Current version is Yozons eSignForms v24.3.9_p0418

• Upgraded to OpenJDK 22 for the server runtime. Due to Java code restrictions in Vaadin, OpenJDK 17 may be the most current development version you can use within Eclipse. The code is still compiled to target Java 8 as limited by Vaadin 8.
• Upgraded to Apache Tomcat 9.0.87.
• Upgraded to libphonenumber 8.13.26.
• Upgraded to BouncyCastle JCE and PKIX 1.77.
• Upgraded to Log4j 2.23.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Updated the standard HTTP headers to include Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' data:; frame-src 'self'; base-uri 'self';form-action 'self';
  To use, add the following to your web.xml setup:

  <filter>
      <description>Sets security headers.</description>
   	<filter-name>AddSecurityHeaderFilter</filter-name>
   	<filter-class>com.esignforms.yozons.filter.AddSecurityHeaderFilter</filter-class>
   	<async-supported>true</async-supported>
   	<init-param>
   		<param-name>ContentSecurityPolicy</param-name>
   		<param-value>YOUR-CSP-OVERRIDE</param-value>  <!-- blank value: turns off; default value w/o init-param: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' *.ckeditor.com; font-src 'self' fonts.gstatic.com; img-src 'self' data:; frame-src 'self'; base-uri 'self'; form-action 'self'; -->
   	</init-param>
    </filter>
   ...
    <filter-mapping>
   	<filter-name>AddSecurityHeaderFilter</filter-name>
   	<url-pattern>/*</url-pattern>
   	<dispatcher>REQUEST</dispatcher>
    </filter-mapping>

• Created the SubstitutesDropDownViaCSVReport servlet for GoodbyeToPaper. It creates the Substitutes drop down using CSV data retrieved from the SubstituteRecord report.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• Integrated GoodbyeToPaper CSV upload to build out a set of Campus (school) grade drop downs, and for each grade, a list of students. This works in conjunction with a custom document and package called CampusGradeStudentDropDownCSVUpload.
• Removed the "response metadata" from the SMS activity logs as it had no useful information for troubeshooting.
• Upgraded to libphonenumber 8.13.26.
• Upgraded to Apache Tomcat 9.0.83.
• On 3 November 2023, our U.S. Patent No. 7,360,079 expired and is in the public domain for all to use and benefit from without license or need to mark previously patent-licensed products. Thank you to all of our past patent licensees.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Amazon EC2 servers upgraded to Amazon Linux 2023.
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Set the custom logic rules list for a package and a document to have a table page length of 0 in an attempt to avoid the last row sometimes not being visible when you scrolled to the bottom.
• For document fields, let the default max length for General and Text be 100, and for Money/Decimal/Integer to 999,999.
• Removed references to Twilio Authy Two-Factor Authentication references to their desktop app which has an end of life now of Feburary 2024. Only the mobile apps will be supported thereafter.
• Upgraded to libphonenumber 8.13.19.
• Upgraded to Apache Tomcat 9.0.80.
• Upgraded to Thumbnailator 0.4.20.
• Upgraded to CKEditor 4.21.1. CKEditor 4 has reached the end of its support line.
• Upgraded to JDOM 2.0.6.1.
• Upgraded to Log4j 2.20.0.
• Upgraded to BouncyCastle JCE and PKIX 1.76.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Made the menu bar 'borderless' to make it more distinct from the tab bar that appears below it.
• Ensure the pseudo-party ESF_reports_access is always the last party defined in a package.
• Fixed the Comparison Condition in custom logic to not shift to lowercase for non-string fields like Date+Time, which converted things like "10-JAN-2023 3:45 AM PST" to "10-jan-2023 3:45 am pst" and then the Java date formatter methods failed to parse the lowercase parts correctly.
• Upgraded to libphonenumber 8.13.11.
• Upgraded to CKEditor 4.21.0.
• Upgraded to Apache Tomcat 9.0.73.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor the birth of Jacob who brought us the wonderful gift of grandson, August.
• Created property ESF.ReportsHideSearchStartedByPartyTo that can be set to 'true' to suppress the 'started by' and 'party to' selections on reports. If set to 'true' it will default to using 'Started by' that includes Me, All Users and External parties based on report permissions. This is generally defined in the ESF/Library/Template property set ESF to apply to all users, but it can be overridden for a given user by specifying the property in the user's setup.
• Created property ESF.MenubarHideIcons that can be set to 'true' to suppress the icons shown on the menu bar and in the menu drop downs. This is generally defined in the ESF/Library/Template property set ESF to apply to all users, but it can be overridden for a given user by specifying the property in the user's setup.
• Created property ESF.MenubarShowDisplayNameOnly that can be set to 'true' to only list the transaction and report 'display name' in their respective drop downs rather than also include the template names and description. This is generally defined in the ESF/Library/Template property set ESF to apply to all users, but it can be overridden for a given user by specifying the property in the user's setup.
• Attempting to use autocomplete="new-password" on the login page password screen to keep the browser from auto-filling as autocomplete="off" is often ignored by modern browsers that attempt to password management across all sites.
• Added properties that can be used to limit the possible passwords from the default of 4 to 100 character pass phrases. If not defined or none of the Allow options are set to true, uppercase, lowercase, digits and special characters will be allowed. To make use, set this up in the property set PasswordLimits in the ESF/Library/Template (you can use any combination):
  MinLength = 4 to 100 (default 4)
AllowUppercase = true | false (default false)
AllowLowercase = true | false (default false)
AllowDigit = true | false (default false)
AllowSpecialCharacter = true | false (default false)
MinAllowOptions = 1 to 4 (default 1)
Tip = policy-tip-to-show-user (default to servermessages password.policy.tip, currently 'Your password must have between 4 and 100 characters. Longer pass phrases, including a variety of characters, are more secure.')

• Added the password tip and forgotten password tip to the 'Access control->Change my password' view.
• Fixed heap size hitting max usage reporting and actions.
• Fixed deleting document versions that define the built-in ESF_reports_access party.
• Upgraded to libphonenumber 8.13.7.
• Upgraded to CKEditor 4.20.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Updated the email bounce/reply correlation to extract all parts from multipart emails received. Previously, when multiparts were embedded in a given part, that part was ignored, though it may have itself included useful TEXT and/or HTML parts. This only appears to have been a problem if a recipient replied to their email notification and attached files as well. No attached files are preserved in email bounce/reply correlations to avoid possible viruses.
• Added a mass delete of all package version's mapped report fields that are in error. That is, if the specified document and/or document field are not found, it is removed from the package report field mappings.
• Fixed read-only license issue that prevented Production mode from being set to run reports.
• Upgraded to Apache Tomcat 9.0.70.
• Upgraded to libphonenumber 8.13.3.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor the birth of grandson August earlier this beautiful, sunny morning.
• Fixed the built-in report field 'esf_resume_transaction_transfer_to_me_button' so that if clicked by a user who can run the report and has RESUME permission for the specified transaction template, it will not transfer party or resume the transaction if the user is not authorized to be that party. This can occur only when the next party to be transferred to the user is configured in the package to require login and specifies a To Do group the user does not belong to and it's not already assigned to the user. This implies a misconfigured report or package since the purpose of the button is to allow the user to both resume the transaction and have it assigned to them for retrieval via To Do.
• The To Do for those who can manage the To Do of others, the 'Suppress disabled users' checkbox will default to checked on first use.
• The To Do lists now remember reordered report field columns and any suppressed columns set via the respective Table's column control. If the saved order has different report fields than those configured via the respective package's report field mappings for To Do display, the saved order is cleared for a fresh display.
• Similar to To Do, the Reports view now remembers reordered report field columns and any suppressed columns set via the report's Table's column control. If the saved order has different report fields than those configured via the respective report's fields, the saved order is cleared for a fresh display.
• Upgraded to CKEditor 4.20.0.
• Upgraded to PDFBox 1.8.17 (with companion fontbox 1.8.17 and jempbox 1.8.17).
• Upgraded to PostgreSQL JDBC 42.5.0.
• Upgraded to libphonenumber 8.13.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Trim main menu bar items that have no entries for users with few permissions so they don't see options with nothing under them.
• Initial implementation of a new 'esfvalo' Theme that is available globally or on a per-users basis via the property ESF.Theme being set to 'esfvalo' for the new 'flat' look, and all other values (or not being defined at all) imply the default 'yozonsesf' theme that provides good contrast and fonts for greater accessibility.
• For To Do listings in which transactions of the same type, but making use of multiple versions of its underlying package, are listed together if the package versions have the same report fields defined.
• Fixed use case where a User record allows Test mode, the user has logged in and operated in Test mode, but then later the User record is updated to allow only Production transactions. When this occurs, the next time the user logs in, they will not be in Test mode but will be in Production mode.
• Upgraded to CKEditor 4.19.1.
• Upgraded to Log4j 2.18.0.
• Upgraded to libphonenumber 8.12.55.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor sister Jeri's 65th birthday.
• Updated the servermessages_de.properties to have German translations as provided by AIMPACE.digital.
• A new button message set named ESF_DefaultGermanButtonMessage is added to the ESF/Library/Template to jumpstart those who need a German version. The German version was created by our customer AIMPACE.
• Updated the servermessages_pt.properties to have Portuguese translations as provided by AIMPACE.digital.
• A new button message set named ESF_DefaultPortugueseButtonMessage is added to the ESF/Library/Template to jumpstart those who need a Portuguese version. The Portuguese version was created by our customer AIMPACE.
• Ensured the ISO date format dd.mm.yyyy is included in the default ESF_DateFormat drop down in ESF/Library/Template.
• Added the German (de_DE) and Português (Brasil) (pt_BR) locales to the ESF_Locale drop down in the ESF/Library/Template
• Fixed setting a General field to the value of a Date+Time field to use the deployment default time zone when no other is known.
• Created yozonsesignforms.properties entry 'proxy.server.requestIpAddress.header' that if set to the name of the HTTP header, like 'x-forwarded-for', it will use that header's IP address for the request rather than actual IP address received as that will always be the web proxy server's IP address.
• For the Calculate Date Interval action, added seconds, minutes and hours to be specified for the interval. These are mostly useful when comparing two Date+Time fields.
• Fixed to allow the '+' symbol in the username portion of an email address.
• Updated esf.css to include 'maindiv' as the CSS class name for the top DIV element that holds the document being rendered. Each document page is written within its own DIV using the CSS class name 'pagediv' as well as the ESF name of the page as defined in the document's page editor. By default, these classes do nothing, but can be used in your own CSS to control them when needed.
• Added a 'head element HTML' field to the Document Styles to allow for customized HTML to be included in the <head> element, typically using HTML tags like: <link>, <meta>, <style> and <script>.
• Added support to use Google Chrome/Chromium headless browser for PDF generation, as an alternative to wkhtmltopdf. This requires updates to the ESF/Library/Template's property set HtmlToPdf. The Chrome converter seems to support the most modern HTML+CSS, but it is considered experimental now because it has no direct support for landscape mode (Google suggesgts your HTML head's style should set @page { size: landscape; } ) or any header/footer control besides turning it on/off.
• Fixed REDO back to the first party when that party is in 'automatic API" mode so it doesn't just auto-process the first party again when the option to reassign the party is checked (this will transfer the API party to a non-API party).
• Upgraded to CKEditor 4.19.0.
• Upgraded to libphonenumber 8.12.51.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Fixed tran search queries that filter by party email address to avoid counting a single transaction more than once if matching email address are assigned to multiple parties within the transaction.
• Fixed removal of transaction report fields mapped to file upload fields when the transaction is deleted.
• Fixed removal of scheduled transaction party renotifications when a transaction party is deleted.
• Fixed Group deletion to check if the group is in use in a library's Party TEST To Do Group setting. It previously only checked for the PRODUCTION To Do Group setting.
• Block removal of a package party from a package version if that package party is in use in existing transactions parties.
• Upgraded to CKEditor 4.18.0.
• Upgraded to Apache Tomcat 9.0.60.
• Upgraded to libphonenumber 8.12.48.
• Upgraded to PostgreSQL JDBC 42.3.5.
• Upgraded to Twilio Authy Java 1.5.1.
• Upgraded to BouncyCastle JCE and PKIX 1.71.
• Upgraded to Log4j 2.17.2.
• Upgraded to PDFBox 1.8.16 (with companion fontbox 1.8.16 and jempbox 1.8.16).
• Upgraded to Amazon's AWS SDK for SNS 2.17.183.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Allow a User to be marked to only allow Production Mode (blocking Test modes).
• The CSV upload to mass create users was updated to allow the 'allowModes' attribute to be specified.
• Upgraded to CKEditor 4.17.2.
• Upgraded to Log4j 2.17.1.
• Upgraded to libphonenumber 8.12.43.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• If the last party in a package is 'view optional' for its document(s), when that last party is activated, it will be auto-completed, and now the transaction will also auto-complete.
• Upgraded to Log4j 2.15.0.
• Upgraded to BouncyCastle JCE and PKIX 1.70.
• Upgraded to libphonenumber 8.12.40.
• Upgraded to CKEditor 4.17.1.
• Upgraded to Vaadin 8.14.3. This is the last open source version supported on Vaadin 8 by Vaadin, meaning that bug fixes and security issues will no longer be offered to those who integrated it. What was previously a free, open source and actively developed platform, Vaadin 8 is now a significantly expensive (around $1000/month) closed source platform with little new development effort. Unlike other significant technologies used like Java, PostgreSQL, Tomcat, BouncyCastle Crypto, CKEditor and Linux (and of course our eSignForms platform over the past decade), each Vaadin platform version change has required extensive and expensive updates and rewrites just to keep existing functionality. Yozons has GIT cloned the code respository for this version of Vaadin and can build new versions if security issues are detected in the future
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• When showing Errors, include an 'X' close box to make sure the user knows they must click it to dismiss it.
• Created property ESF.ReportsHideSearchByTranId that can be set to 'true' to suppress the transaction id search box on reports, and new property ESF.ReportsHideSearchByPartyEmail that can be set to 'true' to suppress the party email search box. These do not affect the standard Tran Search. This is generally defined in the ESF/Library/Template property set ESF to apply to all users, but it can be overridden for a given user by specifying the property in the user's setup.
• Upgraded to libphonenumber 8.12.35.
• Upgraded to Vaadin 8.14.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• A special mention and remembrance for the passing of Tina Yamada. See was a wonderful woman, full of humor and wisdom and kindness.
• Created property ESF.ReportsDefaultSearchPrefix that can be set to '~' (the prior default, meaning a 'contains' search, the most DB expensive and general filter), '^' (starts with) or '=' (exact match). This specifies what is intended if a user just enters text in a report search field without any prefix. If the property is not defined or is specified but it's none of those values, it will default to '~' (contains) as that is the prior default behavior. This is generally defined in the ESF/Library/Template property set ESF to apply to all users, but it can be overridden for a given user by specifying the property in the user's setup. Regardless, all search criteria with no prefix are re-written with this specified prefix to make it clear which type of search is used for any given searchable report field. This also applies to the built-in search field for party email address.
• Limit report field value matching to those that belong to the report's transaction templates and date range. This likely slows down queries for small datasets, but should speed them up for large datasets.
• For first-time report users, not only default to started by the user, but also to external parties and all other users if the report permissions allow it.
• When deleting a user, no longer do an in-use reference check against the SMS and email tables as they are deleted along with the user.
• Upgraded to CKEditor 4.16.2.
• Upgraded to libphonenumber 8.12.33.
• Upgraded to Vaadin 8.14.0.
• Upgraded to OpenJDK 17.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• For Decimal/Money report fields, increased the decimal precision from 4 to 7 decimal points, from (17,4) to (20,7). If you have previously mapped fields that need this extra precision, you will need to reload the mapped report fields in your package(s) so the values are saved again with the higher precision.
• To avoid processing a double-click on document/package buttons in parallel, pickup requests are serialized for a given HTTP session.
• Updated the forgotMyPassword, login, requestForgotPassword and setMyPassword JSPs pages to use BUTTON instead of INPUT submit elements.
• Updated all document buttons to include a class selector that matches the button's name prefix so it can be targeted by custom CSS. (i.e. add <style> .esf button.documentSaveButton { display: none; } </style> to a document in SOURCE mode to hide the button entirely) New otherwise empty button classes include: packageContinueButton, packageDeleteTranButton, packageNotCompletingButton, packageDownloadMyDocsAsPdfButton, documentNextPageButton, documentPreviousPageButton, documentSaveButton, documentReviewButton, documentEditButton, documentCompleteButton, documentViewPackageButton, documentNextDocumentButton, documentPreviousDocumentButton, packageViewCompletedDocumentButton, packageEditDocumentButton
• Added more reference checks before allowing a User record to be deleted. In general, it's better to disable user records who are no longer needed so as to keep the user references since all records have a created by/last updated by user reference.
• Reduce web.xml param heartbeatInterval to 55 (seconds), from 150 (or 300, the default). This is an attempt to let clients detect broken connections a bit faster as some proxies seem to terminate connections with no transfers after a minute or two.
• Upgraded to libphonenumber 8.12.30.
• Upgraded to PostgreSQL 13.3.
• Upgraded to Log4j 2.14.1.
• Upgraded to PostgreSQL JDBC Driver to 42.2.23.
• Upgraded to BouncyCastle JCE and PKIX 1.69.
• Upgraded to Vaadin 8.13.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• Fixed unique file names generated by the PDF export button in reports to ensure no duplicate file names in the created ZIP file.
• Added ${document:id_esfname} built-in spec for the purpose of building a custom Save button in a Document without hard-coding the document ID, expanding to the document id in the special 'esf name' format that can be appended to the button name prefix "DocumentSaveButton_".
• Fixed 'create like' on a User record to also create-like its configured property sets. Only enabled property sets and the latest version are copied from the current user to the new user. Also, ensure we don't copy over the Authy or SMS two-factor authentication (2FA) setup.
• Allow the report template built-in report field 'esf_resume_transaction_button' to have a configurable button label.
• Created new report template built-in report field 'esf_resume_transaction_transfer_to_me_button' that transfers the first active party to the user who clicks it, and then resumes the transaction, typically resulting in the transaction appearing in that user's To Do list.
• For HTTP Send Actions sending over files, add a __fileName suffixed param if the action itself does not define one.
• Upgraded to CKEditor 4.16.1.
• Upgraded to libphonenumber 8.12.25.
• Upgraded to Vaadin 8.13.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added import/export options to report templates. Reports are a complex network of objects related to transaction templates, groups on permissions, and ties back to various package report field mappings, so importing on a system that isn't setup like the exporting system is likely to result in only a partial report template setup.
• Set the 'tabindex' for the login page so the links don't interfere with the normal entry of input fields.
• Fixed the list limits on reports to restore the value from the prior search. Note that such values are only saved between sessions when the user logs off. The special unlimited list limit is never saved.
• Upgraded to Vaadin 8.13.0.
• Upgraded to libphonenumber 8.12.23.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added a Locale setting to a Document Version. This will then use that locale for resolving built-in error messages. It is also used to specify the language for the HTML 5 'lang' attribute when that document is rendered.
• Allow running Transactions to use document-specified Locales managed by the TransactionContext.
• Added ability to upload a CSV file in "label,value" order to set the label and associated value option for a Drop Down list.
• Upgraded to libphonenumber 8.12.21.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES (to force the 20.10.15 conversion that was lost when the release was delayed to 20.11.13)
  • web.xml changes required: NO

