Skip to content

Add-on

GDPR Add-on Might be Affected by Security Improvement in Lime CRM

Older versions of the GDPR add-on might be affected by a security improvement in the Lime CRM platform.

Who Does This Concern?

This only concerns customers that fulfill all the below requirements:

  • Use the GDPR add-on in the desktop client.
  • Have not installed the add-on or upgraded its LBS apps since 2022-11-10. I.e., the LBS apps are from a lower version than 3.6.1.
  • Are running lime-crm v2.761.3 or later. This is the upcoming on-premise Lime CRM server release (planned to be named 2024.1).

Symptoms

The buttons in the GDPR add-on to download the personal information as an Excel file or a JSON file will no longer work.

Solution

  1. Upgrade the limepkg-gdpr package to the latest version. Check the GDPR add-on documentation for guidance.
  2. Make sure to remember to replace the LBS apps used by the add-on.

Please note that if you are running the predecessor package lime-crm-gdpr, the first action you must to do is to migrate over to limepkg-gdpr.

BankID Secure start in Lime products

What is "BankID Secure start"?

The Swedish e-identification service “BankID” sharpens the requirements on starting an identification or signing process in their applications in order to increase the security and prevent risk of fraud. Details about the requirements, reasons behind and an FAQ is available on https://www.bankid.com/en/foretag/secure-start

What will be changed?

Lime Technologies will build a new version of Lime BankID API and JavaScript application that fully supports “Secure start”. It will no longer be possible to start a BankID identification/signing in someone's BankID app just by providing the personal identity number. Instead, the user can choose to autostart the BankID app on the same device, as where it is requested, or on another device by scanning the animated QR code. The identification/signing can still be locked to a specific personal identity number, for example in authentication or signature processes.

Timeline

1st of January 2024 - New version of Lime BankID API available that fully supports BankID “Secure start”. Documentation is now available at https://bankid.lime-technologies.com/api/v2/docs

10th of January 2024 - New version of Lime Forms available with support for the new Lime BankID API. Lime Forms v2.87.2 have full support for Lime BankID API v2 as well as an updated frontend package.

1st of January - 30th of April 2024 - Adaptation period for services and applications consuming the Lime BankID API.

1st of May 2024 - “Secure start” is required and non adapted services will not be functional

Affected applications and necessary actions

Lime Forms

An upgrade is highly recommended for all customers having BankID enabled in Lime Forms. Contact your customer responsible to schedule it during the adaptation period. Lime Forms v2.87.2 available from 2024-01-10 has full support for Secure start.

Lime Portal

No changes are required for customers using BankID for Lime Portal authentication.

eSign

An upgraded version of Lime eSign will be released in the beginning of 2024 and announced separately to affected customers. Lime Technologies will take care of all necessary upgrades for Lime CRM cloud customers but Lime CRM on-premise customers need to make sure that eSign is upgraded well before 1st of May 2024.

BankID desktop application in Lime CRM

An updated version will be released in February 2024 and communicated separately to affected customers.

The installer portal (För- & Färdiganmälan)

Lime Technologies will take care of all necessary upgrades.

Custom integrations towards Lime BankID API

Customers that have built their own integrations towards Lime BankID API are responsible to redirect the integration towards the new version of the API. The same goes for any necessary UI changes used with the integration. The documentation of v2 of Lime BankID API is now available at https://bankid.lime-technologies.com/api/v2/docs