Package Upgrade required to manage Security Vulnerability of version 1.59 and above to 1.60.36

Dear Customer,

Greetings from SMS-Magic!

We value your association with SMS-Magic and thank you for using our products and services.

Due to a security vulnerability issue, you need to upgrade the SMS-Magic Converse package to the latest version i.e. 1.60.36.

Security Vulnerability Issue

The following security vulnerability issue has been reported:

Application Details SMS Magic Converse
Package ID: 033U0000000TVWmIAO
Listing Link https://appexchange.salesforce.com/listingDetail?listingId=a0N300000024XvyEAE
Issue Description Using the following library with known vulnerabilities:
1. jQuery
2. jQuery UI Dialog
3. Angular.js
Impact of vulnerability on Customer Org Customers org doesn’t have any security vulnerability due to these libraries as all the above libraries were used by deprecated feature and are no longer referenced in our code

Affected Versions

Kindly note that the following versions have been affected by this issue:

  • 1.60.28
  • 1.60.24
  • 1.60.17
  • 1.60
  • 1.59.7
  • 1.59.6
  • 1.59.2

Way to upgrade

We can fix the security vulnerability issue by upgrading the SMS-Magic Converse package to the latest version i.e. 1.60.36. Please reach out to your Account Manager or the Customer Success Team at care@screen-magic.com for a guided upgrade.

We request you to immediately upgrade to the latest version i.e. 1.60.36 for uninterrupted service. 

In case of any queries, feel free to write to/call our Customer Support Team at:

Email ID: care@sms-magic.com

Phone: US: 1-888-568-1315 | UK: 0-808-189-1305 | AUS: 1-800-823-175




Grant Access to Custom Settings – Critical Update

Salesforce Spring’20 Critical Updates

Users without the Customize Application permission can read custom settings using APIs that are provided by Salesforce. This access will be revoked as part of a critical update that is scheduled to be rolled out with the Spring ’20 release on January 3, 2020.After the critical update, users without the Customize Application permission no longer can access custom settings. You can read more at critical update.

SMS Magic Impact

This critical update will affect SMS-Magic capabillities like sending messages, receiving incoming messages, etc. If you are unable to send messages or see any error message shown in the below example, please check the debug logs.

This can be checked by debugging logs. This can be tested by sending a SMS from Salesforce from any source. The expected error for the aforementioned issue would display empty API Key. A sample log has been shared below.

08:51:23.27 (168325762)|FATAL_ERROR|
System.SecurityException: Empty key Class.System.Crypto.
generateMac: line 20, column 1 Class.smagicinteract.
SMSUtility.getSignatureHMAC: line 250, column 1 Class.smagicinteract.
SMSUtility.makeHTTPCallout: line 294, column 1 Class.smagicinteract.
SMSUtility.sendSMSHTTPRequest: line 119, column 1 Class.smagicinteract.
SMSUtility.callSMSAPI: line 91, column 1 08:51:23.27 (168341216)|FATAL_ERROR|
System.SecurityException: Empty key Class.System.Crypto.
generateMac: line 20, column 1 Class.smagicinteract.
SMSUtility.getSignatureHMAC: line 250, column 1 Class.smagicinteract.
SMSUtility.makeHTTPCallout: line 294, column 1 Class.smagicinteract.
SMSUtility.sendSMSHTTPRequest: line 119, column 1 Class.smagicinteract.
SMSUtility.callSMSAPI: line 91, column 1 08:51:23.168 (168349756)|CUMULATIVE_LIMIT_USAGE 0

Changes to be Made

  • You must manually assign the “View All Custom Settings” permission under Profiles / Permission of users.

OR

  • You must assign SMS-magic packaged permission set “SMS Converse conversation user” to give access to only SMS-magic custom settings. [To get the desired package version link, Please reach out to us at care@screen-magic.com]