In a completely signed document, all Form Fields and signatures not associated with a recipient are now flattened — i.e., are read-only.

PDFs added to a transaction must not have syntax errors. If they do, the flattening described in the previous bullet may prevent recipients from confirming their signatures. To avoid that, we strongly recommend that you use Adobe's Preflight tool to scan and analyze a PDF for syntax errors before you add it to a transaction. For more information on the Preflight tool, refer to your Adobe documentation.

• The Enable accessibility mode button is now available when the Signing Ceremony is accessed through the Sender interface.
• In the Signing Ceremony's accessibility mode, visually impaired recipients are now notified when their cursor moves in or out of the Capture Signature box.

Bug Fixes

• PB-25102: Ensured that the Layouts drop-down list will not appear behind the Apply Layout dialog box (see Applying a Layout). This superposition made it hard to scroll within the list to select a layout.

• PB-21327: Fixed an issue that prevented a document's Accepted and Confirmed dates from displaying a timestamp.

• PB-25300: Fixed an issue in which continuous component updates caused the Document Preview and Designer pages to flicker.

• PB-21046: Ensured that in the Mobile Signing Ceremony the Exit button is always visible after signing is complete.
• PB-21409: Fixed an issue in which an accepted but unconfirmed optional signature and its associated fields were rendered in the final signed document when the transaction was completed by the sender.
• PB-15182: Provided missing translations for the email templates email.bulk.send.completed and email.bulk.send.error.

• PB-24599: Fixed an issue that, in accessibility mode, prevented the successful addition of multiple field mappings via the Import & Link Fields page (see Mapping Form Fields to Recipients).

• PB-18552: Fixed an issue that, in accessibility mode, prevented ToolTips for Form Fields from presenting customized content that had been specified using OneSpan Sign's BackOffice administration tool.

• PB-20058: Fixed an issue that, in accessibility mode, prevented a signature's ToolTip from being updated once the signature was accepted.

• PB-20150: Ensured that in accessibility mode the Signing Ceremony's Decline dialog box's list of reasons for declining can be navigated via the keyboard's arrow keys.
• PB-23674: Fixed an accessibility issue in which the description of a recipient's authentication was not being read by a screen reader when the Enforce Authentication condition was enabled for the recipient's account.
• PB-23677: Fixed an accessibility issue in which multiple H1 headings appeared on the Dashboard page. This did not comply with JAWS 2018.
• PB-24496: Fixed an accessibility issue in which the JAWS screen reader read all the labels above the currently selected label on the Create New Transaction page.
• PB-24488: Fixed an issue in which the visual contrast of the First Time Use message on the Dashboard page did not comply with accessibility guidelines.
• PB-24490: Fixed an issue in which the visual contrast of the text on the Personal Information page of My Account did not comply with accessibility guidelines.
• PB-24487: Fixed an issue in which the visual contrast of a selected menu item from the top menu of the New User Experience did not comply with accessibility guidelines.
• PB-24485: Fixed an issue in which the visual contrast of a selected field's orange border did not comply with accessibility guidelines.
• PB-25957: Fixed an issue that was preventing page controls from working properly with TalkBack screen readers on Android devices in accessibility mode.

Release 11.24

An unexpected error occurred with a fix to PB-21959. Due to the instability this could create, a patch release — 11.24.1 — was quickly issued. Soon after, another patch release — 11.24.2 — was issued to ensure that document pages display properly in the Designer section of the New User Experience.

What's New

• When New User Experience senders create accessible transactions or templates, they can now map the Form Fields in added documents to recipients' OneSpan Sign fields. For details, click here.
• The Signature page of the My Account set of pages enables users to create a handwritten signature that can be used to sign documents. That page's Signature now opens in full-screen mode to give visually impaired users more space to capture their signature.
• Enabled Bulk Sending to configure Personal Certificate signing for its recipients. An example of that configuration appears in the section Sample CVS File.
• Placed an appropriate transaction count next to two headings on the New User Experience page that lists transactions. Specifically: (1) the number of transactions that currently have the status In progress appears next to the Inbox heading; (2) the total number of transactions that currently have the status Draft, Expired, Declined or Opted out appears next to the Drafts heading.
• In the New User Experience, the action icons above the Transactions list will now: (1) always be visible; (2) become enabled when a transaction is selected.
• The Recipient Settings screen inside the New User Experience has an Attachments tab. The Delete icon on that tab will now: (1) always be visible; (2) become enabled when an attachment is selected.
• Enabled Single Sign-On Authentication to: (1) provision senders when multiple OneSpan Sign accounts have the same Identity Provider; (2) provision a sender as either a Manager or a Member.
• Added support for additional timezones to accommodate places that do not observe Daylight Saving Time (DST).
• Error and warning messages that appear in the application will no longer automatically disappear. They must be dismissed by the user.
• In the accessible view of a document during signing, the Form Fields not associated with a recipient now appear as read-only text.
• Our Sender interface has never officially supported adding documents to transactions via drag-and-drop, but this technique could have worked in certain cases. This technique will stop working in all use cases with this release. This change will enable us to: (1) enhance other features; (2) fully support drag-and-drop functionality in a future release.