• Yay for Spring!
• Made the 'caution' and 'preferred flow' buttons when running a transaction become more prominent when the button has focus.
• Added an optional button to 'Map All Report Fields' when configuring a package version. It's not generally recommended because bulk report field mapping will create issues if your package doesn't have consistent field naming (like it would map fields 'First_Name' and 'firstName' to two different report fields) and will also be less efficient and consume more disk space if you are mapping lots of fields that you don't actually end up using in reports. The property ESF.AllowMapAllDocumentFields (in ESF/Library/Template) must be set to 'true' for this button to appear.
• No longer allow mapped report fields for radio buttons. Radio buttons do not have a value as that's held in the underlying radio button group field.
• Upgraded to libphonenumber 8.12.19.
• Upgraded to Apache Tomcat 9.0.44.
• Upgraded to Vaadin 8.12.4.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added additional support for greater accessibility for document worklows. This includes:
  • Use BUTTON instead of INPUT type="submit" elements.
  • Removed the low contrast light-gray color for the page and document status/locator at the top and bottom of documents (removed 'color: lightgray;' from the standard CSS selector .esf div.documentAndPageNumbersInfo).
  • Removed the low contrast gray CSS class from the Package footer defined in the button message set ESF_DefaultButtonMessage (for new installations only so as not to change the behavior of installed systems).
  • Added role="navigation" to the buttons at the bottom which controls all navigation for a document workflow.
  • Added role="main" to DIV class="pagediv" element after the BODY element as that's the document content.
  • Added role="alert" aria-live="assertive" to the errors and messages box that appears at the top of document pages.
  • Added lang attribute the HTML element for HTML5 documents as retrieved from the application's default locale.
  • Added required and aria-required="true" attributes to INPUT elements created for fields defined as 'required' or 'optional style required'.
  • Added the aria-invalid="true" attribute to INPUT elements that have validation errors.
  • Converted the error/info message box for HTML5 documents from TABLE layouts to DIVs as it's not truly tabular data.
  • Document styles now allow required and invalid fields to display extra HTML, typically a single character, after their label name when in Page Edit mode. For existing deployments, these are left blank to behave as before, and can be updated as needed. However, new deployments will default to '✱' for required fields and '❗' for fields in error. Others may prefer alternative symbols like: '❓' or '⚠' or '⁉' or even simply '*' or '!' or even strings like '(required)' or '(error)' (strings are treated as pre-formatted HTML).
  • Added a new 'alt/title' field to Image objects defined in libraries so it can be used for both 'alt' and 'title' attributes on those images.
• If a given message shown in the error/info message box displayed at the top of documents is associated with one or more document fields, that message can now be clicked to put the first such associated field into focus (and scroll to it, if necessary).
• The list of error/info messages now allows a maximum of 10 lines of errors shown in a scrolling area, if necessary.
• Upgraded to libphonenumber 8.12.17.
• Upgraded to CKEditor 4.16.0.
• Upgraded to Vaadin 8.12.2.
• Updated WEB-INF/webdown.xml to also report system down for all WebServlet URL target annotations.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Updated to the 2021 W-4 in the Forms Store and those who buy the HR Onboarding Solutions suite of new hire forms (HROS).
• Upgraded to libphonenumber 8.12.15.
• Upgraded to CKEditor 4.15.1.
• Upgraded to Vaadin 8.12.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• A special mention and remembrance on this release day, the 88th birthday of Yoshitaro Yamada who was a great father, entrepreneur and was key to getting Yozons launched.
• A new button message set named ESF_DefaultSpanishButtonMessage is added to the ESF/Library/Template to jumpstart those who need a Spanish version. The Spanish version was created by our partners at FirmaNet.
• Updated the servermessages_es.properties to have Spanish translations as provided by FirmaNet.
• Fixed cleanup of associated outbound SMS when transactions and users are deleted.
• Added an estimated total transaction size to the transaction details view from reports and general tran search. Note that the DB overhead for a transaction isn't fully reflected in this estimate, but it gives you a reasonable estimated size of each transaction.
• Upgraded to libphonenumber 8.12.11.
• Upgraded to Vaadin 8.12.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• For Report user-defined search fields, allow the '|' symbol to mean "or" for the purpose of searching for a value or another value (if negated by a leading '!', multiple values separated by '|' will change to an "and" condition). This does not apply to date ranges.
• Changed reports and other listings of sortable columns to ignore case for String columns.
• Upgraded to libphonenumber 8.12.9.
• Upgraded to Vaadin 8.11.3.
• Upgraded to CKEditor 4.15.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added Amazon Simple Notification Service (SNS) Short Message Service (SMS), aka Text Messaging to mobile devices.
  You must create an Amazon Web Service (AWS) account and login to the AWS Console. It is best to use the Identity and Access Management (IAM) service to create a Group 'YozonsSMS' (use any name you like) and grant it the Permission's Attached Policy 'AmazonSNSFullAccess'. Then create a User 'YozonsSMS' (use any name you like) and Add User to Group to add this user to the 'YozonsSMS' group you created. Under the User's Security Credentials, click 'Create access key' to generate and then show the access key id and the secret access key. You will need to record these two values in the ESF/Lib/Template's property set 'AmazonSNSForSMS'. Note that if you don't record the secret access key above, you'll need to create a new access key and record it then.
  
  Also, each eSignForms user who wants to receive text messages must have a configured mobile phone number. SMS may also be used for 2FA, though less secure than the Twilio Authy app. If Authy and SMS are enabled for 2FA, Authy is used.
• Added SMS notification setup to package parties.
• Added Send SMS Action to package custom logic.
• Added the Outbound SMS processor thread status to the Deployment Stats view.
• Added a new SMS phone number to transfer a party via the Tran Search's and Report's transaction detail view's party list when SMS is enabled.
• Added a View SMS logs button to the User view, and to the Tran Search and Reports transaction details view when SMS is enabled.
• Added a Send SMS Action to the package custom logic setup so you can send an SMS at any point in the workflow.
• Added the mobile phone number to the User listing and filter.
• Updated the TranAdmin API for renotifying a party to allow a new SMS phone number to be used as it could before for just an email address via the TRANSFERTOSMSPHONE param.
• Added Amazon's AWS SDK for SNS 2.13.66.
• Resolved a thread timing/deadlock issue between User and Group objects.
• Added a Refresh button to the User List, Group List and Package List. This re-retrieves all corresponding records without having to close and reopen the list.
• Upgraded to BouncyCastle JCE and PKIX 1.66.
• Upgraded to Vaadin 8.11.2.
• Upgraded to libphonenumber 8.12.7.
• Upgraded to log4j 2.13.3.
• Upgraded to Apache Tomcat 9.0.37.
• Upgraded to OpenJDK 14.0.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added Authy Two-Factor Authentication (2FA). Read more about which industries require 2FA.
  Currently, 2FA uses the free Authy mobile app for Android and iPhone (a desktop app and browser integration are optional in addition to the required mobile app) available from https://authy.com/download/ for Time-based One-Time Passwords (TOTP). You must create your Twilio Authy application and retrieve the API Key to set this up. Also, each user who wants 2FA must have a configured mobile phone number and activate 2FA. Thereafter, 2FA will be required for all non-API logins and to set a password. An option to "request SMS" is provided for those who accept Authy charges for SMS delivery of the TOTP rather than rely on the Authy mobile app, though if the user has the mobile app, it will just notify them via that app rather than send an SMS (unless you configure the Authy application at Twilio to force SMS.).
• Added a mobile phone number to the User record. If Authy is enabled, this will also be used for 2FA. Furthermore, the built-in field spec ${transaction:user.mobile_phone_number} was added to access this standard, optional field.
• On a successful login, if the user is defined to require an Authy token, the login page is shown again with the Authy code to be provided. For users who have logged in with an Authy token, subsequent logins will automatically prompt for the token at login.
• The view to change a password will require an Authy token for users who have activated Authy 2FA.
• The set password page will require an Authy token for users who have activated Authy 2FA.
• Externalized the text (via properties files) on the login page so it can be internationalized.
• Added Twilio Authy SDK version 1.5.0.
• Upgraded to CKEditor 4.14.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Removed Apache commons-fileupload and commons-io, and use the Java Servlet @MultipartConfig annotation (on the PickupTransaction servlet) along with standard HttpServletRequest Parts processing to handle file upload requests in transactions.
• Added a 'Create multiple like' button to the document Field editor so you can create 2 to 10 more fields like the current one, using a sequential number appended.
• Added a Save Button Position dropdown to Button Message Sets. Select 'In Extra Buttons' for the prior default position of this button in its own p.extraButtons element and style class. Select 'Keep together' for the new option for the Save button to be positioned with the other document navigation buttons.
• Upgraded to Vaadin 8.11.0.
• Upgraded to libphonenumber 8.12.6.
• Upgraded to wkhtmltopdf 0.12.6.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: OPTIONAL See file upload tuning for the PickupTransaction and EsfReportsAccessTransaction servlet settings.

• This release is dated to honor Memorial Day as well as Dustie and Ian's first wedding anniversary.
• Added support for Colombia Español (es_CO) and México Español (es_MX) locales. Added recognition of the COP (Colombian Peso) and MXN (Mexican Peso) currency codes.
• Added Locale to the Deployment Stats view so the current default locale is visible. If a locale is created with just the language part (no country code), the system will default the country code to the deployment's default country. For Money field types, the Java Currency class needs a country code in the locale.
• Changed APS_EIP 'department' from Integer to General string field to match 'bdept'.
• Previously, if a transaction is noted to have no parties or documents needing work to be done, it is auto-completed. However, we now no longer auto-complete such a transaction if it's currently suspended. Resume the transaction to make it operational again.
• Upgraded to libphonenumber 8.12.4.
• Upgraded to Vaadin 8.10.5.
• Upgraded to Apache Tomcat 9.0.35.
• Upgraded to OpenJDK 14.0.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Order To Do transactions by the transaction template display name, like the 'Start transaction' menu list, rather than the path name. Note that display names are not guaranteed to be unique, so use care in naming to ensure an orderly To Do list.
• Allow HTTP Send action's retry interval to include 4, 8, 12 and 24 hours. Previously, only 1-60 minutes were allowed.
• Added 'title' to the APS_EIP API.
• Fixed the Digitech Papervision API to report when a request is made that has no files to transfer.
• Upgraded to CKEditor 4.14.0.
• Upgraded to libphonenumber 8.12.1.
• Upgraded to BouncyCastle JCE and PKIX 1.65.
• Upgraded to log4j 2.13.1.
• Upgraded to Apache Tomcat 9.0.34.
• Upgraded to PostgreSQL 12.2.
• Upgraded to PostgreSQL JDBC Driver to 42.2.12.
• Upgraded to Vaadin 8.10.3.
• Upgraded to OpenJDK 14.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Fixed HTTP Send Action when sending 'Signature Date' fields that override the default field format for the date.
• Fixed package custom logic actions that reference a document that no longer exists (it was deleted out from under a package that had previously used the document and still had references to it).
• For SET FIELD VALUE actions, allow a Decimal field to be assigned from a Money field (or a General field that includes leading currency symbols).
• For SET FIELD VALUE actions, allow an Integer field to be assigned from a Decimal or Money field (or a General field that includes leading currency symbols). If a decimal point (period) is found, strip it and all characters after it.
• Updated the APS EIP API code to support the new 2020 W-4 selections by sending four Money fields (fedtax-total-dependents, fedtax-other-income, fedtax-deductions, fedtax-amount) as if there were Integers.
• Upgraded to Vaadin 8.10.2.
• Upgraded to libphonenumber 8.12.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• A special mention and remembrance for the passing of A.E.P. (Ed) Wall. He was a wonderful man and provided great advice and wordsmithing, full of humor and wisdom and grace. He'd even find it humorous -- death and taxes after all -- that his January social security check was clawed back.
• Added support for saving documents into Digitech's PaperVision using the HTTP Send Action but using a special DTPV: prefix on the URL to tell it to use the proprietary Digitech Papervision API instead of the standard HTTP name-value.
• Fixed TranAdmin API call 'GetDocumentSnapshot' when it returns multiple documents each having separate PDF or HTML documents rather than the PDFMERGE format with all documents merged together into a single PDF.
• Allow a label to be set on radio button group fields. No label is shown in the document for radio button groups as the labels for the associated set of radio buttons are shown instead. However, for error messages, the radio button group name will also be shown to help identify which radio button group is being referenced. This is particularly useful when a document has lots of YES/NO radio buttons since the labels 'YES' and 'NO' are otherwise impossible to distinguish. If no label is set on the group, the field name is shown, which is generally less helpful to users, so you may want to update existing documents with radio button groups to set a more meaningful label.
• Upgraded to Vaadin 8.9.4.
• Upgraded to libphonenumber 8.11.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Updated the APS EIP API code to support the new 2020 W-4 selections.
• Limit online report queries to list up to 300 records from the prior limit of 200. For queries needing a larger result sets (or unlimited), allow the data to be downloaded as a CSV file, PDF archive, or transaction archive.
• Upgraded to CKEditor 4.13.1.
• Upgraded to libphonenumber 8.11.1.
• Upgraded to OpenJDK 13.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This is the last non-patch release for 2019 to avoid any issues introduced during the holidays.
• If a party is set to redo itself (or the current party has otherwise been transferred), no Continue button will appear on the original party's package since that will just produce an error that the party has been transferred.
• Limit online report queries to list up to 200 records. For queries needing a larger result set (unlimited), allow the data to be downloaded as a CSV file, PDF archive, or transaction archive.
• Upgraded to libphonenumber 8.10.22.
• Upgraded to Vaadin 8.9.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added an option the File Upload field template to specify any special handling of uploaded files for PDF exports (aka Download PDFs). The files uploaded, by default, are included in PDF exports. You can mark them to be excluded. Alternatively, if the uploaded file is a PDF, you can request it be prepended in front of the Document PDF, or appended after the Document PDF.
• Added CSV file upload to mass create users via UI view 'UserCsvCreateView'. By default, only the System/Administrator group has access to this feature.
• Added messages to download transaction archives and PDF archives so users know these long-running requests have started as they await the actual ZIP download to appear in their browser.
• Further attempts to resolve database commits and Java synchronized code that may cause periodic hanging of the Tomcat web server during high usage activity.
• Upgraded to libphonenumber 8.10.20.
• Upgraded to CKEditor 4.13.0. This supports copy/paste from Google Docs into the document editors.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added a Batch Priority option to the HTTP Send Action. This allows long-running requests or other lower-priority requests to be processed separately from "normal priority" requests. Two copies of the HTTP Send Processor are now started, one for Batch priority and the other for Normal priority requests.
• Added a 'Download PDFs' button to reports, if permissions on the report template allow it, that will download a ZIP file containing one PDF per transaction. The PDF will be the latest version of all documents in the transaction. Additionally, any uploaded files are also saved in the ZIP file, giving a light version of the 'Download transaction archive' feature. Note that PDF conversions across a large number of transactions can take significant time.
• Added a new 'Download PDF archive' permission to report templates to control who can use the 'Download PDFs' button on a report.
• Created an API that drives a similar 'Download PDF archive' functionality.
• Added the current and max number of HTTP sessions to the Stats view.
• Added a checkbox to the Change Tran/Party Status Action when setting up a REDO party that, if checked, will cause the REDO party's assignment information to be reset (blank out the email address, user id and To Do group id) so that possibly other people will process the REDO. When unchecked, it works as before with the REDO party's information kept so that the same person handles the REDO request.
• Fixed database transaction commit/rollback bugs in edge cases with unexpected exceptions.
• Fixed export of transactions to honor the report's "limit documents" setup. Previously, it exported all documents in the transaction.
• Fixed 'create next Test version' of a drop down to copy over the 'allow multi-selection' checkbox setting.
• Added Tomcat web filter to add security-related headers to all document responses: Referrer-Policy : no-referrer-when-downgrade and Content-Security-Policy : upgrade-insecure-requests See securityheaders.com for details.
• Upgraded to PostgreSQL JDBC Driver to 42.2.6.
• Upgraded to libphonenumber 8.10.18.
• Upgraded to Vaadin 8.8.6.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• This release is dated to coincide with Yozons celebrating 19 years in business.
• The daily system stats now includes the current db license size. This will allow tracking of changes in license size going forward. This is reflected in changes to the statistics tables, recording of statistics, and in the graph that shows usage statistics. Since the license size wasn't tracked before, the current license size is assumed for all prior days of system stats.
• Added recording of the number of transactions for each transaction template on a daily basis.
• Added a transaction usage graph to the transaction template list to graph all or a filtered list of transaction templates.
• Added a transaction usage graph to the transaction template form to see how a given transaction has been used over time.
• Doubled the read timeout calculations for JDox file transfers.
• Upgraded to log4j 2.12.1. This results in new file names for the esf.log as they are rolled over. A new log4j2.xml configuration file replaces the prior log4j.properties in the webapp's WEB-INF/classes.
• Upgraded to libphonenumber 8.10.16.
• Upgraded to Apache Tomcat 9.0.22.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added support for HTML 5 document types. All documents previously used a DOCTYPE of XHTML 1 (HTML 4).
• Added usage graphs button that shows database usage and the number of transactions to the 'System config->Stats' view.
• Added Vaadin Chart.js Addon Version 1.4.0 that makes use of Chart.js version 2.7.2.
• Upgraded to Vaadin 8.8.5.
• Upgraded to Apache Tomcat 9.0.21.
• Upgraded to libphonenumber 8.10.15.
• Upgraded to CKEditor 4.12.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Made fonts darker, along with other UI changes, so they are easier to read than the standard Vaadin Valo theme that computes it to a lighter color.
• Allow the ENTER key to trigger a report's 'Find matching' button when the given report tab is active (in focus).
• Fixed a bug when auto-completing a party with no work to do (typically the party has no documents to do, such as only having 'view optional') to run custom logic events against the auto-completed party rather than the current party at the time.
• Upgraded to Vaadin 8.8.2. This should fix table scrolling issues on Firefox browsers.
• Upgraded to libphonenumber 8.10.13.
• Updated the tips links for PassFault and Password Safe on the 'set password' page.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

This is the first release of Yozons eSignForms™, based on our prior Open eSignForms™. It is a major update that includes upgrading to the Vaadin 8 Framework with an updated Valo theme look. It will be rolled out to existing commercial licensees over time. Note that this release no longer supports IE 8, 9 and 10 web browsers; only a modern, standards-compliant browser will work on desktops, laptops and mobile devices.

