Products affected: SendSuite® Live
This section includes items that have been raised via Support and escalated to Development for resolution within this release.
Security. Enhanced Product Security.
- Improved data sanitization to remove potentially dangerous scripting:
- The product now sanitizes all data on retrieval. Using the mganss html sanitizer library, it removes any dangerous scripting ability to enhance protection against cross-site scripting attacks. For more information please refer to the Possible Breaking Changes section of these release notes.
- New setting added to all authentication types: XML Request User Validation:
- If set to True, when a Pierbridge Request includes a hard-coded value in the username node, it is checked against the logged-in user. If they do not match, the request fails. True by default. For more Information please refer to the Possible Breaking Changes section of these release notes.
- The IP address of the originator (IPv6 or IPv4 depending on client) is captured in the log header. Requests from the client to Projects Server display the IP address of the client.
- Requests from Projects Server to Shipment Server display the server’s IP address as “127.0.0.1” or “::1”.
- All direct requests to XmlService (Shipment Server) from a Blackbox request show the client’s address
Output Rules. Improved ContentLineValue Checking
All output rules that use the “sum” function for ContentItemValue have been improved so that they ignore empty line items and therefore fire correctly. For instance, the NAFTA Certificate of Origin will now work correctly with transactions such as AddPackage.
This section contains information about minor changes and corrections. It can include issues raised in previous releases that have been corrected.
Reports Viewer. Fixed User Dropdown Issue
Updated the Reports Viewer so that you can now view individual user’s reports or reports for all users. This feature defaults to “All Users”, and the control will display all available reports, unless told otherwise.
UPS API. Rates Now Consistent in Ship and Return Transactions
Negotiated rates are now requested when doing the Return transaction with UPS API. This change keeps the charges consistent with the type of rates requested for Ship.
Rate and Ship. Fixed PackItem Nesting
Resolved an issue with Rate and Ship Request including only top-level pack items.
Product Database. Added Canary Islands to Country Codes List
Added the ISO code for Canary Islands to the [Address Codes] table.
Ship Response. Errors Related to Trade Direct Open Requests Now Included in Response
Warnings and errors relating to adding a shipment to a Trade Direct consolidated shipment now appear within the Ship Response under Warnings. Previously, they were only logged in the diagnostics window.
Parcel and Line Item JOC. Fixed Issue with Internal Data Binding and Display
Fixed a display issue that caused a random zero to appear on screen when loading content such as Favorites.
FedEx Web Services. Improved Residential Checking. Generation 1 and 2 Templates
Improved FedEx Web Service Address Validation response handling. If an address is validated, but the residential classification is unknown for FedEx, this is now indicated on the template by:
- A green tick icon with a question mark - Generation 1.
- A message – Generation 2.
FedEx Web Services. Improved Failed Rate Processing
Improved rate handling for FedEx Web Services. If FedEx does not return a rate for a multi-piece shipment, warnings are now logged to help identify the failed packages. For packages that fail, because no rates are returned, no rates are saved to the database or available in the response. However, they are for those packages that did get a rate. Additionally, updated the Text XML Utility with a resizable window and repositioned Stop button.
Authentication Modes. Extended SAML Favorite Redirects to Handle QueryString Values
SAML favorite links now handle URL's that contain query string arguments.
FedEx Server. Updated Encoding
- The encoding of characters sent in the byte stream has been changed to use extended ASCII (CP1252). This allows FedEx to better handle international characters. However, when printing, note that FedEx will convert characters to their ASCII equivalents and thereby not show all special characters or accents over letters.
- Changed the way a failed response is handled to prevent the logging of a rogue "arithmetic overflow" exception.
Generation 1 Ship. Improved NewLine Handling
Improved scripting within Generation 1 Ship 1.18 project template to ensure that blank numeric cells (e.g. quantity) are not converted to "NaN" when loading. Also refer to the Project Template Changes section of these release notes.
UPS API. ReceiverName Now Passed with Returns
The package receiver name is now passed to UPS API in return transactions. This ensures international returns function without error.
UPS API. Resolved Reference Field Issue
Resolved issue whereby too many reference fields were being passed to UPS API during Ship transactions. The following priority is now assigned to reference fields:
- Packages/Package/ContentDescription (domestic shipments only)
The carrier only supports up to two reference fields at the package level. Each field is passed if present, but the ContentDescription field is only passed if either (or both) of the higher priority fields are missing or empty. In addition, the existing shipment level reference fields are no longer passed as they are duplicates of those now being passed at the package level (ShipperReference and ReferenceOne).
Updated Guaranteed Flag for UPS 2nd Day Air® and FedEx 2Day® A.M.
The database configuration for the following carrier services has been updated:
- 24: UPS 2nd Day Air®
- 590: FedEx 2Day® A.M.
These are now flagged as guaranteed services and will display as such within rating controls
Pierbridge Print Transaction Improvements
The ability to print all labels or documents for a single package, shipment or requisition has been added to the PierbridgePrint request. You can now specify a PackageID, ShipmentID or ShipmentRequestID and no OutputBaseType to reprint all items for that record. By default, labels and documents are printed. However, an “OutputCategory” has been added allowing you to filter. Supported values are 1 for labels and 2 for documents.
All existing View and Desktop templates have been modified to use this new functionality. So reprinting will reprint all labels and documents rather than the previous behavior of being limited to labels and documents of a certain base type. The templates are: View 1.16, View 3.3 and Desktop 3.8. Also, refer to the Project Template Changes section of these release notes.
Generation 1 & 2 Mailroom Templates. Removed ERR Output Ellipsis Button
Removed the ellipsis button from the ERR section of a Mailroom template. Refer to the Project Template Changes section of these release notes.
POSSIBLE BREAKING CHANGES
This section lists all changes that have the potential to break legacy functionality. Please review the contents of this section before updating any project to understand the changes that are being made and any actions that you need to take prior to applying the patches.
Improved Product Security.
- Added a new setting to all authentication types: XML Request User Validation. If you are submitting requests which use a different user to the authenticated user set the "XML Request User Validation" setting to False.
- Data sanitization improvements to remove dangerous scripting. If your requests include any dangerous scripting in relation to embedded HTML content, then such data will now be removed.
PROJECT TEMPLATE CHANGES
The following templates have been updated and can be used with this release:
Template: SendSuite Live Ship
Version: Generation 1 – 1.18
Comments: Improved scripting to handle blank numeric cells on template load.
Template: SendSuite Live Mailroom
Version: Generation 1 – 1.22; Generation 2 – 3.11
Comments: Removed ellipsis button from the ERR section.
Template: SendSuite Live View
Version: Generation 1 – 1.16; Generation 2 – 3.3
Comments: Print all outputs.
Template: SendSuite Live Desktop
Version: Generation 2 – 3.8
Comments: Print all outputs.
UPDATED: September 19, 2019