EFS Release Notes 22.1
English | Deutsch
In this release, we have improved the security of our platform and our modules, by developing a new two-factor authentication and extending the security related header function. We have also rebuilt the receipts feature. You're now able to provide the completed survey as a PDF receipt via download link and e-mail to your participants without our help. |
Enhancements to EFS platform
App-based Authentication
To add an extra layer of security, you can now optionally protect the EFS admin area account with the new two-factor authentication. You'll be required to provide an additional authentication code from an Authenticator app, each time you login into your EFS account.
After entering invalid codes several times, the accounts will be blocked. This behavior is similar to the behavior of entering an invalid password. In addition to this brute force protection, EFS also has a replay protection, so that an already used code cannot be reused by an attacker who might have somehow intercepted it.
Two-factor authentication is available on all installations and can be enabled by any user.
Your installation can be configured to force all accounts to use app-based authentication. Please contact our support team.
New Security Headers
To increase the security of the Projects, Portals, and Panel Website modules, we have implemented new security-related headers. These headers will be sent with each page to ask the browser not to allow certain actions or script types.
The following security headers are available:
Referrer-Policy: Use this header to define which referrer information will be sent to 3rd party websites when clicking on a link within EFS.
Content-Security-Policy: The Content Security Policy is an effective measure to protect your website from XXS attacks. By whitelisting sources for approved content, you can prevent the browser from loading malicious assets.
Permissions-Policy: Use this header to define which APIs might be used, e.g. payment, camera, microphone or USB access.
X-Content-Type-Options: Use this header to block a request, if the request destination is of type “style” and the MIME type is not “text/css”, or of type “script” and the MIME type is not a “JavaScript” MIME type.
X-XSS-Protection: Use this header to enable XSS filtering (usually default in browsers). If a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).
In Projects, the option "Should an X-Frame-Options header be sent to the client?", has been moved from the General Options tab to the new Security tab within the Survey Options.
Do-Not-SMS List
In addition to the Do-Not-Email list, you now also have a Do-not-SMS list to block mobile phone numbers from receiving SMS notifications on a global and/or project-specific level.
You can import, export (Excel and CSV) the Do-not-SMS list, and configure the table view. Use the checkbox to remove mobile phone numbers from the list. Just check the mobile phone numbers you want to remove from the list. Use the #unsubscribe_global# and #unsubscribe_survey# placeholders to insert links in SMS messages, so that participants are allowed to add their own mobile phone number to the Do-not-SMS list.
New service layer methods are also available for adding to the list, checking, and removing mobile numbers from the list.
Other Enhancements to EFS Platform
Uploading fonts and new file types (media library): As of this release, the media library supports new file types, such as web-fonts (woff, woff2, otf, eot, svg, jp2, webm, webp).
Customized maintenance page: The maintenance page can now be adapted to your corporate identity. Customers with extended access rights, will find a new Maintenance tab of the Branding menu (Options).
Changed user menu: We made changes to the user menu. The Edit account menu item was renamed. It is now called Edit user data. We also added the Security menu item to connect the user menu with security area. There you can now change your password.
Sending SMS: When sending SMS, additional information are now available, for example the encoding of the SMS and a SMS counter that counts how many SMS will be used for the message.
Enhancements to Projects
PDF Receipts
We have rebuilt the Receipts section of the Questionnaire Editor completely. You are now able to provide survey participants with the completed questionnaire as a PDF receipt via a download link and/or via e-mail attachment, without the need to involve Tivian.
Using the Exclude questions tab, you can customize the PDF receipt and exclude questions. Thus, the PDF receipts will contain the questions seen by a participant and the ones you exclude.
Use the Layout menu to edit layout elements of the PDF receipts, for example Header, Footer und CSS.
Other Enhancements to Projects
The Block email question type: The Block email question type, which can be selected on end pages, also supports the SMS block list. This applies to Responsive Layout 3.1.
Additional headers for your email templates: Using the new function "Additional headers" you can add your own headers to your email template. The placeholders #unsubscribe_global# and #unsubscribe_survey# can be used.
Layout Pro Editor: The Layout Pro Editor has been extended to provide Create Template, Export and Import functionality for all sections.
New Panlist ID column (ES projects): The column "Panelist ID” is available in the participant administration of ES projects for user groups that have the read permission search_panel. Participants will be linked to the panelist and you can jump from the participant management of your ES project to the panelist administration. This works for employee projects where the "Panelist import from employee project" feature was used. The feature is disabled by default.
