Zuora RevPro 3.5 Release Notes (Internal)

Knowledge Center > Zuora RevPro > RevPro Release Notes > Previous RevPro Releases > Zuora RevPro 3.5 Release Notes > Zuora RevPro 3.5 Release Notes (Internal)

Zuora RevPro 3.5 Release Notes (Internal)

Table of contents
  1. Release 3.5.0.0 
    1. Resolved Issues
      1. Bundled Line - CM AMOUNT IS MORE THAN INVOICE AMOUNT (RPD-10201)
      2. Bundle Line Split Issue When Updated SO and Partial Invoice Collected in the Same Batch (RPD-10173)
      3. ARRIS Cost Invoice Segment Issue (RPD-10130)
      4. Profile Setup Issue(RPD-10079)
      5. Release Event Not Processing for RC 371155 (RPD-9988)
      6. Wrongly Enables Customers to Change Org ID in Event Release Program (RPD-9857)
      7. Issue with Manual RC prospective allocation (RPD-9840)
      8. Billing Waterfall Issue on -ve SO Lines (RPD-9789)
      9. RPRO_ACCT_VAL_G Has Unique Index on Acct_Seg Field (RPD-9785)
      10. Performance Issue to RC Collect Package (RPD-9774)
      11. Customer Name Not Added to Disclosure Report – By Revenue Contract Layout (RPD-9721)
      12. Salesforce - Journal Import - Unbalanced Journals Issue (RPD-9711)
      13. Search Function in Delink Functionality Not Working (RPD-9710)
      14. Key Attributes Column Width Need to Increase to 255 in Event Stage Table (RPD-9704)
      15. Event Issue - Revenue Not Processed (RPD-9674)
      16. Contract Mod Report - No Timestamp in Creation Date(RPD-9662)
      17. If Dr and Cr of MJE are Balance Sheet Accounts then Create Two One-Sided Entries (RPD-9581) 
      18. Event Release Issue (RPD-9535)
      19. Ratable Method = Condense Not Working (RPD-9503)
      20. Netting ex_rate_date from Schedule Table (RPD-9487)
      21. Default Mapping Not Enabled for SKIP_CT_MOD_FLAG (RPD-9481)
      22. Additional Attributes from CST Lines Not Populating (RPD-9466)
      23. RPRO_RC_FCST_SCHD_V Has Wrong Functional and Reporting Amounts (RPD-9418)
      24. Unable to Add Some Fields in VC Related Reports (RPD-9388)
      25. No Unbill Flag in RC Rollforward and Unbill Rollforward Report (RPD-9365)
      26. Default Natural Account in Accounting Setup Not Working after Enabling Revenue Sharing Functionality (RPD-9364)
      27. Updating Delink Flag as 'Y' for Entire RC (RPD-9346)
      28. Updating Formula-based Cost after Collecting RORD (RPD-9286)
      29. Deferred Offset Was Mapped to Revenue Offset (RPD-9280)
      30. LTST MJE Creation in Error Status When MJE Creation Is under Process (RPD-9234)
      31. CM-C Transactions Not Linked to New RC When System Creates New RC through CMOD Within SSP (New RC) Rule (RPD-9231)
      32. Unable to Reload File with New Rev Rec Rules for Disabled POBs (RPD-9230)
      33. Overstated_amount is rounding in reports (RPD-9210)
      34. VC Reports Not Showing Any Data When VC Is Processed through Upload Files (RPD-9171)
      35. SO 66535 Is Going into Relative Allocation instead of Residual (RPD-9169)
      36. Schedule Job Groups Ran Only Once(RPD-9141)
      37. SOB_ID column Value Was NULL for MJE Transactions on Accounting Summary Report and Accounting Details Report (RPD-9094)
      38. Lines Showing Offsetting Values under Released and Unreleased Revenue (RPD-9065)
      39. Sell Price Was Negative or Zero (RPD-9064)
      40. SO Update Difference Not Released Upon Booking/UDS (RPD-9017)
      41. Schedules Does Not Store ORIG_LINE_ID Consistently for CMs (RPD-8989)
      42. SO Update Difference Not Released Upon Booking/UDS (RPD-9017)
      43. Transfer Accounting Outbound GL Report Prefix Issue (RPD-8982)
      44. Issue of Orig_Inv_Line_ID Max Length (RPD-8980)
      45. Users Cannot Login after Resetting Password (RPD-8935)
      46. Summarize Current Period Is Completing with Error When RPRO_LARGE_VOLUME Profile Is Enabled (RPD-8875)
      47. Run into Error While Creating Manual RC (RPD-8825)
      48. Reporting View Issue - Rollforward DTL Views Grouping on WHO Columns (RPD-8758)
      49. Warning Message for Data Collection Wrapper (RPD-8732)
      50. Revenue Allocations Performed for within_fv_range = Y Lines When Within_Fv range = N Line is Cancelled (RPD-8553)
      51. Encounter Gateway Timeout Error While Performing Different Activities in RevPro (RPD-8403)
      52. Unable to Disable Material Rights through SO Update (RPD-8260)
      53. Session Not Invalidated after Password Reset (RPD-8054)
      54. CSV Injection through "Cost Upload" Feature (RPD-8042)
      55. In-system CSV Injection Vulnerability (RPD-8041)
      56. Stored XSS in Name Fields Areas (RPD-8040)
      57. Email Addresses Enumeration via Forgot Password Feature (RPD-8039)
      58. Issue in Disclosure Reports (RPD-7993)
      59. VC Rule Apply Value Not Allow More than 2 Decimal Numeric Value (RPD-7861)
      60. Waterfall Report Not Displaying Forecast Entries (RPD-7623)
      61. Waterfall Report Not Matching Trial Balance Report (RPD-7516)
      62. Cost Update Not Working Correctly (RPD-6663)
      63. Company Code Displays BLANK in Booking Report and Billing Report (RPD-6527)
      64. RC Move Report Not Capturing Lines Delinked at RC Level (RPD-6455)

