We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Release Notes

  • Last updated on

Recent Enhancements and Bug Fixes

Bug Fixes
Date Component Description
02/25/2019 Exchange Button

A bug was discovered in the way email addresses are parsed from the Send To text fields in the Button Plugin Config interface (Internal Send To, Mock Send To, Phishing Report Send To). The bug caused the parsing to fail if extraneous spaces were found.

The bug has been fixed and, in addition, the text fields now optionally accept a comma delimiter as well as a semicolon.

Bug #9.0.3122

02/25/2019 Training Results

In certain cases, calculations for training results would be incorrect. This has been addressed, and will no longer occur for new training modules sent out on or after February 25, 2019.

Bug #9.0.3102

02/05/2019 Report Generator

Fix for Missing Report Objects

When new reports were added to the Results > Report Generator module, the report objects were sometimes missing from the instance and therefore would only display the object tag name when the report was generated. A fix was put in place to make sure that all report objects are created in each instance and correctly set up for use in each report. This change does not affect how the Report Generator is used.

Bug #9.0.3081

02/05/2019 Reporting

Chart Bug Fixes (2)

  • Reports now display a "0" (zero) instead of "n/a" in the X-Axis labels if the value is "0". Previously a value of "0" would be displayed as "n/a".
  • If multiple types of data are displayed on a single chart, the Y-Axis numerical values will no longer be displayed. If there is only one data type being shown, or if all data types shown have the same formatting, then the Y-Axis labels will continue to show formatting including decimal places, percent signs, and/or dollar signs. Note that this may require you to re-save a chart to update the stored definition.

Bug #8.9.3101

02/05/2019 API

API Bug Fix

Requests without a JSON body would display a "JSON Error", even when the API call did not require a body. This has been corrected.

Bug #8.9.3091

01/14/2019 Content Groups

Display of Domain Names Fixed

Custom domains were causing an extra '@' to display in Content Group cards. This has been resolved. The domain names should display correctly now in all cases.

Bug #8.9.3072

01/14/2019 Address Book

Address Book Name Now Being Trimmed of Extra Spaces

Leading and trailing spaces in Address Book Names are now being removed before being saved. Extra spaces were causing matching issues resulting in Address Book counts not being accurate.

Bug #8.9.3062

01/14/2019 Campaign Manager

Campaign Stats resets for test data and newly copied campaigns

When a campaign is copied, the campaign statistics are now cleared out and reset to 0.
When a campaign with test data moves to a different stage, the test data is cleared out to keep the statistics accurate. Only real campaign data, not test data, will be present if the campaign isn't currently on the "3. Approve" stage. This is the only stage where testing is possible.

Bug #8.9.3032 DEV-314

01/14/2019 Address Books

Address Book type selection is now required on Step 1

The selection of LDAP or File Upload is now required on the first page of a new Address Book configuration. Previously, you could get to the next screen without selecting a type. However, you would need to choose a type on that page to proceed, which was potentially confusing. For details, refer to How to Create an Address Book.

Bug #8.9.3022 DEV-437

01/14/2019 Email Templates

Urgent Email Flag Being Set Incorrectly

The ability to set an email template as urgent was incorrectly setting all emails to urgent if you had more than one email template in a campaign and there was a mixture of urgent and non-urgent email templates. This fix corrects this error and now only emails that use templates that are marked as urgent will have the flag set.

Bug #8.9.3002

11/07/2018 Campaigns

Improved Landing Page Verification and Voice Application Verification

Improved error checking is now in place when a landing page is chosen. Landing pages that are used with Voice

Campaigns will now be checked before the Generate process begins to ensure they have an associated Voice
In addition, when generating an email or SMS campaign, a missing landing page will be caught earlier in the
process. This results in less time waiting to see if a campaign will generate.

