XMedius Cloud Change History • XM SendSecure

Administrator -

This article lists the changes of the XM SendSecure service.


  • Fixed an issue with IE11 when searching for SafeBoxes using international characters.
  • Changed the timestamp format in the SafeBox list to better identify those from the past years.
  • Fixed an issue preventing lists of 60k+ SafeBoxes from loading.
  • Improved the validation of recipient email addresses.
  • Fix issues with slower file uploads to prevent the creation of a SafeBox with invalid content due to timeouts.
  • Added a limit of 500 to the number of attachments per message posted in a SafeBox to fix timeout errors.
  • Various other improvements and security fixes.


A new version of XM SendSecure for Outlook ( is available:
  • XM SendSecure for Outlook now supports SSO using SAML 2.0 (when the Enterprise Account is configured for this).
  • The user login flow is now handled via an embedded browser within the application.
  • Other minor improvements and fixes.


  • To increase security and prevent abuse in the verification and access flow related to SafeBoxes created by Secure Link:
    • Security code delivery by voice call is no longer offered to guest participants on such SafeBoxes.
    • The use of a captcha is now mandatory when configuring a Security Profile usable for Secure Links.
  • In the same effort of prevention from abuse, the number of Security Code requests that can be performed by the same participant on the same SafeBox (of any type) has been limited to a maximum of 6 per hour.
  • The SafeBox list search engine has been adjusted to allow returning matches on the Owner's email address.
  • Fixed a rare timing issue where a SafeBox message could be submitted before a file upload could be completed.
  • Ireland is now available in the country dialing plan list.
  • Various other improvements and security fixes.


  • Various improvements and security fixes.


(Service update 10)

User Participant Access via SafeBox List

XM SendSecure users are no longer considered as external guests when contributing to a SafeBox involving participants within their enterprise account.
  • As long as they are XM SendSecure users from the same Enterprise Account as the SafeBox Owner:
    • Users can access and manage all their SafeBoxes through the same SafeBox list within their usual XM SendSecure interface, regardless to their role (Owner or not) in the SafeBox.
    • Users no longer have to validate their identity using a security code; they simply need to login through their usual XM SendSecure authentication flow.
    • In SafeBox recipient/participant management lists, users are identified as such with a specific tag and are not required to have a phone number, even if the Security Profile requires it for guests.
  • External guests and XM SendSecure users can cohabit in the same SafeBox and their contribution experience within the SafeBox is the same; only their access method is different.
  • All the same improvements (simplified login and single interface experience) apply to any Secure Link accessed by a user from the same Enterprise Account as the Owner.

Secure Team Messaging & Privileged Participants

A new "Privileged Participant" role can now be granted to specific participants in selected SafeBoxes, in order to enable Secure Team Messaging within your enterprise.
  • About the Privileged Participant role:
    • Privileged Participants are necessarily XM SendSecure users from the same Enterprise Account as the SafeBox Owner, and there can be several of them in the same SafeBox.
    • The Privileged Participants and the Owner are all considered as "SafeBox Administrators"; they are visually identified in SafeBoxes with different "shield" icons.
    • Privileged Participants have all the same privileges as the Owner on the SafeBox (among others: see, manage and reply to all participants, control the SafeBox life cycle, always access the content after close...) – except that they cannot revoke the Owner's access, while their own access can be revoked by any other SafeBox Administrator.
  • Several means are offered to add users as Privileged Participants when creating a SafeBox:
    • On the fly: the Privileged Participant role can be manually granted (or removed) by the Owner at SafeBox creation.
    • Through Favorite properties: users can configure any of their Favorites to be automatically promoted as Privileged Participants when adding them to a SafeBox.
    • Through user personal settings: users have the option to automatically promote any user of their enterprise as Privileged Participant when adding them to a SafeBox.
    • Through a Security Profile: an option has been added to allow the automatic and mandatory addition of a predefined set of users or groups at SafeBox creation and promote them as Privileged Participants (which also applies to Secure Link context).
  • The Privileged Participant role can also be manually granted or removed afterward by any SafeBox Administrator once the SafeBox is created (regardless to the way participants were added at SafeBox creation).