This article provides a summary of new releases, features, enhancements, and resolved issues in the Zuora RevPro application.

Release 3.5.0.0 

Resolved Issues

Bundled Line - CM AMOUNT IS MORE THAN INVOICE AMOUNT (RPD-10201)

When we were sending a CM-C against a Bundle INV Line, it was not processing and the "CM AMOUNT IS MORE THAN INVOICE AMOUNT" error was encountered, even though the amounts were the same. This issue is fixed in this release. 

Bundle Line Split Issue When Updated SO and Partial Invoice Collected in the Same Batch (RPD-10173)

Bundle split not happening when updated SO and partial Invoice collected in the same batch. Because of this issue, the SO value is getting bumped up. This issue is fixed in this release.

ARRIS Cost Invoice Segment Issue (RPD-10130)

There was the cost segment issue when you collect INV with different cost accounting segment for Upon booking POB. In the scenario where you collected SO with Cost details in the first batch - Recognized Upon Booking, and then collected INV with cost details in the second batch (change in cost accounting segments), the result was incorrect schedules got created for Cost.

Profile Setup Issue(RPD-10079)

For the CREATE_RORD_CONTRA_ENTRY profile, the value of the System Level Value field should be Y or N. But on angular UI, the value was either true or false. This issue is resolved in this release and the value is changed to the Y/N format.

Release Event Not Processing for RC 371155 (RPD-9988)

Getting No more remaining revenue to be released for this matching RC Line in comments column in an event table. However, the def amount and the billed def amount are there in line. This issue is fixed in this release.

Wrongly Enables Customers to Change Org ID in Event Release Program (RPD-9857)

If you have already collected separate RC for multiple organizations and uploaded events to release revenue for each organization, you were incorrectly enabled to change the Org ID when running the Event Release Program. This issue is resolved in this release. The Org ID dropdown list is now not available when running Event Release Program.

Issue with Manual RC prospective allocation (RPD-9840)

While creating the Manual RC, the header is reflecting the prospective treatment whereas the prospectively related columns are not getting populated, due to this, the allocation is going retrospective. However, when you reallocate, the manual RC's prospective related columns are populated without any issues. This issue is fixed in Release 3.5.0.0.

Billing Waterfall Issue on -ve SO Lines (RPD-9789)

We are seeing issues with -ve SO lines which have Upon Booking POB with Contract Ratable method. These lines are showing incorrect Billing Waterfall because the system is considering LIFO while recognizing (SO-INV Conversion). This issue is fixed in Release 3.5.0.0.

