beqom PaySuite 24.0 - Detailed release notes
This article lists the new features that have been added to the platform, as well as the bugs that have been corrected in the intermediate 24.0 release of the beqom PaySuite application and in the subsequent patches.
This is an attention message.
The text in this article is AI-generated. A final version will provided shortly.
24.0
Deployment to staging environments: May 5th, 2026
Deployment to production environments: May 12th, 2026
| Type | Issue key | Module | Description | Feature Flag* | |
|---|---|---|---|---|---|
| Zendesk | Jira | ||||
| AC-20864 | Performance Management | An issue was corrected in Passport > Goals where the goal alignment search during goal editing failed to load additional results when scrolling. Only the first 10 goals were displayed with no mechanism to retrieve more. The search functionality has been updated to dynamically fetch results based on the search input, and an informational message is now shown in the auto-complete field to indicate the result limit and prompt users to use the search field to find additional goals. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-20890 | Performance Management | An issue was corrected in Workbench > Performance Management > Goal Management where opening the population window for an organizational goal configured for a large number of organization units caused a 500 Internal Server Error, resulting in the Organization drop-down displaying 'No options available'. This occurred because the system attempted to load all Americanization unit entries at once. The drop-down now loads up to 100 results by default, filters results as the user types a search phrase, and displays a help icon with a tooltip indicating that the list is limited to 100 results and that the search field can be used to find additional organizations. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-21196 | Authorization | This change is internal and has no direct impact on users. | Yes | ||
| AC-21382 | Performance Management | An issue was corrected in Passport > Goals where clicking the attachment download button more than once would fail to download the attachment on subsequent clicks. The button now triggers a download each time it is clicked. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-21513 | Performance Management | An issue was corrected in Workbench > Performance Management > Goal Plans where selected Goal Types on the first page of the Goal Type selection step appeared unchecked after navigating to subsequent pages and making additional selections. This was caused by a flaw in the selection logic that failed to retain state across paginated views. Selected Goal Types are now correctly preserved when navigating between pages within the Goal Type selection step and when navigating between form steps. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-21754 | Compensation Management | A new notification template type (Type 101) was added to support the sending of compensation round reminders. This template is configured to send emails automatically and is not exposed for manual editing in Workbench > Email Templates, ensuring that reminder notifications are managed programmatically without affecting the existing email template configuration visible to administrators. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-22560 | Compensation Management | Rendering performance was improved for large hierarchies in two areas of the platform. In the Compensation Round form (Hierarchy step > Hierarchy Preview), the hierarchy tree now uses virtualized rendering, meaning large hierarchies with 1,000 or more nodes scroll smoothly and instantly rather than loading in batches. Tree connector lines showing parent-child relationships are also correctly displayed. In Planner > Individual View (Workers Hierarchy), selecting a worker in a large hierarchy is now instant, eliminating the multi-second UI freeze that could occur previously. No changes were made to data, APIs, or business logic — only the rendering layer was updated. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23308 | Authorization | An issue was corrected where updating a job title in Job Architecture — whether via file upload or API — did not reflect the change in user information unless the individual user's profile was also updated separately. The system has been updated so that job title changes now take effect immediately across all relevant user records. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23844 | Authorization | Security Groups can now be created, updated, retrieved, and deleted via API, enabling administrators to define reusable access configurations that bundle one or more roles with a set of data access attributes (attribute-based access control). Each Security Group represents an isolated access scope: when a group contains multiple attribute types, access is evaluated using AND logic across those attributes, while multiple values within the same attribute are evaluated using OR logic. The API is available both through the Gateway Service (under /api/authorization/integration/security-groups) and through the Integration Hub service (under /integrationapi/v1.0/auth/security-groups), allowing integrations authenticated with client credentials to manage Security Groups programmatically. Updating or deleting a Security Group automatically synchronizes all related subject attribute assignments, ensuring that access permissions remain consistent across the platform. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23847 | Authorization | Users can now be assigned to multiple security groups simultaneously, enabling composite access across distinct data scopes. Previously, a user could only be associated with a single security group; they can now be associated with up to ten security groups at once. During authorization, each security group is evaluated independently, and access is granted if any one of the assigned groups satisfies the required role and data access attributes — without attribute leakage between groups. Security groups are referenced by their Unique Name, and if global attributes are populated for a user, they take precedence over any security group-level attributes. Administrators can also remove individual security group assignments from a user without affecting other assigned groups. Attempts to exceed the maximum group limit are rejected with a clear validation error. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23961 | Authorization | The import and export pipeline for subject attribute values was extended to support Security Group assignments alongside existing individual-level attribute data. Administrators can now bulk-import and export Security Group-based access assignments via CSV or JSON across all supported endpoints (POST api/authorization/integration/subject-attribute-values/import, POST api/v1.0/integration/subject-attribute-values/v2, PUT api/authorization/integration/assign-subject-attributes, and the Integration Hub). The change is fully backward compatible — existing payloads without Security Group fields continue to behave as before, and new Security Group fields are treated as additive. Validation is applied on import to ensure referenced Security Groups exist, and invalid entries are reported without blocking the remainder of the import. