Version 3.25 (January 2024)
New features and enhancements
Supported platforms and third-party products
OneSpan User Websites now supports the following products:
Web servers
OneSpan User Websites can now be run on these web application servers (based on the respective JRE):
Apache Tomcat 9.0–9.0.82 (included)
The included version of Apache Tomcat was updated to fix a critical security vulnerability (CVE-2023-28709).
- Oracle Server Java Runtime Environment 11
- Azul Zulu 11 (included)
Version 3.24 (July 2023)
New features and enhancements
Supported platforms and third-party products
OneSpan User Websites now supports the following products:
Web servers
OneSpan User Websites can now be run on these web application servers:
- Apache Tomcat 9.0.73 (included)
- Azul Zulu 11 (included)
Fixes and other updates
Issue OAS‑8864 (Support case CS0059341): Error 500 (Internal Server Error) when Cronto image is too large
Description: If the Cronto image for offline activation cannot be created because it is too large, error 500 (Internal Server Error) is raised in OneSpan User Websites. No further information is provided about the cause of the problem.
Affects: OneSpan User Websites 3.12–3.23
Status: The following new error messages have been implemented in OneSpan User Websites, which will be raised instead of the generic error 500 in these particular cases:
- Cronto image size too large.
- Cronto image size not even.
Version 3.23 (July 2022)
New features and enhancements
Supported platforms and third-party products
OneSpan User Websites now supports the following products:
Operating systems
- Red Hat Enterprise Linux (RHEL) 8, 64-bit
- Ubuntu Server 20.04 LTS, 64-bit
Software libraries
OneSpan User Websites now includes the following (updated) third-party libraries:
- Apache Log4j Core 2.17.1
Fixes and other updates
Issue OAS-11404: Security-related HTTP response headers updated
Description: By default, the OneSpan User Websites web applications return HTTP response headers that can help to prevent malicious attacks.
The used security-related HTTP response headers have been updated to further improve the site security:
- Strict-Transport-Security Header (HSTS): 31536000
- Referrer-Policy: no-referrer
Affects: OneSpan User Websites 3.15–3.22
Deprecated components and features
Supported platforms and third-party products
OneSpan User Websites no longer supports the following products:
Operating systems
- Ubuntu Server 16.04 LTS, 64-bit
- Red Hat Enterprise Linux line 6
- CentOS line 6
Version 3.22 (October 2021)
New features and enhancements
Embedded JRE changed to OpenJDK
The embedded Java Runtime Environment (JRE) deployed by the OneSpan User Websites setup packages has been replaced. Instead of Oracle Java, OneSpan User Websites now uses Azul Zulu (OpenJDK).
Supported platforms and third-party products
OneSpan User Websites now supports the following products:
Web servers
- Apache Tomcat 9.0–9.0.48
Fixes and other updates
Issue OAS‑2013 (Support cases CS0024619, CS0014262): HTTP 500 error during 2-step offline activation (User Self-Management Website)
Description: During 2-step offline activation for Mobile Authenticator Studio, if the user types an incorrect signature in the second step, the User Self-Management Website operation fails and displays an HTTP 500 error. The user does not get any information about the problem and is not prompted to type the signature again.
Affects: OneSpan User Websites 3.9–3.21
Status: This issue has been fixed.
Issue OAS‑518 (Support case CS0005059): Missing information about configuring self-assignment (Documentation)
Description: User Self-Management Website can be used for authenticator self-assignment if it is correctly configured. If the effective OneSpan Authentication Server policy settings are incorrect, self-assignment attempts will fail and appear as a failed authentication attempt because of an incorrect static password.
Affects: OneSpan User Websites 3.9–3.21
Status: The documentation has been updated. A dedicated section about the required policy settings for self-assignment has been added to the OneSpan User Websites Administrator Guide.
Deprecated components and features
Supported platforms and third-party products
OneSpan User Websites no longer supports the following products:
Web servers
- Apache Tomcat 8.x
Future platform support changes
This section summarizes upcoming changes of supported platforms and other third-party products that will become effective in future versions. You are highly encouraged to plan and modify your deployments accordingly to allow future upgrades.
Version 3.23
OneSpan User Websites 3.23 will no longer support the following products:
Web browsers
- Internet Explorer
Version 3.21 (January 2021)
New features and enhancements
Supported platforms and third-party products
OneSpan User Websites now supports the following products:
Software libraries
- Bootstrap 4.5.2
- jQuery 3.5.1
Web servers
- Apache Tomcat 8.5.60 (included)
Fixes and other updates
Issue OAS‑5894 (Support Case CS0042227): Space characters removed from user names (User Self-Management Website)
Description: User Self-Management Website incorrectly removes blank space characters from the user name when sanitizing the user input in several forms, e.g. the 2-Step Offline Activation Using a Color QR Code page. Instead of trimming leading and trailing whitespace characters only, blank space characters are also removed from within the user name.
Affects: OneSpan User Websites 3.9–3.20
Status: This issue has been fixed.