October 2024


Improvements in this Release

  • Proxy Server Connector (SHE-39135)
    • SigningHub now supports configuring proxy settings for external connectors and services, ensuring outbound traffic follows designated proxy paths for enhanced security and compliance.
  • Service Plan-based and Role-based Document Certify Options (SHE-37797)
    • SigningHub now enables administrators to configure document certify options at both the service plan and role levels, allowing greater control over which certify options are permitted against service plans and for user roles.
  • Managing SigningHub REST APIs (SHE-47431)
    • The following new APIs have been introduced:
      • Get All Push Notification Devices
      • Delete All Push Notification Devices
      • Delete Refresh Token


Security Improvements

  • SigningHub "Upload Library Document" API Server-Side Request Forgery (SSRF) (SHE-45960)
    • The SigningHub "Upload Library Document" function has been updated to remove the file path details from the response to reduce the potential risk of Server-Side Request Forgery (SSRF) attacks.
  • SigningHub Branding CSS Injection (SHE-45960)
    • SigningHub Enterprise branding logic has been improved to prevent the potential use of malicious Cascading Style Sheets (CSS) injection when customizing enterprise branding.
  • Trust1Connector Integration System Information Disclosure (SHE-46510)
    • The SigningHub integration with the Trust1Connector has been updated to remove references to file paths and libraries used by the integration JavaScript code.

Compatibility with Earlier Versions of SigningHub

SigningHub (iOS) & (Android) 8.6.7 are compatible with the 8.6.6 version of SigningHub.