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23967 | Authorization | The analytics subject attributes endpoint (`GET reporting/v1.0/users/auth/employees/custom`, used to retrieve access evaluation data for analytics) was updated to incorporate security group attributes into its logic. Previously, the endpoint only returned individual-level (global) attributes, which meant subjects who had no global attributes but belonged to one or more security groups were not properly represented. The endpoint now applies a priority-based fallback: global attributes take precedence when present; if none exist, attributes from the subject's security groups are used instead. When a subject belongs to multiple security groups, user IDs and roles from all groups are combined and deduplicated into a single result. The endpoint continues to return exactly one entry per subject and remains fully backward compatible when no security group data is present. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23968 | Authorization | The authorization logic (the service responsible for determining which workers an HRBP is permitted to access) was updated to evaluate access rules from both Global and SecurityGroup contexts when processing subject-attribute data. Previously, only Global context rows were considered. Now, if no Global context rows exist for a given subject, SecurityGroup rows are also evaluated, providing additional access opportunities without altering existing behavior for tenants that rely solely on Global configuration. The evaluation order (ACL, GrantFullAccess, AllCompany, ABAC) and role filtering remain unchanged, and all existing Global-only configurations continue to behave exactly as before. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-23970 | Authorization | NuGet packages (shared software libraries used by backend services) were updated in the Gateway, IAM (Identity and Access Management), and IntegrationHub services to introduce support for Security Groups-based authorization. When no individual subject attributes are assigned to a user, authorization is now evaluated through Security Groups. Where individual subject attribute assignments exist, they continue to take precedence over Security Groups, ensuring backward compatibility. | – | ||
| AC-24114 | Performance Management | In Passport > Reviews, custom widget descriptions containing rich text formatting were not properly applied when generating a PDF from a performance review. The formatting was lost in the exported file. This issue was corrected and custom widget descriptions now retain their formatting in generated PDF files. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-24383 | Authorization | Audit logging was added to the Back Office application using the shared bqm.Logging.Audit library (an internal component for capturing actions performed by authenticated users). Every annotated action is now logged with the user identity, action name, affected resource and timestamp; sensitive fields are automatically masked. This improves traceability and compliance reporting. This change is internal and has no direct impact on users. | Yes | ||
| AC-24502 | Performance Management | An issue was corrected in rich text fields across the application (Goals descriptions, review comments and any other rich text editor) where pasting content copied from Microsoft Office applications (Word, Word Online, Outlook, OneNote) caused words to be concatenated together when the source content spanned multiple lines. Word boundaries are now preserved on paste in both English and French. Pasting plain text or content from non-Office sources was unaffected and remains unchanged. | |||
| AC-24548 | Data Foundation | A Formula Library was introduced in the Data Foundation module, enabling Data Foundation Admins to create, view, edit, and delete Calculated Fields — reusable formula definitions that can underpin advanced business logic such as compensation calculations, eligibility rules, and matrix lookups. When creating or editing a formula, admins can define a name, return type, description, and formula expression, and can explicitly add external data references (such as Custom Entities or Business Objects) with configurable aliases, field selections, and filters for use within the formula. Formulas are saved as drafts, and the system prevents deletion of fields that are actively referenced elsewhere, as well as blocking saves where circular dependencies between Calculated Fields are detected. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-24607 | Data Foundation | Formula validation was introduced in the Formula Library to ensure that formulas are verified before they can be published. Data Foundation Admins can now trigger validation at any point during formula editing, and publishing is blocked if validation fails. Validation checks cover syntax correctness, worker field references, external dataset references, reference configuration completeness, supported function usage, and effective date configuration. When validation fails, the system returns human-readable error messages that identify the specific issue (for example, a missing field name or an unconfigured dataset reference) and provide actionable guidance where possible. Successfully validated formulas also have their dependencies — including worker fields, entity references, and calculated field relationships — automatically extracted and stored to support downstream snapshot configuration. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-24763 | Authorization | The Authorization service now consumes a new event installing that a Data Foundation snapshot (the source data set used for users and permissions) has been updated. This is part of the transition to a pull-based synchronization model: user provisioning and permissions can be triggered as soon as the source data is officially ready. The change is currently isolated to message processing and logging, with no impact on existing user management logic. This change is internal and has no direct impact on users. | Yes | ||
| AC-25242 | Authorization | The organizational data synchronization process has been redesigned to use an event-driven, asynchronous model. Previously, changes to organizational structures were propagated immediately; the system now accumulates changes over a short buffering window (approximately 5 minutes) and processes them together once a completion signal is received. The synchronization continues to follow a three-stage sequence: updating the organizational hierarchy, synchronizing user profiles and attributes, and refreshing manager and reporting line assignments. To support transparency and troubleshooting, a new audit log has been introduced that records the outcome of every synchronization cycle, including start and end times, success status, and any errors. A new read-only endpoint is available to Support roles to query this log, with filtering options by time range, error status, and sync source. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25293 | Pay Transparency | In Planner > Compensation, the Notes drawer was updated to display richer contextual information about the users involved in note activity. When creating or editing a note, planners and managers can now see the worker's profile picture, name, and live hierarchy role, making it easier to identify who the note is being written for. In the notes list, the live hierarchy role of each note creator is displayed beneath their name, allowing users to quickly distinguish the organizational role of the person who added each note. This enhancement applies to both planner notes and grid notes. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25447 | Data Foundation | Users can now reorder Local Worker Categories using drag-and-drop to define a global priority order. This priority determines which local category takes precedence during snapshot generation when multiple categories could apply to the same worker — the top-ranked category wins. Reordering is reflected immediately in the list, saved automatically without requiring an explicit save action, and persisted across sessions. The established order applies to future snapshot generations only and does not affect snapshots that have already been generated. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25525 | Authorization | Authorization YAML policies were extended to support Security Groups (groupings that bundle permission attributes for a user). When a user belongs to one or more security groups, the policy engine (Cerbos) now evaluates the user's group attributes alongside their individual attributes when granting access. Existing individual-based access remains unchanged. This change is internal and has no direct impact on users. | – | ||
