Release Notes - Security Updates
What are the latest security updates on the product?
| Communicate Cadence | As needed |
| Deployment Date | Throughout the releases |
| Scope | Security updates |
| Purpose | Secure the Product and apply a hotfix |
| Notes - These updates will be communicated sufficiently in advance to allow our customers to test the possible impacts if needed. | |
For each security release note, please find the below.
11-NOV-2023
The third-party service Auth0, used currently on our platform to manage authentication will be replaced by the IBM Security Verify solution.
By implementing the new IBM Security Verify solution, the same functionalities currently existing with the Auth0 provider will be available on the platform, from the user connection to the user management and reporting. Please note that the main difference your users will notice is the authentication screen display, but the authentication steps and experience will be the same. The other noticeable difference will be the password setup, including a temporary password received by email instead of a link currently received by email.
Your users will be automatically migrated to the new solution without any actions needed. Sensitive data, i.e. password and MFA code will not be migrated for security reasons. Therefore, after the migration, we will request the users to reset their password and MFA code. The steps to reset this authentication information will be shared on the week of the UAT deployment, and the User Guide will be updated to align with the new User Experience.
On 28 Oct 2023, we will migrate all users in the User Acceptance Testing environment and on 11 Nov 2023, in the Production environment.
1-SEP-2023
From September 1st, 2023, our password policy will be updated. It will now be necessary to provide a password with at least 15 characters. More details: Password Policy