Signing Workflow 2.5.9

We’re excited to announce the release of Signing Workflow 2.5.9, packed with new features and important fixes that enhance both administrator control and the user experience. Here's what’s new:

New Features

• Customizable Appendixes
  IGA-826 – Administrators now have the flexibility to configure whether appendixes should be supported within signing errands. Read more here ›

• Redirect After Signing
  IGA-852 – API errand creators can now define a custom redirect for users after signing is complete. Read more here ›

• Pre-configured Invite URL Targets
  IGA-859 – API integrations can now use predefined versions of the inviteUrlTarget SIGN_SERVICE landing page, simplifying setup and ensuring consistency. Read more here ›

Defect Fixes

• IGA-752 – Resolved an issue where index.html was cached too long, causing delays when updating versions.

• IGA-856 – Fixed a bug where the “To be signed” toggle was incorrectly shown when uploading only one file.

• IGA-858 – Corrected a display issue where the sign date showed as 1970-01-01 01:00 when using invite sign links from emails.

• IGA-879 – Addressed a problem where the logger looked for an unknown value during errand creation.

We recommend all customers to update to this version to benefit from the latest improvements.

Need help or want to learn more? Reach out to our support team or read the full release notes.

PAS 5.1.7 – Maintenance release is now available

This is a maintenance release that includes a selection of stability improvements and bug fixes, as we continue preparations for our upcoming major version, PAS 6.0, which is just around the corner.

What’s New in 5.1.7

While this release doesn’t introduce any major new features, several enhancements and fixes have been made to ensure a more stable and secure experience:

• Improved support for Freja eID: New attributes such as uniquePersonalIdentifier and loaLevel are now supported, offering greater flexibility for organisations using Freja eID for authentication.

• Better security insights: The included Software Bill of Materials (SBOM) now lists the Java Runtime Environment, making it easier to track vulnerabilities at a deeper level.

• Improved user experience options: A new setting allows administrators to disable automatic sorting of authenticators based on last use, giving more control over the user flow.
  
  

Stability and Bug Fixes

This release addresses a number of issues related to performance, error handling, and edge cases in authentication flows. Highlights include:

• Fixes for occasional token generation errors in OIDC authentication.

• Improvements to large file uploads and stability in PRISM applications under load.

• Adjustments to authenticator sequences, including a fix that may impact nested flows. If you are using nested SequenceAuthenticators, we recommend reviewing your configuration after upgrading.
  
  
  

For full details, please refer to the PAS 5.1.7 release notes.

If you have any questions or need support, don’t hesitate to reach out to your PhenixID representative or our support team.

SWF 2.5.10 – New Release Highlights

We are excited to announce the release of SW 2.5.10, bringing new features and important fixes to enhance your document signing experience.

New Features

• Support for DOC and DOCX file types
  SWF now supports .doc and .docx files when combined with document conversion, making it easier to work with Microsoft Word documents.
  Read more

• Integration with Gotenberg for file conversion
  You can now use Gotenberg as a file conversion service within SWF, adding flexibility to your document workflows.
  Read more

Defect Fixes

• Large file upload issues resolved
  Problems uploading large files have been addressed, improving stability and performance.
  Read more

This release continues our commitment to provide a robust and seamless signing experience, supporting more file types, flexible conversion options, and reliable performance.

Read full release notes here.

PIP 6.4.0 – New Release Now Available!

We’re excited to announce the latest release of PIP. This update brings improved stability, compatibility, and security, making it a recommended upgrade for all installations.

What’s New?

Our focus has been on adding flexibility and strengthening security while enhancing your overall experience. Here are the key highlights:

• New Actions for JSON Handling
  • Update JSON – Easily manipulate JSON data. 
  • Validate JSON – Check if strings are valid JSON. 
  • Read Value from JSON – Extract values from JSON with ease.
  • Merge JSON – Perform simple JSON merges. 
• Manual Parsing for REST Web Service
  Greater flexibility in handling requests and responses.
• New Audit Log Format (CEF)
  Enhanced logging for better auditing and compliance. Easily enable this under Tools → Options → Use new audit log format (CEF).
• New Action: Script Execution
  Execute JavaScript – Run JavaScript directly within your workflows.

Improvements & Security Updates

• OAuth2 Authentication for SMTP – Improved email security with modern authentication.
• Mask HTTP Body in Logs – Greater privacy by hiding sensitive data in REST action logs.
• Upgraded JRE (17.0.15) – Staying current for performance and security.
• Vulnerability Mitigations – Numerous CVEs resolved to strengthen your solution.

This release ensures your PIP environment is more secure, flexible, and future-proof.

• Read full release notes

Accessibility at the Forefront

We’re excited to announce PAS 6.0.1, a maintenance release that puts accessibility and user experience first while also rolling up security and stability fixes from PAS 6.0.0 and PAS 5.1.8.

Key Improvements

• WCAG-compliant QR codes in mobile authenticators
  All QR codes used by BankID, Freja, OneID and SITHS eID now follow BankID’s accessibility guidelines. Administrators can also configure maximum QR-code duration and appearance, making it easier for everyone to scan and authenticate while giving organisations more control over the process.
• Flexible mobile authentication flows
  New configuration options allow you to skip the QR step entirely or choose between QR-code mode and “same device” mode for an even smoother user experience.
• Configurable HTTP header and field sizes
  Previously hard-coded maximums are now configurable, giving greater flexibility when deploying PAS in diverse environments.
• Rebranding “OneTouch v2” to “OneID”
  The working title “OneTouch 2” has been replaced with “OneID” throughout the product, with localisation keys and enrolment components automatically updated.

Stability and Security Enhancements

PAS 6.0.1 also incorporates numerous fixes from 6.0.0 and 5.1.8, including:

• Improved audit logging and metrics for mobile authenticators.
• Updated documentation for SAML SP parameters, including ForceAuthn.
• Resolved issues in NiasAuth, SPBroker discovery service, duplicate trace_id handling and more.
• Multiple dependency updates to mitigate known vulnerabilities (CVE-2025-52999, CVE-2025-53864, CVE-2024-7254, CVE-2025-7962, etc.).

For the complete list of included bug fixes from PAS 5.1.8, please see the detailed release notes.

Why Upgrade

Upgrading to PAS 6.0.1 gives you the most accessible, secure and stable version of PAS to date. You’ll benefit from WCAG-compliant QR codes, more flexible mobile authentication flows, and the latest security patches — all in one release.

Read the full release notes ›

SWF 2.5.11

We are pleased to announce the release of SWF 2.5.11. This update introduces new functionality and important fixes, continuing our commitment to delivering secure and efficient signing solutions.

New Feature

• Additional user source via dynamic tab (IGA-846)
  Administrators can now add another user source directly through the new dynamic tab, offering greater flexibility in managing and configuring signing workflows. 
  
  

Defect Fixes

• Resolved signature overwrite issue (IGA-889)
  An intermittent issue where signatures could be overwritten has been resolved, ensuring integrity and reliability of signed documents.

• PDF/A validation toggle (IGA-909)
  It is now possible to properly disable PDF/A validation, improving flexibility in environments where strict validation is not required.

This release enhances both usability and reliability, making SWF more adaptable to your organisation’s needs.

Read full release notes here.