Known Issues with the Update
When using a Microsoft SQL (MSSQL) database, the first time BL Banking Web is called up in the browser after the update, the database setup page may be displayed with an error message on the JDBC URL field, that includes "unable to find valid certification path to requested target". The message can be fixed by adding parameters to the JDBC URL. First make sure that MSSQL is selected as the database type. Then, if the previous JDBC URL looked like this:
jdbc:sqlserver://localhost:1433;databaseName=blbanking
... it should be adjusted as follows:
jdbc:sqlserver://localhost:1433;databaseName=blbanking;encrypt=true;trustServerCertificate=true
Technical improvements
For load balancing in heavily used systems, BL Banking Web can now be operated in cluster mode with several server nodes. More detailed information can be found in the installation instructions.
If the database is updated in the background after an update of BL Banking Web, status information is now displayed in the web interface.
The EBICS keys of the users are now stored exclusively in the database (encrypted). Previously, the signature keys were stored as encrypted files in the workspace. Existing keys are automatically migrated to the database. The old keybag files are not deleted, but are no longer used by the program.
The security of the application against cross-site scripting (XSS) attacks has been improved.
Settings & User Preferences
To avoid errors and performance problems, the maximum number of entries per page in table views has been limited to 1000.
A new user preference "Initialization of account and originator" has been added to link originators to accounts and to enable account and originator pre-assignment depending on each other.
A new option was added for a user's permission regarding salary payments: "User has permission to see salary payments during signing (without details)"; this user will no longer see recipients, accounts and purposes of salary payments.
In the detail view of a bank account, the users assigned to the bank can now be configured via the new "Users" tab. Previously, bank assignment was only possible in the menu of a user.
Bank connections can now be deactivated locally for individual users - file sending and fetching are then paused without having to remove the bank access and without affecting the user status on the bank side. A deactivated bank access can be reactivated at any time. Administrators can also see and change the status of other users in the "Users" tab of a bank account.
In the detail view of a bank account, the new tabs "Notifications" and "MT101 payments" have been added, in which additional settings can be made.
In the detail view of an account, administrators can now see and change the access permissions of individual users in the new "Permissions" tab.
Users with administrator privileges now see all accounts in the account overview under "Settings", even if they are not assigned to the corresponding bank of an account.
Local users can now be copied. For this purpose, the new action "Duplicate user" is available in the user administration under "More actions".
For certain payment types, the scheme to be used can now be configured under "Send parameters" in the bank settings.
In the detail view of a bank connection, the HTD user profile of the user can now be printed.
It is now possible to use an EBICS customer ID or EBICS user ID with lowercase letters.
Bug fixes
In the "Account selection" tab of a local user, "Authorized" for an account is no longer displayed incorrectly if the user is not assigned to this account and no authorization exists. In addition, banks to which the user is not assigned are no longer visible.
Fixed a bug where too many payments were generated when importing open payments from an EDS order.
Fixed an error that could occur if no fee was specified when creating an Austrian tax office payment template.
Fixed a bug where the tax account number could be formatted incorrectly and not fully saved for Austrian tax office payments.
For Austrian bank accounts, the correct Austrian send order types and fetch order types as well as BTFs are now preset.
Fixed an error that prevented the deletion of tenants for which AVW messages existed.
When creating a bank account with EBICS 3.0, the correct E002/X002 hash values are now preset.
Fixed a bug that caused all fetch schedules of a bank to be deleted when a user was removed from that bank.
Fixed an error during Excel import that could occur if the server language is set to English.
Fixed an error that could occur when selecting "Payments without folders" in the payment templates.
If a connection error occurs while syncing with the Android/iPhone app, the user will now see a corresponding error message.
An error has been fixed that caused the selected country not to be saved for new bank details.
Fixed a bug that could cause URLs that were too long when sending CSV files.
Fixed an error that prevented the overview for periodic payments from being displayed after a database migration.
Fixed a bug where it was no longer possible to switch back to "Intended purpose" when saving a "Creditor reference" in an open payment.
Fixed a bug where very large files (>100 MB) in the EDS could not be signed.
Fixed a bug where it was not possible to create open payments from EDS orders under certain conditions.
If the assignment of a local user (user without bank access) to a bank is removed, no (unnecessary) warning is displayed any more.
Fixed a bug where the "Delete" button in the detail view of an open payment in edit mode was without function.
Fixed a bug where the automatic field assignment did not work when importing payments from Excel files.
Fixed a bug where certain invalid configurations in filter dialogs could cause the corresponding overview page (e.g. bookings) to no longer be displayable.
Fixed a bug where the selection menu for the payment folder could be empty when creating/editing an open payment if the user was assigned to multiple tenants.
Fixed a bug where a periodic payment could no longer be edited after the originator account that is used in the payment was changed.
Possible layout problems caused by too long text content in pop-up dialog windows have been fixed.