| AC-25541 | Authorization | The seeding step was extended so that, when a base authorization policy is updated, all tenant-specific policy variants used by Cerbos (the policy engine that controls access permissions) are automatically regenerated and re-pushed. Previously, tenants with custom attributes could continue using a stale variant after a base policy fix. Tenants without custom attributes are unaffected. This change is internal and has no direct impact on users. | – | ||
| AC-25606 | Compensation Management | Administrators can now enable or disable the Compensation Breakdown widget directly from the DRS configuration in Passport > DRS Main Content. A new toggle is available under the Main Content section, allowing administrators to control whether the detailed compensation breakdown is visible to employees on their DRS page. When the toggle is set to off, the widget is hidden entirely — no empty space or placeholder is shown in its place. For existing configurations where no explicit setting has been made, the widget remains enabled by default, so no action is required from current customers to preserve their existing DRS behavior. When DRS is enabled for the first time, the widget is disabled by default. Visibility is enforced server-side, and changes take effect immediately without requiring a system restart or redeployment. | – | ||
| AC-25609 | Compensation Management | Administrators can now enable or disable the Historical Compensation widget from the DRS configuration in Passport > DRS Main Content. When disabled, the widget is hidden entirely from the employee-facing DRS page. When enabled, administrators can configure a custom section header, the number of years of compensation history to display, and independently enable or disable Base Salary and Bonus data — each with its own configurable number of change events to show (selectable from 5, 10, 15, or 20). On the employee-facing DRS page, the widget displays a compensation element selector, an events history bar chart covering the configured number of years, and a change events table showing Date, Contracted Amount, Currency, and % Change columns. At least one compensation type (Base Salary or Bonus) must be enabled when the widget is active; validation prevents both from being disabled simultaneously. When DRS is enabled for the first time, the widget is disabled by default. | – | ||
| AC-25709 | Compensation Management | The feature flag for Proposal Management was removed from the code base, making Proposal Management permanently available in the compensation round grid configuration and the Planner compensation grid. There is no behavioral change — the flag was already enabled in production. This change is internal and has no direct impact on users. | – | ||
| AC-25795 | Authorization | The QueryBuilder authorization provider (a component used to control data access through raw SQL-based rules) was extended to support distinct query parameters for each Security Group. Previously, a single shared set of parameters was applied across all entities, which did not accommodate the Security Group authorization model where each group requires its own independent set of attributes. With this change, each Security Group is evaluated using its own dedicated query parameters, ensuring correct data resolution. Existing Individual authorization behavior is unchanged. | – | ||
| AC-25848 | Pay Transparency | Mapping Configuration creation and management capabilities were added in Workbench > Communication > Mapping Configuration. Compensation Admins and Global Compensation Admins can now create, edit, delete, activate, and deactivate mapping configurations for document generation. When creating a mapping, users can select a template, a ready Snapshot as the data source, one or more eligible populations, a communication round, and a usage type. Mapping configurations support a draft-to-ready workflow: configurations can be saved as drafts without validation and later published to a Ready status; once published, a mapping cannot revert to Draft. A uniqueness rule is enforced on the combination of Population, Template, Data Source, Communication Round, and Usage to prevent duplicate configurations. Deactivation and reactivation of Ready mappings is also supported, with conflict validation surfaced when reactivation is blocked by another active mapping. All create, edit, delete, activate, and deactivate actions are auditable. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25892 | Pay Transparency | Filtering capabilities were added to the Mapping Configuration list in Workbench > Communication > Mapping Configuration. Users can now filter mappings by Template, Population, Communication Round, Data Source, Usage, and Status using multi-select drop downs, where multiple selections within a single filter behave as OR conditions. Filter options reflect all available mappings in the full dataset, not only those visible on the current page, and pagination and total count are updated accordingly. Filters are applied via an Apply button, can be cleared individually or in full, and cancelling the filter panel leaves the current list unchanged. A count badge indicates the number of active filters. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25895 | Pay Transparency | A details drawer was added for Mapping Configurations in Workbench > Communication > Mapping Configuration. Compensation Admins, Global Compensation Admins, Support, and Read-only users can now click the View option in the Actions context menu to open a side drawer displaying the full details of a selected Mapping Configuration. The drawer includes the configuration's status, owner (with profile picture and job position retrieved from the Live Hierarchy), associated populations, Communication Round, template, data source, usage, and description. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-25898 | Pay Transparency | An audit trail drawer was added in Workbench > Communication > Mapping Configuration. Compensation admins, Global Compensation admins, Support, and Read-only users can now click 'View' from the context menu of any entry in the Mapping Configuration list to open a drawer displaying a chronological log of auditable actions. The audit trail records who performed an action, what the action was, and when it occurred, with entries ordered from newest to oldest and scrollable for easy navigation. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26029 | Pay Transparency | In Workbench > Communication > Documents > Alerts and Anonymization, administrators can now define location-based local rules for alert and anonymization configurations, in addition to the existing system-wide global settings. Local rules are tied to specific work countries and always take precedence over the global configuration when a worker's work country matches a defined rule. If no local rule applies, the global configuration continues to be used as a fallback. Administrators with Configuration, Support, or Read-only roles can create, edit, copy, and delete local rules; all such actions are auditable. Each country can only belong to one local rule at a time, and deleting or editing a local rule automatically updates the alerts on any affected Pay Information Letters. Copying a local rule opens the Add Local Rule form pre-populated with the source rule's values, but without countries pre-selected, so new countries must be chosen before saving. | – | ||
