Release Notes

New release features, enhancements, and fixes

Release Summary

DIGIT 2.4 is a release that has got new modules, a few functional changes, and non-functional changes.

  • Functional: eChallan module, WhatsApp Bill Payment, Property Tax Citizen flow UI/UX revamp Arrears Breakup in Property Tax Due, and Send back to Citizen feature in Fire NOC.

  • Non-functional: Platform Security Audit fixes, Hindi Localization, QA Automaton of APIs, and Technical improvements.

New ‌Feature Additions





eChallan module

  1. Generate e-challans / bill for all miscellaneous / Adhoc services which citizens avail from ULBs

  2. Edit/Cancel e-challan/bill

  3. The ability for ULBs to Notify citizens about the outstanding payments - Online(email & SMS) and offline.

  4. Enable Digital payments for citizens - QR code, payment link in notifications, etc.


WhatsApp Bill Payment and PGR v2 integration with redesigned Chatbot (xState)

Bill Payment:

  1. Search and View Bill `

    1. View my Bills

    2. Search Bills Based on

      1. Consumer Number

      2. Application Number

      3. Mobile Number etc

    3. View Bill

      1. Amount Due

      2. Bill copy (PDF)

  2. Payment

    1. Pay bills through quick payment links

    2. Payment confirmation/failure notification

    3. Payment receipt (PDF) on successful payment

  3. Multi-Language Support

    1. Hindi Localization (For Chats)


  1. Geo-Location tagging

  2. Two steps complaint category and type

  3. Hindi Localization (For Chats)

  4. PGR v1 & v2 support


Property Tax Citizen flow UI/UX revamp

Updated workflows and user interface changes in the following business cases -

  • PT - Quick Pay

  • Create Property

  • My Properties

  • My Applications



Updated Feature



Fire NOC Enhancements

Send back to Citizen in Fire NOC


Property Tax Enhancements

Arrears Breakup in Property Tax Due


Hindi Localization

Hindi Localization of all labels, messages, notifications, and MDMS drop-down data of all the modules


QA Automaton of APIs

APIs automation for

  • Core Services

  • Business Services

  • Municipal Services

    • End to End APIs automation for Property Tax, Trade License, mCollect, Water & Sewerage, Fire NOC, Building Plan Approval, FSM, and PGR.

  • Here is the document with the details of services automated and README documentation which details the detailed steps to execute the automation


Platform Security Audit fixes

Listed below are the security vulnerabilities identified as part of the security audit. Few of them are as per design and justification is provided for these. Others are fixed at the code level.

  1. Privilege Escalation

  2. Failure to restrict URL Access

  3. Insecure direct object references (IDOR)

  4. Malicious file upload leads to Cross Site scripting

  5. Improper Authentication

  6. Missing Account Lockout

  7. Request Throttling Attack

  8. Weak Encoding Mechanism

  9. Sensitive Information in URL

  10. Lack of Automatic Session Expiration

  11. Concurrent Session

  12. Improper Error Handling

  13. Improper Input Validation

  14. Mail Command Injection

  15. Use of hardcoded credentials

  16. Use of sensitive information into configuration file

  17. Exclude unsanitized user input from format strings

  18. HTTP Parameter Pollution

  19. Standard pseudo-random number generators cannot withstand cryptographic attacks

  20. Weak cryptographic hash

  21. Insecure SSL configuration

  22. Improper Neutralization of CRLF Sequences in HTTP Header

  23. Avoid Capturing Java.Lang Security Exception

  24. Always normalize system inputs

  25. Avoid the Command Throws within Finally

  26. Close Input and Output resources in finally block

  27. Cross Site Request Forgery

  28. Cross Site Scripting - Stored

  29. Insufficient Cookie Attributes

  30. Code Injection

  31. Exclude unsanitized user input from format strings

  32. Avoid data submissions to non-editable fields

  33. Potential Infinite Loops

  34. Avoid dangerous J2EE API, use replacements from security-focused libraries (like OWASP ESAPI)

  35. Do not allow external input to control resource identifiers

  36. The setter method for an identifier property (id or composite-id) should be private

Here are the security fixes guidelines as a handbook for best practices and guidelines.


Technical Improvements

  • PDF service refactoring for Localization API calls optimization

  • Timezone configuration support for all the services

  • Standard product Workflow bundling as part of the product


eDCR Enhancements

  1. Enhanced Door, to support door widths with color code. The color code is used to identify the type of door

  2. Fix of security audit issues

  3. Cleanup unused code and database tables



  1. Hard coded sub domain formation logic changed, preparing dynamic sub domain url by reading env from the configuration

  2. Fixed the security audit issues

‌Document Resources and Links

UI Technical Documents

Backend Service Documents

Tech Enablement Documents

Creative Commons License__All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.