Bug Fixes

• PB-21466: Fixed an issue that was permitting senders to enter invalid values on the Email Reminders screen.

• PB-20893: Fixed a Mobile Signing Ceremony issue in which the accessibility mode became disabled if the SMS Login page was refreshed.

• PB-18844: Fixed an issue that prevented a document from being tamper-sealed upon transaction completion if the last recipient did not sign an optional signature.
• PB-22064: Fixed an issue that was causing the email reminders for all transactions to be sent just once per day. Email reminders are now sent once every hour. Thus a reminder designed to be sent after one day is now sent between 24 and 25 hours after the original invitation (no longer between 24 and 48 hours after the original invitation).

Known Issue

• PB-21959: Deleting or archiving a transaction may lead to incorrect count numbers next to the headings of the Inbox and Drafts folders .

Release 11.23

What's New

• The Evidence Summary now records when a transaction owner manually completes a transaction.
• As part of an ongoing effort to make the New Application User Experience accessible to visually impaired senders:
  • The color scheme was improved for visually impaired senders.
  • The Dashboard's Account Summary chart was made a non-clickable image. Instead, the items within the legend indicate the number of transactions, and they link to the Reports page.
  • The following changes were made to the Date Picker control:
    • Dates can now be input manually.
    • Senders must now click OK to confirm their date selection.
    • To clear a date, you must now do one of the following: (a) select the date and press DEL on the keyboard; (b) open the calendar, and click Clear.

Bug Fixes

• PB-20463: Fixed an issue that prevented a transaction's completion date from being properly assigned when the transaction was manually completed by the transaction owner.
• PB-20825: Fixed an issue that caused transaction owners to receive Opt Out and Decline emails in the recipient's language instead of their own language.
• PB-20846: Fixed an issue that made the captions on buttons in the Capture Instructions screen bleed beyond the buttons' borders.
• PB-11204: Fixed an error in the Spanish text that appears on the translated Affadavit page during In-Person Signing.
• PB-18225: Fixed an error in the Spanish text that appears on the translated Guest Login page during SMS Authentication.
• PB-20179: Fixed an issue in which disabling the Session Bar during the Signing Ceremony made the Enable accessibility link unavailable.
• PB-20206: Fixed an issue in which the JAWS screen reader was reading an incorrect label for the Click to Sign Signature Box.
• PB-21131: Fixed an issue regarding query parameters injected into the Handover URL.
• PB-21096: Fixed an issue in which low screen resolutions prevented users from configuring a signature as Optional.
• PB-19992: Fixed problems with the SMS Authentication screen in which entering an incorrect SMS pass code caused: (1) the display of an inaccurate default message for the French language; (2) failure to display a customized string defined by the customer.
• PB-21698: Fixed an issue that in certain scenarios prevented senders from previewing their documents.
• PB-8330: Removed an undesirable User-Agent value from the header of the Apache HTTP client created by OneSpan Sign's Application Backend.

Release 11.22

What's New

• As recommended by the US National Institute of Standards and Technology (NIST), One-Time Password (OTP) codes for SMS Authentication will now expire (default lifetime = 5 minutes).
• A user can now change the signer's Company and Title when they delegate signing to another user.
• Links that appear in PDF documents can now be de-activated for an account.
• Now when a user signs with a mobile device, optional signatures are available in the Mobile Signing Ceremony.
• Document deletions are now recorded in the Evidence Summary.
• Transaction deletions are now recorded by our back-end system. To obtain this Audit Trail, please contact our Support Team.
• Optimized the Package Overview API, thereby improving overall performance.
• Enhanced performance by enabling the Documents call to be executed more rapidly.
• Upgraded Ruby (which is used by the Classic User Experience) to version 2.5.3.
• Dropped support for Internet Explorer 9 and 10 in the New User Experience (see Minimum Software Requirements).

Bug Fixes

• PB-19529: Fixed an issue that was preventing Sender SSO Authentication with Active Directory sessions that were older than 2 hours.
• PB-19797: Prevented the Cookie Policy notification from blocking the Accept button in the Signing Ceremony.
PB-10610: Removed the Cancel button from the failure screen for KBA Authentication.
• PB-12024: Fixed a Mobile Signing Ceremony issue in which fields were being rendered larger than intended, and were overlapping with text.
• PB-16420: Fixed an issue in which the "completion check mark" failed to appear for recipients using SMS Authentication.
• PB-17091: Fixed an incorrect Spanish translation of the Click to Sign Signature Box.
• PB-17923: Fixed an incorrect Spanish translation of the string This field is required on the Opt Out and Decline screens.
• PB-18484: Fixed an incorrect Spanish translation of the Accept button in the Mobile Signing Ceremony.
• PB-21185: Fixed a performance issue by removing precision scanning for Text Tags.

