This release includes new features, improvements, bug fixes, and security updates for the User Portal, Administration Module, workflow applications, and Node.js modules.
Important
- Node.js Security Update - qs DoS vulnerability (CVE-2026-2391)
- Node.js Security Update - express-rate-limit bypass vulnerability (CVE-2026-30827)
Security
-
Bug (#4509): Hardened the Administration Module with CSRF token validation on all mutation endpoints (save, delete, update operations), preventing potential cross-site request forgery attacks.
-
Bug (#4591): Fixed a SQL query parameter validation issue in the portal comments module.
-
Bug (#4587): Fixed a SQL query parameter validation issue in the administration process management module.
-
Bug (#4589): Fixed a potential deadlock in OPENAICHAT HTTP requests under concurrent load.
Portal
-
New Feature (#4525): Enhanced self-service (PULL) action assignment to automatically manage data filter access when actions are assigned, ensuring the assigned user can always access the action.
-
Improvement (#4524): The full-width display mode preference is now stored server-side and syncs across all browsers and devices. New users default to full-width mode.
-
Bug (#4541): Fixed an issue where saving a search view without a process filter stored invalid values in the database, which could cause errors on subsequent view loading.
-
Bug (#4533): Fixed an issue where saving user settings from the standard search results view crashed with a JavaScript error.
-
Bug (#4529): Fixed an issue where the default homepage preference could save an invalid value when the custom view dropdown had not finished loading.
-
Bug (#4522): Fixed a regression introduced in version 9.2.0 where the advanced search grid could display a blank page when handling many results, due to a missing null check on the grid container element.
-
Bug (#4513): Fixed a regression introduced in version 9.2.7 where error messages in the action follow-up form were displayed with encoded HTML entities due to double HTML encoding.
Administration
-
New Feature (#4566): Added Anthropic, Mistral AI, and Google Gemini API settings to the Configuration panel Applications tab, following the same pattern as the existing OpenAI section. Each provider’s section includes API key and API URL fields.
-
New Feature (#4408): Added an Apply to all form activities checkbox in the Form Designer (VALUE IN/OUT panels) and Workflow Designer (Edit parameter panel), enabling mass propagation of data mappings across all EFORMASPX activities in a process.
-
Improvement (#4410): Added a Visibility column to the process data list showing follow-up, search, lists, and home page visibility tags for each data item.
-
Improvement (#4540): Admin slide-in panels are now resizable in width with a draggable handle on the left edge. Panel width preference is persisted per user in localStorage. Table columns in the Edit action panel adapt proportionally to the panel width.
-
Improvement (#4446): Improved the mapping editor UI with increased content area height, better dropdown positioning to prevent clipping, and normalized line-height for consistent rendering across macOS and Windows.
-
Improvement (#4521): Widened the process and participant columns in the user activity report, with columns that expand to fit content and a horizontal scrollbar when needed.
-
Improvement (#4519): Restored keyboard navigation in dropdown lists, allowing users to cycle through matching items by pressing the same letter key repeatedly and continuing from the current position after arrow-key navigation.
-
Improvement (#4520, #4447): Improved dropdown auto-scrolling in action parameter data OUT, theme selection, and startup page dropdowns to ensure all options are visible when opened.
-
Bug (#4535): Fixed an issue where navigating to a non-existent process in admin pages crashed with an unhandled .NET exception instead of displaying a managed error page.
-
Bug (#4450): Fixed an issue where the Neo style Form Designer could not display or resize fields wider than the viewport, by synchronizing the
--content-widthCSS variable with jQuery width changes and enabling horizontal scrolling.
Workflow Applications
-
New Feature (#4511): Enhanced OPENAICHAT with native multi-provider support for Anthropic Claude, Mistral AI, and Google Gemini. The provider is auto-detected from the API URL or can be set explicitly via the new
PROVIDERparameter. Each provider has dedicated API key and URL configuration in theweb.configfile. -
New Feature (#4517): Added audio, document, and file input support to OPENAICHAT with new
USER_AUDIO,USER_DOCUMENT_URL,USER_FILE_ID, andUSER_FILEparameters, including indexed variants for multi-modal content. Supports provider-specific formats across OpenAI, Mistral, Gemini, and Anthropic. -
Improvement (#4550): The
MAX_TOKENSparameter in OPENAICHAT is now optional. When not set or set to 0, the AI provider’s default token limit is used instead of forcing 256 tokens. The Anthropic fallback default has been increased from 256 to 4096 tokens. -
Bug (#4593): Fixed an issue where OPENAICHAT requests with extended thinking or high reasoning effort could time out prematurely due to an insufficient default HTTP timeout.
Node.js Apps
-
Update (#4557): Updated
qsdependency override to>=6.14.2across all Node.js modules to address a DoS vulnerability (CVE-2026-2391). -
Update (#4599): Updated
express-rate-limitto 8.0.2+ in the Auth and Hooks modules to fix a rate-limiting bypass vulnerability (CVE-2026-30827).
Dependencies
- Update (#4563): Updated .NET NuGet packages:
DocuSign.eSign.dll8.4.0 → 8.6.0,BouncyCastle.Cryptography2.4.0 → 2.6.2,EWSoftware.SHFB2025.12.18 → 2026.1.20,Obfuscar2.2.29 → 2.2.50.
Notes
-
Node.js modules updated:
GraphQL v5.4.1,Webhooks v6.3.1,Auth v3.3.1, andSCIM v3.3.1(all require Node.js22.22.0 LTS). -
For background on earlier enhancements and major features, refer to the WorkflowGen 9.0.0, WorkflowGen 9.1.0, WorkflowGen 9.2.4, WorkflowGen 9.3.1 and WorkflowGen 9.4.0 release notes.
Installation Packs
WorkflowGen 9.5.0 (Upgrade)
WorkflowGen 9.5.0 (Clean Install - PowerShell)
WorkflowGen 9.5.0 (Clean Install - Manual)
Documentation
WorkflowGen 9.5.0 Upgrade Guide: English - Français
WorkflowGen 9.5 PowerShell Installation: English - Français
WorkflowGen 9.5 Manual Installation: English - Français
WorkflowGen 9.5 Technical Guide: English - Français
WorkflowGen 9.5 Administration Guide: English - Français
WorkflowGen 9.5 User Portal Guide: English - Français
WorkflowGen 9.5 Integration Guide: English
WorkflowGen 9.5 for Azure: English - Français
WorkflowGen 9.x for Docker: English - Français
WorkflowGen Documentation: English - Français