This file provides information about the VERA Web Portal
Docker Image Information
Known Issues and Limitations
High-level VERA Version
Web Portal Version
(Can be verified on the "Versions" screen in the web portal.)
Web Portal is vulnerable to HTML injection attacks
Implemented a sanitize feature on all incoming data (using third-party library sanitize-html)
Web Portal returns an HTTP 500 status code when User-Agent header is missing
Fixed issue when GET request without "User-Agent" header returned HTTP status code 500
VERA Signature ID is displaying in Reviewer field instead of full name and system name
Fixed an issue when the first task is being returned without processing the rest of the tasks in the taskgroup therefore secondary tasks are returning the VERA signature ID without going through the rest of the processing to convert it to the expected full name and system name.
User Administrator role can see Signature Verification Failure Report and Re-verify
A User Administrator can access the Signature Verification reporting section of the Administration Portal. This feature should be limited to System Administrators.
SAML users sometimes see an error on log out
Occasionally, a user that is authenticated through an external SAML-based IdP may see an error screen after they logout from the VERA Web Portal, instead of being returned to the login screen.
Admin can't remove a project from domain if project name contains regex
A project created with regex characters cannot be removed from a domain once it is added. This also causes issues with displaying tasks in the approval queue for a user
Reset Password dialog does not close after an Admin resets a user's password
The Reset Password dialog does not close or provide any confirmation after resetting the password. It must be closed by the 'X' or the 'Cancel' buttons.
Import User modal/page does not display a confirmation when a file is uploaded
No confirmation is displayed following the upload of a user import.
An Admin cannot blank a user's email address
An administrative user cannot update a user to have no email address. This is due to validation on the submitted changes for a user requiring an email address.
IDP error message displayed on login screen when clicking an approval task link
When a user attempts to click an approval route link after a long period of session inactivity, the user may be prompted with "VERA could determine IDP." as an error message on the login screen.
Approval Queue user filter uses RegEx can match different users
Due to regular expression matching, a record that has been signed by one user may cause another user's approval queue to exclude the record when it should be available.
Cannot save updated user information until switching cursor focus
When updating a user's information from the 'My Profile' or Admin Portal pages, the save button is disabled until clicking outside of the field being edited.
A misleading error message is displayed when VERA cannot apply a final approval
VERA will display a misleading error message when it fails to transition a Jira issue in the workflow. The error message displayed to the user will indicate that there is a connectivity problem, even if it's actually a configuration problem.
User management table in admin portal is not sortable
The user management table within the admin section of the VERA Web Portal is displaying the same results when sorting by ascending and descending order.
Changing filter parameters and hitting enter triggers sort instead of new search
For filterable tables, changing the text for a search and using the enter key causes the table to be sorted with the previous search text active. Note: Submitting a search with the enter key is not necessary as tables will automatically execute the search after a user is finished typing.
Clicking the Import Button on the user import modal without first selecting a file causes the form to break
The Import user form buttons are disabled, but nothing happens and the page has to be refreshed when clicking the Import Button on the user import modal without first selecting a file.