Release 11.21

What's New

• Added customizable time zones for transaction owners at the Account, Sender, and Transaction levels. Thus the time zone used to display all dates on a transaction's signed documents can now be customized. A zone specified at the Transaction level supersedes zones specified at the other levels, and a zone specified at the Sender level supersedes a zone specified at the Account level. Specifying a zone at the Transaction level is described here, and specifying a zone at the Sender level is described here. To specify a zone at the Account level, please contact our Support Team.
• When a callback fails, an email is sent out. That email has been improved to include the reason for the failure.
• Added Android TalkBack support for the Mobile Signing Ceremony on tablets (that support is documented here).
• Added support for the integration of optional signatures via Document Extraction and Text Tag Extraction.

Browser Support

• As of Release 11.22, the New User Experience will no longer support Internet Explorer 9 or 10 (see Minimum Software Requirements).

Bug Fixes

• MAIN-3183: Fixed an issue that occasionally prevented the uploading of documents during the Signing Ceremony, when using Internet Explorer.
• PB-19532: Fixed an issue that caused an incorrect email notification to be sent to a signer when the attachment from a different signer in the same transaction has been rejected.
• PB-17816: Fixed an issue that caused the top rebranding banner in Safari to sometimes disappear.
• PB-17595: Fixed an issue in which an unwanted border appeared around a banner added to the Designer page.
• PB-17184: Fixed an issue in which trying to "Bulk Sign" signatures when it was not the designated signer’s turn did not return a user-friendly message.
• PB-16990: Fixed an issue in which trying to add a recently deleted document from the Document History caused an Error 500 instead of a user-friendly message.
• PB-16817: Fixed an issue in which an invalid configuration for the Sender in the IdP server caused an ambiguous error.
• PB-16647: Fixed an issue in which the Archival Module couldn't purge data from long-term storage.
• PB-15570: Fixed an issue in which the SMS passcode was not being sent in the signer’s preferred language.
• PB-13579: Changed the flow so that email notifications to complete a transaction are sent only after all required attachments have been uploaded.
• PB-12894: Fixed an issue in which clicking the Save Layout button too quickly after applying a layout caused an error.
• PB-12842: Fixed an issue in which switching between the Drafts and Inbox folders before a page was fully loaded caused invalid data to appear.
• PB-12356: Fixed an issue in which attachments without an associated description caused a misalignment in the New Application User Experience.
• PB-7727: Enabled the API to add attachments to a transaction even when attachments are disabled on the associated account.
• PB-16911: In certain Optional Signature scenarios, we prevented: (1) an extra email from being sent; (2) an extra Optional Signature from being displayed.
• PB-17034: Made the Continue button appear in those Optional Signature scenarios where it was missing.

Known Issue

• When a user views an eSignLive invitation email in Gmail using an Android tablet in its Landscape orientation, the email's Go to document button is not fully displayed. The workaround is simply to rotate the tablet to its Portrait orientation.

Release 11.20

What's New

• Enabled blind and visually impaired users to review and click-to-sign PDF documents on mobile devices. This involved making the Mobile Signing Ceremony support Web Content Accessibility Guidelines (WCAG) 2.0 Level AA.
• Added iOS VoiceOver support for the Mobile Signing Ceremony on iPhones and iPads (that support is documented here).
• Enabled Bulk Signing — "Sign All" — for: (1) the Signature Capture signature type; (2) documents with mixed signature types.
• Made SMS messages more customizable than they had been.
• Made the Thank You dialog box support special characters.
• Enabled Single Sign-On (SSO) Authentication to be configured with the same Identity Provider's entity ID for both senders and signers.
• Added pagination to the displayed list of senders when delegates are being added in the New User Experience.
• Enabled static hyperlinks in PDF documents that are in a completed transaction.

Performance Enhancements

• System throughput (number of transactions per hour supported by the system) has been improved by 25%.
• The Get Package API response time has been reduced by 13%.
• The load time for the API underlying the Dashboard's Account Summary pie chart was improved by 36%.