• This is the first release of YozonsESF, based on OpenESF 19.3.23. All versions of OpenESF are licensed under either the AGPL and Yozons Commercial license and runs on Vaadin 7, which is no longer supported. Yozons has discontinued its support and distribution of OpenESF and no longer offers commercial licenses to OpenESF once such licensees are upgraded to YozonsESF. The new YozonsESF is only licensed under the Yozons Commercial license. Only commercial licensees of OpenESF may upgrade to YozonsESF 19.5.1 and later. Commerical licensees of YozonsESF will automatically be upgraded during routine software updates.
• Upgraded to Vaadin 8.8.0 framework, using the Vaadin 7 compatibility libraries. Support for older browsers, including Microsoft IE 8-10 and Windows Phone, has been dropped by the new framework due to their lack of modern security and compliance to browser standards.
• Changed the UI to use the Vaadin Valo theme.
• The use of Apache Tomcat 9 is now required to support the latest Servlet 4.0 and JSP 2.3 specifications.
• Upgraded to OpenJDK 12.
• Upgraded to ConfirmDialog 3.2.0 (updated for Vaadin 8).
• Upgraded to DNDScroll 2.0.2 (updated for Vaadin 8).
• Upgraded to DragDropLayouts 1.4.2 (updated for Vaadin 8).
• Upgraded to PopupButton 3.0.0 (updated for Vaadin 8).
• Upgraded to resetbutton-vaadin8 1.0 (updated for Vaadin 8).
• Removed Animator/Disclosure add-on as there is no comparable Vaadin 8 version.
• Removed ButtonGroup add-on as it is no longer needed for the Vaadin 8 Valo theme.
• Updated prior Vaadin add-ons for ResetButtonForTextField (now called ResetButtonForTextField7) and TableExport to run under Vaadin 8 within the YozonsESF code base.
• Migrated prior CKEditor for Vaadin add-on created by Yozons into the YozonsESF code base and updated it to support Vaadin 8. The Vaadin 7 add-on is no longer maintained.
• Upgraded to CKEditor 4.11.4.
• Upgraded to libphonenumber 8.10.11.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• Added built-in report field esf_status_reason to track the 'reason' a transaction status change took place. The reason is typically provided via the transaction details view when canceling, suspending, reactivating or resuming a transaction, as well as the CHANGE TRAN/PARTY STATUS Action in package custom logic.
• Added built-in field specifications for ${transaction:esf_status}, ${transaction:esf_status_text} and ${transaction:esf_status_reason}.
• Added setting the document field aps_response_text for those using the APS EIP API.
• Upgraded to CKEditor for Vaadin 7.12.9 which supports CKEditor 4.11.3.
• Upgraded to libphonenumber 8.10.8.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added a basic character set detector for use by the CSV Start Transaction feature, where text CSV files are uploaded to start a transaction, but often these files are not encoded in the expected UTF-8 character set. You can control the order of checking charsets via the optional property CharsetDetection.CharsetOrder, with the value listing each character set named on a line by itself. Normally, this will be found in the ESF/Library/Template or specified in a given User's properties. The valid names are defined by the Java runtime (see Charset.availableCharsets()). Unrecognized names are ignored. The default order of checking is: UTF-8, x-MacRoman, windows-1252, windows-1250, ISO-8859-1, US-ASCII
• Added 'redeploy' to the rundbsetup/DbSetup tool to redeploy an existing system using a new deployment id, boot key passwords and digital signature keys. This is typically done by backing up an existing deployment, and then restoring it to be used in a new deployment. The new database script 'redeploy_pre' likely should be run against the new deployment database after restoring it, but before running the 'redeploy' command so as to ensure existing transactions are not part of the redeployed system. Added the command 'changebootpassword' should the boot passwords need to be changed. And added the command 'createNewSignatureKey' to cause the current digital signing key to be marked obsolete and a new digital signature key to be made active.
• Obsoleted our com.esignforms.yozons.util.Base64 encoder/decoder and switched to use the standard (as of JDK 8) Java version.
• Attempt to catch malformed incoming email (bounces and replies) and delete them. Certain attack vector emails use malformed Base64 sections that cause Java Mail to throw a Base64 decoder exception. Such malformed emails should just be deleted.
• Fixed the XML Digital Signature code to ensure the HTML being signed doesn't create a conflict if it includes an XML CDATA section closing 'tag' (]]>). Such a string sequence is rare in HTML, but it's presence no longer causes a signature failure.
• Added PayPal Payflow Pro API option to the prior PayPal Web Site Payments Pro DoDirectPayment NVP API.
• Upgraded to wkhtmltopdf 0.12.5.
• Upgraded to libphonenumber 8.10.6.
• Upgraded to PostgreSQL 11.1.
• Upgraded to PostgreSQL JDBC Driver to 42.2.5.
• Upgraded to BouncyCastle JCE and PKIX 1.61.
• Upgraded to OpenJDK 11.0.2. A bug/change in OpenJDK 11's XML Digital Signature (also reported as an Oracle bug) motivated a new XML Digital Signature format starting with this release. This includes updating the default XML namespace from "http://open.esignforms.com/XMLSchema/2011" to "http://open.esignforms.com/XMLSchema/2019" in the snapshots XML. Also the ETSI XaDES QualifyingProperties element is now in its own namespace of "http://uri.etsi.org/01903/v1.4.1#" along with standard digital signature elements now using the namespace "http://www.w3.org/2000/09/xmldsig#".
• Upgraded to Vaadin 7.7.16.
• Upgraded to Apache Tomcat 9.0.16. Tomcat 8/8.5 will continue to work.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Per issue 98, added new "redo party" statuses. The custom logic action 'Change tran/party status' now includes 'Redo party' (to have a prior completed party redo all their documents) and 'Redo document party' (to have a prior completed party redo a specified set of documents). Added ${transaction:party.redodatetime} (expands to the date+time the party was setup for 'redo') and ${transaction:party.isredo} (expands to "true" if the party is redoing work, "false" otherwise), as well as the Java JSP interface esf.isPartyMarkedForRedo() and esf.getPartyMarkedForRedoDateTime() to control this via advanced JSP programming in your document. The package party setup now includes a second, optional email template specification to use for notifying a party when requested to redo their work.
• Fixed the 'rundbsetup' tool to create the company and company programming groups with the System/Administrator group added to all permissions.
• Various changes to accommodate the updated Harris JDox integration API, and to dynamically set read timeouts based on the number of files being transferred.
• The outbound email processor, which sends out queued emails every minute, will limit itself to no more than 300 messages per run to reduce potential memory issues when a larger number of email messages are unexpectedly queued.
• Upgraded to libphonenumber 8.10.3.
• Upgraded to Apache Commons FileUpload 1.4.
• Upgraded to Apache Tomcat 9.0.14. Tomcat 8/8.5 will continue to work.
• Upgraded to CKEditor for Vaadin 7.12.8 which uses CKEditor 4.11.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added esf.js javascript helpers esf.getElementsByFieldName(fieldName) which automatically lowercases your document field names to match the HTML DOM and returns a node list of all elements with that 'name' attribute matching. And added the more typical esf.getElementByFieldName(fieldName) to retrieve a typical document field's element, returning just the first element of the node list from the pior call, which under normal circumstances should be your field's INPUT/SELECT HTML element.
• Various minor fixes and cleanups including in the final release for the year.
• Upgraded to libphonenumber 8.10.2.
• Upgraded to javax.mail 1.6.2.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Fixed report field templates to allow the various string-related types (General, Numbers-only, Letters/Numbers-only) to be changed among their related types. Previously, it only worked when going from General to Numbers-only or Letters/Numbers-only. Of course, only newly saved report fields of that type will reflect the changed criteria for the values. Reload report fields via the package's 'map report fields' feature to force older transactions to update using the new criteria.
• Made initial size of SET TIMER and CALCULATE DATE INTERVAL action forms to be a bit taller so it can list at least two such actions at a time.
• Allow for a timer event to fire for the HTTP Send Action after a successful send, a failed send, and/or a failed attempt. This allows custom logic to be added based on the success/failure of this action, from chaining send actions to simply reporting to tech support that a failure occurred.
• Upgraded to CKEditor for Vaadin 7.12.7 which uses CKEditor 4.11.1.
• Upgraded to libphonenumber 8.9.16.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Upgraded to Java SE 10.0.2 for runtime deployments. Code will continue to be compiled under Java 8, but we have upgraded the Java runtime in hopes of it providing better garbage collection for large systems. As of Java 9, there is no need for the JCE unlimited strength crypto policy files. The unlimited strength policy is set programmatically.
• Allow the To Do 'managed users' list to include disabled users or not. The default is to allow disabled users as you may need to manage the To Do list of users who are no longer active.
• Fixed the missing permission UI_PERM_TRANSACTION_UPDATE_API_VIEW in new installation setups. This can be added using the 'rundbsetup' command 'convert18.5.5' if your system was installed since 18.5.5 and is missing this permission.
• Upgraded to Apache Tomcat 8.5.33. Moved CATALINA_OPTS (renamed from prior JAVA_OPTS which affected not only Tomcat startup, but also shutdown) from the Tomcat bin/startup.sh script into the common 'profile' script along with other Tomcat variables.
• Save the document version in the document page editor whenever a field is deleted. This is to avoid issues when a deleted field (without also clicking 'Save') is then re-created or another field is renamed to the deleted field's name. This helps keep the UI and server in-sync during such operations.
• Upgraded to libphonenumber 8.9.13.
• Added javax.activation 1.2.0 to support Java 9/10.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: POSSIBLE If you installed the 18.5.5 version or later, you should run the command 'convert18.5.5' to add the missing permission. If you installed earlier and already did that convert command, no rundbsetup is necessary.
  • web.xml changes required: NO

• Created API for downloading transaction archives, similar to download CSV data, by providing the credentials and information needed to run a report and then export the selected transactions as a ZIP file for local storage.
• Fixed a bug that allowed a user to view document snapshots via the transaction details view even if the report template did not give them permission.
• Updated the Tran Search and Reports to show the total matching row counts even when the List Limit is set to a reasonable value like 25. This allows the user to know how many rows there are, while keeping the listing to a manageable number the user plans to actually review.
• Upgraded to libphonenumber 8.9.10.
• Upgraded to Vaadin 7.7.14.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added javax.json 1.0.4 to provide JSON encoding where needed. Note that prior add of javax.json-api 1.0 didn't include this necessary JSON provider.
• Added support for Harris Computer's JDox using the HTTP Send Action but using a special JDOX: prefix on the URL to tell it to use the proprietary JDox API instead of the standard HTTP name-value.
• Provide access to pseudo-field specs ${EMAIL}, ${URLENCODEDEMAIL}, ${LINK} and ${URLENCODEDLINK} in most any situation where an active party and transaction is in process. Previously, these were mostly only available to email templates and button+message page footers.
• Fixed auto-post to attempt to validate any fields, though without reporting errors, so that custom logic actions are more likely to have validated fields that aren't simple string types.
• As a shorthand, the ALL/ANY/SOMEBUTNOTALL BLANK conditions in custom logic now consider a File Upload field to be blank if its value is 0 (no files uploaded). The standard remains to use a COMPARISON condition and test against a given number to determine how many files have been uploaded.
• The HttpVariableTester.jsp page now accepts the optional param ESF_TRUNC. If present (ESF_TRUNC=), it will truncate values longer than 100 characters, unless the ESF_TRUNC value is a number (i.e. ESF_TRUNC=50) in which case it will truncate values longer than the specified ESF_TRUNC value. This is designed for testing the HTTP Send Action when it includes lengthy data like sending files.
• Upgraded to BouncyCastle JCE and PKIX 1.60.
• Upgraded to libphonenumber 8.9.9.
• Upgraded to CKEditor for Vaadin 7.12.6 which uses CKEditor 4.10.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Converted outbound emails with embedded images so that Data URLs are converted to CID multipart attachments as we continue to work around broken email clients that refuse to follow standards (Yes, Google GMAIL and Microsoft OUTLOOK, we're talking about you!).
• Moved the 'Unlock' button from the last column to the first column in the To Do list.
• The Production versus Test modes are primarily targeted towards transactions. Made some adjustments so the mode at the time of login will better select images and properties for the main tabbed view. This is normally unimportant, but if updating ESF/Library/Template entries for things like LogoForApp and the ESF and MyCompany property sets, when logging in with Test mode pre-selected (because you were in Test mode when you previously logged off), test versions of images and property sets will be shown, but this won't affect those logging in with Production mode set. Similarly, the login page will now select production versions as it previously selected test versions when present. However, before login, there's no way to determine the user or mode, so these cannot influence such elements on that page.
• For those who use image overlays, a new tool has been added to make it easy to determine the top, left, width and height of one or more fields. It's not currently integrated, but you can specify an image, drag and drop as many fields areas (similar to selecting regions on the image), and then have it calculate the specified field overlay positions. This HTML tool is a slight modification of the code provided by Nicolas D. Jimenez and his boxLabel project based on the annotorius javascript that is provided under the MIT license.
• Allow PDF generation to skip being digitally signed for those whose PDF tools can't work well with a digitally signed PDF copy of completed documents (i.e. Adobe Acrobat seems to choke on it, while MacOS Preview has no issue). This is controlled via a new property in set HtmlToPdf: EnableDigitalSignature which defaults to 'true' if not overridden via the property setting.
• Upgraded to libphonenumber 8.9.7.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Happy Cinco de Mayo!
• Added the Transaction Update API view (under 'Start transaction', using the UI name 'TransactionUpdateAPIView'), typically for system administrators only, that gives a simple, manual way to use the Update API from within the service. This may also be useful for testing custom logic that reacts to Update API events.
• The CSV field parser now trims whitespace.
• The date input parser has been tightened so as not to ignore any leading/trailing non-date elements in the input string.
• Upgraded to libphonenumber 8.9.5.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Fixed the report's custom search fields so they wrap when lots of report fields are specified as searchable.
• Gave limited ability to add header/footer lines to the PDF generation. This includes new properties allowed for set HtmlToPdf:
  HeaderText and/or FooterText to set generated headers/foots, typically using wkhtmltopdf options values like '[title] - Page [page] of [topage]';
  HeaderAlign and/or FooterAlign (defaults to 'center' but can be set to 'left' or 'right');
  and MergeMultipleDocumentsSeparately defaults to false, but if true, will convert multiple HTML documents into multiple PDF files, so header/footer text settings can apply to each document versus the combined PDF, which are then merged and then digitally signed. Merging them separately does have a performance cost as it takes longer to convert documents one at a time and merge them.
• Fixed display of Signature/SignatureDate fields in review mode when a custom document style is used and the 'Signatures' and 'Field data on review' fonts are not the same. Signature fields should just use the signature style and not include the field data on review style.
• Fixed getting a document's style to be a search. First, it tries the configured document style on the document version. But if it's not found, such as if the document stuyle is not in production for a production transaction, look in the document's library for its configured default document style, and if that's also not found, try the one configured for the ESF/Library/Template.
• Upgraded to CKEditor for Vaadin 7.12.5 which uses CKEditor 4.9.1.
• Upgraded to libphonenumber 8.9.3.
• Upgraded to Postgresql JDBC Driver to 42.2.2.
• Upgraded to PDFBox 1.8.13 (with companion fontbox 1.8.13 and jempbox 1.8.13).
• Upgraded to Apache Tomcat 8.5.29.
• Upgraded to Java SE 8.0.161.
• Upgraded to javax.mail 1.6.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor David's father, Ed (A.E.P) Wall, who is celebrating his 93rd birthday!
• Updated the source code format to use the built-in Eclipse reformatter, modified to allow non-wrapping lines and comments up to 150 wide.
• Changed behavior of the Group object to allow the super-admin group to be removed for any permission except for the basic ACID (list, view detials, create like, update and delete) type permissions. This should allow the super-admin to be removed from various permissions as needed, but not block the user from being able to see/update any of the objects.
• When a new group is created like an existing group, it no longer will automatically add the new group to all permissions, but will instead replace itself only to those permissions that the 'like group' had as well.
• Added built-in field spec that returns the document version last updated date. ${document:version.lastupdateddate}
• Updated the 'Calculate date action' custom logic so the 'ofset by number' field can handle a field specification or a number. Note that if on expansion of this value (which previously was limited only to an integer number) results in anything but an integer, the action will fail with an error.
• Upgraded to libphonenumber 8.9.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor our long-time friend and business partner, Lee Falco, as he celebrates his 80th birthday.
• Upgraded to CKEditor for Vaadin 7.12.4 which uses CKEditor 4.8.0.
• Upgraded to BouncyCastle JCE and PKIX 1.59.
• Added javax.json-api 1.0 to provide JSON encoding where needed.
• Upgraded to libphonenumber 8.8.9.
• Upgraded to Vaadin 7.7.13.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• While still not perfect, auto-post drop downs and file uploads (or remove of uploaded file) will now attempt to scroll to the same location in the document rather than to the drop down or upload/remove button location. This is not perfect because the current page scroll position may not be precisely the same on the next page rendering due to changes in error messages or any optional HTML sections that your document may render under various conditions.
• Added ability to filter on path name and the enabled/disabled status for Groups.
• Added ability to filter on path name, display name, package path name, brand library path name, and the production and test enabled/disabled statuses for Transaction Templates.
• Added ability to filter on path name, display name, and the enabled/disabled status for Report Templates.
• Added a feedback status message on removing an uploaded file.
• Upgraded to libphonenumber 8.8.8.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Fixed the Change File Field Action when used in a document custom logic rule that specifies a party that is mapped to more than one package party. It will now fire once against each matching package party. Previously, the action only mapped to the first package party that was configured to operate as the specified document party. When this action was used in a package custom logic rule, or when in a document custom logic rule that only had one package party configured to operate as that document party, it worked as expected.
• Changed the various "Tips" editing so the the 'Restore to defaults' button doesn't automatically save. You now must click Save or Cancel after restoring the defaults.
• Upgraded to libphonenumber 8.8.6.
• Upgraded to Vaadin 7.7.12.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• The SKIP DOCUMENT, SKIP PARTY and SKIP DOCUMENT PARTY custom logic 'Change tran/party status' action now checks to see if after the skips are done, if there are active parties with no documents to do, those parties are completed. And after that, if there are no parties with documents to do, the transaction is completed.
• Added email notifications templates OutgoingEmailIssue and IncomingEmailIssue to ESF/Library/Template that are sent to a specified email address list when an outbound email fails to be sent or when a bounce/reply is correlated back to a previous outbound email message respectively. The recipient email addresses for the issue notification is specified on each email template. By default, no such email issue notifications are sent because the new property ESF.NotifyEmailIssuesTo is left blank and all email templates use ${property:ESF.NotifyEmailIssuesTo} as the default 'notify issues to' value. Note that email templates OutgoingEmailIssue and IncomingEmailIssue ignore their respective 'notify issues to' setting as failures to send or handle bounce/replies notifications are just logged and otherwise ignored.
• Added Location and Department to the User list to allow for filtering by the location/region and departnment fields in the user record.
• Added missing date field input validation error message.
• Allow a SET FIELD VALUE action on a date/date+time/money/decimal/integer type field to work even if the field's current value is blank/invalid for its expected field type, provided of course that the new value is allowed.
• Upgraded to CKEditor for Vaadin 7.12.3 which uses CKEditor 4.7.3.
• Upgraded to libphonenumber 8.8.3.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• This release is dated to honor the founders, Toni and David.
• Added the ability to define a To Do group 'field spec' (separately for production and test transactions) to the Party setup in libraries. If such a dynamic field spec doesn't expand to an existing Group EsfName, it will default to the corresponding selected To Do group.
• Fixed a bug when deleting dropdowns, images and files defined inside a document version. The code was correctly removing those objects from the document version, but only in the cached version. When the document version is reloaded fresh from the database, the deleted dropdowns, images and/or files are unexpectedly present. The code has been updated to correctly delete these objects from the database as well.
• Per issue 145, if a transaction is started with the special ESF_reports_access party defined in the package version without access specified to a given document, but later the package version is updated to allow the ESF_reports_access party access to that document, the transaction party document object is added to allow access.
• Added loop sanity checks to automatic API processing of the initiating party, forcing it to fail if it takes more than 1000 loops to process the first party automatically.
• Block setting the HTML for an outbound email (in table esf_outbound_email_message, which is created based on an email template) that is longer than 150KB as truncating HTML is likely to cause rendering issues and such a long HTML email body is likely a bug.
• For report field esf_download_selected_snapshots that produces a popup button to view/download selected snapshots in HTML or PDF format, added a checkbox to show only the latest version of document snapshots rather than all snapshots across parties.
• Added field spec source-types to return XML encoded values that parallel the same field spec source-types without the the 'xml' prefix: ${xmldocument:XXX}, ${xmlfield:XXX}, ${xmlout:XXX}, ${xmloutv:XXX}, ${xmlval:XXX} and ${xmltransaction:XXX}
• Updated the web.xml to make the heartbeatInterval set to 5 minutes (300 seconds) instead of 30 minutes (1800 seconds). The Vaadin heartbeat is what keeps the web server's HTTP session active since most of the communications between the browser and server is over websockets. This large values appears to be a testing value that was never returned to a normal setting.