RPRO_ACCT_VAL_G Has Unique Index on Acct_Seg Field (RPD-9785)

The unique index on the Acct_Seg field in RPRO_ACCT_VAL_G is causing constraint error in the multi-client instance. In this release, RPRO_ACCT_VAL_G also includes the client_id.

Performance Issue to RC Collect Package (RPD-9774)

There were performance issues in the RC Collect Package. In the UPDATE statement apart from sec_atr_val condition, we do not need to check if the record is there in stage table or not. Besides, any time we use dynamic SQLs, we should not concatenate values. Instead, we should use bind variables whenever possible. 
 

Customer Name Not Added to Disclosure Report – By Revenue Contract Layout (RPD-9721)

CSTMR_NM(Customer Name) column is not available in the Disclosure report. We could not add this customer name column in the report. In this release, we add the Customer Name field from RPRO_RC_HEAD table into Disclosure Report (REP_ID = 54). So this issue no longer exists.

Salesforce - Journal Import - Unbalanced Journals Issue (RPD-9711)

Transfer Accounting was posting summary records into GL_interface which subsequently errored out in Oracle Journal Import with error = EU02 - this journal entry is unbalanced.

There were 2 flavours of this issue:

  • There were 5 RCs causing large differences (> 1k). Transfer Accounting should put these RCs automatically on hold. The root causes of these RCs are to be identified.
  • There was 1 cent difference due to small amount transactions ( e.g. 2 cent CM) applied. The current logic splits the small amounts into precision > 2, which caused a mismatch. The schedule should be auto rounded off for small amount transactions not to cause this fix.

In this release, this issue is resolved and the schedules are posted successfully in this scenario.

Search Function in Delink Functionality Not Working (RPD-9710)

When querying by Sales Order Num in the Delink screen, it did not bring up any results. In this release, this issue is resolved.

Key Attributes Column Width Need to Increase to 255 in Event Stage Table (RPD-9704)

In this release, We increase the Event stage table key attribute (1 to 5) columns width to 255. Ket_ATR1 to Key_Atr5 need to increase to 255 because ATR1 to ATR60 in line stage table is 255 and if those attributes are used in events then it needs to increase.

Event Issue - Revenue Not Processed (RPD-9674)

When a single line had multiple events and if its last line got processed, then the revenue was not getting released. This issue is fixed in this release. When you run the Event process program, the revenue gets released accordingly.

Contract Mod Report - No Timestamp in Creation Date(RPD-9662)

Contract Mod Report column Contract Mod Created Date did not capture the time. Only dates were captured in the report. In this release, we add the timestamp for the WHO Columns, including CRTD_DT, UPDT_DT, and LAST_UPDT_DT, in both report export and submit download. The WHO columns now display both the date and the time stamp.

If Dr and Cr of MJE are Balance Sheet Accounts then Create Two One-Sided Entries (RPD-9581

In this release, we support creating two one-sided entries if both account types are balance sheet account. We will ignore LT-ST MJEs while performing netting.

Event Release Issue (RPD-9535)

If you brought lines in the first and second transaction upload with a certain REL_PCT in an RC, the revenue was released correctly. However, if you brought more lines in the third transaction upload, all of which are above $1, and the third event file uploaded with a REL_PCT with the same mapping column, the revenue released incorrectly. In Release 3.5.0.0, we resolve this issue and the lines in the third transaction are released with the given PCT and the revenue to date is updated correctly.

Ratable Method = Condense Not Working (RPD-9503)

Ratable method for the POB was set to Condense: SO line with start and end date = 10/01/2018 to 10/01/2019 was uploaded. The current open period is FEB-2019. However, the Forecast Waterfall had only one period FEB-2019 and the entire amount for that line showed up in that period instead of condensing between FEB-2019 and OCT-2019. Upon Revenue Release (using event), it did a cumulative catch up in the first period. This issue is resolved in this release.

Netting ex_rate_date from Schedule Table (RPD-9487)

If you created a netting at the application level and then created MJE for netting, the value of ex_rate_date was NULL in most cases due to the query from the schedule table. In this release, we fix this issue and the ex_rate_date would derive from the rpro_rc_head_period_g table. 