| AC-26118 | Compensation Management | In Planner > Compensation, the Proposal Management drawer was simplified to display only the outcome of the proposal management configuration, rather than the full setup in read mode. The 'Enable proposal management' section and 'Create your formula' section have been removed. The drawer now renders a single section based on the configuration type: when configured with a Source Field, it displays the field name used to prefill the proposal; when configured with a Formula, it displays the defined conditions with their If and Then logic in read-only format. Both sections are never shown simultaneously. | – | ||
| AC-26212 | Authorization | An issue was corrected in the authentication service where users were unable to complete the login flow due to errors at the OIDC authorization endpoint (the service responsible for verifying user identity and granting access). In affected environments, login requests were being rejected with 400 errors because the client identifier (client_id) parameter was missing or null when reaching the authorization endpoint, and a separate PKCE (a security mechanism used during login to prevent authorization code interception) code verifier mismatch was forcing affected users into a full re-authentication cycle. These issues have been resolved and the login flow now completes as expected without client identifier or code verifier errors. | – | ||
| AC-26216 | Authorization | A security issue was corrected in the Remix web application layer where OAuth authentication tokens (access token, refresh token, and ID token) and PKCE code verifiers (cryptographic values used during secure login flows) were being written to application logs in plaintext when a session refresh failed with an invalid grant error. This occurred because the session object, which contained the full set of authentication credentials, was passed unsanitized to the error logger. The logger output was ingested by the monitoring platform, making sensitive credentials potentially visible to anyone with log access. This has been corrected by sanitizing session and token data before logging, ensuring that authentication credentials are no longer exposed in log output. | – | ||
| AC-26309 | Performance Management | A new Talent Review template creation wizard was added in Workbench > Talent Review. Users with the Talent Review role can now create and configure end-to-end Talent Review templates through a step-by-step wizard covering four stages: Template Details, Population, Axis Configuration, and Questionnaire. In the Template Details step, owners can define a template name and description with full multi-language translation support across all configurable fields. The Axis Configuration step provides a pre-populated 9-box grid (Talent Matrix) with editable axis names, level labels, and color-coded grid cells that update in real time; an optional second grid (Retention Risk) can be enabled via toggle, with a maximum of two grids per template. In the Questionnaire step, owners can add questions with text, radio button, or checkbox answer types, configure mandatory flags, and assign response permissions. Templates can be saved as drafts at any step, with automatic saving on navigation, and draft templates remain hidden from end users until published. Validation banners and inline error messages are displayed when mandatory fields are incomplete before proceeding to the next step. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26322 | Data Foundation | An issue was corrected in the Pay Communication report where the semantic data model failed to refresh due to a missing record in the Live Snapshot Data, caused by an incorrect column source configuration. As a result, the data model could not be refreshed. The column source has been corrected and the data model now refreshes successfully without error. | – | ||
| AC-26328 | Pay Transparency | Bulk action capabilities were added to the Mapping Configuration list page for Compensation Admins and Global Compensation Admins. Users can now select multiple mappings using checkboxes and perform bulk activate, deactivate, and delete operations. A contextual action bar appears upon selection, displaying the total count of selected items, and a confirmation modal is shown before any bulk operation is executed. Select-all mode supports large datasets without requiring manual paging. Partial success scenarios are handled gracefully, with warning notifications indicating how many operations succeeded out of the total requested. Each individual mapping affected by a bulk action is recorded separately in the audit log. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26340 | Data Foundation | An issue was corrected in the analytics report sync process where embedding analytics reports would fail for an entire batch if a Power BI system-managed Usage Metrics report was present in the workspace metadata. When this report was included in the batch token generation request, Power BI rejected the request due to incompatible identity requirements, causing all analytics reports in the batch to fail to load. The sync process has been updated to exclude Power BI Usage Metrics reports from metadata synchronization, ensuring that batch token generation succeeds and analytics reports render correctly. | – | ||
| AC-26377 | Data Foundation | In the Comp Rounds report, field renaming has been moved from the visual level to the dataset level. Previously, fields renamed only within individual report visuals did not support translations; by consolidating all renames at the dataset level, translation support is now enabled across the report. The report continues to display the same data and titles as before. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26387 | Performance Management | Two new integration API endpoints were introduced to support retrieval of Career Development data by date range: /integrationapi/v2/data/career-development/plans and /integrationapi/v2/data/career-development/user-plans. External systems can now query Career Development records filtered by a mandatory date range (dateFrom and dateTo), applied against each record's last modified date, ensuring only records created or updated within the specified period are returned. The plans endpoint returns plan-level metadata including configuration, workflow stages, and question templates, while the user-plans endpoint returns user-level data such as questionnaire answers, comments, skill evaluations, and attachment metadata. Both endpoints support pagination and apply a claims-based authorization model (access control based on the requesting user's permissions), ensuring that only data the requester is authorized to view is included in the response. Additional filters such as plan, concessional unit, country, and legal entity can be combined with the date range on the user-plans endpoint. | – | ||
| AC-26521 | Authorization | An issue was corrected where support user creation would fail silently when a tenant's regional settings had no default language or timezone configured. In these cases, the system threw an error during domain user setup, resulting in an identity account being created without the corresponding user record. The fix ensures that support user creation now completes successfully, falling back to English ('en') for language and UTC for timezone when regional settings are not configured. | – | ||
