
RELEASE NOTES
Version 1.2
Release Date
22 March 2019
[Important Notes]
The release focuses on security and application stability.
[New Feature]
-
Refresh tokens are introduced to allow active user to continuously work on the web portal.
-
Session ideal timeout of 60 minutes in introduced.
-
New export report layout. This layout allows import of data to other systems.
-
Stricter CORS policies are applied to enhance security.
-
Improved Authentication scheme applied to enhance security.
-
X-Frame options introduced to enhance security.
[Fixed Issues]
-
Intermittent “Invalid Barcode” error come up even after valid scans.
-
JQuery library 1.1 used on the web frontend update to the latest 3.3.1 version.
-
Bootstrap version upgraded from 3.3.2 to 3.4.1.
-
Product Name now populating on the exported reports.
-
NMVS password renewal process updated as per NMVS guidelines.
-
Serialisation – “Product Management” EMVO call-backs updated.
-
Serialisation – “Create Pack” call-backs are now presented to the user.
-
Serialisation – “Create Pack” job review time-stamp fixed.
-
Serialisation – “Create Pack” job review of product commission fixed.
[Known Issues]
-
Initial user login takes long time.
Version 1.1.1
Release Date
25 February 2019
[Important Notes]
-
Patch release to enhance the barcode logic to cover “NMVS_FE_LOT_12” error code. FMVerify is not affected by this issue but further validation checks are introduced.
[New Feature]
-
Added newly supported GS1 barcode patterns as per the EMVS guidelines.
[Fixed Issues]
-
Added checks to verify Expiry date consistency to cover the “00” in the pattern.
-
Functionality updated for the Product Barcode scan box under “Monitor” page.
[Known Issues]
-
Intermittent “Invalid Barcode” error come up even after valid scans.
-
Initial user login takes long time.
Version 1.1
Release Date
07 February 2019
[Important Notes]
-
This version is a first production ready version with LTS.
[New Feature]
-
Serialisation module is fully integrated with the system.
-
AWS Web Application Firewall enhanced with the support of UK Geolocation checks.
-
Manual re-submit of Bulk transaction is introduced in the monitor section.
-
Session Authorisers are introduced to further secure the environment.
[Fixed Issues]
-
User session management data is fully encrypted.
-
The inactive “Report” menu item is removed.
-
Browser page refresh does not break the user session.
-
Bulk transaction auto submission does not happen when aggregation code is used.
[Known Issues]
-
Intermittent “Invalid Barcode” error come up even after valid scans.
-
Initial user login takes long time.
Version 1.0
Release Date
22 January 2019
[Important Notes]
-
This version is a quick release and not part of LTS (Long term support).
-
The environment is linked with the Production UK NMVS endpoints.
-
Environment is part of secure AWS production setup with no customer data access to Codesplice Ltd.
[New Feature]
-
New Barcode check logic: The new logic is based on GS1 Datamatrix standards released by European Medicines Verification Organisation (EMVO)
-
30 minute ideal session timeout introduced.
-
AWS Web Application Firewall implemented with below checks:
-
Honeypot: This component creates a honeypot to lure and deflect content scrapers and bad bots. A discrete API Gateway endpoint (embedded in the web application) triggers a custom AWS Lambda function, which intercepts the suspicious request and adds the source IP address to the AWS WAF block list.
-
SQL injection and cross-site scripting protection: The solution automatically configures two native AWS WAF rules that protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.
-
Log parsing: A custom AWS Lambda function automatically parses access logs to identify suspicious behaviour and add the corresponding source IP addresses to an AWS WAF block list.
-
Manual IP lists: This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block (blacklist) or allow (whitelist).
-
IP-list parsing: A custom AWS Lambda function automatically checks IP reputation list “emergingthreats” hourly for malicious IP addresses to add to an AWS WAF block list.
-
HTTP flood protection: This component configures a rate-based rule that automatically blocks web requests from a client once they exceed a configurable threshold.
-
-
A pop-up message is introduced to prompt users to close current transaction before navigating away from the current page with an open transaction.
[Fixed Issues]
-
“Upload Certificate” under “Administrator” menu item is enabled.
-
“NMVS Password Renewal” under “Administration” menu item is enabled.
-
Inter-market packs are tested successfully.
-
Rapid Scan random unsubmitted data presented as “white row” fixed.
-
Support for TLS v1.1 removed to enhance security.
[Known Issues]
-
The “Report” menu item is disabled.
-
Bulk transaction is auto-submitted when aggregation code is used.
-
Serialisation Module is not completely integrated in the environment.
-
Browser page refresh breaks the session.
-
Initial user login takes long time.
-
Web Application Firewall – Geolocation checks are not implemented: Geolocation checks are used to confirm the client source IP is based inside UK.
-
User session management data is not encrypted.