TrustX v2025.12.11
Preview Release Date: December 4th, 2025
Release Date: December 11th, 2025
What's New
Early Access Injection Attack Detection (IAD) v2.5.1 has been introduced for xFace activities.- The 'Payload Size' input parameter for 'Capture xFace IAD v2.5.1 Image' is now set to 'small' by default. This has been changed from the previous value of 'normal'.
- See the Face Capture Activity Parameters for more information.
Early Access The new version of xFace IAD integrates a hardened deepfake detection is now available alongside the existing standard xFace IAD solution.- A new activity, 'Capture xFace IAD v2.5.1 Image (Hardened)', that takes advantage of the hardened deepfake detection algorithm is available in the Process Designer.
- See the Face Capture Activity Parameters for more information.
Early Access Introduced a new version of xFace Liveness v1.50 that provides an improved Deep Fake Detection pipeline named DFD-2.- A new activity, xFace Liveness Assessment v1.50, is available that utilizes the new pipeline.
Early Access 'Injection Attack Detection (IAD) v2.5.0 - Front v2' and 'Injection Attack Detection (IAD) v2.5.0 - Back v2' have been introduced for xDoc capture.- The latest activities resolve an issue in previous versions of the service that required refreshing the Trust Web page due to library incompatibilities.
- See the Document Capture Activity Parameters page for more information.
When integrated into a flow, the same versions of xFace and xDoc, 'Capture xDoc IAD v2.5.0 - Front v2' and 'Capture xFace IAD v2.5.1 Image', must be used.
Known Issues
| Key | Description | Impact |
|---|---|---|
| SKY-13364 | An unexpected error showing the message "Unexpected error occurred, please try again" may occur when attempting to scan the front-side of a document when the Process Definition utilizes 'Capture xFace IAD v2.3.1 Image' and 'xFace Liveness Assessment v1.49' activities. This issue only appears on iPhone XR, iOS version 15.6. | Low |
Deprecation Notice
The following activity has been removed from the Backoffice application and is no longer available.
| Removed Activity | Upgrade To |
|---|---|
| Capture xDoc IAD v2.5.0 - Front | Capture xDoc IAD v2.5.0 - Front v2 |
| Capture xDoc IAD v2.5.0 - Back | Capture xDoc IAD v2.5.0 - Back v2 |
TrustX v2025.12.01
Preview Release Date: 19th November, 2025
Release Date: 01 December, 2025
What's New
- Time-based one time password (TOTP) provides a second-factor authentication method to supplement an initial PIN/password authentication. TOTP has been introduced to the TrustX Identity Store, enabling Identity Store Users to register and authenticate using a shared secret which is known to both the server and the client. For more information, see the TOTP Integration guide.
Improvements
Custom Data Forms have been updated to include new form elements:
- Link - A clickable link element that redirects the user to the link provided as the "Default Value".
- Copy - Copies the text of the "Default Value" to the user's clipboard.
- QR Code - Displays a scannable QR Code based on the provided "QR Content" string value.
Poorly formed Cloud Functions will no longer result in a 400 error that impacts the functionality of the Backoffice application.
The Webhook URL character length has been increased to accept up to 2048 characters.
API Changes
A list of API changes for this release can be found in the Changes 2025.12.01 log.
Bug Fixes
| Key | Description |
|---|---|
| SKY-12784 | Removed additional space in the error message that is returned when a user attempts to create a Cloud Secret with a name that already exists. |
| SKY-12514 | Fixed an issue where it was not possible to go back to the flow when viewing consent forms on iOS devices. A new 'Capture Consent v3 - Sept 2025' activity has been introduced that allows users on iOS devices to return to the flow after a hyperlink from consent form is selected. |
| SKY-11502 | Resolved an issue where setting the 'Report Log' input parameter to FALSE on the Cloud Function activity resulted in an unexpected Failed Sync Rule error event. |
Known Issues
| Key | Description | Impact |
|---|---|---|
| SKY-13035 | When naming a TOTP policy in the Backoffice application, there are validation inconsistencies when entering a name that includes the underscore character. The Backoffice application will suggest that this character is supported but an error will be returned if this character is entered as part of the TOTP policy name. | Low |
| SKY-13020 | When capturing a passport using 'Capture xDoc IAD v2.5.0', a 1-2 second delay between the captured frame and the of the capture process can occur. | Low |
| SKY-12860 | When editing an Appkey policy in the Backoffice, if the 'Store Audit' is set to "Never" and then updated to "Failed only" or "Always," the default audit duration of 30 days is not populated as expected. | Low |
TrustX v2025.11.17
Preview Release Date: 7th November, 2025
Release Date: 17th November, 2025
What's New
Beta Introduced xDoc Injection Attack Detection capabilities. xDoc determines whether a submitted document image contains the presence of a genuine digital image or a digital manipulation injected into the live capture process.- For more information on injection attacks, see the Injection Attack Detection guide.
