Version No. | Author Name | Release Date |
---|
2.4 | Sathish P | 0304.06.2021 |
Release Summary
DIGIT 2.4 is a release that has got new modules, a few functional changes, and non-functional changes.
...
S.No. | Feature | Description |
---|
1 | eChallan module | Generate e-challans / bill for all miscellaneous / Adhoc services which citizens avail from ULBs Edit/Cancel e-challan/bill The ability for ULBs to Notify citizens about the outstanding payments - Online(email & SMS) and offline. Enable Digital payments for citizens - QR code, payment link in notifications, etc.
|
2 | WhatsApp Bill Payment and PGR v2 integration with redesigned Chatbot (xState) | Bill Payment: Search and View Bill ` View my Bills Search Bills Based on Consumer Number Application Number Mobile Number etc
View Bill Amount Due Bill copy (PDF)
Payment Pay bills with quick payment link Payment confirmation/failure notification Payment receipt (PDF) on successful payment
Multi-Language Support Hindi Localization (For Chats)
PGR: Geo Location tagging. Two steps complaint category and type. Hindi Localization (For Chats) PGR v1 & v2 support.
|
3 | Property Tax Citizen flow UI/UX revamp | This release has updated workflows and user interface for the following business cases - PT - Quick Pay Create Property My Properties My Applications
|
Enhancements
S.No. | Updated Feature | Description |
---|
1 | Fire NOC Enhancements | Send back to Citizen in Fire NOC |
2 | Property Tax Enhancements | Arrears Breakup in Property Tax Due |
3 | Hindi Localization | Hindi Localization of all labels, messages, notifications, and MDMS drop down data of all the modules. |
4 | QA Automaton of APIs | APIs automation for Core Services Business Services Municipal Services End to End APIs automation for Property Tax, Trade License, mCollect, Water & Sewerage, Fire NOC, Building Plan Approval, FSM, and PGR.
Here is the document with the details of services automated and README documentation which details the detailed steps to execute the automation
|
5 | Platform Security Audit fixes | The following issues have been raised by Listed below are the security vulnerabilities identified as part of the security audit team. We have have fixed many Few of them and proper justifications have been given for the business use cases and by design use casesare as per design and justification is provided for these. Others are fixed at the code level. Privilege Escalation Failure to restrict URL Access Insecure direct object references (IDOR) Malicious file upload leads to Cross Site scripting Improper Authentication Missing Account Lockout Request Throttling Attack Weak Encoding Mechanism Sensitive Information in URL Lack of Automatic Session Expiration Concurrent Session Improper Error Handling Improper Input Validation Mail Command Injection Use of hardcoded credentials Use of sensitive information into configuration file Exclude unsanitized user input from format strings HTTP Parameter Pollution Standard pseudo-random number generators cannot withstand cryptographic attacks Weak cryptographic hash Insecure SSL configuration Improper Neutralization of CRLF Sequences in HTTP Header Avoid Capturing Java.Lang Security Exception Always normalize system inputs Avoid the Command Throws within Finally Close Input and Output resources in finally block Cross Site Request Forgery Cross Site Scripting - Stored Insufficient Cookie Attributes Code Injection Exclude unsanitized user input from format strings Avoid data submissions to non-editable fields Potential Infinite Loops Avoid dangerous J2EE API, use replacements from security-focused libraries (like OWASP ESAPI) Do not allow external input to control resource identifiers The setter method for an identifier property (id or composite-id) should be private
Here is the security fixes guidelines as a handbook for best practices and guidelines. |
6 | Technical Improvements | PDF service refactoring for Localization API calls optimization. Timezone configuration support for all the services. Standard product Workflow bundling as part of the product.
|
7 | eDCR Enhancements | Enhanced Door, to support door widths with color code. The color code is used to identify the type of door. Fix of security audit issues. Cleanup unused code and database tables.
|
8 | Finance | Hard coded sub domain formation logic changed, preparing dynamic sub domain url by reading env from configuration. Fixed the security audit issues.
|
...