| AC-26523 | Authorization | An issue was corrected where support user roles appeared to be successfully assigned but were never actually saved when the user had no existing authorization record in the system. Because the underlying database update operations lacked an upsert flag (an instruction to create a new record if none exists), the process completed without error but wrote nothing, leaving the roles unassigned despite log messages indicating success. The fix ensures that a new authorization record is created automatically when none exists, so role assignments are now correctly persisted in all cases. | – | ||
| AC-26670 | Data Foundation | The Advanced Calculations compiler was updated with a new set of array manipulation and functional programming capabilities. Three new functions are now available for use in calculated fields: GROUPBY (groups an array of records by a key field and applies an aggregation), LOOKUP (retrieves a record from an array by key, supporting wildcard and range matching similar to Excel VLOOKUP), and SORTBY (sorts an array by a specified field or expression). Lambda expressions (inline functions such as x => x.field) are now supported, enabling more flexible and composable formula logic. Array evaluation was also optimized through lazy evaluation, meaning large arrays are processed on demand rather than all at once, improving performance in complex compensation calculations. These enhancements affect calculated fields used within compensation rounds. | – | ||
| AC-26717 | Pay Transparency | In Workbench, the Final Raises insight widgets — including Final Number of Raises, Final Total Cost of Raises, and Final Adjusted Pay Gaps — are now hidden until an analysis has been published to the planner. Previously, these widgets were visible prior to publishing, displaying values of zero that provided no meaningful information. They will now appear only once the analysis has been published, ensuring the data shown is relevant and accurate. | – | ||
| AC-26779 | Pay Transparency | An issue was corrected in Workbench > Pay Analysis where CSV exports contained columns that were not part of the Column Config configuration. This occurred because the backend filtering logic was not aligned with the contender, resulting in unexpected or incorrect columns appearing at the end of downloaded CSV files. The backend logic has been updated to match the front-end behavior, ensuring that exported CSV files only include columns that are configured in the Column Config, and that all columns available in the data model used for the snapshot are correctly reflected in the column configuration settings. | – | ||
| AC-26784 | Compensation Management | In Planner, the export to Excel feature now honors the decimal precision configured per column for Decimal and Calculated column types. Previously, all numeric values were rounded to two decimal places on export, regardless of the precision set in the planner column configuration. Exported files now reflect the exact decimal precision defined for each column, ensuring consistency between what is displayed in the planner and what appears in the exported Excel file. | – | ||
| AC-26903 | Compensation Management | In Workbench > Compensation Management, an informational message has been added to the validation report download pop-up. When Compensation Admins open the download dialog, a message is now always displayed at the bottom of the pop-up indicating that the exported file is filtered based on their access permissions and contains only the employee data they are authorized to see. This message makes the existing ABAC (attribute-based access control) filtering — which restricts report data to employees within the user's authorized scope — transparent to the user. The message is read-only and does not affect the export action in any way. | – | ||
| AC-26942 | Pay Transparency | Worker list pre-calculation was introduced for mapping configurations in the Pay Information Letter feature. When a mapping configuration becomes active, the system now automatically computes and stores the list of workers associated with that mapping based on its snapshot and population. This pre-calculated list is used to efficiently restrict Pay Information Letter options when querying applicable workers. Two query directions are supported: retrieving the mappings applicable to a specific worker, and retrieving the workers belonging to a specific mapping. If an active mapping is edited, the worker list is automatically recalculated to reflect the changes. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26945 | Pay Transparency | An empty state screen was added to Workbench > Communication > Mapping Configuration. When no mapping configurations have been set up, users now see a dedicated empty state page rather than a blank or undefined view, providing clearer visual feedback. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26948 | Pay Transparency | Three feature flags previously controlling access to Pay Analysis capabilities have been removed. The currency conversion option in dataset mapping (formerly behind ff_payanalysis_currencyconversion), the planner features including publishing analysis and final raises (formerly behind ff_planner_payanalysis), and the Dataset Mapping Configuration and Pay Analysis features in Workbench (formerly behind ff_dataset_mapping_configuration) are now available to all users without requiring a feature flag to be enabled. All existing functionality continues to work as before. | – | ||
| AC-26959 | Pay Transparency | An audit trail view was added for Pay Information Requests in Planner > Pay Information. HRBPs can now access the audit trail from the context menu (three-dot menu) of a Pay Information Request or from within its details drawer. The audit trail displays a full history of actions taken on a request, including creation date, status changes, document uploads, document generation, sent documents, and notes updates, along with the date, time, and user responsible for each action. | – | ||
| AC-26980 | Data Foundation | An issue was corrected where the Worker Category value was not being populated in the snapshot data after creating a snapshot with Worker Category configuration enabled in the UI (Snapshot Manager). Even when the 'Use worker category configuration' option was selected, the configuration was not correctly applied during snapshot generation, resulting in empty Category values. The Worker Category value is now correctly generated by concatenating the configured fields using the defined separator and blank value rules, for both global and local Worker Category configurations. | – | ||
| AC-26992 | Pay Transparency | In Planner and Workbench, the Model, Recommended, and Final Adjusted Pay Gap calculations on the individual analysis page are now controlled by a feature flag. When the flag is disabled, these calculations are hidden from the pay gap insights view. When the flag is enabled, they are displayed as normal. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-26995 | Pay Transparency | An issue was corrected in Pay Analytics where the 'Distance from Predicted Compensation' and 'Outlier %' metrics displayed inverted signs. Employees whose actual compensation exceeded their predicted salary were incorrectly shown a negative value, while those earning below their predicted salary were shown a positive value. The calculation has been corrected to use Compensation minus Predicted Salary, so that compensation above the prediction now shows a positive value and compensation below the prediction shows a negative value. This correction applies to both the Recommended Raise and Final Raise views, as well as any exported CSV reports containing these columns. | – | ||