  <context-param>
   <param-name>heartbeatInterval</param-name>
   <param-value>300</param-value>
  </context-param>

• Added context-param 'isSystemDown' into webdown.xml (installed as web.xml when starting the system with the system down/maintenance message). This resolves the issue of the system still loading the Application and ConnectionPools that caused DB connections even when not running.

  <context-param>
   <description>Flag to tell the ServletContextListener not to load the App.</description>
   <param-name>isSystemDown</param-name>
   <param-value>true</param-value>
  </context-param>

• Upgraded to BouncyCastle JCE and PKIX 1.58.
• Upgraded to libphonenumber 8.8.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• This release is dated to honor great and long-time friends, Philip and Helen, as they both celebrate their 63rd birthday.
• For transaction and report details of the documents, renamed the 'Id' column to be the 'Transaction Document Id' and added a new column to show the 'Document Version Id' as well (this id represents the document name and version number already shown).
• Drop down fields in documents now validate to ensure the value matches a legal value defined in the drop down. Previously, they only enforced the 'required' attribute, but now they ensure the value matches an allowed choice. If the field is not required, blank values are not validated against the drop down set of values.
• Fixed the system down message (using WEB-INF/webdown.xml) to set the content type so some browser know to show the response HTML.
• The new Tomcat 8.5 compiles JSP-based documents in a way that makes the resulting Java processing method's code bigger than before. Very large documents may now get an error about exceeding a 65KB limit (i.e. The code of method _jspService(HttpServletRequest, HttpServletResponse) is exceeding the 65535 bytes limit). If this is the case for you, a reworked multi-page renderer should allow it to work if you split the document from a single large page into two or more smaller pages. Previously, most pages were concatenated together on review, so splitting the document into pages did not get around the limitation.
• When logging in, if the user previously had the 'change my password' view open, it will not be restored as a tab. Some users were confused and thought they had to change their password if they failed to close that tab after resetting their password.
• For a party returning to a multi-page document, allow them to not only go through each page, but also to see the final "review" version of the combined document that has the signature process record.
• Upgraded to PostgreSQL 9.6.3. This is mostly to get the software to be current and we make no use of new features from PG 9.2/9.3. To use this new version, you will need to backup up your current DB using the prior version's pg_dump and restore in the new one using the 9.6.3 pg_restore. Some may use the pg_migrate or other schemes if they are familiar with them. Note, too, that there are not 'create_db', 'drop_db' and 'recreate_db_only' scripts for postgresql/ddl that updated the obsolete NOCREATEUSER option to NOCREATEROLE instead. In general, changed from 'user' to 'role' throughout the DB scripts.
• Upgraded to PostgreSQL JDBC 42.1.1.
• Upgraded to Apache Tomcat 8.5.16.
• Upgraded to libphonenumber 8.7.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Fixed Date+Time fields to better carry over timezone information and handle daylight savings time better.
• Fixed several of the report buttons for viewing/downloading documents (resulting in an error about an unexpected request) to correctly handle being unexpectedly detached and reattached to the UI layout by Vaadin code unrelated to our code.
• Allow a ${I9.identityDocs} field spec to be added to a document to list all uploaded files, in this case to the field template 'identityDocs' in the document named 'I9'. In this mode, the "Please read" and 'last read timestamps' are not shown as such field specs from other documents are not really tied to parties. However, if a given package party has been blocked from accessing the uploaded files on the original file, no access will be provided on other documents either.
• Upgraded to CKEditor for Vaadin 7.12.2 which uses CKEditor 4.7.1.
• Upgraded to Apache Commons FileUpload 1.3.3.
• Upgraded to Apache Commons IO 2.5.
• Upgraded to Apache Commons Logging 1.2.
• Upgraded to libphonenumber 8.6.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Updated the Email Template configuration so the CKEditor for the HTML email contents will not revert from SOURCE mode to WYSIWYG mode on Save. Note that in CKEditor, if in SOURCE mode, you generally either need to click Save twice, or click anywhere outside of the editor area before clicking Save. This is required due to an issue with CKEditor not providing notification of editor changes in SOURCE mode and thus it requires the element be "blurred" (editor loses focus by clicking outside of it) before the Save.
• Upgraded to BouncyCastle JCE and PKIX 1.57.
• Upgraded to libphonenumber 8.5.1.
• Upgraded to CKEditor for Vaadin 7.12.0 which uses CKEditor 4.7.0.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added a memory monitor that will report memory hitting 95% utilization and attempt to clear caches to reduce memory usage. Note this SERIOUS-ERROR log message is not necessarily even a problem as the JVM may run garbage collection and then have sufficient memory again. But it helps to understand how often the JVM is reaching this level of memory utilization as it may indicate time to consider adding server/JVM RAM.
• When re-activating a canceled transaction via the transaction details view from tran search or reports, we now reset the transaction's expire timestamp to match the transaction template's production/test retention spec. This resets any changed retention that may have been set on canceling the transaction, so it returns to the normal retention as it's back in progress again.
• Upgraded to libphonenumber 8.4.3.
• Upgraded to Vaadin 7.7.9.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Per issue 178, all package custom logic rules to specify whether they should fire after document rules (the prior default order), or to specify it should fire before the document rules.
• Fixed a bug in processing drop downs using the auto-post feature when accessing via the reports live update (special party ESF_reports_access for update). The auto-posting drop down value can now be updated via the reports live update.
• Added transaction counts to the transaction template form.
• Upgraded to libphonenumber 8.4.0.
• Upgraded to Vaadin 7.7.8.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor David's son, Jacob, who turned 21.
• Upgraded to wkhtmltopdf 0.12.4. Note that when using this version of the HTML-to-PDF converter, you'll likely want to use the command switch '--disable-smart-shrinking' to keep it from making the results smaller than before. Of course, OpenESF uses this new option by default. If necessary, you can override a few elements via the ESF/Library/Template propertyset HtmlToPdf: CommandName to override 'wkhtmltopdf' (or 'wkhtmltopdf.exe' for Windows) command name; PageSize to override the default of 'Letter'; DisableSmartShrinking to override the default of 'true'. Unless needed because of wkhtmltopdf version issues, we do not recommend configuring this property set.
• Upgraded to libphonenumber 8.3.3.
• Upgraded to DragDropLayouts 1.3.3.
• Added DNDScroll Add-on 1.0.2 to allow scrolling in tables where drag and drop is allowed.
• Fixed transaction auto-cancels so that it will auto-cancel transactions that are not only In Progress (as it worked before), but also if Suspended as both are considered to be live transactions that can be canceled.
• Reverted back to Vaadin 7.7.6. (Version 17.2.11 Patch 0215 release reverted back to 7.7.6 to resolve Microsoft IE/Edge browser issues.)
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO
  • wkhtmltopdf tool upgrade required: YES

• Allow ${file:XXX} field specifications to appear in email templates. Note that this primarily makes sense in the HTML version of the email template as the text email does not support HTML links to the file, though some will attempt to convert it to a usable link.
• Added date format for showing just the year.
• Upgraded to libphonenumber 8.2.0.
• Upgraded to CKEditor for Vaadin 7.11.1 which uses CKEditor 4.6.2.
• Upgraded to Vaadin 7.7.7. (Patch 0215 release reverted back to 7.7.6 to resolve Microsoft IE/Edge browser issues.)
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• When starting a transaction using the transaction template's 'Start URL', previously if the transaction could be started by external users but the logged in user did not have explicit permission to start it, the new transaction request was rejected. The system will now allow a logged in user to start any transaction via the 'Start URL' without explicit 'start permission' if external users are allowed to start it. For the transaction to appear in the menu's 'Start tran' list, explicit start permission is still required.
• When sending out an email template using multiple email addresses, if there is an error in any of the email addresses, the activity log will show the misconfiguration, and rather than not send at all when such an error is detected, if any email addresses were discovered, those will be used. Previously, on an error in the list of email addresses, the email was not sent to any of them.
• Added javascript routines to esf.js for the common usage of show/hide a section based on a checkbox or a Yes/No radio button. The routines are setupDisplayIfYesNoRadioButtonGroupIsYes, setupDisplayIfYesNoRadioButtonGroupIsNo and setupDisplayIfChecked.
• The main application JAR is now named with a hyphen between the name and the version: i.e. openesignforms-17.1.14.jar (previously it would have been named openesignforms17.1.14.jar). This caused the script 'installRelease' to be updated as well.
• Added methods stringToDecimal and stringToMoney to the EsfDocumentPageInterface to help in condition testing for Strings field values to be converted into decimals or money amounts.
• Dropped references to Twitter.
• Upgraded to libphonenumber 8.0.0.
• Upgraded to BouncyCastle JCE and PKIX 1.56.
• Upgraded to Vaadin 7.7.6.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Dated for Veterans Day and to celebrate Kuni dog's birthday had he made it to 15.
• Per issue 175, allow filters to be set on searchable report fields. Also, allow members of a selected set of groups to not be restricted by the filters (can override the filter limits).
• Upgraded to libphonenumber 7.7.4.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• As of this release, OpenESF requires Java 8. We have converted to use Java 8's date and time classes to get around never-ending issues with java.util.Date and the mess it creates with timezones. While date formats are similar to SimpleDateFormat, the new code uses the format specifications from DateTimeFormatter. We made no changes to any of our format specifications, so most likely you will not either.
• Patch release included change for issue 177, to parse date strings immediately into noon GMT rather than updating based on daylight savings as Java appears to have some DST issue for a just a few years in the 1960s. This change was effectively replaced by Java 8 date and datetime classes so dates do not suffer any issues with timezones.
• Added ability to specify search fields for selective CSV Data Report integration.
• Upgraded to Vaadin 7.7.3.
• Upgraded to CKEditor for Vaadin 7.10.11 which uses CKEditor 4.5.11.
• Upgraded to libphonenumber 7.7.1.
• Upgraded to BouncyCastle JCE and PKIX 1.55.
• Upgraded to DragDropLayouts 1.3.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Yozons, founded in 2000, celebrated its SWEET 16 on August 9th.
• Changed the HTTP Send action to timeout connections and read-requests after 2 minutes instead of the prior 5.
• Changed the HTML to PDF conversion to return a PDF even if there are rendering issues. Previously, no PDF was returned, but now it is possible that a PDF will be generated with some missing content (such as if images or other URLs cannot be retrieved normally).
• Per issue 170, the captured HTML document for document snapshots no longer strips the 'esf' JavaScript library, so these are available for use in the finalized HTML document as well as when converted to PDF. Of course, legal contracts are better defined so they read correctly without requiring JavaScript manipulations, especially if the JavaScript changes affect the language rendered. If a user does not have JavaScript enabled, you normally want the contract to still work.
• Per issue 171, changed the money/decimal report field record to store using NUMERIC(17,4) rather than NUMERIC(15,2) to support up to 4 decimal places instead of 2, and percentages support up to 2 decimal points.
• Per issue 172, changed the SET FIELD VALUE custom logic action for setting a General field with a DateTime field spec to use the party's user-specific timezone if a logged in user, otherwise use the deployment's timezone as it did before.
• When using a document field spec like ${XXX} or ${fieldlabel:XXX} (both have the same meaning), if the field template XXX's label is setup to not be displayed, we effectively treat the specification as if it were ${field:XXX} (no pairing of the label to the field is maintained). Note that fields that have auto width, no alignment and no label will be shown inline rather than inline-block. To ensure your field behaves as correctly, specify either a width, an alignment, or a label.
• Upgraded to Vaadin 7.6.8.
• Upgraded to libphonenumber 7.5.2.
• Upgraded to BouncyCastle JCE and PKIX 1.54.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• We miss you, Kuni. You were a terrific dog during your 14.5 years of service and companionship! Rest in peace.
• For field templates, the input prompt, tooltip and label to show now allow field specs (${xxx}) to be included instead of just literal string values.
• New document page field specification ${outv:XXXX} works like the ${out:XXXX} tag in non-document field specs, returning just the formatted field's value and not any HTML related to layout for input/review modes. The outv: prefix works identically to out: in non-document field specs. This requires you install the updated WEB-INF/libdocsgen.tld to activate the new tags.
• New field specification ${val:XXXX} just produces the field's plain (unformatted) value.
• Added date interval calculation to include months (not just days and years).
• Allow MM/YYYY date inputs to support creating a date on the first of the month (like for a beginning date range). The current MM/YYYY date input format continues to assume the last day of the month (like for a credit card expiration date, or for an ending date range).
• Upgraded to CKEditor for Vaadin 7.10.9 which uses CKEditor 4.5.9.
• Upgraded to Vaadin 7.6.6.
• Upgraded to libphonenumber 7.4.3.
• Upgraded to Apache Tomcat 8.0.35.
• Upgraded to run on Java 8.0.91 (note that we had issues running Eclipse on 8.0.92) with its respective JCE policy files. Note that development still compiles targeting Java 7.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Happy Mothers Day 2016!
• Changed the CANCEL TRANSACTION action (an option of the Change Status Action in custom logic) so that the change-retention-on-cancel specification is always applied. Previously, only if the checkbox saying a new retention was desired was the cancel-retention changed. But this meant that a subsequent cancel transaction rule would inherit the prior setting to reduce the retention rather than assuming the new rule has all of the information. If you relied on this behavior, you may have to update your other CANCEL TRANSACTION actions to no longer make such an assumption and you must specify the reduced retention value desired on each rule that needs it, or leave it unchecked to revert to the default retention.
• Fixed a few optional selection boxes so that once a value is set, it can be reset back to no value.
• Upgraded to CKEditor for Vaadin 7.10.8 which uses CKEditor 4.5.8.
• Upgraded to libphonenumber 7.3.2.
• Upgraded to Vaadin 7.6.5.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Changed to allow pseudo-party ESF_reports_access (when doing an update) to update fields even if they are set to block subsequent regular party access.
• Changed APS EIP library to dumb-down common UTF-8 characters to ASCII as that API cannot accept correctly spelled words/names such as résumé, fiancé, Martínez, niño, O’Malley or Ström.
• Upgraded to libphonenumber 7.2.8.
• Upgraded to CKEditor for Vaadin 7.10.7 which uses CKEditor 4.5.7.
• Upgraded to Vaadin 7.6.4.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Per issue 163, fixed DbSetup to have correctly encoded UTF-8 characters used in the ESF/Library/Template drop downs ESF_Countries and ESF_MoneyFormat. See the issue for details on correcting these values in your drop downs.
• Allow field templates to specify if suppress COPY value, and/or suppress PASTE value should be done. This suppression can be circumvented by a determined user via DOM manipulation. Note that this is considered by some to be a poor user interface choice, but it is often used for double-entry fields when trying to confirm the same value is both times.
• Updated the documentation for the SET FIELD VALUE action to show that transforms take place before substring, though this was not the case before. If you relied on the substring taking place first, you'll need to update your actions to first do the substring and then another SET FIELD VALUE to do the transforms.
• For the Change Status/Activate Party action, if the party is already active, but it has no email address set (and is not associated with a particular user), attempt to resolve it based on the package party's email address specification.
• Per issue 166, using the Thumbnailator API to rotate and shrink uploaded images (resized) when specified in a field template for a File Upload field.
• Upgraded to libphonenumber 7.2.5.
• Upgraded to DragDropLayouts 1.2.
• Upgraded to TableExport 1.6.2.
• Upgraded to Apache POI 3.13-20150929.
• Upgraded to PDFBox 1.8.11 (with companion fontbox 1.8.11 and jempbox 1.8.11).
• Upgraded to Vaadin 7.6.2
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• The 'export to Excel' and 'Download CSV' buttons on reports no longer include non-data columns (like those that are buttons). Such non-data columns using the CSV export servlet are also no longer included.
• Fixed reports to only allow transaction templates that a user has 'List' permission to be included. For report that include a list of transaction templates, only those that the user has permission to list can be included.
• Added new built-in 'Resume tran' button report field template. If this report field column is added to your report, and the transaction is currently suspended and the user has 'resume' permission, a button will appear to allow the user to resume the suspended transaction.
• For custom logic rule events Timer Expired, Transaction Canceled, Transaction Resumed, Transaction Started, and Transaction Suspended and Transaction Update API, we can match a package's rule that limits based on party if the selected party is currently Active. This allows special actions to take place based on which party is active when these events occur. This is most useful for the Transaction Resumed event should you suspend a transaction and later resume it and want to inform the active party he or she can try again now.
• The Send Email Action will attempt to notify all users who play the role of a package party defined as having a To Do Group and the 'notify all' flag is set. This only takes place if the Send Email Action specifies a party link (to know which package party) to check for To Do groups) but no email specification, and the party has not yet been locked to a given user or email address.
• Upgraded to libphonenumber 7.2.3.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Changed application's JSP pages to use HTML 5. This does not affect documents yet, but the future will generate documents in HTML 5.
• Added 'Skip document party' to the change status action to remove a document from the processing flow for a specified party.
• Added beta code for light integration with APS Payroll's EIP API.
• Upgraded to CKEditor for Vaadin 7.10.6 which uses CKEditor 4.5.6.
• Upgraded to libphonenumber 7.2.2.
• Upgraded to Vaadin 7.5.10
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Per issue 157, added ability to create overriding property sets on a per-user basis.
• Per issue 158, added a calculate date interval action available to the custom logic rules for documents and/or packages.
• Remember user preferences for string-based report search field values for user-defined report fields that are searchable. Also, you can just enter '=' to mean search where that field's value is blank or null. Also, the '!' prefix can be used to negate the matching.
• Per issue 160, allow file upload fields to specify whether non-image files may be uploaded, and if so whether to show uploaded images inline using a maximum width of 200, 400, 600 or 800 pixels. Note that when an image is shown inline, that file is assumed to have been viewed by the party.
• Allow field templates to be marked as 'Mask on input' to specify that field should work like a password field and not show field input as it's entered.
• When creating a new button message set in a library, start with the default button message set to have initial values that can be tweaked rather than being entirely blank.
• Allow the button message set and package+disclosure document to override the package's values for a given package party.
• Put a fixed limit of 20,000 activity log records being retrieved when viewing user, system and transaction logs.
• Upgraded to libphonenumber 7.1.1.
• Upgraded to Vaadin 7.5.9
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Per issue 159, fixed the System config->Deployment view to no longer attempt to parse/convert the displayed installation date, regardless of the default date format, back to a date field.
• Upgraded to CKEditor for Vaadin 7.10.5 which uses CKEditor 4.5.4.
• Upgraded to libphonenumber 7.1.0.
• Upgraded to BouncyCastle JCE and PKIX 1.53.
• Upgraded to Vaadin 7.5.7
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: OPTIONAL - Changed default heartbeatInterval to 1800. Commented out the filter and filter-mapping for setCharacterEncodingFilter as we set it in Tomcat's conf/web.xml. But for those who cannot set this across all webapps, you'll want to keep it. Added the context-param org.atmosphere.cpr.sessionSupport.