SafeBox Administrator Alias

An Alias can be optionally configured for easier identification of the SafeBox Administrators as a single entity (for example, a team or department) or to preserve their anonymity.
  • Alias configuration is done through a Security Profile, which must be selected at SafeBox creation.
  • When an Alias is set up, all recipients see all SafeBox interactions performed by any of the SafeBox Administrators as coming from the same Alias (while the SafeBox Administrators themselves still see each other under their actual identities).
  • In Enterprise Secure Links, an Alias does not override the Secure Link Display Name (shown as a title in the Secure Link pages). Thus, the purpose of the Secure Link (Display Name) can be distinguished from the team (Alias) processing the resulting SafeBoxes.

Unfollowing SafeBoxes

XM SendSecure users can now "Unfollow" a SafeBox (manually) to virtually step back from the activity of the other participants, without actually losing access to the SafeBox content.
  • Any unfollowed SafeBox is intended to disappear from the SafeBox list shown to the user (according to the default list filter).
  • All unfollowed SafeBoxes can be listed and accessed using the dedicated "Unfollowed" filter available above the list, and the user can "Follow" back any of them.
  • When a user unfollows a SafeBox, all activity notifications (replies, downloads...) coming from this SafeBox are no longer received by this user.
  • If the user has an administrative role in an unfollowed SafeBox, any notifications about events that require an action (auto-locked participant, NDR received...) are still sent to this user.

Participant Access to Closed SafeBox

Security Profiles can now be configured to let Participants (including Guests) keep access to the content after the SafeBox is closed (until the content is deleted):
  • Messages can still be viewed and documents can still be downloaded, but the participants (including SafeBox Administrators) can no longer contribute.
  • SafeBox Administrators can still manage participants during that period (i.e. revoke/restore accesses, add and edit participants).

SafeBox Auto-Close after Content Retrieval

Security Profiles can now be configured to auto-close the SafeBox once all participants have retrieved all the SafeBox content (i.e. all messages have been read and all files downloaded):
  • The SafeBox will automatically close after a specific configurable delay – without waiting for the SafeBox scheduled expiration.
  • If a participant adds a contribution within this delay, the auto-close process is reset, until the new content is retrieved by all the other participants.
  • Participants whose access was manually revoked by a SafeBox administrator are excluded from the calculation that triggers the auto-close process.

Customizing XM SendSecure Email Templates

XM SendSecure email notifications can now be customized to reflect specific corporate branding rules, with the following options offered:
  • Changing the colors and corporate logo.
  • Displaying or not the email footer.
  • Customizing the XM SendSecure info & help links appearing in the footer.

User & Guest Experience Improvements

  • The SafeBox invitation email can now be resent to any participant after the SafeBox is created:
    • This option is available to SafeBox Administrators in the Manage Participants section of the SafeBox.
  • The Guest authentication experience has been improved:
    • The authentication process is now presented in 2 steps only (get & enter a code).
    • The security code is now requested through a single action (destination and method selected at the same time).
  • A few notification emails have been slightly redesigned/simplified for better participant experience:
    • The invitation email seamlessly adapts to the Privileged Participant & Alias contexts.
    • The SafeBox access link area (including notification icon) has been made more compact to optimize space and improve focus.
    • The Download notifications now have a link to access the SafeBox (except for double-encrypted SafeBoxes).
  • Other enhancements for better user experience within XM SendSecure user interfaces:
    • The countdown (before close/delete) has been replaced with a humanized display of the remaining time.
    • The action menus have been slightly redesigned, reordered and restructured.
    • The SafeBox list filter now supports multiple selection – and the default filter is set to list the "Followed" SafeBoxes only.
    • Users can also setup their own default filter with multiple selection (among their XM SendSecure personal settings).
    • The SafeBox recipient input fields now support RFC compliant emails so that users can copy-paste recipients from any mail client such as Outlook.

Other Improvements

  • A custom link to your corporate privacy policy can be added in the footer of Guest pages:
    • The URL can be configured among XM SendSecure General Settings by Enterprise Administrators.
    • The custom link will appear along with the link to XMedius privacy policy.
  • The certified signatures of Audit Records (PDFs) have been improved to be trusted in the long term according to Long-Term Validation (LTV) specification.
  • The XM SendSecure REST API v2 has been updated according to the new features and improvements hereby described.
  • Various other improvements and security fixes.