Payment recording
For SEPA originators, recipients and payments/direct debits, it is now possible to provide address data. This information is usually only necessary for certain sender/recipient countries. The address data can be entered via a dialog box, which can be opened with the "House" button next to the originator/recipient field.
Added the ability to convert DTAZV recipients into SEPA recipients or international SEPA recipients.
It is now possible to import multiple payment files at once. For this purpose, several files can be selected in the file selection dialog with the CTRL key pressed.
When "4-eyes principle" is used for receiver recording, saving and duplication of recipients is now only allowed for confirmed recipients.
If a user is assigned to several tenants, the user can now select from the recipients of all tenants during payment recording. Previously, the selection was limited to the tenant of the sending account.
The date for the "first execution" of a periodic payment can now be modified as long as no open payment has been created from the periodic payment.
The uniqueness of names for payment templates is no longer checked across different tenants.
If an input error is reported in a form with fold-out "accordion" elements (e.g. DTAZV payment), the corresponding accordion is now always expanded so that the error message is immediately visible.
File Sending & EDS
Historical EDS orders can no longer be deleted by users in the user interface (analogous to signed payments). This change was made to improve the traceability of completed transactions.
If the user preference "Display signed payments from external files" is disabled, the button "Show payment details" and the table "Payments" are now hidden in the sending details when sending external files.
The user experience when signing multiple orders at the same time has been improved.
File Fetching & Fetch Schedules
In the "Fetch schedules" table there is now a new button "Reset fetch schedules", with which the service for the fetch schedules can be restarted if necessary.
Fetch schedules can now use the order type HAA to update the user's list of all available order types.
A warning is now displayed when creating a fetch schedule if the user is not authorized for the order type used.
In the table of fetch schedules, if any problems occurred during the last retrieval, status information is now additionally displayed in the "Last fetch" column.
Account statements
It is now possible to create remittances from account transactions. For this purpose, there is a new button "Create SEPA transfer for this transaction" under transactions/batched transactions.
Exporting multiple MT940 payments now generates a single MT940 file instead of a ZIP file.
Automatic Exports
When creating an automatic export, the tenant can now be selected if several tenants exist.
When editing/creating an automatic export, there is now a new checkbox "Apply export to selected accounts only".
When clicking on "Exported files" in the navigation bar or in the action bar of the automatic exports, all exported files are listed. When clicking on "Display exported files" in the detail view of an individual automatic export, the view is restricted to the files that were created by this export.
General UI Changes
Numerous actions that were previously only offered in the action bars of the overview tables are now also offered in the detail views: for example, signing, deleting, printing and exporting an open payment is now also possible in the detail view of the payment.
"Edit" mode: In numerous form views (e.g. that of an open payment), the fields are now initially locked for editing and can only be changed after the "Edit" mode has been activated using the button in the action bar. In addition, many of the actions offered in the detail view can only be used if the "edit" mode is deactivated. This is intended as a protection against unwanted changes and ensures that no unsaved changes are lost when executing actions in the detail view (e.g. signing an open payment).
The order of buttons in the action bars and sub-items in "More Actions" menus has been unified.
Various buttons for linking similar objects have been added to some pages. For example, in "Retrieved Files" you will find the "Fetch Schedules" button and vice versa.
Some buttons have been renamed to standardize and/or clarify the action they perform.
Tenant management
The "Tenants" and "Edit Tenants" pages have been redesigned. In order to create a new tenant or edit a tenant in the "Tenants" overview, a dialog window now opens instead of a form page, in which the name and the maximum number of participants in the tenant are specified. For existing tenants, this dialog window can be opened with the action button "Edit tenant" in the overview or the detail view. In the detail view of a tenant, the users of the tenant are now listed in an overview. The name and the maximum number of participants for the tenant are now displayed above this user table. The action bar offers the buttons "Edit tenant", "Delete", "Add user" and "Remove from tenant". Clicking on one of the users in the overview table of a tenant opens a dialog window in which detailed information and actions for this user are offered: The user's bank access is displayed with the bank logo, other tenants of the user are displayed, a button for granting/withdrawing the authorization to manage the tenant, as well as a button to edit the user.
If a tenant is selected in the user management, then only the users with administration rights for this tenant are displayed. In this case, users with administration rights for other tenants are shown with a minus symbol. Administrators are always represented with a gear wheel symbol. Users who do not have administration rights for tenants are shown with a minus symbol in the overview. If "All tenants" is selected, all users who have administration rights for one or more tenants are displayed.
A user who has permission to manage a tenant can also grant/revoke this permission to other users under "Tenants".
Settings & Preferences
Parameters for fetching "Credit advices for SEPA instant credit transfers" and for "Batched transaction files" can now be configured in the "Account statements" tab in the settings menu for bank details.
A new column "Protocol version" has been added to the bank overview.
