- 07 Jun 2024
- 1 Minute to read
- Print
- DarkLight
Onboard June Release
- Updated on 07 Jun 2024
- 1 Minute to read
- Print
- DarkLight
ONBOARD VISIBLE CHANGES
Onboard new features for the current release are listed here.
Onboard: Addition of CAPTCHA
Starting this release, we have introduced enhanced security measures by implementing CAPTCHA validation in both the login and password reset processes.
The captcha consists of six characters, comprising a mix of uppercase letters, and numbers.
Additionally, there's a refresh button for generating a new CAPTCHA.
This feature is now integrated into the user's sign-in and forgot password pages.
During login attempts, the captcha will be prompted after three unsuccessful login attempts on the login screen.
The captcha is always presented in the forgot password flow, ensuring its authenticity for password reset attempts.
Selecting the forgot password link from the login page, users are redirected to the forgot password page.
Key in the username and captcha code given in the text box and select Continue.
A message is displayed to the user to check their inbox for a link.
Copy and paste the link provided in a browser. Answer the secret questions, and then reset their password to continue to log in to the application.
Users must correctly enter the CAPTCHA before proceeding with the password reset.
Note: This is only for non-SSO users.
Internal Reference Azure Board # 46573.
Onboard: Display of PDF
Currently, candidates are unable to view their documents (such as contract and offer letter documents) in the Onboarding portal specific to accessing it via mobile using Safari and Samsung internet browsers, and a blank document is displayed.
However, the documents are visible when accessing via the Google Chrome browser on mobile and via a computer or a laptop.
Starting this release, a fix is deployed and in the mobile view aspect the PDF review is not displayed, instead, a link is displayed as " Click here to download the PDF".
Upon clicking the link, the PDF is displayed on a new tab and can be viewed.
Internal Reference Azure Board # 44684.
Onboard: Cookie with SameSite Attribute
A cookie has been set without the SameSite attribute, making it vulnerable to being sent during 'cross-site' requests.
Setting the SameSite attribute is a crucial security measure to prevent cross-site request forgery, cross-site script inclusion, and timing attacks.
Starting this release, to enhance security, we are ensuring that the SameSite attribute is set to 'lax' for all cookies.
Internal Reference Azure Board # 46912, 46913,46400.
ONBOARD CONFIGURATION CHANGES
There are no new configuration changes in the current release.
ONBOARD FIXED DEFECTS
There are no new items during the current release.