T51-2025 - Notification regarding BIOVIA ENOVIA QUMAS EDMS 2026
We are providing this Technical Note to inform you about the release of BIOVIA ENOVIA QUMAS EDMS2026 which includes the following enhancements and fixed defects:
NOV | 5th, 2025
Program
BIOVIA ENOVIA QUMAS EDMS
Operating System
All supported operating systems
Description
We are providing this Technical Note to inform you about the release of BIOVIA ENOVIA QUMAS EDMS2026 which includes the following enhancements and fixed defects:
Enhancements
This release of BIOVIA ENOVIA QUMAS EDMS includes the following enhancements.
| User Story | Description |
|---|---|
| MYQ-8978 | PDFJS updated to new version (4.0.379). Additionally, PDF JS is now compiled into single library, so could be easily replaced for a new version on any client environment. |
| DOC-6405 | Solr build distributed with DocCompliance was upgraded to version 9.6.1. This impacts installation and upgrade procedures: * It's no longer required to install a dedicated OpenJDK with Hotspot because of Solr. It can work with any Java installed on the server as long as it's the correct version (min. Java 11, recommended Java 17). * The {{SolrJavaHome}} installation parameter is now optional. * Upgrading clients will need to carefully merge their customizations in the *solrconfig.xml* file with the new default version of the file which is compatible with Solr 9 and which we provide in [DocCompliance]\Integrations\Solr\server\solr\configsets\doccompliance\conf. |
| DOC-6788 | Solr has been upgraded to version 9.9. |
| MYQ-9047 | The ActiveX folder has been removed from MyQUMAS folder as it is no longer required. |
| MYQ-9082 | Improved logging in MyQUMAS. |
| MYQ-9226 | Added enhanced logging to the 2FACT authentication. Added additional log information that was useful on support cases. |
Fixed Defects
This release of BIOVIA ENOVIA QUMAS EDMS includes the following fixed defects.
| User Story | Description |
|---|---|
| DOC-6753 | The fix for this issue impacts the view compare functionality. The version of Aspose has been updated to 24.8. A fix has also been implemented to allow by default the comparison to run in its own process (EDMSCompareApp.exe). The process will timeout in 10 minutes by default. |
| DOC-6771 | The "Review date passed" message will now be dispatched exactly at the time calculated based on the exact release time of the document. That means, that in all time zones the date of the email will agree with the document's review date displayed in MyQUMAS. To test this, please select a time zone with high positive offset (e.g. UTC+11:00) and release a document at a time, that corresponds with the previous day in UTC. The "Review date passed" email for such document must not be sent a day earlier. Also please verify that the periodic review reminders are working as expected. |
| DOC-6784 | The name of the uploaded file is now checked for invalid characters (including "\"). If the name is not valid, the upload request fails with status "400 Invalid File Name". That makes path traversal impossible. The fix impacts creation of new documents, check-in and bulk check-in. |
| DOC-6786 | The ScptUtl-full-2-3-1-x64.exe file was removed from the DocCompliance installation package. There is no impact, because this file is not executed during DocCompliance installation. |
| DOC-6787 | DocCompliance references Apache Lucene 5.5.0. Resolved by the upgrade to Solr 9.9 |
| DOCTRANS-763 | The log4net library was upgraded to version 3.2.0 to resolve a security issue. |
| MYQ-9275 | Talent Suite EDMS outage due to LMS Database Deadlocks was resolved by an IQ Update. |
| MYQ-9335 | A security issue regarding he Lack of control over a file upload mechanism is resolved if the zip file contains a file type that is defined in the System Configuration setting 'Disallowed File Extensions' |
| CS-381 | The StripSecurity from PDF is now configurable in the Render Manager Service and it is disabled by default. |
| DOC-6656 | The user cache was fixed - if queried for an empty key, or an object ID, that doesn't exist in the database, it no longer throws an exception. Instead, it returns "false" indicating, that the key was not found. That will prevent the issues with both reports and printing. |