• This release is dated to honor David's mother, Marcella Joan Wall, who would be celebrating her 84rd birthday.
• Per issue 156, a new transaction administration API has been added. Details are in the online API documentation. Special thanks to the International Computer Consulting Organization (ICCO) for sponsoring this API's expedited development.
• Upgraded to CKEditor for Vaadin 7.10.4 which uses CKEditor 4.5.3.
• Upgraded to PDFBox 1.8.10 (with companion fontbox 1.8.10 and jempbox 1.8.10).
• Upgraded to libphonenumber 7.0.9.
• Upgraded to javax.mail 1.5.4.
• Upgraded to ConfirmDialog 2.1.3.
• Upgraded to PopupButon 2.6.0.
• Upgraded to JDOM 2.0.6.
• Upgraded to Vaadin 7.5.4
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added find limits to the tran search and reports. By default, it will limit the results to 100 transactions, which is generally more than a user wants to see. If there are more transactions than the chosen limit, the find button will show the count with a '+' to indicate more exist. Of course, you can still run the report to show all matches.
• There are times when an optional field should be styled as if it were required (generally a field that is not always displayed, but when it is, it's enforced to be required through custom logic rules). Changed the field definition from a checkbox for required or optional, to a select list that allows for required, optional and optional style as if required.
• No longer suppress the 'Test' button in the document page editor when not in edit mode, showing it in the page editor when it's also visible in the document version view.
• Per issue 146, transaction templates have a new permission to allow the use of the Update API on transactions. The /U/ path references the update API. After a successful update, the transaction update API event is fired. There's a new Condition for custom logic to check if the Update API event name matches for those cases in which there are more than one type of updates taking place via the API.
• Per issue 154, if a package party requires a logged-in user and specifies a To Do group, ensure the logged in user actually belongs to that group or matches the party's specified email address.
• Transactions started via the API mode to auto-complete the party now create a document snapshot as each is processed.
• Upgraded to CKEditor for Vaadin 7.10.0 which uses CKEditor 4.5.1.
• Upgraded to libphonenumber 7.0.7.
• Upgraded to Vaadin 7.5.1
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Migrated from the dying Google Code to GitHub, including wikis and issues. Google Code is no longer being used.
• Per issue 153, Added last accessed timestamp to the transaction party assignment so it can be shown in the transaction details. It is updated each time the transaction is accessed using the party's unique pick up code/link. Prior party accesses on previous transactions will show an estimated last accessed timestamp based on the last update timestamp for documents the party completed.
• Per issue 152, fixed the File access tags when created using the file link feature of CKEditor. Also, removed the warning about leaving the page when clicking on file links.
• Per issue 151, reloading transaction report fields will limit itself to transactions that match the specific package version (instead of all that match the package without regard to the version). So after updating the 'map report fields' in a package version, save it, and then reload and only transactions that use that package version's set of report fields will be reloaded.
• Under certain error conditions when processing workflow events, if the event is a significant error, no longer will any user-defined actions in custom logic be run for the event. Bad events are essentially skipped to avoid custom logic from trying to make sense of it.
• Changed timer expiration event so if it fires when the transaction is canceled, the timer name is renamed to have "-Canceled" appended to the end; or if the transaction is suspended, the timer name is renamed to have "-Suspended" append to the end. This allows you to handle a timer event for canceled or suspended transactions if you really need to do so, but it won't match your expired timer name if not specifically tested in a condition for normal operations.
• When trying to set or calculate a field value in custom logic, if the field template exists, but there is no such field created, try to create all missing fields to see if that causes the field to become available. This issue occurs if you start a transaction and then subsequently add a field to an existing document version referenced by that transaction.
• Added the current database size to the System config->Deployment view when using a commercial DB license.
• Added an Auto-Post Event for custom logic in a document. This allows you to take actions when a user selects a dropdown configured for Auto-Post or the like. This event is similar to the Save button being pressed except no data validations take place.
• Added the ability to suspend and resume transactions via the 'Change tran/party status' action.
• Added custom logic events for suspended and resumed transactions.
• Fixed DbSetup to boot itself after doing the 'initdb' so the key generation will have its properties in place.
• Added the Vaadin push mode to the System config->Stats view.
• Upgraded to PDFBox 1.8.9 (with companion fontbox 1.8.9 and jempbox 1.8.9).
• Upgraded to libphonenumber 7.0.4.
• Upgraded to javax.mail 1.5.3.
• Upgraded to DragDropLayouts 1.1.3.
• Upgraded to ResetButtonForTextField 1.2.1.
• Upgraded to Vaadin 7.4.7
• Upgraded to run on Java 8.0.45 with its respective JCE policy files. Note that development still compiles targeting Java 7.
• Upgraded to Tomcat 8.0.23 (note that 8.0.21 has websocket issues). Updated the TLS section for the HTTPS connector to use a more secure list of ciphers, though it means dropping support for Java 6 clients and Microsoft IE6.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor David's father Ed's 90th birthday.
• Fixed multi-page review of documents using ${document:page.number} notation per issue 143.
• Fixed re-resolving of document versions in an existing transaction per issue 149. Document versions are fixed at transaction start to prevent custom logic issues.
• Changed <meta name="viewport" content="initial-scale=1, maximum-scale=1" /> to <meta name="viewport" content="width=device-width, initial-scale=1" /> to better support responsive design for mobile needs.
• When doing a CANCEL TRANSACTION 'Status Change' action, we now allow the expiration date to be extended as well as reduced. Previously it would ignore requests to make the expiration date later.
• A File Confirm Click field can be used in any of the 'Blank' condition checks on a custom logic action to determine if an optional file confirm click field has been clicked by the current party or not.
• Added methods stringToInt and stringToBool to the EsfDocumentPageInterface to help in condition testing for Strings field values to be converted into integers or booleans.
• Allow web sessions to be ended per issue 147. The UI for UserSessionView must have delete permission set for users in that group to be able to end a web session.
• Allow caches to be cleared per issue 148. A button was added to the deployment properties when in edit mode.
• Added transaction detail activity logs for each button pressed by a party.
• Merged code from the VAADIN7 branch in CVS back to the HEAD. The project named open-eSignformsVaadin7 is now renamed back to open-eSignFormsVaadin to match the name in CVS. Also, the widgetset Open-esignformsvaadin7Widgetset has been renamed to Open-esignformsvaadinWidgetset, so be sure to remove the old VAADIN/widgetsets and replace with the new. Related to this, the web.xml file changes a bit for these names:
  <servlet-name>OpenESignFormsVaadinApplication</servlet-name> replaces <servlet-name>OpenESignFormsVaadin7Application</servlet-name> in the 'servlet' and 'servlet-mapping' entries; and
  <param-value>com.esignforms.yozons.vaadin.widgetset.Open_esignformsvaadinWidgetset</param-value> replaces <param-value>com.esignforms.yozons.vaadin.widgetset.Open_esignformsvaadin7Widgetset</param-value>.
• Upgraded to BouncyCastle JCE and PKIX 1.52.
• Upgraded to Vaadin 7.3.10
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• Fixed a bug that failed to correctly display the drop down option label when using a dynamic drop down and the value comes from anything but the default drop down.
• Fixed issue with ESF_reports_access pseudo party getting an email notification when it's activated on an in-progress transaction. The email contained a link that would then process as if the party were configured. No email notification is sent for this party.
• Fixed issue with email templates containing field specifications such as ${out:fieldname} in which no document name is included. The code will first attempt to use the current document, if available, otherwise it will find the first document that has a value for the named field.
• Fixed exception in SendEmailAction when sending an email on a canceled transaction event.
• Added ability to set and cancel transaction timers and the ability to do custom logic on a timer expired event.
• Upgraded to libphonenumber 7.0.2.
• Upgraded to CKEditor for Vaadin 7.9.6 which uses CKEditor 4.4.7.
• Upgraded to Vaadin 7.3.9.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Moved the status messages from the lower right to the upper right corner and added a yellow border to help make it stand out.
• Upgraded to PDFBox 1.8.8 (with companion fontbox 1.8.8 and jempbox 1.8.8).
• Upgraded to PopupButton 2.5.0.
• Upgraded to Vaadin 7.3.7.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• This release is dated to honor David's godson Alex who just turned 13!
• Added ability to mass start transactions by uploading a CSV file with the initial data to use, one row for each transaction, with the first row specifying the field names to set using the data values in the subsequent rows. This resolves issue 141
• Added the ability to view/append field specs (${xxx}) from fields that allow them, as well as from the document page editor to make it a bit easier to look at document fields, propertsets, serial generators and document/transaction built-in fields across libraries.
• Due to various bugs discovered in wkhtmltopdf 0.12.1, we strip border-radius CSS from the HTML before converting to PDF. Also, added code to report errors/warnings emitted by wkhtmltopdf even when it ends with a successful exit status of 0. We also strip the esf.js from captured documents as finalized documents and PDFs have no need for our JavaScript. Lastly, for multi-file HTML to PDF, we added --javascript-delay 1000 to prevent certain errors in the rendering even though no javascript is actually used.
• Created new document download or view button that allows for selecting the documents to view/download as HTML, PDF or in a ZIP file and makes use of a new servlet for serving back the file to be more reliable. We recommend using this button (esf_download_selected_snapshots) in your reports instead of the prior esf_download_pdf_selected_snapshots which is deprecated.
• The prior report button esf_download_pdf_latest_snapshots has been updated to be a Link that uses the more reliable servlet for retrieving the PDFs.
• Added the production retention specification to the transaction templates list.
• Experimental: Enable Vaadin server push. The code currently disables push for browsers older than IE 10, Safari 5, Firefox 9, Opera 11 and Chrome 13. As always, we recommend using the latest version of your browser to enhance security and functionality. The following changes to web.xml are needed: Add listener for Atmosphere used in push:

  <listener>
      <listener-class>org.atmosphere.cpr.SessionSupport</listener-class>
  </listener>

  Enable Vaadin's automatic push mode for the OpenESignFormsVaadin7Application servlet entry:

  <init-param>
      <param-name>pushmode</param-name>
      <param-value>automatic</param-value>
  </init-param>
  <async-supported>true</async-supported>

• Updated web.xml to indicate it's using Servlet 3.1 (JSP 2.3) that comes with Tomcat 8 (not required if you keep push disabled):

  <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                        http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
    version="3.1">

• Upgraded to ConfirmDialog 2.1.2.
• Upgraded to DragDropLayouts 1.1.1.
• Upgraded to PopupButton 2.4.1.
• Upgraded to TableExport 1.5.1.5.
• Upgraded to libphonenumber 7.0.1.
• Upgraded to CKEditor for Vaadin 7.9.4 which uses CKEditor 4.4.6.
• Upgraded to Vaadin 7.3.6.
• Upgraded to run on Java 8.0.25 with its respective JCE policy files. Note that development still compiles targeting Java 7 (not required if you keep push disabled, but works even if you do).
• Upgraded to Tomcat 8.0.15 (not required if you keep push disabled, but works even if you do).
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: YES