Bug Fixes

• PB-15119: Enabled Text tag extraction to work when documents are uploaded from Salesforce.
• PB-16396: Fixed a licensing error that occurred when documents were being uploaded.
• PB-15928: Improved the alignment of the title of the Capture Signature Signature Box on mobile devices.
• PB-1563: Made the Evidence Summary filename display the correct text when the file is downloaded from the application.
• PB-16733: Ensured that for a document with Text Tags, artifacts of those tags do not appear in the document after it is added to a transaction.
• PB-16390: Fixed an issue involving Optional Signatures and the Personal Certificate Client.
• PB-10973: In ADA mode (designed for visually impaired users), we enabled the Accept button to be read by a screen reader that uses an Internet Explorer browser.
• PB-12457: In ADA mode, we enabled the progress bar to be read by a JAWS screen reader that uses an Internet Explorer browser.
• PB-11393: In ADA mode, we translated Alt text for the progress bar into French.
• PB- 12430: In ADA mode, we enabled the following text within the Consent document to be translated into any supported language: Must be accepted and agreed to before starting the signing process.

Release 11.19

What's New

• Enhanced Single Sign-On (SSO) Authentication to support external recipients. This enables the exchange of authentication information between OneSpan Sign and corporate servers. Thus signers can now use their organization's credentials to access the Signing Ceremony.
• Added support for optional signatures. This permits a signer to complete a transaction without signing all of their signatures inside the transaction's documents. Any signature type can be flagged as "optional" via the New User Experience, the REST API, or the SDKs. For a description of associated limitations, see the first note in this section.
• Ensured that the Owner of a transaction receives a notification every time a signer uploads an attachment. This is especially important if a rejected attachment is re-uploaded.

Bug Fixes

• PB-16402: Ensured that the document description appears when a user clicks the Document Title bar in a Mobile Signing Ceremony.
• PB-16596: Fixed an issue that was preventing the Personal Certificate Client from connecting when a user had multiple active network connections.

Release 11.18

What's New

• Added the names of Form Fields to the Audit Trail section of the Evidence Summary document.
• Enabled the Enforce Signature Capture option to be set at the signature level. It could already be set at the transaction level.
• Continued rebranding away from eSignLive to OneSpan Sign. This release brings changes to: (1) the default application logo; (2) the site icon; (3) page titles.
• Added a cookie-policy notice that is displayed to: (1) senders who are logging in to OneSpan Sign; (2) signers who are entering the Signing Ceremony after clicking a link in an email invitation.
• Made the Apply Layout dialog box retain the sender's selection for Show shared layouts.
• Signers and senders can now choose to view OneSpan Sign in Greek. This support includes email templates, in that transaction owners can specify Greek as the language to be displayed to an individual signer.

Bug Fixes

• PB-12429: Updated the Italian translation of default email templates.

Known Issues

• If you use the new Chrome browser (version 69), you will not be able to re-order documents or recipients. This issue will be fixed shortly. Meanwhile, please use a different browser if you need to reorder documents or recipients.
• If during the Mobile Signing Ceremony a user taps a document name, the document name and description will not appear. Instead an empty Document info box will appear. This issue will be fixed shortly.

Release 11.17

Release content merged with 11.18 above.

Release 11.16

What's New

• Enabled transaction owners to configure reminders for all recipients of a transaction who have not yet signed. For more, see Managing Transaction Reminders
• Enabled the Signing Ceremony to: (1) detect when a user's Internet connection is lost; (2) prompt the user to reestablish an Internet connection, and then continue the Signing Ceremony.

Bug Fixes

• PB-12658: Fixed an issue that sometimes prevented users of iOS devices from seeing the buttons on a Signature Capture screen when that screen was rendered inside an iFrame.

Release 11.15

What's New

• Added an Account setting that can prevent senders from deleting the Electronic Disclosures and Signatures Consent document. To activate this setting, please contact our Support Team.
• Extended label customization to the Mobile Signing Ceremony. The messages that will appear to signers during that ceremony are now fully configurable at the Account level. To make that configuration, please contact our Support Team.

Bug Fixes

• PB-10845: Formerly, we had the following problem. A signer captures their handwritten signature on a large Signature Block, or on the full screen of a mobile device. This signature is then applied to all other Signature Blocks in a document using Click-to-Sign. If the signer left a lot of white space around their handwritten signature, scaling often made their signature unreadable when it was applied to smaller blocks. We fixed this problem by removing all unnecessary white space from all Signature Blocks.
• PB-11997: We removed the following limitations, which used to apply when the Signing Ceremony was presented in an iFrame on an iPad: (1) indicators of Signature Fields were not supported; (2) immediately after users applied a signature (e.g., after they clicked OK on a signature-capture pad), they were redirected to the top of the page.

Release 11.14

What's New

• Ensured that the product OneSpan Sign complies with the General Data Protection Regulations that will come into effect on May 25, 2018 (these regulations are described here).
• To address security and end-of-life issues, we updated the third-party libraries used by the Java SDK.
• Equifax USA used to permit a maximum of two authentication attempts within any 72-hour period (regardless of the attempts' success or failure). A third attempt within 72 hours always failed. Indeed, this is still Equifax USA's default behavior. However, as of 16 May 2018, an Account Administrator can increase their account's limit from two attempts to three. If that is done, three attempts within 72 hours can succeed with Equifax USA, but a fourth attempt will always fail. For more about Equifax USA, click here.