| DOC-6664 | It is now possible to add users to an empty group. The fix needs to be tested on both Oracle and MSSQL. |
| DOC-6683 | The cURL binaries distributed with DocCompliance were upgraded to version 8.9.1. |
| DOC-6716 | The DBProvider value in the registry is now created by the installer as a string value (with values "ORA" or "SQL"). The harvesting script was also fixed to read the value as a string. Before testing the fix, please remove the \HKLM\SOFTWARE\Qumas\DocCompliance\DBProvider value from the registry and make sure, that the DBProvider parameter is defined correctly in the .params file. |
| DOC-6750 | The code performing commit and rollback of DB transactions was improved to prevent access violation errors. |
| DOC-6752 | The fix for this issue impacts the view compare functionality. The version of Aspose has been updated to 24.8. A fix has also been implemented to allow by default the comparison to run in its own process (EDMSCompareApp.exe). The process will timeout in 10 minutes by default. |
| DOC-6754 | When an existing LCS state is being updated, DocCompliance will not change the system columns R_STATUS and R_CONTROLLEVEL of the QM_LIFECYCLESTATE table. |
| DOC-6755 | Full indexing is done on each new hierarchy document, including the authorised versions. |
| DOC-6756 | The fix impacts upgrade to R2022x GA - the new R_FOLDER_TYPE field will be initialized correctly for all system folders. Also, there is a new upgrader step, that will correct the R_FOLDER_TYPE value for system folders, where it is set incorrectly. |
| DOC-6757 | Operational permissions are now granted to panel members even for superseded versions of the review copies in the workflow. |
| DOC-6758 | The fix prevents issues with the SOLR Index Watch service that arise when indexing is requested twice for the same document at the same time (e.g., when two different threads are updating the same document object). A document in such a scenario is now correctly indexed. The impact of the fix is minimal on the current DocCompliance version because of the introduction of direct indexing, situations that lead to this issue should not occur. |
| DOC-6759 | If the user is disabled, the application will display the same message regardless of correctness of the password. The message will always be: "Login failed due to Login being currently disabled for this account. Please contact your administrator." |
| DOC-6762 | The fix impacts retrieving of the object type for an object ID when computing permissions for that object ID. If there is any database error during retrieval of the object type, no default values are no longer assumed and the result is not cached as before (caching the assumed default value polluted the cache, as the value did not reflect the reality). Instead, the cache is bypassed and the attempt to retrieve the object type is repeated. If it fails again, the DB error is returned to the caller (i.e. displayed to the user). |
| DOC-6767 | The fix prevents issues with the SOLR Index Watch service that arise when indexing is requested twice for the same document at the same time (e.g., when two different threads are updating the same document object). A document in such a scenario is now correctly indexed. The impact of the fix is minimal on the current DocCompliance version because of the introduction of direct indexing, situations that lead to this issue should not occur. |
| DOC-6768 | Issue resolved where the workflow state in EDMS did not match Audit Trail after import from DocTransfer |
| DOC-6769 | The Japanese resource file is now built correctly and includes all available Japanese strings. This affects all strings, that are sent from DocCompliance backend - i.e. names of workflow states, lifecycle states, error messages, etc. |
| DOC-6770 | If the user is disabled, the application will display the same message regardless of correctness of the password. The message will always be: "Login failed due to Login being currently disabled for this account. Please contact your administrator." |
| DOC-6772 | The hardcopy management search cannot be performed across all dates. At least the "From Date" must be specified. There is a new business rule in DocCompliance backend to enforce this. If a backend call is made without the date period, the following error is returned: "Cannot search across all dates. To perform a search, you must specify a 'From Date'." |