• Show messages to parties who close their browser before completing the document(s) in their package.
• Suppress ENTER key being used to auto-submit forms instead of having parties click on the appropriate buttons shown on each page.
• Automatically include Google WOSS font 'Pacifico' for use as a handwritten signature in esf.css. To use it in existing systems, you'll need to update your ESF_Fonts drop down and document styles.
• Annotate the electronic signature process record for Test transactions to make it clear it is for testing only (non-binding).
• Added a Save button for parties completing documents resolving issue 136
• Upgraded to PDFBox 1.8.7 (with companion fontbox 1.8.7 and jempbox 1.8.7).
• Upgraded to Vaadin 7.3.3.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Allow PDF to have working file download links for File and FileConfirmClick fields. Also allows access from the original HTML document snapshots.
• Allow a report to limit which documents can be viewed/downloaded. By default, all documents in the selected transaction templates are available, but this allows a report to restrict the documents that can be accessed.
• Allow a party to have a distinct To Do Group setting for test transactions. This is useful when a given party shouldn't be involved in test transactions.
• Changed the File field in documents to be an integer value containing the number of files uploaded. Previously it was a dummy string value.
• Search field values entered in reports are now trimmed of leading and trailing whitespace.
• Send Email Action now supports multiple email addresses that replace ${EMAIL} in email templates.
• * NOTE: For SET FIELD VALUE actions, transforms to get numbers, alpha or alphanumeric no longer remove whitespace. If your transform needs this previous behavior, you must update the action to also include the 'strip whitespace' transform.
• Report templates have two new permission options: 1) view live transactions and 2) update live transactions, via the esf_report_access special party. Users in groups with these permissions will have an icon shown in the report listings that will provide access to the transaction directly from the report using the esf_reports_access party. Access is 'view only optional' to the documents allowed by the report. If the update permission is given to a user and the transaction points to a package that defines the esf_reports_access party, documents may be updated via the reports regardless of the status of the transaction, including changes to canceled or completed transactions. Generally, the esf_reports_access party is only defined for documents that are being used for the purpose of on-going record management and not for general contracts, though some may use it to correct data, though of course the corrections will not change the digitally signed snapshots of the data and documents that took place earlier. This capability resolves issue 131.
• Updated the Button Message Set to include ability to configure an 'Edit' button on the package that is used when updating a transaction via the reports. Also added a 'Save' button for documents in edit mode that is also used when updating a document via the reports.
• Document and package custom logic now supports the PartySavedDocumentEvent to add actions when the 'Save' button is used.
• Upgraded to CKEditor for Vaadin 7.9.3 that supports CKEditor 4.4.4.
• Upgraded to Vaadin 7.3.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• This release is dated to honor David's mother, Marcella Joan Wall, who would be celebrating her 83rd birthday! We miss you, Sally!
• Fixed issue 132 to fire the PartyCreatedEvent, PartyActivatedEvent and PartyTransferredEvent when the party defined in the event matches the custom logic rule party name rather than using the current party which is generally not the correct party (as these tend to fire when another is the party and the process flow is moving ahead or changing).
• Added issue 133 to allow _TEST suffix property name checks when in test modes. This allows a property set to be created that has both production values (normal) and special test-only values. The normal resolution of propertysets takes place for Production, Test Like Production and Test modes. But if you define the same property name with an _TEST suffix and you are in Test Like Production or Test modes, it will return that property instead. This is useful for property values that include more sensitive information that should not be used for tests (such as SSN/EIN, email addresses, passwords) and is used by the PayPal plugin so when testing you go against the PayPal test site rather than a real credit card charge.
• Fixed issue 134 to allow the EIN prefix of 47.
• Fixed issue 137 to allow report searches against date fields using date ranges.
• Fixed issue 138 to allow a condition to check against each selected value in a multi-select dropdown rather than just against the first selected value.
• Fixed issue 139 to disable the transaction status checkboxes on 'tran search' and 'reports' when 'only stalled' was previously selected.
• Changed HTTP Send Action's URL to allow a field spec rather than fixed URL. This allows for dynamic URLs, especially when switching between Test and Production modes.
• Allow a file upload field on a document to be pre-populated from initial HTTPS POST data that starts a transaction. The file data must be Base-64 encoded and then URL encoded (like all HTTPS POST data). You may also include additional params FileParamName__fileName that contains the file's name, and FileParamName__fileMimeType that contains the file's mime/content type (in this example, the Base-64 encoded file data itself is sent using the param name FileParamName). The file will be assumed to have been uploaded and accessed by the first party in the package. If the file name isn't included, the FileParamName will be used. If the mime type isn't included, it will be assumed to be a binary file. Multiple files may be attached.
• Upgraded to BouncyCastle JCE and PKIX 1.51.
• Upgraded to CKEditor for Vaadin 7.9.2.
• Upgraded to Vaadin 7.2.6.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Fixed the date selector in document date fields for Internet Explorer when the date field is on right/bottom edge and the popup wouldn't normally fit.
• Made checkbox and radio button images have transparent backgrounds.
• Changed esf.css for signatures and signature meta data to not wrap text (white-space: nowrap;). Made changes to print styles to ensure 90% font-size is used.
• Changed package report field mapping to allow a specific report field name to be entered to create a new one. Also, the drop down of possible choices no longer includes all report template fields, just those that have not already been mapped in the package.
• Added ability to specify a package party is "view optional" for a given document. This is similar to the current "view only" party except that the party is not required to view the document. This allows a party to see a document if they want, but not be compelled to click through them in order to complete the party's step. A "view only" party still must view the document to complete it.
• Fixed issue with connection pool's JDBC driver being double-registered.
• Allow the document and field to be changed in the HTTP Send Action configuration of Document Fields to send.
• Added method getFieldSpecValueOrBlankIfNotFound(String fieldSpec) to EsfDocumentPageInterface to get the value of the fieldSpec expansion, or blank if it doesn't expand to anything but itself.
• Added convenience method isFieldSpecBlank(String fieldSpec) to EsfDocumentPageInterface to check if the value of the fieldSpec expansion is blank (essentially isBlank(getFieldSpecValueOrBlankIfNotFound(fieldSpec))).
• Added convenience method isFieldSpecNonBlank(String fieldSpec) to EsfDocumentPageInterface to check if the value of the fieldSpec expansion is nonblank (essentially isNonBlank(getFieldSpecValueOrBlankIfNotFound(fieldSpec))).
• Upgraded to DragDropLayouts 1.1.
• Upgraded to libphonenumber 6.2.
• Upgraded to wkhtmltopdf 0.12.1.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Closed issue 64 as the current ComparisonCondition already handles date and datetime comparisons. Added an activity log error message for comparison operators that do not make sense for the type. Changed the comparison condition setup to only allow the appropriate operators based on the type of the field being checked. To avoid any issues, be sure that the default date format for dates/datetimes, as defined in the deployment configuration, that you compare against (i.e. using a comparison against a field specification like ${DocumentName.DateFieldName}) use one of the top three date formats (i.e. 15-Feb-2011, 02/15/2011 or 2011-02-15) as these string formats for a date can all be parsed back into a date object as required to perform the date comparison.
• Fixed issue 65 to allow custom logic calculations on date and datetime fields.
• Fixed issue 126 to allow a percentage to be entered with or without a trailing '%' in a Decimal field.
• Fixed issue 127 to allow an Integer, Money and Decimal field to be blanked out using the SET FIELD VALUE action in custom logic.
• Fixed issue 128 ensure the e-signature process record is shown -- if so set on the document -- on multi-page documents in which the signature is not on the last page.
• Added Tomcat's SetCharacterEncodingFilter filter and filter-mapping to set UTF-8 to web.xml.
• Added URIEncoding="UTF-8" to both the HTTP and HTTPS Connector elements in Tomcat's server.xml.
• For CSS styling of individual pages, each page is now output with a DIV class attribute set to the page's name. Of course, the original DIV 'id' attribute is still set to the page's transformed UUID. This is true for both single and multi-page documents.
• Upgraded to libphonenumber 6.1.
• Upgraded to Animator 1.7.4.
• Upgraded to TableExport 1.5.1.3.
• Upgraded to DragDropLayouts 1.0.1.
• Upgraded to PDFBox 1.8.5 (with companion fontbox 1.8.5 and jempbox 1.8.5).
• There's a new configuration element in the openesignforms.properties file that can be used to ensure randomly generated strings, such as in UUIDs, pickup codes for URLs, etc. do not contain any undesirable substrings. While rare, random generators can produce possibly offensive strings, so this setting will ensure our random strings do not include the specified ones (using a semicolon-separated list of strings). In this example, this setting won't allow the words "bad" or "word": RandomKey.undesirable.string.segments=bad;word
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES

• Fixed issue 121 so an empty AND or OR condition will show it has no subconditions including any negated NOT. Also, if the top level condition (AND or OR condition) on an Action has no subconditions, we just assume it passes regardless if it's negated.
• Ensure HTML files written for input to wkhtmltopdf are written as UTF-8.
• Ensure JSPs and CSS files are written as UTF-8.
• Allow dropdown option labels to be up to 100 characters instead of 50.
• Allow report field labels to be up to 100 characters instead of 50.
• Allow a company name to be placed on the main page title area for added branding. It is defined in the ESF/Library/Template HTML property ESF.AppTitleInHtml. It will default to the company's informal name centered in a 12pt bold blue font.
• Reverted wkhtmltopdf 0.12.0 back to using 0.11.0rc1 as we had unexpected blank pages appearing in 0.12.0.
• Upgraded to TableExport 1.5.1.1.
• Upgraded to Apache POI 3.10-FINAL.
• Upgraded to CKEditor for Vaadin 7.9.1.
• Upgraded to Vaadin 7.1.13.
• Upgraded to Apache PDFBox 1.8.4 along with its dependency releases JempBox 1.8.4 and FontBox 1.8.4.
• Fixed issue 122 to not crash creating a field template in a document like a reusable library-defined field template.
• Fixed issue 123 to block attempts to create new libraries like reserved libraries, prevent exporting if they cannot view the details, and prevent importing if they do not have update permission.
• Fixed issue 124 to not starting a transaction in which it cannot find its component documents, most often the result of running a production transaction -- or test like production -- with a document in the package having no production version available.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Fixed report template's esf_download_html_selected_snapshot built-in field when many documents are listed so it has a scrollbar. Also, it opens the HTML documents in a popup window instead of doing a download.
• Added download HTML snapshots button to transaction details from tran search and reports.
• Added method isPackageParty(String pkgPartyName) to EsfDocumentPageInterface which is used for simple JSP-based programming in a document. Normally, a document only knows about document parties, but the package+disclosure document is not tied to document parties and thus generally needs to rely on the package party name to enable variable disclosures based on party. Note that this implies that the package+disclosure document is non-generic and built to work specifically for your package.
• Added method isPartyCompleted() to EsfDocumentPageInterface to check if the current party is completed or not. The default package+disclosure was updated to take advantage of this.
• Added method isPartyLoggedIn() to EsfDocumentPageInterface to check if the current party is a logged in user or not.
• Added method isTransactionCompleted() to EsfDocumentPageInterface to check if the transaction is completed or not.
• Added method isTransactionDeleted() to EsfDocumentPageInterface to check if the transaction is deleted or not.
• Added method isBlank(String) to EsfDocumentPageInterface to check if the specified is string is blank (null, empty string or all whitespace) or not.
• Added method isNonBlank(String) to EsfDocumentPageInterface to check if the specified is string is not blank (not null, not empty string and not all whitespace) or not. Most likely this is used on package+disclosure pages if you want to suppress some content if the user has deleted the transaction. The default package+disclosure was updated for this very purpose.
• Clean up orphaned outbound email attachments and fixed transaction deletion to also remove email attachments.
• Upgraded to ConfirmDialog 2.0.5.
• Upgraded to Vaadin 7.1.12.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• To reduce confusion, we clear the transaction's auto-cancel-timestamp when the transaction is completed or canceled. Note that auto-cancel only works on in-progress transactions, so this has no effect on how it works. However, in the unlikely event a canceled transaction is later re-activated, the prior auto-cancel timestamp will no longer be in effect, and if the retention was changed on cancel, that new retention value will remain. We recommend starting a new transaction like an existing one when a canceled transaction really should be done again.
• Allow FileConfirmClick fields to set other File names to use beside the default configured in the field template. This allows for one party to select from a set of Files in the Library so that particular file will be used for confirmed clicks.
• Increased outbound email limits for the text part from 8K to 16K and the HTML part from 64K to 512K.
• Added an example PickupNotification email template to the default company library created on installation.
• Clean up orphaned transaction activity log records, and block such records from being written in the future. Such log records were created when using the Test button on the document page editor when it includes custom logic.
• Added report column type for downloading document snapshots in its native HTML format (already support PDF).
• Added ButtonGroup widget 2.3 and use to group buttons when appropriate.
• Allow CTRL-S in the document page editor to effect a SAVE as if clicking the SAVE button.
• Upgraded to CKEditor for Vaadin 7.9.0.
• Upgraded to Vaadin 7.1.10.
• For Windows as well as CentOS 6 or new Linux systems, updated to wkhtmltopdf 0.12.0.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Updated look for the default e-sign disclosure and package listing document "StandardPackageDisclosures" in the standard ESF template library.
• Updated look for the default e-sign invitation email "DefaultPickupNotification" in the standard ESF template library, as well as the system emails for setting passwords and the like.
• New image LogoForEmail that's used in the updated emails. The DbSetup program will create this file based on the current Logo, albeit set to allow it embedded using a data URI.
• No longer save and restore tabs when accessing via iOS or Android to avoid mobile browser performance issues.
• No longer append a 'CREATED_LIKE' suffix to names when creating a new object. Instead, the original name will be shown, but will be in error until a unique name is entered.
• Upgraded to PopupButton 2.3.0.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• On Production-Test mode changes, update the reports list based on user permissions like we do for starting transactions. Also, the report will now block if a user tries to run it against production transactions when the report template doesn't allow it. Also, no longer remove all menu items under reports/start-tran on a mode change so as not to inadvertently remove other choices like the 'Tips' entry.
• Reports can now also list transactions in which a user was a party to it along with the previous ability for the user who started it. By default, if a user can run a report, that user can see transactions that user started or was a party to. Added a new permission to the report templates to set the groups that can also see transactions in which other users (only those users the user has permission to see) were a party to it.
• No longer include fully skipped documents (all parties to the document were skipped) among the document listing on the transaction details view of reports and tran search to reduce clutter and speed up rendering for packages that skip large numbers of documents. Skipped documents, if present, are listed at the bottom.
• Upgraded to libphonenumber 5.9.
• Upgraded to BouncyCastle JCE and PKIX/CMS 1.50.
• Upgraded to DragDropLayouts 1.0.
• Upgraded to Vaadin 7.1.9.
• Upgraded to Apache Tomcat 7.0.47.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: NO

• Added capability to specify that field templates overlay an image in a document for instances in which a document's page is an image/scan of the original document and the fields appear to be entered into locations in that image. Overlay fields add CSS-like positions for left, top, width and height to specify the area of the image where the field should appear. You can position a field (like ${field:XXX}), field+label (like ${XXX} or ${fieldlabel:XXX}) or even just a display field value (like ${out:XXX}). Note that a document page can have more than one image and mix and match images with regular HTML. The upper left corner of the image is consider left: 0 and top: 0.
• Add ability to specify if an image should be embedded in the HTML using data URIs, such as for the overlay feature, or whether they should just use the standard IMG tag that retrieves the image using a separate HTTP request. In documents, the use of data URIs is ignored for IE5, IE6, IE7 and IE8 if the image is more than 32k when encoded. All modern browsers support data URIs.
• Give the above two features a try using our Demo W-9
• The non-Web 2.0 '/start/' page's logoff button will now redirect to the login page so that on re-login it will take you back to the start page rather than to the normal Web 2.0 page.
• Removed default buttons (click by pressing ENTER) as Vaadin has a security issue with delivering such pseudo-clicks to the correct button, even delivering them to buttons on non-visible tabs and non-visible areas of the page.
• Added search result counts to To Do, custom reports and Transaction Search tabs, as well as number of sessions for the User Sessions tab.
• Added ability to search by party pickup code from general Transaction Search. It works like a tran-id search in that all other values are ignored in the search criteria as it is a unique key.
• Added friendlier error pages for parties who get errors or exceptions while processing a document to replace the standard error pages generated by Tomcat.
• Upgraded to PostgreSQL JDBC driver 9.2-1003.jdbc4.
• Upgraded to CKEditor for Vaadin 7.8.7.
• Upgraded to ResetButtonForTextField 1.1.1.
• Upgraded to Vaadin 7.1.7.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: YES (five error-page entries)

• Added support for including one or more completed documents in the HTTP Send action. You can choose the type of information to send for such documents, such as sending the HTML document(s), sending the selected documents merged as a single digitally signed PDF file, sending the XML data for easy access to all data fields in a document, or sending the XML digitally signed document and data snapshots. All files are sent use Base-64 encoding. It is recommended to use POST when sending document data.
• Added support for File field types to be included in the HTTP Send action. Any uploaded/attached file(s) will be sent over using Base-64 encoding. Two additional param-values are automatically included: YourFileParamName__fileName and YourFileParamName__fileMimeType that represent the uploaded file's file name and mime type. Note that two underbars (__) are used as to append the suffix to whatever param name you have specified ('YourFileParamName') for the File field. It is recommended to use POST when sending file data.
• Tip: Base-64 encoding converts data into an ASCII format, essentially emitting 4 ASCII characters for every 3 input bytes. It has only three special characters: +, / and = (the equals sign for padding at the end only), but oddly enough all three have special meaning in URLs (and for URL encoding for name-value params for HTTPS GET/POST). Therefore, when viewing the Base-64 encoded data in the HTTP Send logs, you will see URL-encode Base-64, so + is replaced by %2B, / is replaced by %2F and = is replaced by %3D.
• Added support for including party pick up LINK(s) in the HTTP Send action.
• No longer enable main menu tabs to be reordered via drag and drop on Apple iPad, iPod and iPhones since their Safari browser does not work like the desktop Safari (and all other) browser. Previously, mobile Safari allowed you to drag and reorder tabs, but you couldn't click them to activate them.
• Added To Do transactions pending for a user at the top of the 'start' page for non-Web 2.0 users.
• Added <meta name="viewport" content="initial-scale=1, maximum-scale=1" /> to document pages to better scale it for viewing on mobile devices.
• Added optional location field to the user record, with programmatic access via built-in field specs $ {transaction:ESF_Started_By_User_Location} and $ {transaction:user.location}.
• Allow a package to specify a 'download filename spec' to override the default names used when users download their documents in their package, as well as in reports, etc.
• Changed the order transaction templates are listed in menus and the start page to use the display name rather than it's unique path name.
• Changed the order report templates are listed in menus to use the display name rather than it's unique path name.
• Upgraded to Vaadin 7.1.6.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• Added calls to reseed our secure random number generator periodically based on events that have no fixed time, such as users logging in, emails being sent or received, etc. This helps preclude attempts to back-trace the seed established when the application is started.
• Updated the menu/tabs so that as tabs are closed, the underlying view is also cleared (no more view caching). Then if the tab is re-opened, a fresh instance is created.
• Allow the menu/tabs to be re-ordered using drag and drop so they appear in the order you prefer. New tabs are still put at the end, but you can now move it to a different position as desired.
• If a transaction party is activated to a given user, block pick-ups by other users or external parties.
• When unlocking a transaction via the To Do screen, transfer the party assignment to keep track of the unlocking user as well as whoever processes it next.
• Added Vaadin add-on DragDropLayouts 1.0.0.alpha4.
• Upgraded to Vaadin 7.1.3.
• Upgraded to CKEditor for Vaadin 7.8.6.
• Upgraded to Apache PDFBox 1.8.2 along with its dependency releases JempBox 1.8.2 and FontBox 1.8.2.
• Upgraded to libphonenumber 5.8.
• Upgraded to JavaMail 1.5.0.
• Various stability, security and bug fixes with other minor enhancements.
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): NO
  • rundbsetup/DbSetup DB conversion required: NO
  • web.xml changes required: NO

• When starting a transaction with initial POST data, if the field in the document has an initial value specified, it will be used (as before), but now if no value is set and the field name matches the name of an initial POST param, it will be set to the value from the initial POST data.
• Can now download all of the latest documents as a PDF with a single selection on the transaction detail page via Transaction Search or a custom Report PDF download button.
• Custom reports can now include a button to download all of the latest documents as a PDF.
• Custom reports can now include a button to select specific document versions (or all latest) to download as a PDF.
• New HTTP SEND Action can be specified in a package's custom logic. This allows for outbound integration to update external systems. Supports HTTP/HTTPS, GET/POST, and sending name-value pairs based on data in your package of documents.
• Added HTTP Send request and response logs to the transaction detail page from Tran Search and Reports.
• Updated deployment stats page includes a check for the HTTP Send thread.
• Added setting upload.file.maxMB=100 to the openesignforms.properties file. This was the hard-coded default value, but some low-memory servers may need to set this lower, such as to 10MB. Also settings for upload.image.maxMB=5 and upload.config.maxMB=10.
• Added create-like button to the Action list for both package custom logic as well as document custom logic.
• Added £ and € to the default money drop down formats, as well as one with no currency symbol, in ESF/Library/Template.
• Added ability to get the ordinal day number for a date format, so we now support formats like: 10th day of August, 2013
• Upgraded to Vaadin 7.1.2, which includes Atmosphere for websocket-based server push.
• Upgraded to PopupButton 2.2.1.
• Upgraded to CKEditor for Vaadin 7.8.5.
• Upgraded to Java 7.0.25. Required unexpected fix to XML digital signature generation and verification to specify the QualifyingProperties Id attribute as the "id" for the element.
• Upgraded to Tomcat 7.0.42. We found issues with earlier versions that used the NIO connectors and had to use only BIO. With this upgrade, we are able to resume using the NIO connectors.
• Upgraded to libphonenumber 5.6.
• Various stability, security and bug fixes with other minor enhancements.
• Special Lucky #13 Happy Birthday wishes to Yozons -- you are now a teenager company!
• OPERATIONS VERSION UPGRADE NOTICE:
  • Database updates required (pre.sql/update.sql/post.sql): YES
  • rundbsetup/DbSetup DB conversion required: YES
  • web.xml changes required: YES See new context-param heartbeatInterval, servlet init-param pushmode, and servlet async-supported. These are for the Vaadin 7.1 update.

