EFS Release Notes 22.1

Enhancements to EFS platform

App-based Authentication

To add an extra layer of security, you can now optionally protect the EFS admin area account with the new two-factor authentication. You'll be required to provide an additional authentication code from an Authenticator app, each time you login into your EFS account.

Open

Use the dialog to enable the new two-factor authentication

After entering invalid codes several times, the accounts will be blocked. This behavior is similar to the behavior of entering an invalid password. In addition to this brute force protection, EFS also has a replay protection, so that an already used code cannot be reused by an attacker who might have somehow intercepted it.

New Security Headers

To increase the security of the Projects, Portals, and Panel Website modules, we have implemented new security-related headers. These headers will be sent with each page to ask the browser not to allow certain actions or script types.

Open

Security-related headers can be configured for Projects, Portals and Panel Website

The following security headers are available:

Referrer-Policy: Use this header to define which referrer information will be sent to 3^rd party websites when clicking on a link within EFS. 

Content-Security-Policy: The Content Security Policy is an effective measure to protect your website from XXS attacks. By whitelisting sources for approved content, you can prevent the browser from loading malicious assets.

Permissions-Policy: Use this header to define which APIs might be used, e.g. payment, camera, microphone or USB access.

X-Content-Type-Options: Use this header to block a request, if the request destination is of type “style” and the MIME type is not “text/css”, or of type “script” and the MIME type is not a “JavaScript” MIME type.

X-XSS-Protection: Use this header to enable XSS filtering (usually default in browsers). If a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).

Do-Not-SMS List

In addition to the Do-Not-Email list, you now also have a Do-not-SMS list to block mobile phone numbers from receiving SMS notifications on a global and/or project-specific level.

You can import, export (Excel and CSV) the Do-not-SMS list, and configure the table view. Use the checkbox to remove mobile phone numbers from the list. Just check the mobile phone numbers you want to remove from the list. Use the #unsubscribe_global# and #unsubscribe_survey# placeholders to insert links in SMS messages, so that participants are allowed to add their own mobile phone number to the Do-not-SMS list.

Other Enhancements to EFS Platform

• Uploading fonts and new file types (media library): As of this release, the media library supports new file types, such as web-fonts (woff, woff2, otf, eot, svg, jp2, webm, webp).

• Customized maintenance page: The maintenance page can now be adapted to your corporate identity. Customers with extended access rights, will find a new Maintenance tab of the Branding menu (Options).

• Changed user menu: We made changes to the user menu. The Edit account menu item was renamed. It is now called Edit user data. We also added the Security menu item to connect the user menu with security area. There you can now change your password.

• Sending SMS: When sending SMS, additional information are now available, for example the encoding of the SMS and a SMS counter that counts how many SMS will be used for the message.

Enhancements to Projects

PDF Receipts

We have rebuilt the Receipts section of the Questionnaire Editor completely. You are now able to provide survey participants with the completed questionnaire as a PDF receipt via a download link and/or via e-mail attachment, without the need to involve Tivian.

Using the Exclude questions tab, you can customize the PDF receipt and exclude questions. Thus, the PDF receipts will contain the questions seen by a participant and the ones you exclude.

Other Enhancements to Projects

• The Block email question type: The Block email question type, which can be selected on end pages, also supports the SMS block list. This applies to Responsive Layout 3.1.

• Additional headers for your email templates: Using the new function "Additional headers" you can add your own headers to your email template. The placeholders #unsubscribe_global# and #unsubscribe_survey# can be used.

• Layout Pro Editor: The Layout Pro Editor has been extended to provide Create Template, Export and Import functionality for all sections.

• New Panlist ID column (ES projects): The column "Panelist ID” is available in the participant administration of ES projects for user groups that have the read permission search_panel. Participants will be linked to the panelist and you can jump from the participant management of your ES project to the panelist administration. This works for employee projects where the "Panelist import from employee project" feature was used. The feature is disabled by default.

Enhancements to People

Management of Genders

The People module now allows you to create and use more than the previously two genders for your panelists. New genders can be created and be managed via your own list in the Panel configuration. A handy panelist counter shows the usage of genders and blocks the deletion if panelists are assigned to a gender.

Your manually created genders will be available in Panelist administration, Portals and Panel/ Master data surveys. They will also be available in Panel Service Layer calls.

Other Enhancements to People

• Bulk edit of panelists: The bulk edit of the panelist administration now allows updating based on the site id (language version), u_gender, pci, u_timezone, u_locale variable

• New update rule: In the Actions menu, you can now create the Delete panelists update rule, which minimizes the maintenance effort of the panel groups. If this action is performed, the panelists to whom this rule applies will be deleted from the panel.

• Removing panelists from a group: To make removing panelists from a panel group more intuitive, you have a Delete icon in the Actions column that allows you to remove the panelist from the group (if you have the panelgrp_admin read permission). Removing panelists from the default group is not possible.

• Panelist Detail View: Panel groups for which an update rule has been set up are now marked with an icon. This icon will also serve you as a link to go to the update rules of the panel.

• Search for e-mail addresses: From now on, the advanced search of the panelist administration offers the possibility to search for multiple panelists by e-mail address. Simply enter one e-mail address per line. You can search for up to 50 e-mail addresses simultaneously.

Enhancements to Portals

Adding the Guide Initiator to the Panel Group

Setting up Tableau dashboards to visualize your guides' results used to take some effort because the panel groups you selected rarely included the members you wanted. Using the new option "Add guide initiators to the following panel-group", you can specify in the Guides module configuration to which panel group guide initiators will be added.

Report List: Improved Usability

The usability of the Portals page module Report List has been improved. The reports that participants have access to are now sorted by the new default filter All. The filter is available by default for the report list types ES Projects and Guides.

In addition, the two list views of the module (ES projects, Guides) have a new table column. This new column lists the ES project names or Guide names in descending order based on the creation date.

Other Enhancements to Portals

• Adding participants by e-mail address (Action Board): From now on, the e-mail address of participants you want to add to an action will also be displayed, so that you always know who you are adding to an action.

• Removing participants (Action Board): The process of removing groups and users has been improved. Depending on whether you select the group avatar or user avatar in the participant section of an action, the corresponding button, i.e. group or user, is already preselected in the overlay menu.

• New character limit in guide setup (Guides): In the guide setup, guide initiators can write a message. Until now the character limit was 255 characters. With this release, the limit is raised to 65535 characters.

• New tooltips in the Look & Feel area (CMS area): New tooltips inform you about the effects of possible color changes in the Look & Feel area.

• New character limit (Text and Multimedia): The character limit of the text field of the Text and Multimedia module has been increased to 100,000.

• Adjustment (Extension): The API of the Portals module Extension has now an EFS object instead of a Questback object, for example, you should use EFS.portalsApi.isInitialized(); now. Questback is also available as an alias for now to ensure backwards compatibility.

Enhancements to Panel Website

Community Content disabled by default

As of this release, the community content will be disabled by default on new EFS installations. The Quick Polls menu item is moved from Community content to Standard content.

Usability Improvement

To prevent incorrect assignment of panelists to offline websites, offline will be added to the language version, if the the language or the whole website is offline.

New Service Layer Services