Important: Anonymous Polls & Surveys User Exposure Bug
Public News | 5 February 2021
In November 2020, we released a new Polls & Surveys feature which gives you the option to send a notification about any new submissions to those with 'Manage' rights.
Last week, we discovered that when a Poll or Survey is set to ‘Anonymous’, and when the setting to send a notification to those with ‘Manage’ rights is enabled, the notification discloses who submitted the response along with their actual response. This affected both in-system and email notifications, but only those with Manage rights for the survey or Poll would see the submitter's name. The user-facing results remain completely anonymous.
The Audit panel is not affected by this bug, and still records users’ entries as anonymous.
Which systems are affected?
Only Polls & Surveys version 2.2.0, available on Claromentis 8.10, is affected.
Is the issue fixed?
Yes - we fixed the issue as soon as we discovered it last week. The fix is available in Polls & Surveys version 2.2.1.
How do I find out if my Claromentis version is affected?
To see if you are affected, please go to Admin > System on your intranet and check the list of installed modules to see if your Polls & Surveys module is on the affected 2.2.0 version.
How do I get the fix?
To get your Polls & Surveys module on 2.2.1, which includes the bug fix, please submit a module minor upgrade here and our teams will work with you as soon as possible to schedule an upgrade.
View all news