The processing of the user profile (HTD) has been improved: The "Permissions" and "Order types" tabs in the bank details are divided into fetch order types and send order types. In addition, the "Signature class" and "Signatures" columns in the "Order types" and "Permissions" tabs for the fetch order types in the bank details have been removed, as these orders are not signed.
There are two new preferences "Refresh user profile (HTD) automatically" and "Check permission for order type/BTF when recording a payment".
For the sake of clarity, collapsible panels for the "Display settings" and "Print settings" have been added to the payment entry preferences. In addition, these user preferences are now sorted by topic.
Payment Recording
Unstructured or structured addresses can now be used for the payment types "International XML transfer" and "Cheque payment in XML format". Structured and unstructured addresses can be added when entering/editing new SEPA originators and new international (cheque) recipients.
It is now possible to enter the address of the payer for SEPA mandates and direct debits. (This is necessary for debits to Switzerland/Liechtenstein or Great Britain. No address is necessary for direct debits within the European Economic Area.)
The import of payments has been standardized: Open payments, periodic payments and payment templates can now be imported from payment files and from CSV files with payment data. The import form is unified - the type of payment to be imported (open/periodic/template) can be selected using the dropdown menu.
If the mandate management for direct debits is activated, a new mandate can now be created during the creation of a direct debit. Previously, only the selection of existing mandates was possible there.
A new "Status" column has been added to the "SEPA mandates" overview if the recipient was recorded using the 4-eyes principle.
Under "Open Payments" and "Periodic Payments", the initial creator of a payment is now displayed in the "Creator" column.
The forms for entering Austrian foreign payments and Austrian foreign cheque payments had some fields (e.g. "ultimate cheque recipient") that were not supported by the schema. These fields have been removed.
Retrieved Files
If errors occur when processing retrieved files, these files are now marked as erroneus in the "Retrieved files" overview. The error message is displayed in the tooltip and in the detail dialog window.
In the "Retrieved files" overview there is now a new button "Restart processing" with which the selected files can be processed again. This allows to, e.g., restore deleted account statements in the account overview.
Fetch Schedules
Fetch schedules can now also run monthly.
The "Fetch Schedules" overview now has the additional column "Tenant" if "All tenants" is selected in the tenant filter.
Account Statements
The navigation bar now offers a new sub-item "Exported files" in the "Account statements" tab.
The sub-item "Create new group" has been added under "More actions" in the account overview, with which account groups can be created.
A new filter for PDF account statements has been added. In the filter dialog you can filter by bank, account and statement date.
Administrators and users who have administration rights for one or more tenants can now see all automatic exports of their managed tenants, even if the automatic exports are assigned to other users.
Updating system components
Bootstrap was updated to version 5.1.3. An update of jQuery to version 3.6 was also implemented. This is also associated with security improvements, in particular mechanisms against cross site scripting (XSS).
User administration
The administrator or a user who has authorization to manage a tenant can lock/inactivate a user. For this purpose, there is the sub-item "Lock login" in the user administration under "More actions".
As with the login, a user now also has a limited number of attempts to enter the correct password when signing a payment/order until the user is locked. If the user has entered a wrong password five times, he is locked.
Added new permission "Admin user is authorized to create users and to modify or delete other admin users." that allows a Super-Admin to remove these permissions from other administrators.
Permissions "User is authorized to delete account statements and PDF statements." and "User is authorized to edit bank settings." were added.
Two-factor authentication
When adding a security key, one can now add a description. For existing security keys, a description can be added later.
An administrator or a user who has authorization to manage a tenant can remove a two-factor authentication of another user. This function was added so that a user does not have to reinitialize with the bank if a Yubikey is lost.
Bank connection
Users with an active bank connection can enter or change their own subscriber ID in the bank settings. Administrators can change the subscriber ID for users with an active bank connection. If the users's bank connection is inactive, the administrator can delete the subscriber ID.
When creating a user, the associated banks for the user can be assigned and the respective subscriber ID for the banks can be preset. This is optional - the subscriber ID can still be entered or modified during initialization.
If the permission "User is authorized to view banks and accounts in the settings menu." has been granted for an administrator in the user administration, this administrator can create and remove new banks and, in addition, all banks can be edited.
When creating a bank, you can specify the country of the bank; the standard send parameters and fetch parameters are adapted depending on the country. You can select Germany, Switzerland, Austria or France as the country.
If no user profile (HTD) is available, the option "Settings from user profile" for the account authorizations in the user administration is no longer displayed. In such cases there are only two choices: "Authorized" and "Not authorized". The default value is "Authorized".
Tenants
In the overview of tenants, the column "Number of participants" has been added. The column "Number of participants" shows the number of users who are assigned to the tenant and have a bank connection.
A filter function has been added to the overview for tenants, so that searches are simplified here.
If the maximum number of participants of a tenant has been reached, it is still possible to assign users without bank connection to the tenant with the function "Configure users".
