This page containes the description of the hotfixes related to 3.16.0 version
DISCLAIMER
Product Information contained within this document, including technical information and functional specifications, is subject to change without notice. Naviga reserves the right to make any changes to the information in this document at any time without notice. Naviga makes no warranty, representation, or guarantee regarding the suitability of its products and services for any particular purpose.
Please note that all the 3.16.0.X hotfixes are by default included in both the minor and major versions being in development, which are 3.16.1 and above and 3.17.0, respectively
If you want the fix to be applied please input a Salesforce case
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
In the scope of 3.16.0 we added three cancellation options for Account management: Cancel immediately, Cancel next billing cycle and Cancel at a future date. However, we realised that there was no way to manage these options' visibility, and also they were sending the wrong StopType. Those two issues were fixed in scope of this hotfix.
The ability to manage the visibility of the cancellation option through Account Management settings was added. The following settings can be set to either true or false:
DisplayImmediateOption
DisplayNextCycleOption
DisplayScheduleDateOption
To manage CancellationTypeId for each option in addition to already existing SubCon.Cancel.DefaultStopType API setting in MG2 control the three new API settings were created:
SubCon.Cancel.NextBillingCycleStopType
SubCon.Cancel.ImmediateStopType
SubCon.Cancel.ScheduleDateStopType
The setting value should be sent to the following:
for the cancellation on the next billing cycle = 1
for the immediate cancellation = 2 4
for the cancellation at a scheduled date = 3 2
Areas Covered: Subcon Site (Account management), API
For the fix to work correctly please apply the 3.16.0.6 hotfix that contains mandatory scripts
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Starting from 3.16 onwards Purchase API must be for all the new starts. There are two endpoints /Purchases (to receive Standard, Comps, PaidPass, Gifts, etc for all Circs) and /Purchases/InApp (to receive InApp and SwG).
/Purchases/InApp is prepared to redirect to Subscriptions API or Pu
rchase API based on an MG2 Control setting. This works for consumer apps but it is going to be a problem for all the clients using InApp today since they were not notified they need to switch the endpoint. Since we want to have backward compatibility with our external InApp consumers, re-add the POST /Subscription endpoint with a condition that it can be used only for InApp new starts.
In the scope of this hotfix, we also fixed the issue with the Payway form not being loaded in the Edge browser in Account Management.
Areas Covered: API, Account Management
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
This hotfix is dedicated to CircPro-related issues. The following issues are covered:
wrong redelivery issue dropdown options when submitting a complaint in Account Management
unit designator not being sent in CircPro for a new start
scheduled vacation not being synced during overnight database sync
new start with ApplePay or Google Pay passing zero amount to circ
displaying negative balance in Account Management while it's actually positive
Areas Covered: Account Management, API
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
For Auth0 we had a problem with ProcessLogin failing because the Auth Endpoint was using the User ID instead of Internal_id for Advance Tennant. The issue was fixed in scope of this hotfix. Now for Advance Auth endpoint uses Internal_id.
Areas Covered: API
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Some ApplePay starts with Payway were failing due to ApplePay Payload not having the ECI Indicator. The issue was fixed in scope of the current hotfix, new MG2Control's Setting (API Setting) was added:
Key -> Edgil.SecureElectronicCommerceTransactionECI
NULL NULL NULL Value -> 5
The changes had to be merged to several branches as several clients in production were affected. Please see the list of the branches below:
PurchaseAPI: 3.15.0.5, 3.15.1.6, 3.15.2.3, 3.15.3.1, 3.16.0.5
EdgilPaywayAPI: 3.15.0.2, 3.15.1.2, 3.15.2.2, 3.15.3.1, 3.16.0.5
Also included minor fixes for GooglePay:
The old GooglePay watermark image is now replaced with the new watermark in the checkout flow
Fixed the error of GooglePay icon still being visible in checkout flow even if unchecked in Solicitor Concierge
Areas Covered: API, Subscription Panel
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
This fix contains the scripts that populate CancellationTypes and NewspaperCancellationTypes in subsvc database as part of the dacpack. These scripts are required for the cancellation options for Account Management to work correctly
The fix also includes some optimisation of the subsvc database used by One CSR Portal:
ApiGetUserEmailPreference and ApiUpdateRegistration stored procedure optimised.
The new index in the Registration table is created; EmailAddressId column is included in the existing index of the EmailAddress table.
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Previously, a bug was introduced that caused the user to have to click twice instead of a single click to purchase the subscription after entering billing details when the seamless presentation was configured with the Independent Address component. The issue was fixed in the scope of this hotfix.
Areas covered: Subscription Panel, CMS Admin
This fix was also merged to 3.15.3.4 and 3.15.2.3.
Updated on June 26th, 2023
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Braintree is sunsetting their API on python platform. Hence, as per Braintree's recommendation, the backend Braintree SDK has been updated to version 4.18.1.
Areas covered: API
The fix was also merged to 2.39.0.1 and 3.16.1.4
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Due to the cross-site validation, Auth0 was deleting the cookie when visiting Self-Service after .com and vice versa. This was fixed by ensuring that the cookie is deleted only when the user actually clicks the Logout button.
Areas covered: Self-Service
This fix was also merged to 3.16.1.5
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EZPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from the payment vendor to the circulation system.
Areas covered: Self-Service
This fix was also merged to 3.16.1.6 and 3.16.2.1
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
The following issues were fixed:
Not being able to access downgrade page or logout when 3rd party cookies are blocked
Not being able to logout when 3rd party cookies are blocked
Logout after browsing to Newsletter page
Auth0's Integration was fixed and defensive code was added to APP_INITIALIZER flow. Inconsistent logic from auth0.service.ts was removed
This document is currently in progress
Areas covered: Self-Service
Please note that upgrades to this version are no longer available since the Amazon S3 bucket now requires a minimum of TLS 1.2 security protocol, which is not supported by this version.
Note added on June 20th, 2023.
When a subscribed user logs out from the Subscription panel and then tries to buy a new Subscription with his existing account, the user was not recognized as an existing user by SP. This was because the Customer Registration ID of the user was not available and hence the user was treated as a new user.
To overcome this issue, it is ensured that even if the user logs out, the system will make sure to fetch the Customer Registration ID that recognizes the user.
When a user was trying to buy a subscription after getting registered via a third-party authentication system (e.g., a user on newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.
The fix was also merged to 3.16.1.5 and 3.16.2.2.
The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.
This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.
The Hotfix 3.16.0.13 documentation was updated on June 12th, 2023.
Note: If the TLS version is not configured in the web.config file, CMS now uses the TLS 1.2 security protocol by default.
This fix was also merged to 2.39.1, 2.39.1.0, 3.15.3.1, 3.15.2.1, 3.16.1.7, 3.16.2.4, and 3.16.3.
The issue with the 'Mark as processed' button in SubCon Admin has been resolved.
This fix is also merged to 3.16.1.8, 3.16.2.5 & 3.16.3
In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.
Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.
A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).
For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.
This fix was also merged to 3.16.1.9, 3.16.3.1, 3.15.2.4, 3.15.3.5, 3.16.2.5
This release is in its beta version now.
Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.
Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing for accessing consumer applications (SubCon Admin, SolCon & CMS).
Following the new implementation, users can access any consumer application only through the Landing application.
If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.
Page refresh will work as before and have no impact following the redesign.
Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.
There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.
Consumer applications are no longer dependent on Local storage to fetch data.
The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.
For a seamless user experience and as a best practice, please do not disable cookies in your browser.
This fix is also merged into 3.16.1.10, 3.16.2.8, 3.16.3.13 & 3.17.0.3 releases.