Bug Fixes

• PB-10683: Ensured that all required attachments are reset and enabled when the Change Signer functionality is used (changing signers is described in the section Configuring Other Recipient Settings).
• PB-9658: In the Thank You dialog box, we removed unwanted blank space between the account logo and the text below it.

Release 11.13

What's New

• Gave account owners more control over the Email, Q&A, and SMS Signer Authentication options for their account. Before this release, senders could assign any of these methods to a given signer. Now, account owners can limit their senders' choices (e.g., by forbidding the Q&A method on their account). For more, see the tip in this section.
• Enhanced the Mobile Signing Ceremony by enabling the redirection of signers to a customized external page when their session expires.
• Enhanced the SDK by enabling the application of a layout to a document by specifying the layout's name.
• Enhanced the SDK by enabling a single request to upload multiple documents to an existing transaction.

Bug Fixes

• PB-10618: Fixed an issue that was preventing signers from authenticating themselves via SMS in the Mobile Signing Ceremony if their SMS code started with a 0 (zero). Note: To fully resolve this issue, signers may need to clear the cache on their mobile device.
• PB-8633: Fixed an issue that had affected the signing order when a placeholder was replaced by the transaction owner.
• PB-8697: Fixed an issue that was displaying the wrong signing order when the REST API or SDK was used to assign multiple signers the same place in the signing order.
• PB-9555: Fixed an issue in which toggling the language of the Signing Ceremony via an iFrame in Internet Explorer or Microsoft Edge wrongly redirected the signer to the Login page.
• PB-9071: Removed the grey title banner from the Guest Authentication page that appears in the Mobile Signing Ceremony.
• PB-9723: Fixed an issue that prevented the Thank You dialog box from being fully visible in the Mobile Signing Ceremony.

Release 11.12

What's New

• Introduced an Accessibility Support component that enables blind and visually impaired signers to review and click-to-sign PDF documents. For an overview, click here.

Bug Fixes

• MAIN-2120: Fixed an issue that was causing a Text Tag's maximum length (maxlen) to be ignored during the tag's extraction. Examples of Text Tag extraction and a description of maxlen can be found here.
• PB-8596: Fixed an issue that was preventing the download of documents whose document name includes a comma.

Release 11.11

What's New

• Enhanced the Mobile Signing Ceremony by removing the need to click a Signature Box to bring it to the foreground. Signers can instead magnify a Signature Box by using the built-in pinch-to-zoom capability of their mobile device.
• Enabled the system to efficiently handle a larger number of documents within a transaction. This fix reduces the time needed to navigate between documents or to sign documents.
• Enabled account owners to retrieve their integration API key via the Administration menu. For instructions, see this section.

Bug Fixes

• PB-4045: Fixed an issue with the Reset Password feature when using Windows 10 and the Edge browser.

• PB-7411: Ensured that the Download button in the Mobile Signing Ceremony is displayed regardless of the length of the document name.
• PB-7643: Ensured that the Attachments tab is hidden in the New User Experience when the Attachments feature is disabled at the account level.

Release 11.10

What's New

• For the Mobile Signing Ceremony, we implemented optimized pages for the Q&A and SMS Authentication Methods. Previously, these methods directed mobile-device users to desktop authentication pages that were not optimized.
• Can now customize the confirmation message that appears in the Signing Ceremony when a signer clicks the Confirm button to apply their signatures to a document.

Bug Fixes

• PB-6222: Fixed an SDK issue that was preventing the retrieval of templates that contain Text Tag information.
• PB-7056: Fixed an issue that was preventing the Edge browser’s download of a document when uppercase letters were used for the document’s filename extension.
• PB-5663: Prevented two adjacent column headers from overlapping on the Manage Attachments page of the Classic Application User Experience.

Release 11.9

What's New

• In the Mobile Signing Ceremony, the Thank You page was updated to enable signers to review and download signed documents.

Bug Fixes

• PB-5100: Fixed an issue in the Mobile Signing Ceremony regarding the selection of radio buttons when multiple radio-button groups are attached to a single signature.
• PB-4401: In the Mobile Signing Ceremony, ensured that the page title displays correctly when users switch from a Portrait to a Landscape view.
• PB-5940: In the sender User Interface, fixed translation errors that had been present in pop-up help text for icons.
• PB-1760: Fixed an issue that had prevented the downloading of documents inside an IFrame while using the Edge browser.