In the user administration there is a new authorization "Admin user is authorized to create and delete tenants." which allows Super-Admins to remove these permissions from other administrators. If this authorization is not set, the administrator can still see and edit all tenants, only creation and deletion are limited.
Fetch schedules
An administrator can create a fetch schedule for other users with bank connection. The administrator can assign a fetch schedule to another user. It is also possible for an administrator to create fetch schedules in advance, even though there are no active bank connections yet. In this case, "User is assigned automatically" is entered as the user. When the fetch schedule is executed, it is automatically tried to assign a user with active bank connection to it.
Preferences
The preference "Write EBICS traces" can be set per user.
If the clean up setting in the preference was deactivated, it was no longer possible to activate it. This error has been corrected.
Other
Resetting a filter is now more convenient. When a filter is active, the "Reset" button appears so that you do not have to open the filter dialogue separately.
Accompanying ticket for containers with SEPA payments
When signing sent files, an accompanying ticket is now displayed for containers with SEPA credit transfer and for containers with SEPA direct debits. Containers with SEPA credit transfer are sent with the order type CCC, CCS or CCX and containers with SEPA direct debits are sent with the order type C1C, C1S, C1X, C2C, C2S, C2X, CDC, CDS or CDX.
Payment details of send orders
Clicking on a row in the overview "Sent Files" will take you to the send details of the send order. On this page there is now a button "Show Payment Details", which allows you to view the payment details of the send request.
Above the displayed payment details of a sending order there is now an "Export" button, which allows you to export the payment details as a CSV file.
DTAZV foreign transfer
The option "Equivalent payment in" can only be activated for DTAZV foreign transfers if the account currency of the originator's account is EUR.
If a DTAZV foreign transfer with mixed currencies is transmitted, the total amount over all currencies is displayed without currency in the overview of the sent files.
Filter for periodic payments and payment templates
The overviews for periodic payments and payment templates have been extended by filter functions, thus simplifying the search.
Account overview
The account overview shows the balances of all accounts. If you select accounts, the display of the balances changes and the balances are limited to the selected accounts.
In the user defaults there is the setting "Highlight new account statements in account and entry overviews". With this you can determine whether new account statements and new batched transactions are displayed in bold in the overview. The options are "deactivated", "automatically mark as read" and "manually mark as read". This setting, as well as the account statements marked as "read", are stored separately for each user.
Transactions
The "current balance" column is only displayed in the transactions overview when using the standard sorting, to avoid misinterpretation.
Automatic Exports
Automatic exports regularly create files that an administrator can delete through a cleanup setting. The cleanup setting can be set in the user preferences.
EBICS 3.0
The EBICS version 3.0, which is obligatory for all German banks since November 22, 2021, can now be used for communication with banks. When creating a new bank account, EBICS 3.0 can then be selected. Existing bank connections can also be updated to EBICS 3.0. If the length of the current bank keys is below 2048 bits, the user must change the keys, which however runs automatically and does not require an approval by the bank. If there are other users for this bank access having an insufficient key length, these employees must also perform a key change. Since the security mechanisms that are used in EBICS 2.3 are not longer considered safe, this protocol version is not offered anymore when creating a new bank.
Settings
With the new preference Allow non-administrators to rename accounts, it can be configured that only employees with admistrator privileges are able to define or change account names.
In the bank settings, the information about the used EBICS keys is shown for the current user. The bank names and icons can now only be changed by administrators. In the new tab Send parameters the technical order type (or BTF for EBICS 3.0) to be used for the transfer to the bank can be configured for each payment type.
When creating a new bank connection, a new button was added that allows to automatically determine the newest EBICS protocol version supported by the bank.
In the user administration, an export function has been added to allow to create a CSV file with the information from the overview. Additionally the overview has been extended by a filter to reduce the shown entries in which the user name contains the entered search text.
Orders
A filter function was added to the tables for fetched files and notifications to make searching easier here.
User interface
In the navigation bar, a button for the creation of payments was added to allow quick access to the payment recording page from everywhere in the program. With the new preference Show balance list on start page it is possible to configure that information about the account balances is displayed directly on the start page.
The filter criteria for texts have been extended by two more options to show only these entries in which the according field either starts or ends with the entered text.
In all forms the mandatory fields are marked with an asterisk (*).
AWV notifications
In the table of the notifications, a column has been added to show the origin of the notification, i.e., if it was created from payment data, account statements or manually.
File transfer
In the form for sending files, the file type (SEPA file, CSV or Excel file or for sending general files) must now be specified before uploading.
The filter in the table of sent files now contains the originator account as criterion. So now it is possible to show only the files from the selected originator account.
Access to the order details or the customer protocol of sent files is now only allowed when the current user has permission for the originator account.
