Highlights

  • New capabilities: phone/email login in feedback, extended case registration channels, refined personage & anonymity features.
  • Security & control: improved password management permissions and 2FA handling - 2FA without global Twilio creds.
  • Stability & UX: multiple bug fixes in search and feedback portals, notification behaviour tuning, and visibility of the app version in the UI.


New Features & Major Improvements


1.  Phone/email‑based whistleblowing portal login & notifications  

Introduced a more flexible phone/email‑based login for feedback and ensures resource verification and notifications are handled correctly for this flow. 


2. Pseudonymization of case authors.

Ability to hide case author. Made it easier to create personage records from users, reducing friction and helping with privacy/compliance needs. Case authors are visible in Dossier.


3. API for case registration and WhatsApp intake. 

  • Expanded case registration API channels, enabling more integration scenarios. Added support for registering cases via API to channels beyond the default web channel. Reports from external tools (e.g., AI chatbots) can now be posted directly to any channel enabled in the Channels tab of Sync Data.
  • Enabled support for WhatsApp intake channel and delivered to a customer


Bug Fixes & Stability


  • Introduced granular permissioning for password management and fixed configuration around allow_admin_change_user_password.
  • A set of stability and UX fixes in search and feedback portals, cleaner notification behaviour, and better transparency of app version.
  • Made 2FA less dependent on global Twilio credentials, likely improving security/config flexibility.
  • Implemented deferred script execution on initial page load to prevent performance issues on the Search page. 
  • Addressed a regression in the earlier mitigation for an email looping vulnerability. Strengthened loop detection and handling to prevent recursive auto-replies and bounce loops. Added safeguards and tests to ensure stable, predictable behaviour in email processing.
  • Resolved an issue where, for some customers, the allow_admin_change_user_password setting was ignored, allowing admins to change user passwords despite being disabled. The permission is now correctly enforced.
  • Added a dedicated button to create a personage directly from a user. This streamlines the conversion process, reduces manual steps, and improves workflow efficiency for teams managing user-to-personage creation.