Release 11.8

What's New

• Enabled the User Interface to automatically extract signatures and fields by placing Text Tags directly in a document. Previously, this feature was available only to integrators (see Release 11.22).
• Completed all preparations for disabling TLS 1.0. For the associated schedule and expected impacts, click here.
• Extended Personal Certificate Signing to all supported browsers on Microsoft Windows. For more, see Signing with a Certificate.

Bug Fixes

• PB-4372: Enabled the graceful handling of an interruption of Internet connectivity during the Signing Ceremony.
• PB-5697: Fixed an issue that had been affecting the Transaction Activation callback when an expired transaction was re-sent.
• CONN-4767: We fixed an issue with the OneSpan Sign for Salesforce Connector that was preventing it from receiving callback information for Document Signed, Signer Complete, and Package Complete events.

Release 11.7

What's New

• Enabled the Apple Pencil to be used in the Signing Ceremony.
• Prevented signers from downloading documents until they have accepted the eSign Consent form.
• Enabled the Callback timeout to be configured to give the Callback endpoint extra time to process a Callback request.

Bug Fixes

• PB-3919: Fixed an issue that had been causing delays when users were searching for layouts.

Release 11.6

What's New

• PB-3366: Improved the "quicker access" feature implemented in Release 11.4, so the Signing Ceremony launches only when the transaction is awaiting your signature.

Bug Fixes

• PB-3320: Fixed an issue that had caused a transaction's status to remain Active, even though all signers had completed signing.
• PB-3026: Stopped an additional placeholder recipient from being added to a transaction when a layout is applied.
• PB-2151: Corrected Dutch and Portuguese labels and translation errors.

Release 11.5

What's New

• Added the ability to automatically extract signatures and fields by placing Text Tags directly in a document. OneSpan Sign will analyze the uploaded document, and replace every text that matches the Text Tag pattern with the appropriate signature or field. For more, see Text Tag Extraction. Note: This feature is currently available only to integrators.
• Enhanced the SMS Phone Number field to use the country code of the transaction owner as the default country code.
• As soon as a sender completes signing a transaction, they are now prompted to proceed to the next transaction.
• For security reasons, we removed support for Internet Explorer 8 . We also recommend no longer using IE 9, IE 10 or Windows 8, since Microsoft has ended its support and security updates for those products.

Bug Fixes

• PB-3259: Fixed the Mobile Signing Ceremony to enable styling of the Thank You page.
• PB-2590: Made the Date format for extracted fields follow the Date format for Custom Accounts.
• PB-3304: Removed the Resend SMS action for archived transactions.
• PB-1402: Ensured that a transaction's creation date is returned (instead of its sent date) when active transactions are retrieved.
• PB-1164: Prevented double-clicking on the Handover action. Double-clicking had been causing a second unnecessary call to the customer's page.

Release 11.4

What's New

• Implemented quicker access to the Signing Ceremony. The application will determine if it is your turn to sign. If so, it automatically launches the Signing Ceremony when you click on a transaction from your Inbox. This applies to all transactions awaiting your signature.

Bug Fixes

• PB-1889: Displays an appropriate error message when an expired transaction is returned to the status of Draft. Once in Draft, the transaction owner can extend the expiry period, and re-send the transaction for signing.
• PB-1671: Fixed an error that had been causing messages to overflow outside an iPad's visible area. This had been causing an expiry message to overlap with the page border.
• PB-1660: Fixed the mobile Signing Ceremony's title bar. If the document name was too long, it overlapped with the expandable-menu icon.

Release 11.3

What's New

• Remodelled the Add/Edit Recipient dialog box that appears in the Sender Interface by converting its top horizontal tabs into vertical sections on the left. This enabled: (1) the addition of extra settings; (2) better support for mobile devices that have limited horizontal space. For a description of the new interface, see Recipients.
• Extended Personal Certificate signing to external signers. Formerly, such signing was available only to holders of a OneSpan Sign Account.
• Removed the Expiry Warning dialog box to ensure consistent behavior across all supported browsers, desktops, and mobile devices.
• Extended label customization to the Guest Authentication page. The message that will appear on that page is now fully configurable at the account level.
• Created a new DIGIPASS Signing feature that enables the use of VASCO DIGIPASS Authenticators to validate the identity of signers, and to authorize the approval of each document in a transaction. When a signer is added to a OneSpan Sign transaction, DIGIPASS may be specified as the two-factor Authentication Method. For more on how to leverage this feature, please consult your Sales or Customer Success representative.
• Added automatic email blacklisting. For details, see the warning box in the procedure Adding Recipients.

Bug Fixes

• PB-1348: Corrected the French message that appears when senders are invited to join an account.
• PB-1396: Enabled a sender to add an unlimited number of delegates who can operate on their behalf.
• PB-1294: Enabled the deletion of partially signed documents.
• PB-1544: Ensured that the SMS Guest Authentication page respects the signer 's language.
• PB-1759: Ensured that only one SMS code is sent to a signer when both SMS Authentication and KBA Authentication are used.