When sending orders via an EBICS 3.0 connection, an additional information can be entered, which is shown to the other employees having permission to sign the order when they open the details view of the open EDS order, and afterwards also in the signed or cancelled EDS order. This information is not forwarded to the payment recipient.
The hash value of the sent file is shown in the order details view now.
Distributed Electronical Signature
The tables for signed and cancelled EDS orders again show all orders, not only the orders that the user signed or cancelled himself/herself.
Access to the order details or the customer protocol of signed or cancelled EDS orders is now only allowed when the current user has permission for the originator account.
In the table of open EDS orders, a button has been added that allows to create open payments from the selected orders. So in the case an error is noticed when checking an order, it can be sent again after correction.
Payment recording
When creating a new payment, only those payment types are available that the user has permissions for. Also, in the payment forms only those originator accounts can be selected for which the user has permission.
Austrian tax office payments and Postbar payments are now supported as additional payment types. For these new types, payment originators and recipients a available, too. Tax office payments are a special form of SEPA payments, which allow to record several types of duties (e.g. VAT) for different time periods, and the intended purpose is automatically generated by specification. Postbar (postal cash) payments offer the possibility to send money to a recipient who does not have a bank account.
The payment folders have also been integrated in the tables Signed payments and Payment templates. If an open payment from a folder is signed, it appears in that same folder in the Signed payments table. Similarly, from payment templates that belong to a folder, all open payments that are generated are put inside the same folder.
With the preference Show account number in recipient column it can be configured to show the recipient IBAN for SEPA payments in the table Open payments. Moreover, in the payment tables the account number or IBAN of the originator account can be shown additionally to the account name, if the new preference Show column with IBAN of the originator is activated.
When creating SEPA payments now either the intended purpose or the payment reference can be entered. For differentation, the field currently named Reference has been renamed to End-to-end reference. With the new preference Allow only valid ISO 11649 creditor references it can be configured whether the entered payment reference is to be checked for valid values. Also when importing SEPA payments from CSV or Excel files, a payment reference can now be defined.
In the forms for creating SEPA payments, SEPA recipients and SEPA mandates, for the recipient account a dialog has been added to allow to determine the IBAN and BIC from a German bank code and account number. The preference Display dialog to determine IBAN and BIC allows to configure whether this button shall be shown. Similarly a button with this function has been added to the form for recording German accounts, too.
The payment format of open SEPA credit transfers can be switched between SEPA transfer, SEPA express transfer and SEPA instant transfer during or after payment recording with new buttons provided at the top of the payment form. This is possible only if the user has permissions for the payment types.
In the payment forms, the recipient bank is now shown in a text field if the IBAN or BIC has been entered and if this information allows to determine the bank. For DTAZV international transfers, the bank name is shown there now but not preset anymore in the field Bank name.
The recording of payment recipients can now be done using 'four-eyes principle'. For this, the preference Recipient recording has been extended by the option Allowed in four-eyes principle. If this option is configured, all changes in the recipient data including the creation and deletion must first be confirmed by another user, only then the recipient data is applied in the payment recording. Changed payment recipients are marked in in the table and the modified fields are marked in the forms, so the second, confirming user is informed about the modifications.
It is now possible to create multiple open payments from a payment template in one single action. Additionally, when creating or modifying payment templates, no execution date must be defined anymore.
When importing recipients, the display name can now be specified in the imported file - previously it had just been generated from the recipient name.
Payment import
The payment import from CSV and Excel files now supports MT101 payments, too.
For the import of payments, the check for invalid characters has been extended.
Account statements
The table of the accounts overview now offers three additional columns to be displayed: Opening balance, Total debit transactions and Total credit transactions. These columns can be configured with the new preference Display columns with opening balance, total debit and total credit available in the Display settings of the Account information preferences.
Account statements and bookings can now be exported directly from the user interface using a specified conversion. By now this was only possible using a detour via an automatic export.
Automatic Exports
With the preference Language for automatic exports now the language to use for creating the exported files can be configured. Beside the localized texts it is also applied for the date and amount formats.
Payment recording
When creating payments, the account currency is preselected for the payment.
An error during look-up of BICs in the SCL directory was fixed.
Login
The login name is not case-sensitive anymore.
Payment recording
When recording SEPA debit transfers, an error could occur, if mandate administration is active and originator recording is not allowed. This issue has been fixed.
When creating open payments they are assigned to the folder that is currently opened.
Sending files
When editing folders for files to send, now the send order types are shown for selection.
For the import and direct sending of SEPA payment data, now files in ISO 20022 format can be used.
A performance issue occurred in the fields for selection fetch order types has been fixed.
Update of system components
Play Framework has been updated to version 2.8.8. This is also associated with security improvements, especially mechanisms against Cross site scripting (XSS) and Cross size request forgery (CSRF).
Java is used in version 1.8.292 10.1 now.