| DOC-6777 | This issue was caused by an incorrect usage of password encryption inside the business layer. This has been fixed and collection printing is now working as expected. |
| DOC-6792 | BDBA finding - DocCompliance references Apache Lucene 9.11.1. Resolved by the upgrade to SOLR version 9.9. |
| DOC-6794 | EDMS: Vulnerability in Json.NET v8.0.2. Newtonsoft.dll upgraded to version 13.0.1 to resolve the vulnerability. |
| MYQ-8851 | The collaborative review icon is now displayed when multiple documents are added to a review. Dynamic attribute created now, as a consequence the icon is displayed |
| MYQ-8852 | User is now able to delete a collaborative review without error. |
| MYQ-8880 | Changes to the user’s language preferences were not reflected in the EDMS admin. The issue is resolved and changes to user’s language preference will should be passed to the EDMS Admin. |
| MYQ-8932 | Fixed XSS issue on Pending Read and Understood. |
| MYQ-8953 | XSS issue on Review title on review edit wizard is resolved |
| MYQ-9031 | PDFJS updated to new version (4.0.379). Additionally, PDF JS is now compiled into single library, so could be easily replaced for a new version on any client environment. |
| MYQ-9033 | The issue is fixed and a user can now select a report and select a user from the user selection dialog. |
| MYQ-9068 | The issue where document content was not viewable is now resolved. |
| MYQ-9078 | Console error on MyQUMAS home page is resolved. |
| MYQ-9079 | Error displayed after selecting Annotations after checking in document. The problem occurs only "in the short time" (typically around minute) after check-in (before the document rendition is processed on the render server). Application changed to clearly say "Rendition not available yet" |
| MYQ-9102 | Fixed problem on logging into MyQUMAS. |
| MYQ-9105 | Vulnerability ion-java component. This is a part of Solr. Upgrade of Solr resolved this vulnerability. |
| MYQ-9108 | Vulnerability in Apache Commons Text v1.6 has been resolved by the upgrade of Solr. |
| MYQ-9111 | Solr is upgraded to version 9 in the 2026 release. |
| MYQ-9115 | Fixed issue with XSS on reports (grid) by encoding any output that is generated based on user input. |
| MYQ-9123 | A lack of control over at least 4 user inputs in the MyQUMAS application resolved by encoding any output that is generated based on user input. |
| MYQ-9124 | A lack of control over at least 4 user inputs in the MyQUMAS application has been resolved preventing an attacker carrying out a Stored Cross-Site Scripting (XSS) attack. |
| MYQ-9144 | Fixed issue for saving Autopromotion Workaround for previous versions - change in any other field would cause autopromote to be saved as well |
| MYQ-9164 | Vulnerability in JamesNK/Newtonsoft.Json v12.0.3. Updated library to version 13.0.1. |
| MYQ-9167 | Fixed pdf rendering for view compare and for client side printing |
| MYQ-9176 | Fixed issue where the monitoring tab is hanging on science cloud. |
| MYQ-9186 | Fixed the vulnerability in MyQUMAS which allowed a user to perform actions on behalf of another user, |
| MYQ-9252 | The authentication issue opening Unity Dashboard and Console together with BOE 4.3 has now been resolved. |
| MYQ-9274 | The MyQUmas RootUrl in edmsadmin web.config can be set to contains more values– i.e RootUrl=http://myq-dev-3dauth/myqumas5x;http://testingName/myqumas5x System will try to match he right one using url refer parameter ( if if MyQUmas is on particular URL EDMSAdmin will use that too) |
| MYQ-9276 | Inaccuracies in the option displayed while selecting the Binding Rule for members in the collection has been fixed. |
| MYQ-9310 | Date parameters of the advanced search are now parsed correctly. The fix only impacts searches with conditions, that use date values (e.g. "Creation Date is after ..."). |
| MYQ-9316 | Fixed the issue In the Document Viewer where additional menu options were incorrectly displayed in the right hand side of the viewer. |
| MYQ-9317 | Fixed right click menu on document view additionally fixed copy of text on documents where rendition setting does not allow text copy |
| MYQ-9319 | Documents can now be viewed from the quick search results |