Default Mapping Not Enabled for SKIP_CT_MOD_FLAG (RPD-9481)

In certain cases, you need to test some Contract Mod scenarios using the SKIP_CT_MOD_FLAG field. The default mapping was not enabled for this field, which means you could not edit the field. In this release, we resolve this issue. The SKIP_CT_MOD_FLAG field is enabled for "Default mapping" in the Setup > Application > Label page.

Additional Attributes from CST Lines Not Populating (RPD-9466)

When customers were trying to upload a CST line with a value in ATR1, we are expecting the same to get populated in ATR1 of the RPRO_LN_COST_G table, but it was not working. This issue is resolved in Release 3.5.0.0. The Attribute Column Values given in the upload file got populated in LN_COST_G.

RPRO_RC_FCST_SCHD_V Has Wrong Functional and Reporting Amounts (RPD-9418)

Previously, RPRO_RC_FCST_SCHD_V had the functional and reporting currencies incorrectly calculated. As per the view definition, both functional and reporting amounts were wrongly calculated by multiplying CR and DR amount by 1 instead of using the schedule F EX Rate and G Ex Rate, both of which were available in the RPRO_RC_FCST_SCHD_V. This issue is fixed now.

Unable to Add Some Fields in VC Related Reports (RPD-9388)

When you add the following fields in any type of VC-related reports, for example, VC Transactions and VC Insight, no new columns were added in the reports:

  • ORIG_EST_AMT
  • EST_AMT
  • ORIG_EST_QTY
  • EST_QTY
  • ACT_QTY
  • ACT_AMT
  • ACCRUED_QTY
  • CLEARED_QTY

This issue is resolved in this release. These fields are available in the VC reports after you add them.

No Unbill Flag in RC Rollforward and Unbill Rollforward Report (RPD-9365)

Previously, we do not support displaying the Right To Bill flag in the RC Rollforward Report and Unbill Rollforward Report. Now we have seeded the Unbill flag from lines in RC Rollfoward Report and Unbill Rollforward Report in the rep_field table.

Default Natural Account in Accounting Setup Not Working after Enabling Revenue Sharing Functionality (RPD-9364)

When we set up a Default Natural account in the Accounting setup (Ex: Unbilled Account), the system did not take this Natural Account from the Accounting setup while creating the Accounting entries schedules. This issue is resolved in this release.

Updating Delink Flag as 'Y' for Entire RC (RPD-9346)

In RPRO_RC_GRP_DTL_G, when we delinked one SO from an RC, even though we had other SO lines in that RC, RevPro was updating Delink flag as Y for all lines in this RC. This issue is resolved in this release.

Updating Formula-based Cost after Collecting RORD (RPD-9286)

From this release, you can create formula costs based on the allocatable column.

  • collect SO with ext_sell_prc 100 and cost got created accordingly.
  • collect RORD for -20 and cost needs to be updated based on the reduced RORD amount.

Deferred Offset Was Mapped to Revenue Offset (RPD-9280)

The Deferred Offset Account had column Revenue Offset checked instead of the column Deferred Offset checked. This issue is resolved in this release.

LTST MJE Creation in Error Status When MJE Creation Is under Process (RPD-9234)

The LTST Process for company code = ARNA shows 'Error' status when the MJE Creation is under process. Later once the MJE creation completes which took 28 minutes, the error status changed to Manual JE Created

For company Code = ARNA due to high volume it took 28 minutes to create MJE and there are 3 SOB_ID's for ARNA. 3 MJE's created as shown below and took 28 minutes to process.
Unable to render embedded object: File (image-2018-02-12-17-27-09-388.png) not found.

When the LTST MJE creation is under process, which is taking more than 20 minutes due to huge volume of data,  its still showing as Ready for Manual JE when it is in progress. (Earlier while running LTST for FEB-18, it showed Error status whereas for MAR-18 LTST its showing 'Ready for Manual JE').
So users are not able to know when its running or not.
When in the process of MJE creation, we need to show that as In Process instead of Ready for Manual JE or Error.

CM-C Transactions Not Linked to New RC When System Creates New RC through CMOD Within SSP (New RC) Rule (RPD-9231)

The CM-C transactions were not attached to the new RC when the system creates a new RC through CMOD Within SSP (New RC) rule. These CM-C transactions were not collected into RevPro but it was existing in the staging list with the old RC. This issue is resolved in this release.