- See the (Link Removed) guide for configuration instructions.
Note that xDoc Injection Attack Detection is currently released under Limited Availability. Customers may request access to xDoc Injection Attack Detection activity for testing purposes.
Improvements
- A new version of xFace Injection Attack Detection is available.The 'Capture xFace IAD v2.3.1 Image - v2' activity introduces a new 'For test' input parameter. This new parameter is introduced to facilitate automated testing. When enabled, injection attack detection check will be bypassed without requiring a separate face capture step.
- The 'IDV NFC & Document Processing' template has been updated. When the user device does not support NFC scanning, a "Your device does not support NFC" message will appear alongside a button to end the flow. This button label has been updated from 'Try again' to 'Continue'.
Advance Notice
xFace Replay Attack Detection
- In a future release, Replay Attack Detection will be enabled for the xFace Injection attack Detection service. For testing purposes, a "For Test" input parameter has been added to the 'Capture xFace IAD v2.3.1 Image - v2' activity. This input parameter will bypass the injection attack detection check and send a regular JPEG to TrustX instead of an encrypted payload. This can be used performing automated tests using the xFace service and is for testing purposes only. Daon does not recommend enabling the "For Test" input parameter in a production environment. For more information, see the Capture xFace IAD v2.3.1 Image - v2 input parameters list.
Bug Fixes
| Key | Description |
|---|---|
| SKY-12774 | The "Search Tags" label displayed when adding a tag on the Process Definitions page appeared cut off. This issue has now been resolved. |
Known Issues
| Key | Description | Impact |
|---|---|---|
| SKY-12881 | When the user starts Face/Document capture and reloads the page, a pause logo may appear in the capture overlay for a couple of seconds. This issue may be observed on lower-end devices using document and face capture activities. This issue does not affect the functionality of the process but may impact the user experience. | Low |
| SKY-12938, SKY-12939, SKY-12956 | During xDoc and xFace capture, if the user minimizes the application or leaves the process idle, a "Do not minimize the camera view" error will display and the capture process can no longer be completed. To resolve this issue, the user must refresh the application or use the back button available in web applications. | Low - Workaround Available |
| SKY-12941 | When the user minimizes the TrustWeb application during xDoc and xFace capture and then returns to the application, an unexpected "Open camera permissions" button may appear on some devices, and the capture process can no longer completed. To resolve this issue and restart the capture process, the user must refresh the application. | Low - Workaround Available |
TrustX v2025.11.03
Preview Release Date: 24 October, 2025
Release Date: 3rd November, 2025
What's New
A new version of the Text Substitution Detection algorithm is now available. The latest version of the Text Substitution Detection v1.1.0 algorithm delivers improved accuracy over v1.0.0. Customers currently using v1.0.0 are encouraged to upgrade to this latest release to benefit from enhanced text substitution detection capabilities.
- For more information, see the Text Substitution Detection v1.1.0 activity parameters document.
Support for Traditional Chinese (Hong Kong) has been added to the Backoffice application and TrustWeb.
- To view and edit languages in the Backoffice application, see the Translation Self Service guide.
The TrustX Terms of Use has been updated. The new Terms of Use document is available in the 'Capture Consent v2 - Sept 2025' activity. The previous 'Capture Consent' activity has been marked as deprecated and is no longer recommended for use.
Improvements
DENY tenant permissions are now configurable in the Backoffice when setting the tenant permissions of an API key.
- For more information, see the API Keys Guide.
Capture process times have been improved when utilizing the 'Capture xFace IAD v2.3.1' Image activity to capture a face image.
The error page that appears when a rendering error occurs has been updated to use the error page configured as part of the custom theme.
Various Backoffice UI improvements have been made to enhance the user experience:
- When moving, creating, or deleting Process Definition tags in the Backoffice, an alert will appear to provide feedback when the action is successful.
- The look and feel of the Process Token pop-up modal has been updated for improved clarity between subtitles and labels.
Deprecation Notices
Deprecated Activities
The following activity has been marked as deprecated and are no longer recommended for use.
| Deprecated Activity | Upgrade To |
|---|---|
| Text Substitution Detection v1.0.0 | Text Substitution Detection v1.1.0 |
| Capture Consent | Capture Consent v2 - Sept 2025 |
Bug Fixes
| Key | Description |
|---|---|
| SKY-12650 | Resolved an issue that occurred when previewing some PDF files in the Backoffice application after an additional document capture flow is completed. |
| SKY-12560 | Fixed a bug where duplicate OIDC claims appeared in the id_token . |
| SKY-12287 | Implemented an improvement in regards how document type instruction text is displayed during Document Capture V4 based on the header configuration and available screen space. |
| SKY-12053 | Added an error message to TrustWeb when browser camera permissions are set to 'Deny' while performing video capture using 'Capture Face Plus Image V2' and 'Capture xFace IAD v2.3.1 Image'. |
| SKY-8766 | Resolved a bug where it was not possible to save Custom Page data by modifying _customUi data via a Cloud Function. |
TrustX v2025.10.23
Preview Release Date: 16 October, 2025
Release Date: 23 October, 2025
What's New
Early Access Introduced support for Appkeys in the Identity Store. Appkeys provide a passwordless solution to identification using the FIDO UAF protocol for a device-bound or a biometric-bound solution using face and fingerprint biometrics. See Appkey Integration for more information.
