1

Important Announcement – Enable MFA via permission set

|

Dear Customer,

Greetings from SMS-Magic!

Trust you and your loved ones are staying safe and in good health.

We value your association with SMS-Magic and thank you for using our product.

We would like to bring to your notice that beginning 1st February 2022, all customers are required to enable MFA in order to have uninterrupted access to Salesforce products (Reference). 

Customers can enable MFA in two ways, i.e. at the profile level or via the permission set. 

However, we have confirmed that if you enable MFA at the profile level, package functionalities such as converse apps bulk campaign, bulk SMS listview, and campaign manager will be hampered. 

Following are the functionalities that will be impacted when MFA is enabled at the profile level: 

  1. Converse Apps Bulk Campaign – Sending a message by selecting list view (Campaign stays in running state)
  2. Bulk SMS List view – Schedule functionality (SMS history records not created)
  3. Campaign Manager – Sending a campaign to a selected list view (messages sent to more records other than selected list view)

We have verified that, if MFA is enabled via permissionset instead of enabling it at the profile level, all package functionalities will work as expected.

We request you to follow the below steps to enable MFA via permission set:
Refer – “Step 3 & Step 4: Create a permission set for multi-factor authentication & assign permission sets to users” in the following trailhead.

https://trailhead.salesforce.com/en/content/learn/modules/identity_login/identity_login_2fa

In case of any queries, feel free to write to/call our Customer Support Team at:

Email ID: care@screen-magic.com

Phone: US: 1-888-568-1315 | UK: 0-808-189-1305 | AUS: 1-800-823-175



Package Upgrade required to manage Security Vulnerability of version 1.59 and above to 1.60.36

|

Dear Customer,

Greetings from SMS-Magic!

We value your association with SMS-Magic and thank you for using our products and services.

Due to a security vulnerability issue, you need to upgrade the SMS-Magic Converse package to the latest version i.e. 1.60.36.

Security Vulnerability Issue

The following security vulnerability issue has been reported:

Application Details SMS Magic Converse
Package ID: 033U0000000TVWmIAO
Listing Link https://appexchange.salesforce.com/listingDetail?listingId=a0N300000024XvyEAE
Issue Description Using the following library with known vulnerabilities:
1. jQuery
2. jQuery UI Dialog
3. Angular.js
Impact of vulnerability on Customer Org Customers org doesn’t have any security vulnerability due to these libraries as all the above libraries were used by deprecated feature and are no longer referenced in our code

Affected Versions

Kindly note that the following versions have been affected by this issue:

  • 1.60.28
  • 1.60.24
  • 1.60.17
  • 1.60
  • 1.59.7
  • 1.59.6
  • 1.59.2

Way to upgrade

We can fix the security vulnerability issue by upgrading the SMS-Magic Converse package to the latest version i.e. 1.60.36. Please reach out to your Account Manager or the Customer Success Team at care@screen-magic.com for a guided upgrade.

We request you to immediately upgrade to the latest version i.e. 1.60.36 for uninterrupted service. 

In case of any queries, feel free to write to/call our Customer Support Team at:

Email ID: care@sms-magic.com

Phone: US: 1-888-568-1315 | UK: 0-808-189-1305 | AUS: 1-800-823-175



Grant Access to Custom Settings – Critical Update

|

Salesforce Spring’20 Critical Updates

Users without the Customize Application permission can read custom settings using APIs that are provided by Salesforce. This access will be revoked as part of a critical update that is scheduled to be rolled out with the Spring ’20 release on January 3, 2020.After the critical update, users without the Customize Application permission no longer can access custom settings. You can read more at critical update.

SMS Magic Impact

This critical update will affect SMS-Magic capabillities like sending messages, receiving incoming messages, etc. If you are unable to send messages or see any error message shown in the below example, please check the debug logs.

This can be checked by debugging logs. This can be tested by sending a SMS from Salesforce from any source. The expected error for the aforementioned issue would display empty API Key. A sample log has been shared below.

08:51:23.27 (168325762)|FATAL_ERROR|
 System.SecurityException: Empty key Class.System.Crypto.
 generateMac: line 20, column 1 Class.smagicinteract.
 SMSUtility.getSignatureHMAC: line 250, column 1 Class.smagicinteract.
 SMSUtility.makeHTTPCallout: line 294, column 1 Class.smagicinteract.
 SMSUtility.sendSMSHTTPRequest: line 119, column 1 Class.smagicinteract.
 SMSUtility.callSMSAPI: line 91, column 1 08:51:23.27 (168341216)|FATAL_ERROR|
 System.SecurityException: Empty key Class.System.Crypto.
 generateMac: line 20, column 1 Class.smagicinteract.
 SMSUtility.getSignatureHMAC: line 250, column 1 Class.smagicinteract.
 SMSUtility.makeHTTPCallout: line 294, column 1 Class.smagicinteract.
 SMSUtility.sendSMSHTTPRequest: line 119, column 1 Class.smagicinteract.
 SMSUtility.callSMSAPI: line 91, column 1 08:51:23.168 (168349756)|CUMULATIVE_LIMIT_USAGE 0

Changes to be Made

  • You must manually assign the “View All Custom Settings” permission under Profiles / Permission of users.

OR

  • You must assign SMS-magic packaged permission set “SMS Converse conversation user” to give access to only SMS-magic custom settings. [To get the desired package version link, Please reach out to us at care@screen-magic.com]