| MYQ-9329 | Fixed an issue in client side printing which showed the Print Status i updated to Sent To Printer but the system hangs with a message 'Hardcopy Preparation'. |
| MYQ-9336 | The issue has been resolved where the configuration export feature allowed an unprivileged attacker to gather information and credentials about the QUMAS Platform |
| MYQ-9345 | Fixed XSS in couple of locations a) title of the document in text result search b) LCS icon in grid result c) document property page d) view History window |
| MYQ-9346 | Resolved the SAST Issue: double checking lock strategy on various places. |
| MYQ-9347 | Fix usage of IDisposable |
| MYQ-9348 | URL validation was added to prevent XSS attacks in both MyQumas and EDMS admin. The fixes impact retaining of deep links in the URL during redirects either to the login page (on logout, or timeout) or to Default.aspx (at the end of login sequence). |
| MYQ-9349 | Fixed XSS on role list |
| MYQ-9353 | In the configuration manager the repository name is now checked for invalid characters when creating a sub-folder under the RepConfigs folder in order to prevent a possible path traversal attack. In the TalentSuite module URL validation was added when making HTTP server-to-server requests to the TalentSuite. When the call results in redirection, the URL is validated so that we don't redirect outside of TalentSuite. |
| MYQ-9356 | Fixed the issue which prevented the addition of a document of LCS that uses "" to a workflow from a search results. |
| MYQ-9373 | The direct method Collection.GetExportLog was modified to accept null values as parameters. The fix impacts export of collections. |
| MYQ-9374 | Poor resolution when performing a print in MyQUMAS has been resolved by updating PDFJS to version (4.0.379) |
| MYQ-9383 | Date parameters of the advanced search are now parsed correctly. The fix only impacts searches with conditions, that use date values (e.g. "Creation Date is after ..."). |
| QES-914 | The log4net library was upgraded to version 3.2.0 to resolve a security issue. |
| SDK-870 | The EQ Config application will now load the configuration even if the encryption is enabled and some of the values in the config file QumasEventQueue.config cannot be correctly decrypted. In that case a warning will be displayed to the user and the particular field will be initialized with an empty value. The configuration fields impacted are: password for SDK API calls, ActiveMQ password and JMS password. The attribute {{/QumasEventQueue/QmsSettings/SdkApiService/@Password}} in the QumasEventQueue.config file can now have an empty value even if the encryption is enabled. This will be interpreted as an empty password and will no longer cause errors when loading the configuration. |
| DOC-6346 | Added step 1.5 to IQ_7672 EDMS 2026 Golden RDB Database Setup Installation Qualification . Added step 1.13 to IQ_7085 EDMS 2026 Golden DocCompliance Application Installation Qualification |
| DOC-6536 | This issue was caused by an incorrect usage of password encryption inside the business layer. This has been fixed and collection printing is now working as expected. |
| DOC-6546 | The RenderWatch service could not submit render jobs. The service can now submit render jobs without issues, because it correctly sends encrypted passwords to COM+ calls. The fix only affects the RenderWatch service. |
| DOC-6596 | Review and print copies of documents will no longer appear in the QM_DOCUMENT_INDEX table. Also the upgrader will clean the QM_DOCUMENT_INDEX table and remove all review and print copies, that have been added in the past. The fix impacts the following areas, that should all be tested: * Creating new documents. * Checking in documents. * Activating workflows. * Authorizing workflows. * Printing. * Exporting collections. Also please verify, that documents are indexed in Solr after being authorized and released from a workflow. |
| DOC-6602 | The installer now creates the DBProvider value under the "HKLM:\SOFTWARE\Qumas\DocCompliance" registry key. This is done during installation of the "ComPlus" feature, which is part of every installation type. |
| DOC-6743 | The Japanese resource file was corrected and is now a valid XML file. That will prevent the error during DocCompliance installation. This fix impacts Japanese localization of reports. |