Release 11.2

What's New

Integration

• Enhanced the Integration Model to include the transaction creation date (in addition to the completion date and date of the last update). This enhancement applies to both the API and the SDKs.
• Enhanced the Event Notification payload to include the event timestamp. This timestamp specifies the time of event creation to within a millisecond.

 By default, OneSpan Sign's SDKs ignore additional fields. To take advantage of the new fields described above, upgrade to the 11.2 SDK.

If you are using the API directly, you must ensure that your integration code can ignore new fields. Otherwise, your integration will no longer work.

Other

• Added customization support to the New User Interface's login page for on-premises and private-cloud deployments. This enables the footer, sign-up link, and What's new link to be hidden on the login page. The login page for the Classic User Interface already provides this level of customization.
• Removed all references to eSignLive™ and eSignPackage™ from Signing Ceremony labels in order to extend white-labeling capabilities.
• Increased the size of the mobile Signing Ceremony's Reason field for opting out and declining in order to support longer text.

Bug Fixes

• PB-489: Ensured that all Signing Ceremony errors are displayed in the signer's specified language across all browsers (including when the session expires, or when the transaction is no longer active).
• PB-766: Corrected French labels and translation errors. These corrections apply to labels in both desktop and mobile Signing Ceremonies.
• PB-472: Fixed an issue that had caused the URL to be double-encoded when the Signing Ceremony is viewed in Chrome. This issue affected only on-premises deployments that were trying to connect through a proxy.
• PB-236: Fixed the border of the Notary Seal when an eNotary transaction is created from the New User Interface.
• PB-935: Preserved the Document Delivery option when a transaction is created from a template with group signers.
• PB-862: Fixed a bug that caused the Session Extend dialog box to appear after the relevant session had expired.

Release 11.1

What's New

• Extended the Document Visibility feature to enable senders to use the Designer to configure the visibility of documents to recipients.

• Enabled the styling of text in the Thank You dialog box and on error pages.

• Enabled signers to request a new SMS code.

• Added a prompt for the sender to start signing immediately after sending a transaction.

Bug Fixes

• PB-260: Removed the latency that had been occurring when a large number of layouts was loaded via the Designer.

• PB-638: Removed a white border that had appeared around PDF fields during the execution of field injection.

Release 11.0.6

What's New

• Created a new signature-capture feature at the transaction level. If this feature is enabled, signers must capture their signature every time they sign. Otherwise, the signature is captured only once, and then applied to all subsequent signatures, for which the signer clicks to sign.
• Created a Download All button for signers. Clicking it downloads a zip file that contains all signed documents associated with a completed transaction.
• Can now customize a large set of labels for the Signing Ceremony and for error pages. An example of an affected error page is the Access Denied page that appears when a transaction is no longer active.

• Added a Decline option to the Signing Ceremony on mobile devices.

Bug Fixes

• APP-5523: In OneSpan Sign for Microsoft Dynamics CRM, the name of a signed file returned to Box had been truncated. Now that name contains as a prefix the original name of the unsigned file.

Release 11.0.5

What's New

• Created a Document Visibility feature that enables integrators to control which recipients can view specific documents in a transaction during a Signing Ceremony. This saves recipients from having to process documents they don’t need to see, and it ensures that documents with sensitive information are viewed only by their intended recipients.
• Created an Event Notifier plug-in. If the Signing Ceremony is hosted in an iFrame, the Notifier can send events from the Signing Ceremony to the parent hosting application. This is useful if the integrator wants to be notified when certain steps take place during signing. Upon receiving such notifications, the integrator can perform actions to enhance the User Experience, display supporting messages, or update visual components in the hosting application.
• Enabled the branding of all data in Evidence Summary documents. Formerly one could only customize the logo for those documents, but now in addition the logo can be hidden, the title can be customized or hidden, other sections can be selectively hidden, all labels for each field can be customized, etc.
• Enhanced SMS security by making the SMS code single-use. A new code is now sent every time the signer clicks the email link, instead of only when the transaction is initially sent.

Bug Fixes

• An error message now appears if a user tries to update an attachment for a package that has been completed by the Package Owner.

Known Issues

• The enhanced SMS security feature described above has a known issue. If you are using Email Protection Software (e.g., proofpoint), you may receive two SMS messages instead of one. The first arrives when you click the link in your email invitation. The second arrives when you enter the SMS code to access the Signing Ceremony. Although inconvenient, the second SMS message is harmless.

Release 11.0.4

Bug Fixes

• Stopped the entire page from being dragged when a user tries to drag a Signature Block across the page.
• Ensured that inactive sessions are redirected to the pre-configured URL in the Classic User Interface.