Multi-tenancy
It is possible now, to enable a separation of the application data by configuring tenants. So banks and all information belonging to them, payment originators and recipients, SEPA mandates and automatic exports are assigned to exactly one tenant. A user is assigned to at least one tenant but may have access to multiple tenants.
Security
Support of further mechanisms for the two-factor-authorization (additionally to Yubikey): OAth and WebAuthn.
Support for Single Sign On (SSO). To activate it, the information of the OpenID must be configured in the file production.conf.
It is possible now to define a timeout after which active sessions are to be deactivated. This can be configured in the file production.conf with the parameter bl.sessionTimeout.
Fixed that expired passwords are not asked to be renewed.
User interface
A Help button has been added to access the online help of BL Banking Web directly. With that always the entry is opened that belongs to the page that is currently shown.
The application supports three more languages now: French, Spanish and Portuguese.
In the details view of an EDS order the existing signatures are shown in chronological order now.
The function to delete send orders has been removed.
In the table Retrieved files, in column Order additionally to the order type a corresponding text and the fetch period are shown.
Filters configured for the table views are reset after logout.
In table Notifications now is shown to which order the notification belongs.
In the notification details the button for Saving the original files is not shown anymore for notifications from the customer protocol. In this case an empty file has been created before.
When configuring the database connection, the type of the used database can be selected. By this in the field JDBC URL a template is shown.
Bugfixes in editing fetch schedules, bank connections and accounts.
When editing text fields, in most cases only allowed characters are accepted.
User administration
For a user now permission can be specified, if this user gets access for the following areas: account statements, send files, fetch files, EDS, payments, AWV and send folders.
The import of users has been modified, so the user is only created for the import first, the synchronization process is to be started by the user itself when logging in the first time. Additionally inside the import the allocation to already existing banks has been improved.
In the user list every bank state is marked in color depending on the state: green for state Ready, red for state Locked, otherwise black.
When resetting a user the configured two-factor-authentication can be reset as well. In addition to this, when resetting a user its keys are locked on the bank side to allow to do the initialization instantly after logging in the next time.
After changing the own user name the user is not logged out anymore.
When editing a user the setting for the permission to synchronize with the mobile app is considered.
EDS
Inside the EDS history the amounts could have a wrong decimal place in certain circumstances.
Miscellaneous
The application detects if it is tried to send a signature for an EDS order multiple times, e.g. by double-clicking the Sign button. In this case the order has been rejected by the bank before.
A problem when signing multiple EDS orders, in which an error occured for one order, has been fixed.
Sending files
If there are no keys for the bank connection of a users, a corresponding error message is shown when signing.
When sorting inside the payment table it is always sorted by the creation date additionally to the sort criterion.
If files that are to be transferred to the bank have the SEPA format, it is not necessary anymore to specify the bank or order type, this information is taken from the payment data directly.
It is possible now to upload files for sending from a directory inside the application. Files that have been sent successfully from a directory are deleted now.
When signing an order the contained payments are shown in a table.
Performance problems when sending large files and in table Sent files have been fixed.
Payment recording
The originator account that has been used at last is preset when creating the next payment.
When editing SEPA express transfers the fields for ultimate originators and recipients have been removed as they cannot be used. Additionally for the originators and recipients no BIC must be specified anymore and the selectable payment types and categories have been reduced to INTC and CORT.
The selection of the currency for AZV payments has been reduced to entries that are currently valid.
When editing periodic payments in purpose field now a wildcard can be selected to insert it into the purpose field. A description for using the wildcards is show below the field. In the periodic payments table the purpose is also shown if it contains wildcards.
The timeout for web sockets has been increased to 10 min so the import of payment data from a CSV file is not aborted so fast anymore.
Bugfixes when applying the account holder as the originator of a payment or when selecting a SEPA mandate. If the account holder contained special characters (e.g. an ampersand) it has been shown wrong before or the fields has not been filled.
Payment tables
In the open payments table a column for the payment folder has been added, it is only shown if no folder is currently selected. The filter in this table has been expanded, so it is possible now to filter by the user that created the payments.
Below the button New payment only the payment types are shown for which the user has permission on the bank side. If a user doesn't have access to a bank, all payments types are shown.
When importing payments, more detailed error messages are shown. Additionally salary payments are ignored if the user has no permission for editing salary payments.
When modifying multiple open payments the bank has not been updated if the selected originator account belongs to another bank. This error has been fixed.
Account statements
In the account overview it is now possible to apply a text filter on the displayed accounts. Above the overview the posting and value date balances over all displayed accounts are shown. An export of the account overview has been added.
The last selected account group is stored and applied again when showing the account overview again.
In the transactions view in the selection menu for the account statement the date is shown additionally to the statement number. If the transactions for all accounts are shown in the overview, a column for the account is displayed.
In the balance list a column with the standard name of the accounts is displayed, if the preference Display column with standard account name is active. Additionally the balance list can be exported to a CSV file.