Unable to Reload File with New Rev Rec Rules for Disabled POBs (RPD-9230)

We disabled two POBs (One time set up fees) as the rev rec rule for them was overtime. We uploaded a new file with Point in time rec rev for the same POBs. The upload failed with a message Attributes already exist. This issue is resolved in this release and the value gets populated with new sequence successful.

Overstated_amount is rounding in reports (RPD-9210)

The Overstated_amount field was 2.5 in back-end in RPRO_RC_LINE_G. However, the same column in Bookings Report was displayed as 3.0. The Overstated_amount field was getting rounded in all the lines where it was populated. This issue is resolved in this release.

VC Reports Not Showing Any Data When VC Is Processed through Upload Files (RPD-9171)

VC was applied through uploads at SO and SO line level. VC was applied correctly and processed. However, the following reports were not showing any data:

  • VC Rollforward Report
  • VC Insights
  • VC Template
  • VC Transaction Changes
  • VC Transactions

This issue is resolved in this release.

SO 66535 Is Going into Relative Allocation instead of Residual (RPD-9169)

For the transaction under RSSP, the SOLIs that had SSP were within ext SSP but we still saw a carve. We would not expect a carve for those respective lines. This issue is resolved in this release.

Schedule Job Groups Ran Only Once(RPD-9141)

We provide the ability to schedule individual jobs so that they run repeatedly over a period of time. However, when job groups are defined and such scheduling was provided, it ran only once and then did not schedule it for the subsequent runs. This was a gap based on the provided feature and has become critical for CDW requirements. This issue is resolved in this release.

SOB_ID column Value Was NULL for MJE Transactions on Accounting Summary Report and Accounting Details Report (RPD-9094)

The Accounting Detail and Accounting Summary Reports did not fetch the SOB_ID value for all MJE entries. It seemed that when creating dummy lines in RC_LINE, we might have to insert the SOB related information of the MJE to the RC_LINE table. Now, this issue no longer exists. The JE SOB ID is available.

Lines Showing Offsetting Values under Released and Unreleased Revenue (RPD-9065)

The def amt was not updated properly when multiple partial credit memos were collected for the same line in the same batch. The issue is fixed in this release and the Rec amt and def amt got populated correctly.

Sell Price Was Negative or Zero (RPD-9064)

The Ext Sell price was negative or zero.
The replication steps for this issue:
1. Collected the SO, INV, CM-C in one batch and Revenue recognized manually.
2. Ran the transfer accounting for the current period.
3. Again collected SO, INV, CM-C in the same batch in next period.
4. In the Rpro_rc_line_g table, Ext Sell price was going to negative or zero. It got incorrect schedules for the reported lines.

This issue is fixed in Release 3.5.0.0.

SO Update Difference Not Released Upon Booking/UDS (RPD-9017)

For a user-defined schedule and it was Upon Booking:

  • Period 1: SO = 1101199.01. 100% released correctly.
  • Period 2: SO = 11011909.01. The difference(11011909.01 - 1101199.01  = 9910710) was kept unreleased.

This bug is fixed nowThe updated amount also gets released and schedule happens correctly based on UDS.

Schedules Does Not Store ORIG_LINE_ID Consistently for CMs (RPD-8989)

The Schedules table should have Line IDs for which they are being created. For schedules created for CMs, some of the lines did not have the ORIG_LINE_ID populated. This information is critical because it is used to provide GL data for CDW downstream system. The issue is resolved now, and for CM Reversals, the ORIG_LINE_ID is stamped with CM Line_ID.

SO Update Difference Not Released Upon Booking/UDS (RPD-9017)

For a user-defined schedule and it was Upon Booking:

  • Period 1: SO = 1101199.01. 100% released correctly.
  • Period 2: SO = 11011909.01. The difference(11011909.01 - 1101199.01  = 9910710) was kept unreleased.

This bug is fixed nowThe updated amount also gets released and schedule happens correctly based on UDS.

Transfer Accounting Outbound GL Report Prefix Issue (RPD-8982)

The Category of the Transfer Accounting Outbound GL Report used to be UI. This has to be made available with a RevPro standard prefix for clients to take it as an output into their GL. Now, this is fixed and the report has the REVGL_ prefix.

