Illume Security Update

Home / Illume Security Update

Illume Security Update

Date: December 21, 2018

In an effort to ensure our products are up to date with the latest security standards, our supported product versions – DatStat Illume 5.0, 6.0, and 6.1 – recently underwent thorough penetration testing. Based on the results of this testing, our product development team has made a series of updates to resolve any located security vulnerabilities in our offerings. The date these updates will be provided to all customer systems is TBD.

The update to the product line will cause HTML used in Participant Fields, Submission Text Responses, and Piping to render as plain text. Please see below for examples of what will no longer be supported in the product after the security related upgrade occurs.

Input: Participant Fields

ppt fields input

Output: Participant List Grids

Before: HTML entered into participant fields rendered in the participant list grid.

ppt list grid - before

Output: Participant Records

Before: HTML entered into participant fields rendered in participant records.

ppt records - before

After: HTML entered into participant fields displays as plain text.

ppt list grid - after

After: HTML entered into participant fields displays as plain text.

ppt records - after

Input: Q1 Response

submissions input

Output: Viewing Q1 Submission

Before: HTML entered into submissions rendered when viewing individual submissions.

viewing submissions - before

After: HTML entered into submissions displays as plain text.

viewing submissions - after

Input: Piping

Piping

Input: Q1 Response

Survey-Before

Output: Data Piping

Before: Piped data containing HTML rendered with the following tags:

  • {participantdata}
  • {prompt}
  • {response}
  • {value}

Survey-After

 

After: Piped HTML displays as plain text.

Piping-After