Fixed that the date of the last statements fetch is not updated if no data was available.
Automatic Exports
After clicking the button Display exported files in the automatic exports table only the files are shown that belong to the selected exports. If no exports are selected, farther all exported files are shown.
Two-factor authentication with Yubikey tokens
For improved security we now support two-factor authentication. Users can configure one or more Yubikey security tokens, provided by the company Yubico. During login and when signing a payment a one-time password generated by the security token is required as an additional security measure after entering the user password.
Notification about software updates
When a new software version is available, a corresponding note will be shown on the landing page. This note contains a reference to the change log. The update will not be installed automatically.
User administration
Users can be imported more conveniently from a different installation or e.g. BL Banking. This uses the same method that already exists for the synchronisation with the mobile apps (iPhone and Android app). Using the new button "Import user" will lead to a form where you can enter the name of the new user and the synchronisation number. Here you can enter either the 12 digit number or, when using the QR Code synchronisation, the text shown beneath the QR Code.
When setting up the application the first user that is created is no longer required to have a bank access. Thus it is possible to first set up e.g. a technical administrator who can then create further users and banks.
Users can now be reset, e.g. if they forgot their password. When doing this, the bank connections will be reset, so the user needs to reinitialise with the banks as soon as he logs in. In order to be able to do this, the EBICS keys must be reset by the bank.
When the maximum number of allowed users has been reached you will now still be able to create further local users without bank access.
Administration of bank connections
Bank connections can only be created by administrators form now on. Setting up the bank connection is a separate process from the EBICS initialisation, so the administrator, who is creating the bank connection, does not have to do an initialisation. The creation of duplicate bank connections is no longer possible.
Fetch schedules
Additionally to the existing fetch types it is now possible to create a freely configurable fetch schedule. It uses a freely configureable order type and the fetched files can be saved to a configurable directory.
Payments
When selecting the originator account in the payment forms the account holder will be entered into the text box for the originator name.
Customer protocol
The delay for the automatic refresh of the customer protocol after sending a file can now be configured in seconds, not minutes.
Export of balances and balance lists
The balances and balance lists shown in the corresponding tables can now be exported in CSV format via the download function of the browser.
PDF statements
The order type used for PDF statements can now be configured in the bank settings.
Bookings
The sorting of bookings by booking date or value date has been corrected for advices with multiple statements per day, so the current balance is displayed chronologically correctly.
Bugfixes for PDF statements
Some problems have been fixed that were caused by invalid PDF statement files.
Account groups from balance list
When creating account groups from the balance list view, an error occurred when using a PostgreSQL database. This behavior has been fixed.
Bugfixes for PDF statements
The date for fetching and the download of existing statements have been fixed.
Presentation
If only the bank icon without the name is shown in the tables, the bank name appears as a tooltip on the bank icon
When displaying amounts, they are shown in red, if the amount is debitted from own accounts. Amounts that are credited to own accounts still appear in black.
Sending files from transfer folders
Folders can be configured to hand over files that are to be transferred. These files are listed under the new menu item "Orders" -> "Files to transfer" and can be sent directly from there.
Create and send SEPA instant payments
SEPA instant payments can now be created and sent.
Displaying payment details when signing and order and in open and historical EDS orders
In the views "Sign order" and "Details for EDS order" the payment details are listed in a table for known payment formats. By selecting the payments the payment details can be displayed.
Total amount of the selected payments in the payment tables
In the views "Open payments", "Periodic payments" and "Payment templates" the total amount of the selected payments is displayed when selecting two or more payments having the same currency.
Extended payment filter in open and signed payments
In the views "Open payments" and "Signed payments" the filter can be set for an originator account and the execution date.
Bugfixes/optimization
In the edit page for payments the ampersand character can be used in text search for payment recipients.
Fix for the currency shown in table "Sent files" for SEPA credit transfers.
In the view "Sign order" a button has been added to print the accompanying ticket.
Presentation
In the transactions table, the sorting was fixed for statements having multiple pages.
With the new preference "Show single bookings instead of batched bookings" it can be configured, if the single bookings in the view "Transactions" are shown directly or the batched bookings at first.
When creating or editing automatic exports the accounts to apply the automatic export for are shown with a check box.
Adjustments in the user administration
In the overview table of the users the time of the last login and the number of failed login attempts are displayed for each user. Is the number of possible attempts exceeded, an adminstrator can reset this value back to 0, so the user can newly try to log in.
Adjustments for MT101 payments
In the send report of a RFT order, analogously to the other payment formats (SEPA and DTAZV) a table with the payment details is printed.
If a user is not permitted for the originator account, a wrong originator account was shown in the payment details of the EDS order. The page for the MT101 payment details has been adjusted, so the correct originator account is displayed correctly is this case, too.