Known Issues

• A user's specified language — French — is not respected in the following situation. (1) A French transaction is emailed to a third-party recipient with Question-Answer authentication. (2) The recipient clicks the email link, and a guest login page appears in French. (3) The recipient inputs incorrect answers to questions until the recipient is locked out, and an error message appears in French. (4) In the same browser, the recipient clicks the email link again. An error page appears in French. The system has behaved well to this point. (5) The recipient opens a new browser (with clean cache & cookies), and opens the email link again. The error message that appears is now in English.

Release 11.0.3

What's New

• Added a Date field that enables a signer to specify a date from a calendar.
• Extended the Group functionality to all Account senders.
• Added sender pagination and search capabilities to the OneSpan Sign BackOffice administration tool.

Bug Fixes

• Fixed the iFrame Signing Ceremony on iOS Safari.
• Made the mobile Signing Ceremony redirect to the desktop Signing Ceremony if CAC/PIV Certificate Signing is detected.
• Fixed sorting on the Account > Senders page.
• Fixed the Salesforce banner when signing occurs within Salesforce.
• Fixed footer placement for signing on an iPad.
• Fixed the adding of attachments in the Firefox v49 browser.
• Formerly, after clicking an Invitation Email's link, and then logging into OneSpan Sign, signers were directed to their own Inbox. Now they are immediately directed to the Package page for the package they've been invited to sign.

Release 11.0.2

Bug Fixes

• Fixed the alignment of "e-Signed By ..." text in signatures when the text is smaller than the Signature Block.
• Fixed Session Expiry auto-redirect to a Custom URL.

Release 11.0.1

Bug Fixes

• Upgraded Google Guava from 15.0 to 17.0.
• Changed many references in the code from e-SignLive (with a hyphen) to OneSpan Sign (no hyphen).
• Added a new feature that configures a signer's Authentication Token to be single-use only.
• The uploadDocument method wasn't properly refreshing the Package Object. We therefore deprecated the old uploadDocument method, and added a new uploadDocument method that uses the Package ID instead of the Package Object.
• Previous releases used the Fast Track URL Mapper with the location header. Instead, 11.0.1 uses the currently requested URL if no Redirect is specified.

Release 11.0

What's New

• New UX/UI: We've introduced a redesigned GUI and User Experience that: (1) focus on preparing and managing transactions; (2) emphasize ease-of-use and visual clarity. For more, see the New Application User's Guide.
• Personal Digital Certificate: This feature enables a signer to sign documents with their own certificate. This feature can be leveraged by governments and other regulated agencies whose employees have their own certificates.
• TEMPLATE_CREATE callback: This enables an account to receive a callback when a template is created from scratch, or when a template is saved from an existing transaction.
• Danish Language Support: Signers and senders can now choose to view OneSpan Sign in Danish. This support includes email templates, in that transaction owners can specify Danish as the language to be displayed to an individual signer.
• Change Signer Authentication: Added the ability to specify SMS or Q&A authentication when the identity of a signer is being changed. This is especially useful if no individual was specified when an invitation was sent. For example, consider a transaction that sent an invitation to [email protected] Upon receiving that invitation, Acme's Sales Team can: (1) change the signer to a particular person – e.g., [email protected]; (2) specify that Joe's phone number will receive an SMS authentication code.
• Session Fields: Integration customers who want to store extra data as part of their signing evidence can pass additional session fields per signer when they create a signing session. These fields are saved in the Evidence Summary, and are stored in the signature details of signed documents. For example, an external system's Login Token can be stored as part of a signature's Audit Trail.

Other Changes

• End-of-life for Package: The term Package has served us well for six years, but it's time to embrace a term that's becoming more common in the market. In this release, the term Package will be replaced by the term Transaction.
• QRCodes: This feature has also reached its end-of-life. It will be deprecated in favour of the Evidence Summary, which offers more Audit Trails.

Bug Fixes

• Fixed the duplicated Session Expiry warning when a signer's session expires.
• Prevented an Administrator from deleting the Account Owner on the Senders page.
• Ensured that when signed documents are sent as email attachments: (1) they are flattened; (2) the flag flattenSignedDocuments is on.
• Fixed translation issues for non-English languages in the Delegation section.

SDK

What's New

• Can now sign documents as the API key owner, or for another signer
• Added RTF and ODT to the document type enum.
• Improved error handling for Text Anchors.
• Added a transaction signAll capability. This API/SDK call enables all documents in a transaction to be signed in one call (instead of traversing documents successively, and signing each signature successively).

Bug Fixes

The following issues were fixed:

• Box connector 502 Bad Gateway error
• Remove QRCodeTest from both SDKs
• DocumentType enum in SDK only includes PDF and WORD document types
• Accept header not set when getting AuthenticationToken