Versions Compared

Old Version 13

changes.mady.by.user Sathish P

Saved on

compared with

New Version Current

changes.mady.by.user Sathish P

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version No.

Author Name

Release Date

2.4

Sathish P

0304.06.2021

Release Summary

DIGIT 2.4 is a release that has got new modules, a few functional changes, and non-functional changes.

...

S.No.

Feature

Description

1

eChallan module

  1. Generate e-challans / bill for all miscellaneous / Adhoc services which citizens avail from ULBs

  2. Edit/Cancel e-challan/bill

  3. The ability for ULBs to Notify citizens about the outstanding payments - Online(email & SMS) and offline.

  4. Enable Digital payments for citizens - QR code, payment link in notifications, etc.

2

WhatsApp Bill Payment and PGR v2 integration with redesigned Chatbot (xState)

Bill Payment:

  1. Search and View Bill `

    1. View my Bills

    2. Search Bills Based on 

      1. Consumer Number

      2. Application Number

      3. Mobile Number etc

    3. View Bill

      1. Amount Due

      2. Bill copy (PDF) 

  2. Payment 

    1. Pay bills with quick payment link

    2. Payment confirmation/failure notification

    3. Payment receipt (PDF)  on successful payment

  3. Multi-Language Support

    1. Hindi Localization (For Chats)

PGR:

  1. Geo Location tagging.

  2. Two steps complaint category and type.

  3. Hindi Localization (For Chats)

  4. PGR v1 & v2 support.

3

Property Tax Citizen flow UI/UX revamp

This release has updated workflows and user interface for the following business cases -

  1. PT - Quick Pay

  2. Create Property

  3. My Properties

  4. My Applications

Enhancements

S.No.

Updated Feature

Description

1

Fire NOC Enhancements

Send back to Citizen in Fire NOC

2

Property Tax Enhancements

Arrears Breakup in Property Tax Due

3

Hindi Localization

Hindi Localization of all labels, messages, notifications, and MDMS drop down data of all the modules.

4

QA Automaton of APIs

APIs automation for

  1. Core Services

  2. Business Services

  3. Municipal Services

    • End to End APIs automation for Property Tax, Trade License, mCollect, Water & Sewerage, Fire NOC, Building Plan Approval, FSM, and PGR.

  4. Here is the document with the details of services automated and README documentation which details the detailed steps to execute the automation

5

Platform Security Audit fixes

The following issues have been raised by Listed below are the security vulnerabilities identified as part of the security audit team. We have have fixed many Few of them and proper justifications have been given for the business use cases and by design use casesare as per design and justification is provided for these. Others are fixed at the code level.

  1. Privilege Escalation

  2. Failure to restrict URL Access

  3. Insecure direct object references (IDOR)

  4. Malicious file upload leads to Cross Site scripting

  5. Improper Authentication

  6. Missing Account Lockout

  7. Request Throttling Attack

  8. Weak Encoding Mechanism

  9. Sensitive Information in URL

  10. Lack of Automatic Session Expiration

  11. Concurrent Session

  12. Improper Error Handling

  13. Improper Input Validation

  14. Mail Command Injection

  15. Use of hardcoded credentials

  16. Use of sensitive information into configuration file

  17. Exclude unsanitized user input from format strings

  18. HTTP Parameter Pollution

  19. Standard pseudo-random number generators cannot withstand cryptographic attacks

  20. Weak cryptographic hash

  21. Insecure SSL configuration

  22. Improper Neutralization of CRLF Sequences in HTTP Header

  23. Avoid Capturing Java.Lang Security Exception

  24. Always normalize system inputs

  25. Avoid the Command Throws within Finally

  26. Close Input and Output resources in finally block

  27. Cross Site Request Forgery

  28. Cross Site Scripting - Stored

  29. Insufficient Cookie Attributes

  30. Code Injection

  31. Exclude unsanitized user input from format strings

  32. Avoid data submissions to non-editable fields

  33. Potential Infinite Loops

  34. Avoid dangerous J2EE API, use replacements from security-focused libraries (like OWASP ESAPI)

  35. Do not allow external input to control resource identifiers

  36. The setter method for an identifier property (id or composite-id) should be private

Here is the security fixes guidelines as a handbook for best practices and guidelines.

6

Technical Improvements

  1. PDF service refactoring for Localization API calls optimization.

  2. Timezone configuration support for all the services.

  3. Standard product Workflow bundling as part of the product.

7

eDCR Enhancements

  1. Enhanced Door, to support door widths with color code. The color code is used to identify the type of door.

  2. Fix of security audit issues.

  3. Cleanup unused code and database tables.

8

Finance

  1. Hard coded sub domain formation logic changed, preparing dynamic sub domain url by reading env from configuration.

  2. Fixed the security audit issues.

...