TE Academy is now live! We will improve the site step by step - read more here!
Learn
Guides & tutorials
what's new
Release notes
Articles
Roadmap
events & webinars
Events
Webinars
Recorded sessions
more
Service Status
About TE Academy
News
Release note
Release note
Release note
July 4, 2025

New release Evaluation 6.20

The release notes provide information on the features and improvements in the specified version.
Evaluation

Improvements

The issues in release mentioned under the section improvements are considered as new functionality, user experience improvements and bug fixes.

Batch (csv) upload of evaluations fails - EV-343

When importing a slightly larger csv with evaluations using the CSV import an error was thrown. Digging in the logs the issue was found and was an easy fix. The timeout for the CSV upload was set at a too short time and has now been extended to also support import of larger files.

Adding a participant should not throw a server error - EV-342

Incidentally, adding an ad-hoc participant to an evaluation the applications showed a server error. This was caused in case an evaluation type was defined and the 'preferred email address recipient' has been left empty.

This has been fixed by:

  • setting the default preferred email address recipient for all evaluation types on creation of a new type to Pubilc
  • making the field preferred email address recipient a required field
  • apply a script to check if there are types with no preferred email address recipient set, and set it to Public

Security

An integral part of our develop and build processes is automatic scanning for known security vulnerabilities. The vulnerabilities will be fixed based on their impact, which means that in some cases an immediate hot-fix will be applied, and in other cases the vulnerability will be fixed in the current or next Sprint (release). The security section provides an overview of the vulnerabilities mitigated.

This release mitigates the following vulnerabilities:

  • CVE-2025-49146(8.8)
  • CVE-2025-22233(2.29)
  • CVE-2025-41232(9.3)
  • CVE-2025-41234(7.4)
  • CVE-2025-48988(7.5)

For more information on reported vulnerabilities, see the central database of vulnerabilities.

Audit security findings - EV-344

Based on a security audit and its findings on accessibility of the internal-only used API a number of fixes have been applied to further 'restrict access' and 'data visualisation' accessing the API anonymous:

  • API service blocks: the blocks are used in the anonymous reports and are therefore open accessible. The anonymous result has been modified to only provide the exact required information for the reports and no other fields.
  • API service participate/progress: this seemed to be excluded from the authorisation (even though it was set) and allowed retrieval of evaluation information. This was caused by the fact the service has a / in it. This has been changed to participate-progress to use the intended authentication requirement.
  • API service answers: provided some meta-data, but should give an error when accessing anonymous. This has been fixed.

For more guidance on configuration and setup of Evaluation, use the relevant Evaluation manual.

More Release Notes

All release notes

Customer unique training

This class is available to receive tailor made for your database set-up. Just fill out the form below and our product expert will get in touch with you to set-up your bespoke class.
I want a bespoke class