Issue of Orig_Inv_Line_ID Max Length (RPD-8980)

You could not save the comments for the staging data if the length of orig_inv_line_id exceeds 22. There was no length restriction in the backend for that column. This issue is resolved now. The CM_C are collected and didn't get held in the stage.

Users Cannot Login after Resetting Password (RPD-8935)

After five unsuccessful attempts, Users were not able to log in after the password reset. When the login attempts were made zero from the backend, users should be able to login with a temporary password. This issue is resolved in this release.

Summarize Current Period Is Completing with Error When RPRO_LARGE_VOLUME Profile Is Enabled (RPD-8875)

Summarize current period is completing with error "ERROR: Could NOT obtain LOCK" when the RPRO_LARGE_VOLUME profile is enabled. Below select is causing the issue, should be org_id instead of id. This issue is resolved in this release.

Run into Error While Creating Manual RC (RPD-8825)

We delinked nine bundle lines from the RC 10041 and tried to create the manual RC. But we got a No Data Found error in the application. In the log, we got an error in Revenue release and create manual RC packages. This issue has been fixed in Release 3.5.0.0.

Reporting View Issue - Rollforward DTL Views Grouping on WHO Columns (RPD-8758)

A bunch of Rollforward DTL views include the WHO columns (crtd_by, crtd_dt, updt_by, and updt_dt). This causes the same root_line to break into two if the creation/update value is different between contractual and allocations. This issue is resolved now. The Rollfoward Details view excludes the WHO columns in the grouping.

Warning Message for Data Collection Wrapper (RPD-8732)

We are using a wrapper program to call data collection program. When we are using Data Collection Master, We got the "SECURITY ATTRIBUTE~BATCH_ID~ TRANSACTION COUNT~STAGE COUNT~ERROR MESSAGE" error. But for the same data if we are calling through Data Collection we are not getting this message. This Warning message was printing all the time whenever we call Data Collection Wrapper. In this release, this issue is resolved.

Revenue Allocations Performed for within_fv_range = Y Lines When Within_Fv range = N Line is Cancelled (RPD-8553)

If an RC has four lines with one line within_fv_range = N and other three lines are within_fv_range = Y, the system performed allocations. If Within_fv_range = N line got cancelled, and RC had only all lines with within_fv_range = Y, the system should not perform allocations. However, the system was performing allocations for just within_fv_lines. This issue is resolved in this release.

Encounter Gateway Timeout Error While Performing Different Activities in RevPro (RPD-8403)

When performing the following activities in the system, RevPro would throw the error Gateway Timeout (Error 504) due to the large volume in RevPro system:

  • Transfer posting is done at RC level but when we try to “Review Detail” for the accounting entries getting posted. 
  • Opening RC with more than 5000 SO lines.
  • Running reports in the foreground for even one RC gives gateway timeout error.
  • Trying to view and Holds in Holds and Approvals gives gateway timeout error. 
  • Trying to go to Workbench -> Revenue Contract -> Batches and right-click any one of the batch collected and select view transactions gives gateway timeout error. 
  • Opening an RC and doing export by transaction gives gateway timeout error if RC has more than 1000 SO lines.
  • Tried to move the line inside POB into a new POB.
  • Month End Close Gateway Timeout when processing the “Close Current/Open Next” step
  • Version comparison for contract modification in Revenue Workbench> Transactions>Version.

Unable to Disable Material Rights through SO Update (RPD-8260)

Initially, the SO line was collected with MR Flag as Y and respective ghost line got created. Later on, the user wanted to make the line to NON-MR line and collected an updated SO with MR flag as N, expecting to offset respective ghost line and ineligible the carves on ghost line. However, the ghost line was not getting offset. This issue is resolved in this release.

Session Not Invalidated after Password Reset (RPD-8054)

The application did not destroy all existing sessions when the password of a user was changed. Logging in with the new password did not invalidate the older session either. This issue is resolved in this release.

CSV Injection through "Cost Upload" Feature (RPD-8042)

The application allowed the injection of arbitrary code execution in the victim's Windows OS by modifying or adding a new item into the web application where the first column accepts users strings, to later be exported as CSV, opened, and executed within Microsoft Excel, triggering the injected code.
The "Cost Upload" feature of the RevPro application allows users to upload CSV files without verifying whether or not they contain special characters which might be abused to get certain cells to be interpreted as a formula by applications like Microsoft Excel or LibreOffice Calc. Maliciously crafted formulas can be used for three key attacks:

  • Hijacking the user's computer by exploiting vulnerabilities in the spreadsheet software, such as CVE-2014-3524
  • Hijacking the user's computer by exploiting the user's tendency to ignore security warnings in spreadsheets that they downloaded from their own website
  • Exfiltrating contents from the spreadsheet, or other open spreadsheets.

