Release Notes

S.No.

Feature

Description

1

eChallan module

1. Generate e-challans / bill for all miscellaneous / Adhoc services which citizens avail from ULBs

2. Edit/Cancel e-challan/bill

3. The ability for ULBs to Notify citizens about the outstanding payments - Online(email & SMS) and offline.

4. Enable Digital payments for citizens - QR code, payment link in notifications, etc.

2

WhatsApp Bill Payment and PGR v2 integration with redesigned Chatbot (xState)

Bill Payment:

1. Search and View Bill `

   1. View my Bills

   2. Search Bills Based on

      1. Consumer Number

      2. Application Number

      3. Mobile Number etc

   3. View Bill

      1. Amount Due

      2. Bill copy (PDF)

2. Payment

   1. Pay bills through quick payment links

   2. Payment confirmation/failure notification

   3. Payment receipt (PDF) on successful payment

3. Multi-Language Support

   1. Hindi Localization (For Chats)

PGR:

1. Geo-Location tagging

2. Two steps complaint category and type

3. Hindi Localization (For Chats)

4. PGR v1 & v2 support

3

Property Tax Citizen flow UI/UX revamp

Updated workflows and user interface changes in the following business cases -

• PT - Quick Pay

• Create Property

• My Properties

• My Applications

S.No.

Updated Feature

Description

1

Fire NOC Enhancements

Send back to Citizen in Fire NOC

2

Property Tax Enhancements

Arrears Breakup in Property Tax Due

3

Hindi Localization

Hindi Localization of all labels, messages, notifications, and MDMS drop-down data of all the modules

4

QA Automaton of APIs

APIs automation for

• Core Services

• Business Services

• Municipal Services

  • End to End APIs automation for Property Tax, Trade License, mCollect, Water & Sewerage, Fire NOC, Building Plan Approval, FSM, and PGR.

• Here is the document with the details of services automated and README documentation which details the detailed steps to execute the automation

5

Platform Security Audit fixes

Listed below are the security vulnerabilities identified as part of the security audit. Few of them are as per design and justification is provided for these. Others are fixed at the code level.

1. Privilege Escalation

2. Failure to restrict URL Access

3. Insecure direct object references (IDOR)

4. Malicious file upload leads to Cross Site scripting

5. Improper Authentication

6. Missing Account Lockout

7. Request Throttling Attack

8. Weak Encoding Mechanism

9. Sensitive Information in URL

10. Lack of Automatic Session Expiration

11. Concurrent Session

12. Improper Error Handling

13. Improper Input Validation

14. Mail Command Injection

15. Use of hardcoded credentials

16. Use of sensitive information into configuration file

17. Exclude unsanitized user input from format strings

18. HTTP Parameter Pollution

19. Standard pseudo-random number generators cannot withstand cryptographic attacks

20. Weak cryptographic hash

21. Insecure SSL configuration

22. Improper Neutralization of CRLF Sequences in HTTP Header

23. Avoid Capturing Java.Lang Security Exception

24. Always normalize system inputs

25. Avoid the Command Throws within Finally

26. Close Input and Output resources in finally block

27. Cross Site Request Forgery

28. Cross Site Scripting - Stored

29. Insufficient Cookie Attributes

30. Code Injection

31. Exclude unsanitized user input from format strings

32. Avoid data submissions to non-editable fields

33. Potential Infinite Loops

34. Avoid dangerous J2EE API, use replacements from security-focused libraries (like OWASP ESAPI)

35. Do not allow external input to control resource identifiers

36. The setter method for an identifier property (id or composite-id) should be private

Here are the security fixes guidelines as a handbook for best practices and guidelines.

6

Technical Improvements

• PDF service refactoring for Localization API calls optimization

• Timezone configuration support for all the services

• Standard product Workflow bundling as part of the product

7

eDCR Enhancements

1. Enhanced Door, to support door widths with color code. The color code is used to identify the type of door

2. Fix of security audit issues

3. Cleanup unused code and database tables

8

Finance

1. Hard coded sub domain formation logic changed, preparing dynamic sub domain url by reading env from the configuration

2. Fixed the security audit issues