| DOC-6747 | Document name is now always added to the title of the Autopop queue entry. The fix impacts the following actions: document create, check-in, update of document properties, activating a workflow with an autopopulated document, revising a workflow, modifying periodic review settings on a document type (this creates a bulk autopop request, which is later expanded by the Autopop service, and queue entries are created for every affected document of that document type). |
| DOC-6760 | The new Release Date is now correctly passed as a parameter to the "Release Date Set" message. This is done both when the date is set initially and also when it is later updated. |
| DOC-6779 | A folder can be re-located either by updating the folder's properties, or by the drag&drop feature in the old frontend. In both cases locations of all documents in the hierarchy sub-tree under the affected folder will be properly adjusted to reflect the new path of the folder. At the same time locations of all those documents will be updated in the SOLR index. This is done asynchronously by the SOLR Index Watch service, so may take a little time before the service processes the job. |
| DOC-6793 | The identified SQL injection vulnerability in QDocMessaging was fixed. The fix impacts all messages, that are sent to the following recipient categories: DocRUList and DocRUCoordinators. When retrieving the list of recipients from the database, the document name used in the SQL query is properly sanitized to avoid SQL injection. |
| MYQ-7331 | added tooltip to picklist description and MOS approval and disapproval texts |
| MYQ-8277 | Language dropdown now sorted alphabetically for both static and dynamic translation screen. |
| MYQ-8841 | When the users modifies the saved search in a separate tab, the the main "Saved Search" tab is notified of the change and the saved search details are refreshed. As a result, any subsequent action with the modified saved search (running the search or modifying the search again) will be performed correctly. Please also test repeated modification of the same search. |
| MYQ-8875 | Fixed problem with manually promoted panels |
| MYQ-8895 | XSS issue in User Edit Login name has been resolved. |
| MYQ-8896 | Fixed XSS in user edit - out of office. |
| MYQ-8897 | Fixed XSS issue in Document Type Edit -Extended Attributes. |
| MYQ-8898 | Fixed issue on lifecycle state screen of document type edit |
| MYQ-8899 | Fixed XSS issue in format edit screen |
| MYQ-8900 | Fixed XSS issue on picklists |
| MYQ-8901 | Fixed XSS issue on repository setting screen |
| MYQ-8902 | Fixed XSS issue found in the Audit Trail - Filter, Event Category. |
| MYQ-8903 | Fixed JS error in audit trail user search screen |
| MYQ-8933 | Fixed XSS issue on found on workflow properties. |
| MYQ-8934 | XSS issue found in the Document properties has been resolved. |
| MYQ-8935 | Fixed XSS issue found in Workspace list on login page (Description). |
| MYQ-8936 | Fixed XSS issue on selecting new department on document create screen |
| MYQ-8937 | Fixed XSS issue on workflow panels |
| MYQ-8938 | Fixed XSS on adding document to workflow |
| MYQ-8940 | XSS fixed in Recent document ( lifecycle state icon) |
| MYQ-8941 | Fixed XSS issue found on workflow tasks |
| MYQ-8942 | XSS fixed in the icon tooltip in Favourites (lifecycle state icon) on the hierarchy . |
| MYQ-8943 | XSS fixed in Workflow Pending node |
| MYQ-8956 | Fixed XSS issue found on please review list. |
| MYQ-8957 | Fixed XSS found on please review documents |
| MYQ-8958 | Fixed XSS on review detail window |
| MYQ-8969 | SDK ticket was still exposed on multiple places for ProcessCompliance usage. Now hidden from all. Please retest basic ProcessCompliance functionality (i.e opening CAPA from Task and opening new CAPA) |
| MYQ-9099 | On the Department Search screen , in the selected Departments pane, there was an issue where the preselected Department was not displayed . This issue is now resolved. |
| MYQ-9112 | Fixed problem with user preselection in the User Search screen in the Audit Trail. |
| MYQ-9116 | Vulnerability in the JS Library in MyQUMAS has been resolved by changing default value of UseMinifiedEXTSources to true. |
| MYQ-9162 | Fixed XSS issue found in languages menu |
