What's happened?

In November 2020, we released a new Polls & Surveys feature which gives you the option to send a notification about any new submissions to those with 'Manage' rights. 

Last week, we discovered that when a Poll or Survey is set to ‘Anonymous’, and when the setting to send a notification to those with ‘Manage’ rights is enabled, the notification discloses who submitted the response along with their actual response. This affected both in-system and email notifications, but only those with Manage rights for the survey or Poll would see the submitter's name. The user-facing results remain completely anonymous.

The Audit panel is not affected by this bug, and still records users’ entries as anonymous. 

Which systems are affected?

Only Polls & Surveys version 2.2.0, available on Claromentis 8.10, is affected.

Is the issue fixed?

Yes - we fixed the issue as soon as we discovered it last week. The fix is available in Polls & Surveys version 2.2.1.

How do I find out if my Claromentis version is affected?

To see if you are affected, please go to Admin > System on your intranet and check the list of installed modules to see if your Polls & Surveys module is on the affected 2.2.0 version.

How do I get the fix?

To get your Polls & Surveys module on 2.2.1, which includes the bug fix, please submit a module minor upgrade here and our teams will work with you as soon as possible to schedule an upgrade.