Knowledge base » Release Notes - epi-me » 2023/03/16 - Patch Release Notes - epi-me (eReferrals)
2023/03/16 - Patch Release Notes - epi-me (eReferrals)
BUG FIXES
Referrer Portal
eReferrals Portal Users saved as the 'User' role weren't recorded in the referral portal users correctly (EM-5594, Helpdesk #24008)
If an eReferrals Portal User was invited as a ‘User’ role or changed to this Role from Portal Administrator, they disappeared from the Referrer User search on the Admin Portal and the Referrer Portal.
The eReferrals user with the User Role doesn’t experience anything different (other than having restricted permissions which was expected because of their new Role) but this was a security issue as the eReferrals portal organisation can’t prevent these staff from accessing their organisation, and lastly EpiSoft can’t track these users as per other users.
This has been resolved and all affected eReferrals Portal Users have had their accounts retrospectively fixed.
Inactive eReferrals account users could access their account by resetting their password (EM-5627)
In the process of resolving the issue described immediately above, it was discovered that eReferrals account users inactivated by their Portal Administrators could reaccess their account by resetting their password on each access attempt.
This security issue has been resolved.
Existing eReferrals Portal Users could be modified to as a 'blank' role which prevents their role being further changed in the same logged-in session (EM-5593, Helpdesk #24008)
As a Portal Administrator in an eReferrals portal account, you can save a ‘blank’ role for another an existing eReferrals user. This meant that the Portal Administrator could not change their role until you logout and log back in again (their role doesn’t save as blank - it stays the same as pre-change).
This usability issue has been resolved.
Referrer Portal
eReferrals Portal Users saved as the 'User' role weren't recorded in the referral portal users correctly (EM-5594, Helpdesk #24008)
If an eReferrals Portal User was invited as a ‘User’ role or changed to this Role from Portal Administrator, they disappeared from the Referrer User search on the Admin Portal and the Referrer Portal.
The eReferrals user with the User Role doesn’t experience anything different (other than having restricted permissions which was expected because of their new Role) but this was a security issue as the eReferrals portal organisation can’t prevent these staff from accessing their organisation, and lastly EpiSoft can’t track these users as per other users.
This has been resolved and all affected eReferrals Portal Users have had their accounts retrospectively fixed.
Inactive eReferrals account users could access their account by resetting their password (EM-5627)
In the process of resolving the issue described immediately above, it was discovered that eReferrals account users inactivated by their Portal Administrators could reaccess their account by resetting their password on each access attempt.
This security issue has been resolved.
Existing eReferrals Portal Users could be modified to as a 'blank' role which prevents their role being further changed in the same logged-in session (EM-5593, Helpdesk #24008)
As a Portal Administrator in an eReferrals portal account, you can save a ‘blank’ role for another an existing eReferrals user. This meant that the Portal Administrator could not change their role until you logout and log back in again (their role doesn’t save as blank - it stays the same as pre-change).
This usability issue has been resolved.