| AC-27009 | Authorization | Three additional user identity fields (UserId, UserSub and UserType) were added to Back Office audit log entries, bringing them into full alignment with the documented logging strategy. This improves traceability and compliance reporting for actions performed by authenticated users and proxied sessions. This change is internal and has no direct impact on users. | – | ||
| AC-27012 | Authorization | The Back Office service was upgraded to .NET 10 (the latest version of the underlying runtime that powers the platform's services), and all related shared libraries were updated to compatible versions. This enables future enhancements such as audit logging, with no functional change for end users. This change is internal and has no direct impact on users. | – | ||
| AC-27033 | Data Foundation | An issue was corrected in Data Management > Custom Entities where entering a name longer than 30 characters when creating a new custom entity resulted in a 400 error. The character limit is now correctly enforced at the point of input, preventing the error from occurring. | – | ||
| AC-27127 | Pay Transparency | In Workbench > Pay Analysis, the salary-related column names displayed in the results table and column configuration were updated to use their correct translated labels. The columns previously shown as 'CurrentSalary', 'SuggestedRaise', 'SalaryAfterRaise', and 'PredictedSalary' now appear as 'Current Salary', 'Model Suggested Raise', 'Salary After Suggested Raise', and 'Model Predicted Salary' respectively. | – | ||
| AC-27130 | Data Foundation | An issue was corrected in the Pay Transparency - Right to Information report where all report parameters were incorrectly configured with the data type 'Any' instead of 'Text'. This caused deployment failures with a syntax error preventing the report from being published to the workspace, and also made the parameters non-editable once deployed. The parameter data types have been corrected to 'Text', resolving the deployment error and restoring the ability to edit parameters in the workspace. | – | ||
| AC-27152 | Compensation Management | In Workbench > Compensation Management > Round Management, Compensation Admins and Global Compensation Admins can now send configured reminders directly to participants assigned to a compensation round. When clicking 'Send reminder' on a configured reminder, a confirmation modal is displayed before sending, warning that the reminder will be sent to all assigned users and cannot be edited or recalled once sent. Recipients — Compensation Managers, Compensation Managers +1, and HRBPs — receive both an in-app notification (via the notification bell) and an email notification; users holding multiple selected roles receive only one notification per send. The reminder row displays a 'Sending' status during processing and updates to 'Sent' upon completion, at which point 'View' and 'Duplicate' actions become available. The Send reminder action is only available for rounds in 'In Progress' status. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-27187 | Data Foundation | An issue was corrected where the HashCode field in the SnapshotData schema (the internal data store used to track live snapshot records) was not being refreshed when records were created or updated through file uploads or API calls. As a result, the HashCode value remained empty or stale rather than reflecting the current state of the data. The underlying synchronization logic has been corrected so that the HashCode is now properly generated and updated whenever snapshot data is created or modified. | – | ||
| AC-27191 | Data Foundation | A new auditing capability was added to snapshot generation that captures and preserves the Worker Category configuration in use at the time each snapshot is created. Users can now view the exact Worker Category configuration — including global settings, local overrides, and custom configurations — that was applied when a given snapshot was generated. This information is stored immutably alongside the snapshot, meaning it remains unchanged even if the underlying configuration is later modified, ensuring full reproducibility and traceability of analytical results. The configuration details are accessible via the snapshot details API (GET /api/v2/snapshots/{SnapshotId}/worker-category — a new endpoint that returns the Worker Category configuration associated with a specific snapshot). This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-27255 | Data Foundation | The feature flag controlling Custom Entities visibility was removed from the web application. Data Foundation admins now consistently see custom entities regardless of the flag's previous state. This reflects the feature's full release. This change is internal and has no direct impact on users. | – | ||
| AC-27274 | Compensation Management | An issue was corrected in Workbench > Compensation Builder where, when creating a new Bonus compensation round, a raw translation key was displayed as hint text beneath the Comp element field instead of the expected human-readable text. This has been corrected and the field no longer displays any hint text. | – | ||
| AC-27275 | Compensation Management | An issue was corrected in Workbench > Compensation Builder > Rounds where the selected comp round owner chip did not display an avatar or default initials icon when a user was added in the 'Comp round owners' field during compensation round configuration. Only the owner's name and role text were shown. The chip now correctly displays the default avatar icon with the user's initials. | – | ||
| AC-27279 | Data Foundation | A unified audit log for Worker Category configuration changes was introduced in the Worker Category configuration area. Users can now view a single chronological list of both Global and Local Worker Category configuration events, with each entry capturing the timestamp, user, action type (Create, Edit, or Delete), and the affected target. The audit log supports date range filtering, descending date ordering, and pagination. Users can also download the configuration state for any individual audit entry as a JSON file. Audit entries are read-only and immutable. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-27291 | Data Foundation | Translation support was added to the Compensation Round report. Report content is now displayed in the language selected by the user. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-27300 | Compensation Management | An issue was corrected where the currency link for compensation elements was not resolved consistently, causing the system to reference currency fields randomly when multiple model currency fields were present. Previously, the system relied solely on the CompensationHistory entity as the source for currency resolution. This was corrected so that currency is now determined by evaluating available sources in a defined priority order: ContractedCompensation first, followed by PaidCompensation, and then CompensationHistory. | – | ||
| AC-27310 | Compensation Management | A new Compensation Approver role has been introduced in the Authorization service (the component responsible for managing user roles and permissions). This role is part of the Advanced Workflow feature, which supports approval of compensation decisions within workflow stages. The Compensation Approver role can be assigned to users through the existing CSV role import mechanism, with no changes required to the import process. | – | ||
| AC-27323 | Compensation Management | An issue was corrected in Planner where clearing a monetary proposal field value caused the null value to be saved in an incorrect format in the database. This resulted in broken Planner and Payroll exports. The value is now saved and returned correctly when a monetary proposal field is cleared. | – | ||