Improvements
- Various Backoffice UI improvements have been made for improved usability:
- The 'Add Decision Outcome' button has been moved to the stop of the list that appears in the 'Process Instances' tab on the Settings page.
- The 'Add New IP Address' will remain visible when defining IP Restrictions in the Settings page.
Changes
- Backoffice permissions required to view Cloud Secrets have been updated. Only tenants with the admin role will be able to view Cloud Secrets in the Backoffice.
Deprecation Notices
Removal of Activities
Activities have been removed from the Backoffice application. For a full list of removals, see Deprecation Notices.
Bug Fixes
| Key | Description |
|---|---|
| SKY-12492 | Resolved an issue when creating Process Definitions. Dragging the BPMN file to the 'Choose File' upload box will now work as expected. |
| SKY-12220 | Users may experience a 404 error when viewing audits from the Audit page in the Backoffice and utilizing the filter options. |
| SKY-10923 | Resolved an issue where a black gap would appear at the bottom of a Custom Page when viewed using the Safari browser on an iOS device. |
| SKY-9326 | The "Switch Camera" button does not appear when the user blocks camera permissions and presses the "retry" button. This issue has now been resolved. |
Known Issues
| Key | Description |
|---|---|
| SKY-12441 | It is currently not possible to register Appkeys using a fingerprint on Xiaomi Mi A1 devices using Android 9. |
TrustX v2025.09.29
Preview Release Date: 2025.09.22
Release Date: 2025.09.29
What's New
Early Access TrustX v2025.09.29 introduces support for ID Document Processor 8.2.- This activity provides support for additional ID document variations and introduces a new configurable input parameter, 'alreadyCropped', that specifies whether the document being sent to the document processor is already cropped. This property can be used for PDF ID document upload where the PDF file is already cropped.
Early Access Added PDF Visa upload and processing support via Custom Pages. New activities are available to support this functionality:- PDF ID Upload v1 - Enables the PDF upload of a Visa document.
- A use case that describes how to configure this flow can be found in the PDF Visa Upload and Processing guide.
Bug Fixes
| Key | Description |
|---|---|
| SKY-11979 | An issue has been resolved when cached Custom Pages from a previous IDV journey would appear in a new IDV journey. |
TrustX Hotfix v2025.09.11
Release Date: 2025.09.11
As part of the v2025.09.10 TrustX release, an issue was identified that affected the loading of the Custom Page V1 and V2 activity on the iOS Safari browser. This resulted in the Custom Page not displaying correctly for users on this platform. We have now deployed a fix to resolve this issue.
We apologize for any inconvenience this may have caused and appreciate your understanding.
TrustX v2025.09.10
Preview Publish Date: 2025.09.03
Release Date: 2025.09.10
What's New
The Backoffice application now enables users to set the decision outcome of a manual review for Process Instances in the 'Review' status. See Self Service System Management for more information.
Improvements
- The List Users API call for Identity Store has been updated to improve search performance of the Backoffice application and TrustX API. See Changes 2025.09.03 for more information.
- The number of viewable records when searching Process Instances in the Backoffice has increased. The number of results can be adjusted using the 'Elements per Page' controls at the bottom of the search results page.
- Sort options are now available on table Headers when searching Process Instance in the Backoffice.
- The 'Reviewed By' label representing the reviewer of a Process Instance has been renamed to 'Reviewer' in the Backoffice application.
- Various UI improvements for buttons have been made in the Backoffice application.
API Changes
Changes regarding GET /api/identity-store/stores/{storeName}/users Endpoint
The List Users endpoint is in early access. We have made the following change to the 200 Response to improve performance:
The 200 Response for the GET /api/identity-store/stores/{storeName}/users has been updated to return less data in the response than before. See the Changes 2025.09.03 changelog for full details on the data no longer returned as part of the response.
Deprecation Notice
Deprecated Activities
| Deprecated Activity | Upgrade To |
|---|---|
| ID Document Processor 7.5 | ID Document Processor 7.7 |
Bug Fixes
| Key | Description |
|---|---|
| SKY-11643 | Resolved an issue where Custom Data Forms returned the wrong date for a document birth date. |
| SKY-11266 | Fixed a bug when exporting the list of Process Instances from the Backoffice when using a tenant with Audit privileges. This User type will now have the privileges to export Process Instance lists. |