| MYQ-9165 | Fixed XSS in search results |
| MYQ-9169 | Fixed XSS issue found on fassets on search results page. |
| MYQ-9170 | Fixed an XSS issue found in workflow decision details. |
| MYQ-9179 | Fixed XSS issue on pleaseReview -> document selection screen |
| MYQ-9183 | Fixed XSS issue on hierarchy, that occurs together with Collaborative review enabled |
| MYQ-9188 | The export configuration option has been hidden to resolve the disclosure of passwords and secrets in configuration files. |
| MYQ-9195 | Fixed a typo on the document type screen. |
| MYQ-9277 | Fixed problem where a user was unable to view compare from within document viewer. |
| MYQ-9278 | Pop up message displayed that document is checked out so document cannot be added to a new workflow |
| MYQ-9279 | The issue was fixed where he document version was missing from the Collection Structure. |
| MYQ-9281 | Removal of users from a group is now properly audited. Also, the audit trail now refers to the removed users with both their user name and login name. |
| MYQ-9290 | Permission issue on document association is now resolved. |
| MYQ-9292 | The following changes in the UI were done in relation to annotations: 1) When a review copy of a document is opened in a document viewer tab, the tab caption now also contains the document version. This is however only for review copies, not for hierarchy versions. 2) The Annotations button in the document viewer is now available even for superseded versions of review copy documents (i.e. when opened from the Document History window). However, that is not true for review copies on superseded workflow versions (after the workflow was revised). When opening a review copy document from a superseded workflow version, the Annotations button will not be available (because the workflow is superseded, i.e. not in a state that allows annotations). |
| MYQ-9293 | The character limit for the Document Description field in MyQUMAS has been extended to 4000 characters. |
| MYQ-9294 | Removal of users from a group is now properly audited. Also, the audit trail now refers to the removed users with both their user name and login name. |
| MYQ-9296 | Department Selection Magnifier has been fixed. |
| MYQ-9297 | Fixed saved search for upgraded environments |
| MYQ-9306 | Permission issue on document association is now resolved. |
| MYQ-9307 | A check has been added for workflow existence to prevent the scenario of a document checked out by another being added to a new workflow. |
| MYQ-9315 | It is no longer possible to execute search across all dates in Hardcopy Management. The "All Dates" option was removed and the user must specify a date period. The "From" field is mandatory, the "To" field is optional (if left empty, today's date is implied). |
| SDK-872 | The harvesting script was fixed to correctly extract ActiveMQ settings from the EQ configuration file. |
| DOC-6692 | HTML injection in email has been resolved. All values injected to email messages are now HTML encoded, including the list of attachments. For upgrading clients, that have customized their attachment.html template in the past, there are some manual steps they need to do to update their customized template. These steps need to be added to the upgrade IQ. |
| MYQ-8822 | The collaborative review icon is now displayed when a document is in a workflow. |
| MYQ-8939 | XSS fixed in Favourities (lifecycle state icon) |
| MYQ-8966 | Fixed the issue where the Lifecycle State description could not be modified. |
| MYQ-9259 | Fixed XSS issue on dynamic translation static translation and language maintenance |
| MYQ-9280 | Fixed layout problem on workflow decision screen |
| MYQ-9282 | Dates retained now in saved searches |
Resolution
BIOVIA ENOVIA QUMAS EDMS2026 was released in 31 October 2025 and is available for download at https://software.3ds.com under BIOVIA products and can be found under:
Product line: Lab, Scientific and Content Solutions
Release: QUMAS R2026x
Level: QUMAS R2026x Golden
Fixes for this level: N/A
How to contact BIOVIA Support
If you have any questions, please contact BIOVIA Support.
Need Assistance?
Our support team is here to help you make the most of our software. Whether you have a question, encounter an issue, or need guidance, we've got your back.