<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2728387060522524&amp;ev=PageView&amp;noscript=1">
Skip to content
Contact us Customer support portal
  • There are no suggestions because the search field is empty.

v25.03-4 Release Notes

Patched critical #IngressNightmare vulnerabilities, enhanced session and password security, and added real-world use cases to our API docs to improve integration clarity and developer experience.

🔒 Security Update: Patch for Ingress NGINX Vulnerabilities (#IngressNightmare)

We have fully addressed and patched a set of high-severity vulnerabilities in the Ingress NGINX Controller for Kubernetes (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), collectively known as #IngressNightmare. These unauthenticated Remote Code Execution vulnerabilities, discovered by Wiz Research, could allow unauthorized access to secrets across all namespaces in a Kubernetes cluster, with a potential for full cluster takeover (CVSS v3.1 score: 9.8).

All servers have been successfully upgraded. While our systems were never directly exposed to the risk, we took immediate and proactive steps to eliminate any potential attack vectors. Furthermore, our internal privilege boundaries and access controls provided an additional layer of protection against exploitation.

Customers can be assured that:

  • All servers have been patched and are secure.

  • No data was exposed or compromised.

  • Our systems were not at direct risk, and we remain protected against privilege escalation scenarios.

 

🔐 Enhanced Session & Password Security in ID API

As part of our ongoing commitment to platform security and user safety, we released an update that includes several important changes aimed at hardening authentication workflows and improving user experience.

Key Changes:

  • Session Fixation Protection: We've resolved a vulnerability related to session fixation, closing a potential attack vector identified during our recent penetration test.

  • Refresh Token Invalidation on Sign-Out & Password Change:
    Signing out or changing your password now invalidates the active refresh token.
    🔁 This means that if you're signed in across multiple tabs or apps, those sessions will be terminated the next time the token is refreshed or you switch tenants.
    This change was recommended by security auditors and improves protection against session hijacking.

  • New Password Must Differ from Current:
    Users can no longer reuse their current password when setting a new one.

  • User Model Cleanup: Internal improvements to simplify and future-proof user data handling.

These updates strengthen both security and user experience by ensuring safer session handling and encouraging better password hygiene.

 

📘 API Documentation Update: New “Use Cases & Examples” Section

To make integrating with our platform easier and more efficient, we've added a brand-new chapter to our API documentation: Use Cases & Examples.

This section provides real-world integration scenarios and best practices to help you seamlessly incorporate our API into your workflows. Whether you're automating document processing, extracting key fields, or connecting with third-party systems, you’ll find practical examples to guide you.

What’s included:

  • ✅ Step-by-step walkthroughs of common integration patterns

  • 💡 Code snippets in popular languages

  • 🚀 Tips for optimizing performance and reliability

  • 🔄 Best practices for maintaining clean, maintainable integrations

We recommend checking it out as a starting point for any new integration work — or even to enhance your current setup with some fresh insights.

 

🔭 What’s Next

We're continuously evolving our platform to deliver smarter automation and better user experiences. Here’s a sneak peek at what’s coming soon:

  • Upgraded AI Models for Better Out-of-the-Box Extraction
    We're rolling out new AI model iterations to improve extraction accuracy without custom training. These upgrades bring better defaults, especially for standard document types and layouts.

  • LLM Extraction + Coordinates (First Iteration)
    Our next update will introduce coordinate support for fields extracted using Large Language Models. This means you'll not only get the extracted value but also where it appears in the document — enabling smarter automation and UI interactions.

  • Line Item Detection Improvements
    We're enhancing our line item handling with improved structure detection, better grouping logic, and more resilient performance across complex tables.

  • Document Viewer Upgrades in Configuration
    The configuration interface is getting a facelift, including viewer improvements to make it easier to review, test, and fine-tune extraction settings.

These updates are already in motion — stay tuned for release announcements in the coming weeks!

 

🐛 Fixed

  • major fixes described in detail in chapter above

 

 
📧 Leave your email and stay up to date with new releases 📧