Enhancements to People
Management of Genders
The People module now allows you to create and use more than the previously two genders for your panelists. New genders can be created and be managed via your own list in the Panel configuration. A handy panelist counter shows the usage of genders and blocks the deletion if panelists are assigned to a gender.
Your manually created genders will be available in Panelist administration, Portals and Panel/ Master data surveys. They will also be available in Panel Service Layer calls.
Other Enhancements to People
Bulk edit of panelists: The bulk edit of the panelist administration now allows updating based on the site id (language version), u_gender, pci, u_timezone, u_locale variable
New update rule: In the Actions menu, you can now create the Delete panelists update rule, which minimizes the maintenance effort of the panel groups. If this action is performed, the panelists to whom this rule applies will be deleted from the panel.
Removing panelists from a group: To make removing panelists from a panel group more intuitive, you have a Delete icon in the Actions column that allows you to remove the panelist from the group (if you have the panelgrp_admin read permission). Removing panelists from the default group is not possible.
Panelist Detail View: Panel groups for which an update rule has been set up are now marked with an icon. This icon will also serve you as a link to go to the update rules of the panel.
Search for e-mail addresses: From now on, the advanced search of the panelist administration offers the possibility to search for multiple panelists by e-mail address. Simply enter one e-mail address per line. You can search for up to 50 e-mail addresses simultaneously.
Enhancements to Portals
Adding the Guide Initiator to the Panel Group
Setting up Tableau dashboards to visualize your guides' results used to take some effort because the panel groups you selected rarely included the members you wanted. Using the new option "Add guide initiators to the following panel-group", you can specify in the Guides module configuration to which panel group guide initiators will be added.
Report List: Improved Usability
The usability of the Portals page module Report List has been improved. The reports that participants have access to are now sorted by the new default filter All. The filter is available by default for the report list types ES Projects and Guides.
In addition, the two list views of the module (ES projects, Guides) have a new table column. This new column lists the ES project names or Guide names in descending order based on the creation date.
Other Enhancements to Portals
Adding participants by e-mail address (Action Board): From now on, the e-mail address of participants you want to add to an action will also be displayed, so that you always know who you are adding to an action.
Removing participants (Action Board): The process of removing groups and users has been improved. Depending on whether you select the group avatar or user avatar in the participant section of an action, the corresponding button, i.e. group or user, is already preselected in the overlay menu.
New character limit in guide setup (Guides): In the guide setup, guide initiators can write a message. Until now the character limit was 255 characters. With this release, the limit is raised to 65535 characters.
New tooltips in the Look & Feel area (CMS area): New tooltips inform you about the effects of possible color changes in the Look & Feel area.
New character limit (Text and Multimedia): The character limit of the text field of the Text and Multimedia module has been increased to 100,000.
Adjustment (Extension): The API of the Portals module Extension has now an EFS object instead of a Questback object, for example, you should use EFS.portalsApi.isInitialized(); now. Questback is also available as an alias for now to ensure backwards compatibility.
Enhancements to Panel Website
Community Content disabled by default
As of this release, the community content will be disabled by default on new EFS installations. The Quick Polls menu item is moved from Community content to Standard content.
Usability Improvement
To prevent incorrect assignment of panelists to offline websites, offline will be added to the language version, if the the language or the whole website is offline.
New Service Layer Services
Service | Meaning |
---|---|
efs.smsblocklist.add(array(phone-numbers)) | Imports a list of numbers into the blocklist, returns list of numbers and their import status |
efs.smsblocklist.delete(array(phone-numbers)) | Deletes a list of numbers from the blocklist, returns list of numbers and their delete status |
efs.smsblocklist.getList | Returns the list of all numbers on the blocklist |
efs.smsblocklist.getListByDateRange(daterange) | Returns the list of all numbers on the blocklist within the given date range |
efs.smsblocklist.getListByNumber(phone-number) | Returns a list of all surveys where given number is on the blocklist. In case of global bocklist, the surveyId is 0. |
efs.smsblocklist.isBlocked(number,surveyId (opt)) | Check whether number is on the blocklist for given survey, in this case the global blocklist will not be checked. If surveyId is not specified checks whether email is in global blocklist. |
© 2024 Tivian XI GmbH