• Created a new main user interface layout that we hope is simpler and cleaner for our users. The main view opens activities in a tab sheet. On logoff, the view tab sheets are saved and then restored on the next login. You can read more about the new user interface here.
• Created a new document page editor layout that we hope is simpler and cleaner for document programmers.
• Ported to Vaadin 7.0.7.
• Added Vaadin add-on ResetButtonForTextField 1.0.5.
• Upgraded to ConfirmDialog 2.0.4 (updated for Vaadin 7).
• Upgraded to Animator 1.7.3 (updated for Vaadin 7).
• Upgraded to TableExport 1.4.0 (updated for Vaadin 7).
• Upgraded to PopupButton 2.2.0 (updated for Vaadin 7).
• Upgraded to CKEditor for Vaadin 7.8.3 (updated for Vaadin 7).
• Upgraded to Java 7.0.21.
• Upgraded to Apache Commons Logging 1.1.3.
• Upgraded to libphonenumber 5.5.
• Upgraded to BouncyCastle JCE and PKIX/CMS 1.49.
• Database updates are not required, nor is a rundbsetup/DbSetup DB conversion required.
• Various bug fixes and minor enhancements.

• Added ability to block further party edits to fields when their value is set. This makes it easier for documents that are also used in packages where some data values are set from prior fields in the package. When the field is set through custom logic and this option is specified, subsequent parties will no longer be able to change it even if they otherwise would have field edit permission.
• Added ability to jump directly to any completed document from a multi-document package listing.
• Added data transforms to the SET FIELD VALUE Action, including a substring feature with an offset and length, plus a set of built-in transforms including: to uppercase, to lowercase, capitalize the first character, capitalize the first character and make the others lowercase, compress whitespace, strip whitespace, trim whitespace, get numbers only, get alphabetic only, get alphaNumeric only, and get first character only (which is just a simpler way to do a substring offset 0 length 1).
• Added ability to limit the number of files that can be uploaded on a File Upload field. The default is unlimited files.
• Added ability to make the view/download of uploaded files (via the File upload field) optional for a given party, or even to block all access for a given party through custom logic in either the document or the package.
• Allow passwords (pass phrases) for login to be as long as 100 characters.
• Upgraded to CKEditor for Vaadin 1.8.2. Fixes issues with editor removing extra code added through the SOURCE mode because of Advanced Content Filtering.
• Upgraded to PostgreSQL 9.2.4 to resolve a potentially serious security flaw, though unlikely to be an issue if deployed in a standard way.
• Upgraded to PDFBox 1.8.1 along with its dependency releases JempBox 1.8.1 and FontBox 1.8.1.
• Upgraded to libphonenumber 5.4.
• Upgraded to BouncyCastle JCE and PKIX/CMS 1.48.
• Upgraded to UrlRewriteFilter 4.0.3.
• Upgraded to JDOM 2.0.5.
• Database updates are not required, while a rundbsetup/DbSetup DB conversion is required.
• Various bug fixes and minor enhancements.

• Added mass transaction exports via the reports so you can take all of your data with you should you need to keep documents longer than you'd like to keep them online, or should you stop using the software.
• Added ability to set the placeholder attribute of input/textarea field -- called an input prompt -- that shows a tip as long as the field is empty.
• Augmented the logic behind the 'initial value' specification for field templates. Previously, these values were set at transaction startup to initialize any document field values (typically using the initiator's information as well as any data posted to the transaction's start URL). Now, along with that setting, it will also be set when a party retrieves a document if no value has been set in the field, allowing a document's field to be more easily set based on a prior document's field value. Of course, the standard custom action for SET FIELD VALUE will work complete with conditions and at specific processing steps when finer control is needed.
• Added an 'unlock' button to the To Do listing. If a To Do user starts to process the transaction (and thus locked it so others cannot also do so) but decides another user in the group should process it, it can be unlocked and returned so that anybody within the To Do Group specified will be able to process it.
• Added a new permission for a Group's member users to allow the viewing and managing the To Do queue of other users.
• For users with permission to manage the To Do queue of other users, the To Do listing allows for the selection of which user's To Do queue to list.
• Upgraded to CKEditor for Vaadin 1.8.0.
• Upgraded to Apache Commons Logging 1.1.2.
• Upgraded to Apache Commons FileUpload 1.3.
• Upgraded to Vaadin 6.8.10.
• Database updates are required, and it requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Please be sure to have installed the previous 13.2.2 release and run your deployment at least once to ensure the boot key has been properly encoded to support future upgrading. In this release, the default salt is going from 8 bytes to 16 bytes and the iteration count is going from 51 to 50000.
• This release is dated to honor David's father, Ed (A.E.P) Wall, who is celebrating his 88th birthday!
• Added a File Confirm Click field type that allows you to add a link to a file uploaded in your library so that it will track whether a given party has clicked on the link to download/read it or not. If such a field is required for a party, the party will not be able to move forward until clicking on the link.
• Allow an SSN field to be specified as an EIN field for normal or masked display.
• Allow a package version to be exported using XML as the transfer format. Package permissions are not included.
• Allow a package version's contents to be replaced by the imported XML from a previous export.
• Added the ability to defined drop down lists inside a document version (rather than just in a Library). This is useful for drop downs that really are just for the specific document.
• Added icons to show with error messages to users to draw more attention to them, one for okay and another for errors.
• Allow the main application logo shown after login to be branded.
• Created a SystemDown servlet that allows for a standard message or one customized by an HTML file (defaults to webdown.html) by restarting the web app after swapping the WEB-INF/webdown.xml for WEB-INF/web.xml so that all requests are processed to return the same message.
• Added additional configurations to allow the login page title and welcome header to be fully customized. Also, allow the login page to be embedded in an IFRAME (the login page by default will ensure it's the top page to prevent embedding), though it does introduce a security issue for those who choose this path as the login page will not show the domain name and SSL certificate.
• Upgraded to CKEditor for Vaadin 1.7.5.
• Upgraded to Vaadin 6.8.9.
• Database updates are not required, but it requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Created an HTML page (add /start/ to your login URL) that will provide links to all transactions a user is allowed to start, but without having to use the full Web 2.0 web application. This is suitable for use to access these links from tablets and phones. Test transactions can also be started if you use /start/?ESFTEST=Yes.
• Added salt length and iteration counts to the stored password-based-encrypted boot key to allow these to be changed over time. Every deployment should be started at least once with this release to ensure the boot key is properly encoded to support changes in the future.
• Upgraded to CKEditor for Vaadin 1.7.4 with support for CKEditor 4.0.1.
• Upgraded to libphonenumber 5.3.
• Upgraded to Vaadin 6.8.8.
• Database updates are not required, and it does not require a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Allow a drop down change in value to auto-post the form data to the server to update values and redisplay the same page without any data validations.
• Allow a drop down to have a dynamic name specification to use if a suitably named drop down can be found, using the defined drop down if not.
• If a user uses a transaction template 'Start URL' but is not logged in and the transaction cannot be started by external parties (non-users) and the request is not an API request, redirect the user to the login page instead of showing the not-authorized error message.
• Introduced the 'esf' object available for custom Java programming inside a document. It represents the current document/page state. For more info see the advanced programming section of the programming guide.
• DbSetup initialization includes a company-specific report template set up so the company programming group has full permissions to it. Previously the system administrator had to create a report template suitable for any distinct groups that needed to create reports.
• Added optional fields employeeId, jobTitle, department and phone to the user record.
• Added the new user fields to the transaction data record for the user who starts the transaction using notation like $ {transaction:ESF_Started_By_User_Job_Title} as well as created new fields to access the current user who is acting as a party using notation like $ {transaction:user.job_title}.
• Upgraded to Apache Commons IO 2.4.
• Upgraded to Apache Log4J 1.2.17.
• Upgraded to Apache POI 3.9.
• Upgraded to JavaMail 1.4.5.
• Database updates are required, and does not require a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Each library now has a button/message set option to customize button labels and related messages shown to users when the buttons are present during package/document rendering. The default button message set is in the ESF/Library/Template named ESF_DefaultButtonMessage. Each package can specify the button message set to use, but if the same button message set is defined in the transaction template's branding library that set will be used for those transactions. NOTE: If your deployment customized the buttons using the previous ESF_Buttons property sets (now obsolete), you will need to update the appropriate button message sets to have the customized values.
• Changed from the ChameleonTheme to the Reindeer theme.
• Upgraded to Vaadin 6.8.7.
• Upgraded to CKEditor for Vaadin 1.7.2 built on the new CKEditor 4.0.
• Upgraded to JDOM 2.0.4.
• Upgraded to PostgreSQL 9.2.2. Requires a backup/pg_dump on the previous version 8.4/9.0/9.1 database, followed by a pg_restore under 9.2.2 (after doing a create_db to build the new database, but skip the table creation second step since the restore will recreate all tables from the backup).
• Upgraded to PostgreSQL JDBC Driver 9.2 Build 1002.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Removed the "Party completed page" event from the package rules. Page events are only configured in the document rules now.
• Page events now can run on selected page(s) rather than all pages.
• Fixed various issues related to the multi-page document processing.
• Added document and page status/mode to top and bottom of page so party knows how far along they are at any given step.
• Updated showSigningKeys.jsp to put the X.509 key and certificate onto its own row so the display is not so wide. Also added the subject distinguished name (DN) embedded in the X.509 certificate to the display.
• Allow a new view only package party to be created so that you can include parties who only have to view the documents to complete their step. This allows for such parties without having to define such pseudo-parties into documents so they can be made available in the package. Of course, you can reassign the "view-only" nature so they can act as any pre-defined party in a document, too.
• The Set Auto-Cancel action allows an optional new retention spec. This allows a transaction to be auto-canceled and removed sooner than the standard retention specification defined in the transaction template. This is generally used to cleanup transactions that are started but never get beyond the initial step.
• Upgraded to Vaadin 6.8.5. Fixes two bugs we noted that were introduced in 6.8.3 and 6.8.4.
• Upgraded to CKEditor for Vaadin 1.6.7, which includes the latest CKEditor 3.6.5.
• Upgraded to PDFBox 1.7.1.
• Upgraded to libphonenumber 5.2.
• Database updates are required, and does not require a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Every signature key now has a self-signed X.509 certificate associated with it.
• All PDF exports are now digitally signed using the X.509 self-signed certificate.
• XML digital signature now includes the X.509 self-sign certificate.
• XML digital signature now supports XAdES-BES as specified in ETSI TS 101 903 v1.4.1 XML Advanced Electronic Signatures by including the QualifyingProperties, SignedProperties, SignedSignatureProperties, SigningTime, SignedDataObjectProperties and DataObjectFormat elements, as well as signing the ds:KeyInfo element.
• Updated showSigningKeys.jsp to include the X.509 certificate in its display for each key.
• Allow a package party to have a "not completed link/URL" and a "completed link/URL" specification. If the "not completed link/URL" is specified and the party is on the package page and hasn't yet completed the work, a button will be shown to allow them to say they do not intend to complete the package and it will redirect them to the specified URL. If the "completed link/URL" is specified the party will be redirected to the specified URL when all documents are completed in the package (instead of showing them the package page again).
• Created a new "ESF_Buttons" property set with various buttons labels and footers that can be defined. This is a preliminary implementation so we do not recommend making lots of customizations. The button labels to use are found using this basic search algorithm starting with the transaction's branding library, then the document's library and finally the template library:
  1. Check for a propertyset named ESF_Buttons_DocumentEsfName_DocPartyEsfName (Will use DocPartyEsfName "ViewOnly" if a view only party to the document.)
  2. Check for a propertyset named ESF_Buttons_DocumentEsfName
  3. Check for a propertyset named ESF_Buttons_PickupPartyEsfName (package party EsfName)
  4. Lastly, check for a propertyset named ESF_Buttons (one should always be found in the template library)
• Added a button to the package page that allows a completed party to download all documents as a digitally signed PDF. Enables the party to have a copy of their documents.
• Fixed generated HTML documents and most JSPs to include a meta tag to instruct robots (search engines) to not index or follow links. It's no guarantee, but helps if a user mistakenly posts a document in a public area.
• Put a max number of requests for the forgotten password feature to avoid fraudulent requests that will cause an email to be sent to the user's email address, or when a user who is not retrieving the link emailed from the previous requests. If the max is reached, it will allow for another attempt after 5 minutes, and will be reset entirely if the password is successfully reset.
• Made the Electronic Signature Process Record a bit more compact.
• Added BouncyCastle PKIX/CMS 1.47 JAR for being able to do PDF digital signatures using X.509 certificates.
• Upgraded to Vaadin 6.8.3.
• Upgraded to JDOM 2.0.3.
• Upgraded to ConfirmDialog 1.2.1.
• Upgraded to Apache POI 3.8-20120326.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Renamed the Linux command to run when converting HTML to PDF from wkhtmltopdf-i386 to just wkhtmltopdf (it remains wkhtmltopdf.exe on Windows). Please be sure to rename the tool in your bin subdirectory (or wherever it is so long as it's in your PATH when starting Tomcat) or use a softlink. This removes the i386 architecture specification we used though 64-bit versions are fine if they work for you.
• Various bug fixes and minor enhancements.

• Allow the PDF attachment file name to be optionally specified, as a fixed name or mixed with field/properties values, when attaching documents to an email in the Send Email Action.
• Allow a Document file name to be optionally specified, as a fixed name or mixed with field/property values, so when that document is downloaded, it will use that file name.
• Added libphonenumber 5.0 to support flexible international phone numbers. This has replaced our prior "USA/Canada" phone number. If you used any non-standard phone formats for your fields, you will want to revisit them to use these more standard display formats and specify the correct default country.
• Related to the phone number changes, added a default country code to the deployment properties. If you are not in the USA, you will want to set the correct default to use.
• While the signer's IP address has always been a part of the electronic signature process record appended to the document, now enable the XML digital signature seal to optionally include the signer's IP address/hostname and/or browser type (user-agent) without regard to the contents of what's being signed.
• Allow a document version to specify whether the electronic signature process record will print on a page by itself (current default) or whether it should just appear at the bottom of the last page of the document.
• Added styling to the electronic signature process record, as well as internationalized the verbiage.
• Added jBCrypt 0.3 to make offline attacks on password hashes much more expensive to crack should the password data ever be stolen. On our desktop PC, 100 SHA-512 hashes could be generated in 7 msecs, whereas with a salt value of 11 on jBCrypt, 100 hashes took 26032 msecs. This will slow down an offline attack by a factor of 3718. The salt value can double every 18 months or so (just add 1 to the jBCrypt.gensalt.iterations property) to keep up with ever faster cracking processors.
• Updated the sample XML digital signature verification code (XmlDigitalSignatureSimpleVerifier) to include a main method so it can be run as a Java program that takes one or or file names to check. The files can be either a snapshots file that contains one or more snapshot elements, or it can just be a standalone snapshot element.
• Added a Change Password feature under the Access Control menu item so a user can easily change his/her password. Previously, passwords could only be reset via the User admin screen.
• Created new showSigningKeys.jsp page that will list all of the signature public keys for your deployment. This essentially lets the world know what your public keys are, formatted both in the XML Digital Signature RSAKeyValue Exponent and Modulus values (this will match the values seen in the Snapshot XML files created as each party completes a document) as well as the X.509 standard format.
• Upgraded to Vaadin 6.8.2.
• Upgraded to Apache Tomcat 7.0.29.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• For existing deployments, add the following to your openesignforms.properties file:

  # For jBCrypt salt generation. Generally speaking, if processing power doubles every 18 months, you can add one to this
  # number every 18 months. Because the hash value contains the number used, there's no issue with respect to previous
  # passwords as this number increases. In 2010, the default value was 10. So by 2012, we'll just start with 11.
  jBCrypt.gensalt.iterations=11

• Various bug fixes and minor enhancements.