| AC-27354 | Data Foundation | Three new API endpoints (interfaces for programmatic access to platform data) were added to support the calculated field formula editor in the Data Modeler. A library endpoint (GET /api/v2.0/calculated-fields/{id}/library) returns all data needed to build or edit a formula in a single call, including the model schema (the structure of available data fields), existing calculated fields, and any referenced entities (external data sources linked to the field) configured on the field being edited. Dedicated endpoints were also added to add, update, and delete individual referenced entities on a calculated field (POST, PUT, and DELETE on /api/v2.0/calculated-fields/{id}/referenced-entities) without requiring the entire field to be resubmitted. Finally, a functions endpoint (GET /api/v2.0/calculated-fields/functions) returns all supported formula functions available in the calculation engine, including array functions such as LOOKUP, while excluding currency-specific functions that are not relevant in this context. This feature is currently behind a feature flag and is not yet available to all customers. | Yes | ||
| AC-27367 | Performance Management | An issue was corrected where republishing a Review Template that was created before the Population feature was introduced would result in a Bad Request (400) error after setting a new Population on the template. This was caused by an incorrect validation being applied during the republish process. The validation has been removed and users can now successfully republish these templates with a Population assigned. | – | ||
| AC-27381 | Performance Management | The confirmation page is no longer included in PDFs generated for Historical reviews. Historical reviews represent data that was imported or created outside of the platform prior to a client's go-live, meaning the system cannot confirm that a performance conversation or confirmation actually took place. Including the confirmation page in these cases could be misleading, so it has been removed. PDFs for standard reviews continue to include the confirmation page as before. This change is applied automatically during PDF generation and requires no action from users. | – | ||
| AC-27449 | Data Foundation | In Snapshot Manager, the Create Snapshot button is now hidden for users who have permission to view snapshots (DataModelSnapshotAccess) but do not have permission to create them (DataModelSnapshotAdmin). Previously, these users could see and click the button, only to receive a permission error (403) when the action was attempted. Users with the DataModelSnapshotAdmin permission continue to see and use the Create Snapshot button as before. | – | ||
| AC-27453 | Authorization | Three vulnerabilities were patched by updating the affected .NET libraries (System.Formats.Asn1, System.Text.Json and Microsoft.Extensions.Caching.Memory/Hosting — internal libraries used by the platform's services) to versions that include the official security fixes. There are no functional changes. This change is internal and has no direct impact on users. | – | ||
| AC-27462 | Performance Management | An issue was corrected in Workbench > Performance Management > Performance Review Templates where editing a published template and adding a worker to the Population step caused the same worker to appear twice in the confirmation pop-up when clicking the Republish button. This occurred because the locked population calculation was using current form data rather than the saved data from the backend. The calculation logic was corrected so that each worker now appears only once in the republish confirmation list. | – | ||
| AC-27474 | Authorization | Eight security vulnerabilities flagged by the automated security scanner were formally documented as not applicable. They either affect older .NET versions, components the platform does not use, or are already mitigated by the runtime environment. No code changes were required, and the security report no longer flags these as open items. This change is internal and has no direct impact on users. | – | ||
| AC-27483 | Pay Transparency | The RTI (Real-Time Information) report has been added to the PET module configuration, making it available to applicable users within the PET reporting environment. | – | ||
| AC-27490 | Authorization | Two security vulnerabilities flagged by the automated security scanner (CVEs — Common Vulnerabilities and Exposures, the public catalog of known security issues) were formally documented as not applicable to the platform; they affect older .NET versions that this product does not use. No code changes were required, and the security report no longer flags these as open items. This change is internal and has no direct impact on users. | – | ||
| AC-27495 | Compensation Management | A one-time data fix was applied to ensure Digital Rewards Statement widgets are displayed in a consistent order across all tenants. Main content widgets (Compensation in Numbers, Compensation Breakdown, Position in Pay Range, Compensation Philosophy, Compensation History) and side panel widgets (Pay Information, Resources) now follow a fixed sequence regardless of historical configuration state. Disabled widgets are not affected. This change is internal and has no direct impact on users. | – | ||
| AC-27532 | Pay Intelligence | An Analytics workspace configuration was added for the internal demo environment so that the demo workspace stays up to date through the deployment pipeline. This change is internal and has no direct impact on users. | – | ||
| AC-27535 | Data Foundation | An issue was corrected where deploying reports to Microsoft Fabric would fail with a critical error stating that required properties (itemType and displayName) were missing. This occurred because the tool used to create the release bundle (a PowerShell command) silently excluded hidden configuration files — known as .platform files — that the Fabric import process requires. The bundling process has been updated to correctly include all files, including hidden ones, so that deployments now complete successfully. | – | ||
| AC-27555 | Data Foundation | The CSV data ingestion and deletion pipelines in Workbench > Data Management have been updated to support larger file uploads and higher record volumes. Previously, ingestion and deletion jobs processing more than approximately 65,535 records could fail with a database error due to a technical limitation in how SQL queries were constructed (PostgreSQL enforces a hard limit on the number of individual query parameters per statement). The underlying query logic was revised to pass record identifiers as a single array parameter instead of individual values, removing this ceiling entirely. In addition, the maximum upload file size has been increased from 10 MB to 20 MB, and the file upload modal now reflects this updated limit. | – | ||
| AC-27593 | Performance Management | End-to-end validation testing was performed on the new Talent Review template wizard (Details, Population, 9-box Axis configuration, Questionnaire). All planned test cases passed. This feature is currently behind a feature flag and is not yet available to all customers. This change is internal and has no direct impact on users. | Yes | ||
| AC-27619 | Data Foundation | An issue was corrected where exporting a snapshot would cause an out-of-memory error when the dataset contained a large number of records and fields. This resulted in the export operation failing without feedback to the user. The error handling has been improved so that if memory limits are reached during export, the loading indicator now closes and an error message is displayed to the administrator rather than the operation failing silently. | – | ||
