Important: Anonymous Polls & Surveys User Exposure Bug

Public News | 5 February 2021 by Mhairi Hutton intranet, bug

 

We uncovered and fixed a bug in Polls & Surveys v2.2.0. Read our article to learn what this means.

What's happened?

In November 2020, we released a new Polls & Surveys feature which gives you the option to send a notification about any new submissions to those with 'Manage' rights. 

Last week, we discovered that when a Poll or Survey is set to ‘Anonymous’, and when the setting to send a notification to those with ‘Manage’ rights is enabled, the notification discloses who submitted the response along with their actual response. This affected both in-system and email notifications, but only those with Manage rights for the survey or Poll would see the submitter's name. The user-facing results remain completely anonymous.

The Audit panel is not affected by this bug, and still records users’ entries as anonymous. 

 

Which systems are affected?

Only Polls & Surveys version 2.2.0, available on Claromentis 8.10, is affected.

 

Is the issue fixed?

Yes - we fixed the issue as soon as we discovered it last week. The fix is available in Polls & Surveys version 2.2.1.

 

How do I find out if my Claromentis version is affected?

To see if you are affected, please go to Admin > System on your intranet and check the list of installed modules to see if your Polls & Surveys module is on the affected 2.2.0 version.

 

How do I get the fix?

To get your Polls & Surveys module on 2.2.1, which includes the bug fix, please submit a module minor upgrade here and our teams will work with you as soon as possible to schedule an upgrade.


3 Likes
Share

 

[Discuss]

photo photo
[deleted user] {{ comment.user.is_me ? cc.translations.my_comment : comment.user.name }} {{ comment.user.is_me ? cc.translations.my_comment : comment.user.name }} {{comment.user.name}} [wrote]...
[Reply] [Like] [Unlike]  {{comment.like_count}} [person] [people] [liked this] [Edit] [Delete] {{ comment.timestamp.date_str }}

[Loading...]

View all news