Bug #8.9.2932

10/15/2018 Button Configuration Manager

Bug Fix for Button Select Box in the Button Configuration Manager

In past releases, a selected button would become deselected after the button had been deprecated (by the release of a newer button version, for example). The fix retains the selection and adds a notice that the button has been deprecated by adding (Deprecated) to the beginning of the selected button name.

Bug #8.9.2862

10/15/2018 Outbound Analysis

Bug Fix for Emails Sent/Scheduled by Day-of-Week Chart

Now works as expected.

Bug #8.9.2892

9/4/2018 Campaign Manager

Bug fixes for SMS/Voice campaigns

Purpose: There were several minor bugs fixed in the UI and scheduling modules for voice and SMS campaigns.

Voice campaigns:

  • In some cases, a second web server would be added to the UI, but was not being used. This has been corrected.
  • When scheduling a campaign, an additional check has been added to ensure the voice application ID is set correctly. If not, a message is displayed to the user and the process returns to DESIGN mode.
  • When creating individual steps for a voice application, the file upload fields would not show the name of the uploaded audio file. In addition, a broken thumbnail image would appear. The file name will now appear correctly, and the thumbnail will be an audio-related icon.

SMS Campaigns (Reporting):

  • Redundant API calls to our SMS provider have been removed, which will make the process of gathering report information run more quickly. This change is for efficiency only, and has no impact on the usage of the web application.
  • Usage:

No usage changes.

Date Component Description


 The Name and Approval Comments fields associated with a campaign are now editable even when a campaign is locked. In the past the fields became read-only once a campaign was locked (30 days after the cut-off date).

Enhancement #9.0.3152

 02/25/2019 Custom Reporting

Plan Name has been added to the list of Cross Tabulation options within Custom Reporting. Cross Tabulation allows for an additional level of detail to be added to the summary report.

Enhancement #9.0.3142

 02/25/2019 Voice Application

Voice Data Anonymization Feature  A new feature was added that allows data captured during a Voice Campaign call to be anonymized when stored. This means that digits pressed by a user can be stored as actual digits, or optionally as asterisks (*) in order to protect potentially sensitive data.

Enhancement #9.0.3132

02/25/2019 Landing Pages

The ability to use the password as a plain text password has been removed. There is a new field named Login Form Text Field that provides the same functionality as was provided by allowing the Login Form Password field as a plain text field.
Non-password data collected previously in the password field was moved to the new Login Text Form Field Value in the web analysis and web analysis detail.
Password data is now standardized to [Value Entered] in the web analysis detail.

 Enhancement #9.0.3112

01/14/2019 Exchange Button

Are You Sure? Pop-up Buttons Reversed

The OK/Cancel button positions have been reversed on the Are You Sure? pop-up window.

Enhancement #8.9.3052

01/14/2019 Address Books

SFTP automation for Address Books is now available

The new SFTP Address Book configuration and upload tool is live. This tool allows you to automate the upload of CSV files to PhishLine.
Please be patient with larger Address Book files, as the load can take some time to verify and complete. During the load process, the Address Book may show up in your list with less email addresses then you expect to see. This means the load is still under process. For details, refer to SFTP Address Book Configuration and Upload Tool.

Enhancement #8.9.3042 DEV-429

01/14/2019 Email Templates

Name Size Increase

The Email template Name field has been increased to allow for 128 characters (previously 30).

Enhancement #8.9.3012 (2019-01-14)

01/14/2019 General

Minimum Password Age

Several customers have requested the ability to block password changes if the passwords have not reached a specific age. This enhancement adds a new Global setting that prevents passwords from being changed until the passwords have reached a specific age. For details, refer to Global Settings.

Enhancement #8.9.2992 (2019-01-14)

12/21/2018 User Management

Automatic Purging of Administrative User Logs

With the new GDPR requirements, companies are now required to automatically purge user activity from their systems. This enhancement addresses one of those requirements by allowing the PhishLine system to automatically purge administrative user activity logs.