In-system CSV Injection Vulnerability (RPD-8041)

The application allowed the injection of arbitrary code execution in the victim's Windows OS, by modifying or adding a new item into the web application where the first column accepts users strings, to later be exported as CSV, opened, and executed within Microsoft Excel, triggering the injected code.
An attacker could achieve a remote code execution against the web application users, using the confidence of the potential victim has with the platform.

Stored XSS in Name Fields Areas (RPD-8040)

The application was vulnerable to XSS (Cross-site Scripting) because of arbitrary JavaScript code could be injected into the Name field of difference new element entries created or edited. This arbitrary code would run on the application client browser if he accesses the affected areas, like tag names, edit titles. This attacks can be used to hijack the client's browser and grant control to the attacker.
Some of the payloads are cross-user exploitable, as low level privileged users can inject the exploit to attack an elevated privilege user like adding a new element in Application -> Profile.
This was a global issue in all the application where the name of the elements was reflected into the edit title.

This issue is resolved in this release.

Email Addresses Enumeration via Forgot Password Feature (RPD-8039)

The "Forgot or Reset Password" feature can be abused by unauthenticated attackers to collect a list of valid email addresses registered within the application. The vulnerability exists because this feature causes the application to answer in different manners: the information released when the user provides a valid email address is different than when they use an invalid one.
This can be exploited to collect a list of registered email addresses by using an automated tool with a dictionary-based attack. For example, if an attacker wants to attack the company XYZ, they might want to use a word-list of common names and surname and try combinations like name.surname@XYZ.com (targeted attacks), which significantly reduces the number of attempts sent to the Forgot Password feature and increases the likelihood of finding correct email addresses.

This issue is resolved in this release.

Issue in Disclosure Reports (RPD-7993)

In the TB/RF Report, the RC_ID should be derived from a join to ROOT_LINE_ID in the Disclosure view. This issue is fixed in Release 3.5.0.0.

VC Rule Apply Value Not Allow More than 2 Decimal Numeric Value (RPD-7861)

While creating VC Rules, the UI did not allow us to store more than 2 decimal numeric values.
In case of 2.5%, the discount client was forced to round it to 0.03. Now, this issue is resolved. The VC is correctly calculated based on the apply value.

Waterfall Report Not Displaying Forecast Entries (RPD-7623)

Previously, if an RC contained only forecast entries, forecasting summarization would not be created. Now RevPro resolves this issue and the forecasting is created correctly based on Forecast Ratable method.

Waterfall Report Not Matching Trial Balance Report (RPD-7516)

The Adjustment Revenue in the Waterfall Report did not match the Trial Balance Report for period 201801. This issue is fixed now.

Cost Update Not Working Correctly (RPD-6663)

The updates to the cost were not recognized as per the CST line schedule. The original cost line created was recognized as per CST line schedule. However, on an update, the differential portion ( increase or decrease) was using the schedule from the SO Line rather than from the CST Line start date and end date which triggers uneven distributions.
In another case, when the amount was not changed but end date was changed, the waterfall was not uniform. The Cost Capitalization and Cost Released amounts were both wrong. 

This issue is resolved in Release 3.5.0.0.

Company Code Displays BLANK in Booking Report and Billing Report (RPD-6527)

Company Code and SOB_ID were both populated in the Integration, both of which have same values. When the Booking Report and the Billing Report were run, the Company Code was showing BLANK. This issue is resolved in Release 3.5.0.0.

RC Move Report Not Capturing Lines Delinked at RC Level (RPD-6455)

In the Revenue Contract Move Report, lines which were delinked at RC level were not shown. As we were not capturing the lines delinked at RC level in the history table, the report was unable to capture these changes. This issue is resolved in this release and the Revenue Contract Move Report starts to show all transactions that were moved from a certain RC to another. 

Last modified

Tags

This page has no custom tags.

Classifications

(not set)