New article
Recently updated
Please Review 8.6.0 release notes
Who is this article for?
Administrators responsible for managing Please Review.
IT access will be required to implement this update.
This article includes details on the changes to Please Review 8.6.0 and provides a link with instructions on how to perform the upgrade.
1. Product changes
We're excited to deliver a feature-packed release! From powerful multi-workgroup capabilities in Veeva-centric integration to smarter user management through Ideagen Hub, this update is all about giving you more control, greater flexibility, and a stronger foundation — so you can focus on what matters most: your reviews.
Support Multi Workgroup in Veeva-centric integration
We've introduced Multi Workgroup Support for Veeva Integration to enable organisations to create, manage, and navigate reviews across multiple Vault groups from a single Please Review instance (PR-40691):
-
Workgroup-aware review creation and participants
- A new workgroup selection screen guides review owners to the correct context before creating a review, automatically skipped for single-workgroup users.
- Participant lists are now filtered by workgroup with cross-workgroup support for locked workgroups.
- A new configuration option gives administrators granular control over Vault participant management.
-
Enhanced inbox and platform visibility
- The workgroup name is now displayed across the inbox, control panel, transfer ownership, closeout, and redaction screens.
- New filter and sort options make it easy to locate and organise reviews across workgroups at a glance.
[Hub] Product Instance Assignment and user deprovisioning
We've introduced Product Instance Assignment as part of our continued journey of adopting Hub capabilities across the Ideagen ecosystem. This enhancement gives administrators precise control over which Please Review instances each user can access (PR-41491):
-
Granular user-to-instance access control
- Administrators can now assign users to specific Please Review product instances directly from Ideagen Hub, rather than users being automatically provisioned to every instance under the organisation.
- This ensures users only have access to the environments relevant to their role — for example, assigning production users to the production instance only, without unintentionally granting access to UAT or test environments.
-
Automated user deprovisioning
- When a user is unassigned from a Please Review product instance in Hub, their access is now automatically revoked in the corresponding Please Review environment.
- This eliminates the need for manual cleanup and ensures user access always remains consistent with Hub assignments, supporting a clean and auditable user lifecycle.
-
Improved sync efficiency and reliability
- The user synchronisation process now intelligently compares incoming events against stored user state, triggering sync calls to Please Review only when actual changes are detected — such as updated user attributes or new instance assignments.
- This reduces unnecessary processing and improves overall system responsiveness.
Support Veeva Vault API 26R1
We've updated Please Review to support Veeva Vault API version 26R1 as part of our routine maintenance to ensure continued compatibility and stable operation of the Veeva integration (PR-41068):
-
Continued compatibility and stability
- Please Review has been updated to align with Veeva Vault API 26R1, ensuring the integration continues to operate reliably against the latest Vault platform version without disruption to existing workflows.
-
Sustained access to Veeva functionalities
- Staying current with Veeva's API lifecycle ensures Please Review can continue to leverage the full breadth of Veeva's capabilities, keeping the integration well-positioned for future enhancements.
Replace iTextSharp with iText9
We've migrated Please Review from iTextSharp to iText9 to ensure the platform remains on a fully supported PDF processing library, safeguarding long-term stability and security for all PDF-related operations (PR-41217):
-
End-of-life library replacement
- iTextSharp has reached end-of-life and is no longer maintained. iText9 is the current actively maintained release, ensuring Please Review remains on a secure and supported foundation.
-
Uninterrupted PDF processing
- All existing PDF-related functionality within Please Review — including document rendering, manipulation, and generation — continues to operate as expected following the migration. The library replacement is designed to be seamless with no change to end-user workflows.
-
Improved security and maintainability
- Moving to iText9 removes exposure to unpatched vulnerabilities associated with unsupported library versions, and positions the platform to receive ongoing bug fixes, security patches, and compatibility updates.
-
Owner password-protected PDF handling
- A new administrative setting — Enable processing of Owner Password-protected PDFs — has been introduced under Review - advanced settings.
- By default, this setting is set to Deny, meaning the system will block the upload, download, and annotation import of owner password-protected PDFs. Administrators who need to process these documents can change the setting to Permit.
- Clear error messages are displayed to users when an action is blocked, ensuring transparency and a smooth experience.
Upgrade Node.js to v24.15.0
We've upgraded the Please Review runtime environment to Node.js v24.15.0 as part of our regular maintenance cadence to ensure the platform remains on a secure and actively supported runtime (PR-41171):
- Continued runtime stability — Please Review has been updated to run on Node.js v24.15.0, keeping the platform aligned with an actively maintained release and ensuring continued access to runtime-level bug fixes and stability improvements.
- Enhanced security posture — Upgrading to the latest Node.js version addresses known vulnerabilities present in older runtime versions, reducing the platform's exposure to security risks and meeting baseline security hygiene standards expected in regulated environments.
- Future-ready foundation — Staying current with the Node.js release lifecycle ensures Please Review remains compatible with evolving ecosystem dependencies and is well-positioned to adopt new platform capabilities as they mature.