• Added multi-page documents for those who prefer a paged-experience to a scrolling document experience. Related, added new Party Completed Page event to add hooks when a page is submitted, including page-level validations.
• Added ability to calculate a monthly payment based on the amount financed (total amount), APR (interest rate) and number of monthly payments (term in months).
• Created action to submit credit card information to the PayPal DoDirectPayment "Sale" method of the PayPal NVP API version 92.0. Can be used by PayPal "Payments Pro" (Web accept payments) customer. Most will register for the NVP API credentials using. Test transactions use the PayPal Sandbox while production transactions will use your configured PayPal API credentials for real credit card charges.
• Added country name to two-letter ISO-3166-1 codes drop down list to the standard template library.
• Allow MM/YYYY date selection using the data selector tool. The actual date will be the last day of the selected month and year. Useful for credit card expirations and some human resource needs where job start/end dates just require a month and year.
• Changes to the retention values for a transaction template will now automatically update existing transactions to use the new value. This type of change is logged to the user and system logs to record the retention change made.
• Fixed XSS bug in the login page's 'saveEmail' checkbox found by the Tinfoil Security beta vulnerability scanning service. Oops! That is a bit embarrassing...
• Upgraded to CKEditor for Vaadin 1.6.6. Documents can now contain JSP code and tags when entered in SOURCE mode.
• Upgraded to Vaadin 6.8.1.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• New serial number generators for generating unique numbers, like order numbers, customer numbers, etc. referenced as a field specification with the 'serial' prefix.
• Added new DateTime field type. This is not generally used for input mode by a party filling out a form but is used to capture the current date-time and possibly add/subtract days from it.
• Added new date and date-time formats to the ESF/Library/Template drop downs to allow for numbers-only formats.
• Added ability to update report field templates from both the report template's "Fields in report" and the package's "Map report fields" screens.
• Added ability to activate a party out of normal sequential order. It is most useful when you have multiple notification parties at the end of a process flow who can all be activated together.
• Added a refresh button to the report and general transaction search details screen.
• Allow the HTML email text to contain $ {image:ImageName} field specifications. Note that images may not be shown unless the recipient's email client allows for remote images to be loaded or the user clicks to show images. Like before, you can still use the CKEditor's image insertion tool.
• Fixed transaction and report searches against party email addresses.
• When a condition or action is being configured, if has no specifications, put the user immediately into creating a new specification.
• Allow a condition to be negated from its main edit view. For conditions with multiple specifications, this is done above the list of specifications. Otherwise it appears above the single specification form.
• Expanded Comparison Condition operators (less than equals, greater than equals, same length, shorter or same length, longer or same length) and allow appropriate ones (equals, less than, greater than, less than equals to, greater than equals to) to operate on integers and decimal numbers including money values.
• Upgraded to Vaadin 6.8.0.
• Upgraded to JDOM 2.0.2.
• Upgraded to CKEditor for Vaadin 1.6.5.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• On 17 May 2012, the U.S. Patent Office re-confirmed the validity of all 45 claims of our U.S. Patent No. 7,360,079 with no amendments.
• Fixed the default ENTER key problem with forms that contained CKEditor and/or TextArea fields (like for comments) where hitting the ENTER key should have just made a new line rather than savings the contents.
• Allow transaction templates to have a Display Name used for showing this transaction's name in the menus.
• Allow report templates to have a Display Name used for showing the report's name in the menus.
• Changed the 'Cancel transaction' action to allow for a future date to be set for auto-cancellation.
• Added 'Clear cancel transaction' action to turn off auto-cancellation, such as when the transaction reaches a processing step within a given amount of time and now can progress or complete normally.
• Added 'Skip document' to the change status action to remove a document from the processing flow for all parties.
• Added 'Now' to time intervals drop down list.
• Added a comparison condition to test if a field has a specific value or matches another field's value. It supports equals, starts with, ends with, and contains comparisons. Case-sensitive tests are supported.
• Allow custom programming to be applied to a document. This is for logic that always makes sense for the document, regardless of the package it's in.
• Added Show Error (or other message) action to display a field validation error using custom logic to validate it.
• Allow Conditions on Actions to be re-ordered using drag and drop.
• Added ConfirmDialog to the property set delete button to avoid confusion with removing selected properties with deleting the entire set. Also added to the Package Version, Transaction Template, Report Template and all library configuration components.
• Added ability to start a new transaction like an existing transaction, from both the general transaction and report details view.
• Added tooltips to all menu items.
• Allow package process rules (custom logic) to be re-ordered.
• Field specifications like ${DocumentName.fieldName} retrieve a simple display version of the value of 'fieldName' in document 'DocumentName'. Added the ability with the 'out:' prefix before the document name to instruct the returned value to use the output format specified in the corresponding field template instead. This is particularly useful in things like Email Templates when you want to show the selected label that goes with a drop down's value.
• Upgraded to BouncyCastle 1.47.
• Upgraded to Vaadin 6.7.9.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Allow PDF generation to be in landscape form when the corresponding document is defined as such. If multiple documents are merged, then it will be landscape if any of those documents is defined as landscape, so mixing landscape and portrait documents will generally not lead to optimal results.
• Added ability to upload files into a library or a document, similar to how images are done, so they can be referenced via links in documents.
• Added ability to add actions when a transaction is canceled.
• Added ability to cancel a transaction and skip a party during the process flow.
• Upgraded to CKEditor for Vaadin 1.6.3 which includes CKEDitor 3.6.3, and ability to specify file links from within the CKEditor link feature.
• Upgraded to JDOM 2.0.1.
• Upgraded to Vaadin 6.7.8.
• Upgraded to Animator 1.6.6.
• Updated all to use annotations and removed Open eSignForms filter/filter-mapping/listener/servlet/servlet-mapping from the web.xml. This makes it easier going forward to include new filter/listener/servlet without needing to update the otherwise deployment-customized web.xml files.
• Ran FindBugs in Eclipse to create cleaner, more reliable code.
• Because we allow for deployment customization of drop downs, style sheets, etc., we did not force the following changes through a DB update. But if you want to stay close to the base, we recommend you consider updating your ESF/Library/Template:
  • DropDown ESF_Font: Rename New Century Schoolbook to Bradley, Lucida Handwriting and change its value to font-family: 'Bradley Hand ITC', 'Lucida Handwriting', 'Comic Sans MS', cursive;
  • DropDown ESF_Font: Rename Comic Sans to Comic Sans MS and change its value to font-family: 'Comic Sans MS', cursive;
  • Document style ESF_DefaultDocumentStyle for 'Signatures': select Bradley, Lucida Handwriting.
• Database updates are required, but no DB conversion.
• Various bug fixes and minor enhancements.

• Added ability to specify conditions that must be met before a package's action takes place. Any condition can be negated to mean NOT whatever it's condition test results in. Initial set of Conditions include: AND, OR, All Blank (all specified fields have no value), Any Blank (at least one field specified has no value), and Some But Not All Blank (at least one field specified is blank and at least other has a value -- false if you specify fewer than two fields to check). Note that 'NOT All Blank' is equivalent to 'Any Non-Blank' (at least one field has a value), and 'NOT Any Blank' is equivalent to 'All Non-Blank' (all fields have a value)
• Added ability to access any attached files included in an outbound email from the Email Log detail view.
• Fixed outbound emails to specify charset=UTF-8 in the subject, text and html body parts.
• Made buttons stand out more in the main application, as well as in the document process flow (thanks to Leslie Strom for this good idea).
• Upgraded to Vaadin 6.7.6.
• Upgraded to Vaadin Add-on TableExport 1.3.0.
• No database update/conversion is required.
• Various bug fixes and minor enhancements.

• Provide direct access to any file(s) uploaded into the transaction via the general transaction search and report details.
• Add ability to attach any file(s) uploaded into the transaction to an email.
• Allow File Upload fields (that support uploading files into your document) to be included in Reports and To Do listings as a report field (requires DB schema change).
• For documents with File Upload fields, we now auto-scroll the page to this field on Upload/Remove so the user's focus remain in the same area rather than having to scroll from the top.
• Completed the new online Programming Guide. All guides should be complete now, but of course will be updated to reflect user questions, tips, new features, etc.
• Added new (Default) value to various style drop downs that basically emit no CSS. This replaces the previous default of 'inherit', which was not as useful because it took the style from the parent element rather than the system defaults. Previously new document styles had to redefine all styles rather than just override the default values.
• Allow Integer fields to be specified to show the number in 'ordinal' format, like 1st, 2nd, 3rd, 4th.
• Allow a field label to be suppressed when the field is not in EDIT mode, mostly used for fields defined inside a paragraph of text so that the label appears for the person entering the data, but then is not shown thereafter.
• Allow a field template to have a value to show if it's field value is blank.
• Upgraded to CKEditor for Vaadin 1.6.1. Special thanks to sascha.broich76 for his code contribution. Added font Calibri to the editor's built-in Fonts.
• Upgraded to JDOM 1.1.3.
• Database updates are required, and requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Added ability to remotely start new transactions on behalf of a user (previously, only external user starts were supported).
• Added API ability to remotely start new transactions and complete the first party step and receive an OK or ERROR response.
• Changed web.xml and our cookie generators to specify HttpOnly cookies, which requires the use Servlet 3.0 APIs in Tomcat 7.
• Created a new online Concepts, Tips & Tricks Guide.
• Created a new online User's Guide.
• Created a new online System Administrator's Guide.
• Created a new online Programming Guide.
• Created a new online Programming Tutorial.
• Upgraded to Vaadin 6.7.5.
• No database update/conversion is required.
• Various bug fixes and minor enhancements.

• Added a calculate action to do basic arithmetic with integers, decimals and money values.
• Added "party review document" event to do special processing when the party goes from EDIT to REVIEW mode.
• Allow the retrieval of subscripted transaction data, for example sampleName[4], to retrieve the 4th element in the array of params named 'sampleName' when the transaction was started (i.e. sampleName=First&sampleName=Second&sampleName=Third&sampleName=Fourth).
• Added ability to reload report fields from existing transactions. This is mostly used when new fields are defined, so they appear blank in reports for those transactions last updated before the new report fields were defined.
• On startup, regenerate all Document Style (CSS) and DocumentVersion (JSP) files defined in all libraries.
• Ensure JSP/Servlet uses UTF-8 encoding to support input fields in forms having non-western characters.
• Added party email filtering to the general transaction search view.
• Upgraded to Vaadin 6.7.4.
• No database update/conversion is required.
• Various bug fixes and minor enhancements.

• Added ability to send emails at any step of the work flow. Previously, emails were optionally sent only as each party's step in the workflow was activated. Email actions allow emails to be sent with specified document snapshots attached, or merged together as a PDF attachment.
• Fixed the Report Template 'create like' so if a user has permission to create like a given template, but doesn't have permission to list all of the transaction templates specified in the original report, then those extra transaction templates are not included in the new report template.
• Added HTML to PDF generation, which is now used by general transaction search as well as custom reports when viewing a document snapshot "as PDF".
• Added ability to download selected snapshots as a combined PDF in report details as well as the general search details.
• Installed wkhtmltopdf 0.11.0rc1 for HTML to PDF generation.
• Update the document editor as well as the Tips editors to allow CKEditor to adjust its height to fill the page.
• Upgraded to Vaadin 6.7.2.
• Upgraded to CKEditor for Vaadin 1.6.0. Special thanks to Stefan Meißner, davengo GmbH, for his code contributions.
• Upgraded to TableExport 1.2.9.
• Upgraded to Apache log4j 1.2.16.
• Database updates are required, but no DB conversion.
• Various bug fixes and minor enhancements.

• Added the ability to export the configuration of library objects documents, document styles, drop down lists, email templates, images/logos and property sets to an XML file suitable for transferring to another library, possibly in another deployment. This is the first step for the Forms Store.
• Added the ability to import the configuration of library objects documents, document styles, drop down lists, email templates, images/logos and property sets from an XML file previously exported from another library, possibly in another deployment.
• Several bug fixes related to both User and Group caches.
• Upgraded to JDOM 1.1.2.
• No database updates are required, but requires a rundbsetup/DbSetup DB conversion.
• Various bug fixes and minor enhancements.

• Added ability to define and run custom reports, pulling any data required from any documents defined in any transactions/packages.
• Added ability to export report data to an Excel or CSV file using add-on TableExport 1.2.6, which itself relies on Apache POI 3.8.
• Renamed the original 'Search/Reports' menu item to 'General tran search' to reflect it's general nature compared to reports that are customized.
• Moved the To Do menu item to the top position for easy, consistent access.
• Upgraded to Vaadin 6.7.1. This obsoletes add-on JARs for ChameleonTheme and TreeTable.
• Upgraded to CKEditor for Vaadin 1.4.3.
• Upgraded to Apache Commons IO 2.1.
• Upgraded to Apache Fileupload 1.2.2.
• Various bug fixes and minor enhancements.

• Added ability to specify those fields in a package of documents that will be used in custom reports (next release) or To Do listings.
• On transaction save, data fields for reports/To Do are stored for indexed access.
• Upgraded the To Do list to show custom report fields specified for it. Since report fields are defined in the package version, a To Do list is created for all transactions by package version.
• Upgraded to Vaadin 6.6.6.
• Upgraded to PopupButton 1.2.1.
• Upgraded to Apache Tomcat 7.0.20.
• Various bug fixes and minor enhancements.

• Celebrating Yozons' 11th birthday today with this release. Yozons was incorporated on August 9, 2000. It feels like the stock market is at about the same price point, too!
• Allow a field to be specified to as required, yet still be optional for certain parties. This use case appears often when one party pre-fills a form for another and the fields should be required for a completed document, but must remain optional for the pre-fill step.
• Added ability to apply a full, left-side or right-side mask on general fields when in display mode, for things best not shown in the digitally signed snapshots. These were already present in known field types like SSN and credit card numbers.
• Allow sensitive information to be masked in the data snapshots, such as for a credit card security verification code that otherwise shouldn't be stored longer than necessary to process it. Of course, all data is encrypted all of the time, but once processed, the live data can be blanked out or masked, but now even the digitally signed snapshots of the data will not contain such (rare) data.
• Allow a field to be specified to allow or disallow cloning its value when a new transaction is created like an existing transaction.
• Link to the version history (this page) from the main window's footer where the version number is displayed.
• Various bug fixes and minor enhancements.

• Added ability to define custom logic to alter the straight-through default workflow of process each party in order, with each party processing the documents assigned to them in order. Added the ability to set document field values, with more actions coming soon that use the framework developed for this.
• Use logo and company name from the template library's property set MyCompany on the login page.
• Upgraded to URL Rewrite 3.2.0.
• Upgraded to Vaadin 6.6.3.
• Switched to a date-based (y.m.d) version numbering scheme for Open eSignForms.
• Various bug fixes and minor enhancements.

• Allow a package party to delete the transaction from the package document if no signatures have been applied on any document by any party, which is generally useful for the first party who starts a new transaction but decides not to submit it for further processing.
• Allow an inactive party's email to be changed, and if active, to transfer the party to a new email address while invalidating access using the link sent previously.
• Allow a party to be renotified by sending the email again.
• Upgraded to PopupButton 1.2.0.
• Upgraded to Chameleon Theme 1.0.2.
• Upgraded to TreeTable 1.2.2.
• Various bug fixes and minor enhancements.

• Added credit card field type, including masking for display.
• Allow the retention of various log records to be specified in the deployment configuration.
• Daily statistics now include the number of transactions in the database.
• Upgraded to Vaadin 6.6.2.
• Upgraded to CKEditor for Vaadin 1.4.1.
• Various bug fixes and minor enhancements.

• Added ability to set the license type and size for a deployment: Open Source License (AGPL) or Commercial License (DBSIZE or NUMUSERS).
• Added ability to set the default session timeout as well as a different value for logged in users.
• Added a system status check hook for 24x7 monitoring, such as with Pingdom.
• Various bug fixes and minor enhancements.

• Added link to built-in 'esf.css' file from the document builder for easy reference.
• Added transaction data fields for the creator's email address, name, etc. if they are logged in. They are described in the document programming tips page, along with new links to advanced programming concepts for decimal formats, date formats and regular expression patterns.
• Added auto-complete option to fields. If off, autocomplete="off" is added to the input field. This is useful for sensitive fields, like SSN, credit card info, etc. where you don't want the browser to cache answers.
• When a signature field's value is saved, we automatically generate and save related data elements that include the timestamp and IP address.
• Upgraded to CKEditor for Vaadin 1.4.
• Various bug fixes and minor enhancements.

• When editing a document, can select a party to auto-assign any auto-created fields so the party can update them.
• When a new document is created, a "first party" is automatically added.
• Can set the landing page for a package party (package+disclosures, first document, first to do or first document if nothing to do, or first to do or package if nothing to do) to control which document is first seen when a given party accesses the package.
• Created Radio Button Group field type to hold the value of its radio buttons. Radio buttons configuration allows for a drop down list of available radio button groups to belong to. The radio button group holds the data value of the select radio button and is specified for party update or not. The radio button group 'reference count' is the number of its radio buttons.
• Various bug fixes and minor enhancements.

• Changed Integer, Decimal and Money fields to use drop down lists so their display formats are fully customizable.
• Added radio button fields.
• Added rich text editor (HTML Editor) fields.
• Upgraded to Vaadin 6.6.1.
• Upgraded to CKEditor for Vaadin 1.3 which includes CKEditor 3.6.
• Fixed Date field so that the calendar icon stays with the text input field when in edit mode.
• Various bug fixes and minor enhancements.

• Initial commercial release.
• User and group management, including seeing who is logged in and who is using the system as an external party.
• Library support grouping related documents as well as for providing a branding opportunity for multi-company deployments.
• Transaction report and To Do listings.
• Package configuration to allow one or more documents to be processed as a package of forms.
• Transaction configuration to specify who can start and cancel transactions, which package will be used, and to specify a branding library.
• Document builder.
• Document style editor.
• Drop down editor for select boxes.
• Email notification editor.
• Image/logo upload.
• Property set editor to allow for easy externalization of configurable elements, like company name, address, phone, etc.
• Field configuration including general data input, checkbox, date, decimal numbers, email address, file upload/download, integer numbers, money, phone numbers, drop down lists, signature, signature date, SSN, text area and zip code.
• Party configuration including associating a group of users who may all be allowed to process a given type of transaction in that role.
• XML Digital Signature snapshots of the data and documents on each processing step (as each party submits a document as completed).
• Integrated email notifications so that bounces and replies are automatically correlated and available for review online.
• Basic transaction flow from the first party through the last party, with each party seeing the document(s) available to them in order.
• System configuration elements, statistics, system activity logs and the ability to update various "tips" pages.

• In May 2008, we inquired with the Free Software Foundation (FSF) regarding possible interest in building an open source product and how the various licenses worked. We settled on the GNU Affero GPL (AGPL) to ensure the code always remains open and free.
• The Open eSignForms project was launched in June 2009, with the first code base established on July 6, 2009. We also activated our (now defunct) Twitter @OpenESignForms then.
• Early research of various Web 2.0 technologies that we evaluated included the Dojo, EXT-JS and YUI javascript libraries in September 2009.
• Next we evaluated Google Web Toolkit (GWT), EXT-GWT and SmartGWT in November 2009, including building some initial pages using GWT.
• We finally settled on Vaadin in January 2010. Coding on Vaadin+GWT began in earnest in May 2010.
• Added CKEditor in July 2010.
• Added email sending and bounce processing, 4096-bit RSA keypairs and RSA+SHA-512 XML Digital Signatures in April 2011.
• Released the 0.9 BETA to partner developers in May 2011.
• Created our Facebook page in May 2011.