Printing of the account overview
If the column for the standard name (e.g. the IBAN) is displayed in the account overview, it also appears in the printed overview.
AWV notifications
It is possible to record registration parts according to the German foreign trade regulations (AWV) and export them in a Z4 file or in CSV format for a report month. The information that is to be reported can be extracted from account statements and sent payments so it can be completed manually.
Bank settings
In the bank details the DTAZV and EDS settings are displayed to allow to modify the configuration.
Bugfixes/optimization
Now SSL key files that are not protected (or protected with an empty password) can be configured in the SSL settings.
The user setting for "Administrator" is deactivated, if the user is editing itself.
The EDS overview is also fetched automatically after the user logged out from the application and subsequently logged in again (possibly another user).
SEPA payments
The option "Display as single transaction in the account statement (only for SEPA)" when importing or directly sending SEPA payments from CSV files was fixed.
When editing SEPA payments the purpose is set when the recipient is selected.
DTAZV and MT101 payments
When editing DTAZV recipients, unknown BICs are allowed now, too.
For DTAZV payments with accounts having different currencies than EUR, now the correct originator account is displayed.
When selecting the originator account for DTAZV and MT101 payments, the currency of the payment is set to the account currency.
When editing DTAZV payments the bank name is updated if known BICs are selected.
Fetch schedules for PDF statements
PDF (or BKA) statements can be fetched scheduled (or manually) now. If the view "PDF statements" fetched statements can be viewed, saved and deleted. The export directory for these files can be configured.
Bugfix
The start and end time for fetch schedules is checked when it is saved, a wrong input could cause, that the user could not log in anymore.
Setup
For the operating systems Linux and MacOS the program ist distributed as a setup, by now this only existed for Windows. The setup assistant was improved and extended, so the proxy and SSL settings can be configured here.
The password for the SSL key file is stored itself encrypted in the configuration files.
The supplied Java has been updated to version 8 build 181.
EDS overview
If multiple banks are configured with the same name, only the orders of one of these banks have been displayed. This bug is fixed, now also in this case all open EDS orders are shown.
miscellaneous
For the folder, in which the EBICS user keys are stored, the umlauts are converted as otherwise encoding errors could occur.
For users can be configured now, if they are allowed to synchronize the EBICS access information with a mobile app.
IBANs are shown everywhere formatted in groups of four characters.
MT101 payments
Payments in MT101 format (order type RFT) can be created and edited. Analogously to the existing payment types, the originators and payment recipients can be managed for MT101 payments, too.
DTAZV payments
Counter value payments are also possible. if the currency is set to EUR.
When creating new payments, EUR is set as currency.
A bug determining the recipient country from the IBAN or BIC has been fixed.
SEPA payments
For SEPA payments with other currencies than EUR the order type XCT is used. Is the user not permitted for this order type, a corresponding message is shown when editing the payment.
miscellaneous
From the payment data of the sent orders the originator information is extracted and stored in the application.
The setting for the salary payments are applied in all views. Also saving salary payments is denied if it is configured that the user should not see the salary payments or the amounts are hidden for these payments.
If the preference "Extract sent orders of other users from the customer protocol" is activated, unknown orders can be created from the information found in the customer protocol.
If a user is not permitted for an order type, a corresponding error message is shown when saving payments for this order type.
When saving periodic payments, an open payment is created if it is due.
Conversions
Conversions now can be imported from another application and exported from BL Banking Web.
Account administration
When saving account settings with activated option "Show value date balances without cash concentration" it is checked, if the fields "Opening balance" and start date are set, because otherwise it has come to problems then.
User administration
The button for creating a new user is also shown, if the allowed maximum number of users exceeded. The button then appears deactivated and a tool tip with a corresponding message. The check if the maximum number of users exceed was not working correctly before and has been fixed.
Creating and editing accounts
The administration of user permissions has been removed from the form for accounts, because it caused several different problems. The permissions can be set inside the user administration.
Also for manual accounts the bank can not be modified in retrospective as it leads to problems with database entries referencing them. If the bank of an account is to be changed, the account needs to be deleted first (including the referencing entries) and a new one needs to be created.
Account permissions in periodic payments and payment templates
In the views for periodic payments and payment templates are only shown the accounts for which the user has permissions for.
Fix in DTAZV payments
For DTAZV payments the account currency of the originator account is stored in the payment data.
Sending of payments from invalid CSV files
If it is tried to send payments from invalid CSV files, more precise error messages are shown.
New preference to only show the accounts for which the user has permissions
With the new preference "Display only accounts for which payment permissions exist" can be configured, if only accounts are shown in the account overview, for which the user has permissions for.
Editing automatic exports
A problem was fixed that could occur when saving automatic exports.
Bugfixes
A problem for Javascript calls in Firefox and Internet Explorer has been fixed.
Users without bank access were getting an error by now when sending traces. This problem has been fixed.
First version