Enhancement #8.9.2982 (2018-12-21)

12/21/2018 Domain Authorization

Ignoring Unauthorized Domains

Unfortunately, in many cases Address Books are imported with many invalid or unwanted email addresses. These include internal and external email addresses that should not be sent email messages. The domain authorization process prevents this, but there needs to be a way to ignore email addresses with these unwanted internal and external domains. This enhancement provides this feature. There is now a new option in the Domain Authorization Application that allows the admin users to mark these domains to be ignored. Once the domain is set to ignore, it will no longer display any error related to the domain and silently ignore (skip over) and email address using an ignored domain when sending out campaign emails.

Enhancement #8.9.2972 (2018-12-21)

12/03/2018 Address Books

A new Address Book import option has been created.
The LDAP/AD Configuration Manager allows integration between your LDAP or Active Directory service and Barracuda PhishLine. After the necessary adjustments are made to your firewall configuration to allow incoming
requests, and configuration has been completed in the Barracuda PhishLine configurations screen, you will be able to import directly, without any need to export to CSV or Excel.

Enhancement #8.9.2953 (2018-12-03)

12/03/2018 General

In addition to the existing Voice multi-factor user authentication, PhishLine now supports multi-factor authentication via Email and SMS.
The new SMS and Email multi-factor authentication will send you a six digit code via email or text message that you will enter during the login process. You can change the multi-factor authentication method in the System menu under User Manager.

Enhancement #8.9.2943 (2018-12-03)

11/07/2018 Reporting

Previously, in some parts of the interface, Voice Phishing Applications were referred to as 'IVR' applications. All
areas should not use the terms 'Voice', 'Voice App', or 'Voice Application' where 'IVR' was previously used.

Enhancement #8.9.2922 (2018-11-07)

11/07/2018 Outbound Analysis

Outbound Analysis Charts Updated to Use Scheduled Time Zone

Previously, all charts in Outbound Analysis were displayed in Central ("America/Chicago") time zone. The charts are now updated to display data in the same time zone in which the corresponding campaign was scheduled.

Enhancement #8.9.2942 (2018-11-07)

10/15/2018 Benchmark Reports

Added Login Activity Chart

Benchmark results now include charting of login activity.

Enhancement #8.9.2902 (2018-10-15)

10/15/2018 Campaign Manager

Certificate Indicator on Web Server Host Domain

When adding web servers for landing pages to your Campaigns or Content Groups, there is now an indicator showing whether the domain exists on Barracuda's SSL certificate. Domain names covered by the certificate will display (Certificate) next to their name in the Web Server Host Domain list.

Enhancement #8.9.2861 (2018-10-15)

10/15/2018 Outbound Analysis

Voice Application Options Added to Custom Reports

Fields related to Voice Applications are now available as reporting filters in Outbound Analysis Custom Reporting, enabling you to create charts and tables based on Voice Application data.

Enhancement #8.9.2872 (2018-10-15)

10/15/2018 Web Activity Analysis

User Login Now Exposed

The user login is now automatically populated in the Web Activity Analysis report.

Enhancement #8.9.2882 (2018-10-15)

10/8/2018 Educational Content and Survey / Content Delivery Network Whitelisting

The delivery of static training content including videos and images has been enhanced to allow more transparent switching of the LMS and Surveys between different PhishLine servers. To facilitate this, the host from where the static content is delivered from has changed.

Usage: Educational Content and Survey / Content Delivery Network Whitelisting
The PhishLine servers are located in the Midwest region of the United States. With our worldwide customers, there
is always a concern about reducing latency and bandwidth delays when showing educational videos. To solve that,
PhishLine can distribute the read-only multimedia content using a reputable Content Delivery Network (CDN).
While your users engage with educational content or surveys using HTTP or HTTPS, the servers can instruct your
browser to download read-only multimedia content from the nearest CDN server. This allows the high-bandwidth
components to be sent worldwide from local servers without transmitting, processing or storing application data on
those servers.