| AC-27637 | Pay Transparency | In Workbench > Communication > Mapping Configuration, selected filter values are now displayed as visual tags (clouds) between the filter controls and the data table. This allows users to see their active filter selections at a glance without needing to re-open the filter panel. | – | ||
| AC-27739 | Authorization | NuGet packages (third-party libraries used by .NET services) were updated in the services required for the Machine Learning workflow, and five missing Security Group attributes in the Authorization service (the component that controls user access) were corrected, ensuring access checks behave as intended. This change is internal and has no direct impact on users. | – | ||
| AC-27813 | Data Foundation | An issue was corrected where the Data Foundation database migration job was starting the full application (including the web server and the message-bus consumers) before running migrations. This caused database connection contention and noisy shutdown errors, leaving some tenants unmigrated. The migration job now runs migrations directly without booting these components, eliminating the timeouts. This change is internal and has no direct impact on users. | – | ||
| AC-27857 | Authorization | An issue was corrected where the Analytics Hub > Adoption Monitor report and the employee authorization endpoint, which retrieves filtered user lists for analytics and PowerBI reports, returned an incorrect number of users when filtering by a custom employment attribute combined with an 'All Company' organization scope. Instead of returning only the users matching the specified custom attribute, the response returned all user IDs regardless of the filter. This was caused by a parameter change introduced in a previous update that prevented the custom attribute filter from being applied correctly. The endpoint now correctly filters results so that only users matching the specified custom attribute are returned, and PowerBI and Fabric reports consuming this data reflect the accurate filtered results. | – | ||
| AC-27916 | Pay Transparency | An issue was corrected in Passport > Compensation where the Pay information widget failed to load and displayed an error message for employees who had no Pay Information Request assigned to them. The error occurred because a valid empty response (HTTP 204 No Content) was not properly handled by the API gateway's response forwarding logic, causing it to return a 500 Internal Server Error instead. The widget now loads correctly in this scenario, and employees without a Pay Information Request no longer encounter an error. | – | ||
| AC-27942 | Data Foundation | An issue was corrected where calling the snapshot creation endpoint multiple times in parallel caused the data modeler service to crash with a fatal error (exit 139). The root cause was a thread-safety violation: the snapshot orchestrator, which manages the snapshot creation process, was not protected against concurrent requests, leading to undefined behavior when multiple calls were processed simultaneously. A lock was added around the orchestrator's start operation to ensure that concurrent calls are handled safely, preventing service crashes under load. | – | ||
| AC-27945 | Authorization | An issue was corrected in the authorization service where sending an empty array for a single custom subject attribute via the subject attributes endpoint (used to assign or clear attribute values for workers) would incorrectly clear all custom subject attributes for that worker, rather than only the targeted one. This occurred because the system could not distinguish between a field that was absent from the request and a field explicitly set to an empty array, causing unintended data loss. The fix introduced three-valued logic: a field omitted from the request now preserves the existing value, an explicit empty array clears only that specific attribute, and a field with values overwrites only that attribute. Partial imports now correctly preserve attribute values for any fields not included in the request. Note: any integration that previously relied on omitting a field to clear its value must now send an explicit empty array to achieve that result. | – | ||
| AC-27946 | Authorization | Several issues were corrected in the custom attributes authorization pipeline affecting multiple areas of the platform. First, after a worker was re-ingested with updated custom attribute values and a new snapshot was triggered, Elasticsearch (the search index used to serve authorization data) continued to return stale values from the original ingestion rather than the updated ones. This has been corrected so that ElastiSsearch now reflects the latest custom attribute values following re-ingestion and snapshot. Second, ABAC (Attribute-Based Access Control) filters configured on custom attributes were not being enforced when resolving which workers a subject could access, or which subjects could access a given worker. As a result, managers and HR users with restrictive custom attribute filters were incorrectly granted visibility over workers who did not match those filters. This affected the Analytics authorized employees endpoint, the Performance Review participants list, and the Subjects-For-Workers reverse lookup. All three authorization paths now correctly apply custom attribute filters so that only workers matching the configured attribute values are returned. | – | ||
| AC-27987 | Data Foundation | This change is internal and has no direct impact on users. | – | ||
| 153126 | AC-28005 | Compensation Management | An issue was corrected where republishing a compensation round could fail with a timeout exception while creating the round snapshot. The timeout in the compensation service was increased from 60 to 120 seconds, allowing larger snapshots to complete successfully. | ||
| AC-28120 | Pay Transparency | Response handling for pay transparency API endpoints was improved so that successful results from upstream services are returned more directly. This affects endpoints covering lists, single items, counters, snapshots, previews, last-request information, request creation, and communication rounds, resulting in faster and more consistent responses. | – | ||
This is a miscellaneous message.
About Feature Flags
beqom practices continuous development and continuous deployment. According to this method of work, code can be added to the code base but hidden behind a Feature Flag. When features or parts of a feature are hidden behind a Feature Flag, then they are not visible in the application interface even though the code exists in the code base. This is to make sure that new code is included in small increments, which makes it easier to test and guarantees higher code quality, without impacting end-users.
Features that are marked as behind a Feature Flag in this table are not yet available to end-users. Their release will come at a later date when the full scope of the features is done.
Innovation
beqom uses AI to rethink what compensation software can be. Our labs team is actively building a new generation of intelligent features for beqom PaySuite: capabilities designed not to layer AI on top of existing workflows, but to make intelligence foundational to how compensation and performance get done.
Everything in this section is currently in limited preview release or in the labs presently. General availability will be communicated through the usual channels.
| Type | Issue key | Description |
|---|---|---|
| AC-27501 | Streaming support was implemented for the beqom AI-powered assistant. Responses from the AI are now delivered progressively as they are generated, rather than waiting for the full response to be completed before displaying, resulting in a faster and more responsive experience. |