2. Fixes
We've delivered a set of security, stability, and usability improvements to strengthen Please Review and address customer-reported issues.
| PR Code | Fix |
|---|---|
| PR-41422, PR-41439, PR-41496 | Updated core security dependencies to their latest supported versions, resolving known vulnerabilities and ensuring compliance with current security standards. |
| PR-41422 | Resolved an issue where downloading reviews for offline use could fail with a timeout error. Offline downloads now complete reliably. |
| PR-41416 | For organisations using Hub integration, user provisioning is now managed exclusively through the Ideagen Hub admin console. The User Administration screen has been updated to guide administrators directly to Hub for adding new users, ensuring a single, consistent source of truth for user accounts. |
| PR-41676 | Authentication sources managed by Hub can no longer be accidentally edited within Please Review, preventing configuration mismatches and ensuring login credentials remain consistent across platforms. |
| PR-41687 | Fixed an issue where users were not properly redirected to the login screen after logging out of Hub or when their session expired. Users will now always see the correct login page. |
| PR-41856 | Fixed an issue where opening Please Review from Veeva Vault Inbox could prompt an unexpected login screen. Users are now automatically authenticated when launching Please Review from within Vault, providing a seamless transition between platforms. |
| PR-41497 | The Please Review version number is now displayed in the new UI — in the Help & Support sidebar and at the bottom of the navigation bar — making it easy to confirm which version you're running. |
| PR-41626 | The "Send Reminder" button now requires at least one participant to be selected before sending, preventing empty reminder submissions. |
| PR-41683 | After a Please Review upgrade, the application now automatically loads the latest version without requiring a manual browser refresh. |
3. Known issues and behaviours
Support Multi Workgroup in Veeva Integration
| PR Code | Description |
|---|---|
| PR-40959 | When participants are removed from the 'Add External Participants' screen, the removed participants will continue to remain in the unlocked workgroup. Administrators should manage workgroup membership separately if full removal is required. |
| PR-40960 | Review owners are currently unable to set up zones prior to the review being started. Zone configuration is only available once the review has been initiated. Review owners should start the review first before proceeding with zone setup. |
| PR-40980 | When a user changes their workgroup selection, the last selected workgroup is retained as the default upon re-login, rather than reverting to the first workgroup in the list. This is expected behaviour by design to streamline the user experience. |
| PR-41127 | Workgroup names cannot be created with special characters or with a name length of 128 characters or more. Administrators should ensure workgroup names use standard alphanumeric characters and remain within the character limit. |
| — | Users are not encouraged to set up Legacy or Redaction workflows with multi workgroups, as this may lead to undesirable outcomes. |
| PR-41148 | When searching for a workgroup that contains spaces in its name, users must replace spaces with underscores in the search bar. For example, to search for 'Workgroup ABC', input 'Workgroup_ABC'. |
| PR-41148 | Workgroup (component) names defined in VeevaVaultLogin.xml are subject to a 40-character limit. Workgroup names exceeding this limit may produce inconsistent search results. Administrators should ensure mapped workgroup names remain within 40 characters to avoid unexpected behaviour. |
Product Instance Assignment and user deprovisioning
| PR Code | Description |
|---|---|
| PR-41610 | When a user is removed from all product instances, subsequent changes to their profile information (e.g., name, email) will not be reflected in Please Review. This is expected behaviour by design — if the user is later reassigned to a product instance, their profile information will be updated at that point. |
| PR-42399 | When a user's first name or last name is updated in Hub, the change will not be reflected in the user's full name in Please Review. Please Review maps the user's full name to the Hub user's display name. To update a user's full name in Please Review, the display name must be updated in Hub. |
Replace iTextSharp with iText9
| PR Code | Description |
|---|---|
| PR-42070 | When the 'Enable processing of Owner Password-protected PDFs' setting is set to DENY, cloning a review that contains an owner password-protected PDF does not display a proper error message. Administrators should ensure owner password-protected PDFs are removed from the review prior to cloning when the setting is configured to DENY. |
| PR-42070 | When the 'Enable processing of Owner Password-protected PDFs' setting is set to DENY, attempting to import PDF annotations using an owner password-protected PDF will fail and display an unexpected error page. Users should ensure the PDF is not owner password-protected before importing annotations. |
| PR-42116 | PDFs encrypted with AES-128 encryption are not detected by the 'Enable processing of Owner Password-protected PDFs' configuration check and will bypass the DENY setting. Administrators should be aware that AES-128 encrypted PDFs may be processed regardless of the configuration setting. |
| PR-42070 | PDFs protected with a user password are now blocked at the point of upload. This is a change in behaviour compared to the previous iTextSharp implementation. Users will need to remove the user password protection from the PDF before uploading. |
| PR-42070 | When the 'Enable processing of Owner Password-protected PDFs' setting is set to DENY, attempting to download documents during the close review process will display a 'Download Failed' message if the review contains owner password-protected PDFs. Users should remove or replace the affected PDFs before closing the review. |
| PR-42070 | When the 'Enable processing of Owner Password-protected PDFs' setting is set to DENY, uploading an owner password-protected PDF will fail and display an inline error message. This inline message will remain visible on screen until all failed files are manually deleted by the user. |