You may choose to deliver educational content and surveys using HTTP or HTTPS. PhishLine recommends using HTTPS. The HTTP option is generally only used to allow local caching of content to reduce bandwidth requirements.

To whitelist educational content and surveys, use the following:

  • https://phishline.com — for TLS-encrypted sessions
  • http://phishline.com — for port 80 unencrypted sessions
  • http://*.phishline.com
  • https://*.phishline.com
  • https://fonts.googleapis.com
  • https://fonts.gstatic.com
  • https://1da5e448161ed2e650ed-8c963316749ac671ec752b9966dcfaac.ssl.cf2.rackcdn.com/ (This URL will be retired by the end of October 2018)

Note: The CDN option is only used to distribute the “Image Gallery” components including .mp4, .webm, .jpg, .gif, and similar file types. We recommend that you whitelist requests and responses for static multimedia content only. The web application and data collection are exclusively done on the PhishLine servers even with the CDN option.

9/25/2018 Email Templates

Send as Urgent option added to Email Templates

Purpose: If checked within the Email Template, 'Send as Urgent' will send email at High Importance (Highest Priority).

Usage: The new check box field titled 'Send as Urgent' is located in the Email Template Manager under General Settings. If selected, the email will be sent at High Importance (Highest Priority). If cleared, the email will be sent without high priority.

Enhancement #8.9.2833 (2018-09-25)

9/25/2018 Exchange Button

Notification popup added to Exchange Button

Purpose: Version of the PhishLine Exchange Button has been released.

The new version includes a pop-up notification window that delivers feedback messages to the user. The notification window includes both error and success messages and disappears when the user clicks the ‘Close’ button. The addition of the notification pop-up allows messages to be visible for longer periods of time, whereas previously it would disappear immediately after the email was reported.

NOTE: The notification pop-up window will only display for users with Exchange versions newer than 2013

Enhancement #8.9.2823 (2018-09-25)

9/24/2018 Campaign

Enhanced Delivery Status Processing

Purpose: Previously, the PhishLine platform used centralized delivery status processing. This enhancement changed the outbound email logic to use instance specific outbound mailboxes. Now each instance receives delivery status message directly instead of depending on the central delivery status processing to distribute these status messages. 

This will allow individual instance to process and update delivery status of outbound emails quicker. Most notably, the bounce status of the outbound email.

Usage: There are no changes to the administration of campaigns.  This enhancement will automatically be applied to all future campaigns.This enhancement changes the RETURN-PATH and FROM email in the email envelope from reply@spearphish.com to reply_pXXXXXXXXX@spearphish.com. The XXXXXXXX is replaced with a unique instance identifier for each PhishLine customer. Note: Some mail systems will use the RETURN-PATH instead of the email FROM: header for authentication. This might affect the email headers differently depending on the email system. Adjustments to whitelisting settings may be necessary.

Enhancement #8.9.2813 (2018-09-24)

9/23/2018 Security

Self-serving Account Unlock with Notification

Purpose: When logging into your PhishLine account, if there are 5 consecutive failed password login attempts, your PhishLine account is now locked instead of being deactivated. 

Locked and deactivated are the same thing with the following exception. When your account locks, an email is sent to the email address associated with your PhishLine account. It contains instructions on how to unlock your account.

Just follow the instructions in the email to change your password, and you will not have to contact anyone to unlock your account.

Enhancement# 8.9.2803 (2018-09-23)

9/4/2018 Campaign

Campaign Locked

Purpose: Prior to this enhancements, the campaign could be modified, updated, and changed indefinitely. The campaigns are now locked in read-only mode 30 days after the cutoff date and the campaign statistics are no longer updated. This prevents unintended changes to old campaigns and to ensure the campaign results will not change.

Usage: Thirty days after the campaign cutoff date, most of the fields in a campaign will be locked. The only fields that will be editable include the "Description", "Plan", "Category", and "Hide Campaign Results" fields.

Enhancement# 8.9.2793 (2018-09-04)






Last updated on