XM SendSecure for Outlook

A new version of XM SendSecure for Outlook ( is available:
  • General updates to support the latest features and improvements of the XM SendSecure service update 10.
  • Name changed to "XM SendSecure for Outlook" to reflect the new service name.
  • Improved support for Outlook 2016 & 2019 and the latest Windows 2010 updates.
  • Added support for environments that use TLS 1.1 or 1.2.
  • Big file upload process improvement to avoid timeout issues.
  • Various improvements in contact & recipient management.
  • Other minor improvements and fixes.


  • Email automatic replies of type "Out of office" are no longer identified as Non Delivery Reports when sending SafeBox invitation emails.
  • Security code sent by voice call is now repeated several times in the message in order to improve the user experience through automated telephone systems that may introduce delays.
  • Various other improvements and security fixes.


  • A new version of XM SendSecure for Outlook ( is available:
    • Improved the file upload process to allow uploading files that are still open in another application.


  • A new version of XM SendSecure for Outlook ( is available:
    • Improved support of email contact formats in Convert To functionality.
    • Improved the Convert To functionality to keep the original email content until it is successfully converted into a SendSecure message.
    • Other minor improvements and fixes.


  • Security Profiles can now be configured for requesting participants to accept a consent statement before posting any content to a SafeBox, based on the fact that their posted data, including their personal information, need to be saved into SendSecure storage for the purpose of exchanging information. This functionality, in addition to the high-level security already in place in SendSecure, is intended to help gain compliance with standardized PII processing regulations – such as GDPR.
  • Guest participants are now provided with more precise information on the security settings of the SafeBox to which they are participating. This information (about SafeBox content encryption and retention) is displayed when replying to an existing SafeBox or when creating a new SafeBox through a Secure Link.
  • The SendSecure REST API v2 has been updated with the following:
    • Added the support of Reply functionality.
    • Added the "encrypt_attachments" property to the SafeBox security options returned by the API.
    • Added the count of unread messages among participant info returned by the API.
    • Fixed an issue preventing the SafeBox modification date/time to be updated when the participant list is modified through the API.
    • Fixed the file upload call response to ask for public encryption key only if the SafeBox is set with Double Encryption.
    • Improved the error handling when getting a file without providing the decryption key when the SafeBox is set with Double Encryption.
    • Improved the error handling when getting the list of security profiles with an Access Token while the user_email is invalid.
    • Improved the error handling on edge cases that might occur when creating a SafeBox.
  • The behavior of the participant management functionality has been improved to prevent the same participant to be added multiple times to an existing SafeBox.
  • Participants will now get an appropriate error message when trying to upload a file to a SafeBox that is already closed.
  • The file upload mechanism has been improved to ensure that the "Send" button remains disabled when an error occurs during the upload of multiple files.
  • Various other improvements and security fixes.


  • A new version of XM SendSecure for Outlook ( is available:
    • Improved processing of recipient email addresses while converting an email into a SendSecure message.
    • Other minor improvements and fixes.


  • The SendSecure REST API v2 has been updated with the following:
    • Fixed an issue that sometimes returned a 403 error when submitting an attachment in multiple chunks.
    • Fixed an issue that would have allowed the creation of a SafeBox for a user having no SendSecure access (within an Enterprise Account having the SendSecure service enabled).
    • Fixed an issue that would sometimes return a 400 error when downloading a file.
    • Fixed a mismatch regarding the SafeBox Owner ID returned by the API.
    • Improved the response to the call listing the SafeBoxes by including the list of participants.
    • Added the support of Mark As Read/Unread for specific SafeBox messages.
  • The SafeBox access flow for Guest Participants using security code has been improved to avoid potential situations leading to 500 error page.
  • The file upload mechanism has been improved to avoid some situations preventing files to be uploaded.
  • Various other improvements and security fixes.


  • A new version of XM SendSecure for Outlook ( is available:
    • Improved behavior when manipulating very large contact lists.
    • Outlook contact email addresses are now always preserved while converting an email into a SendSecure message.
    • Other minor improvements and fixes.



  • The phone number of a participant who created a SafeBox via a Secure Link is now marked as verified only if the participant successfully used this number through two-factor authentication process.
  • Added support for upcoming SendSecure App for Xerox ConnectKey enabled MFPs.
  • Various other improvements and security fixes.


  • A new version of XM SendSecure for Outlook ( is available:
    • Sent message summaries are now properly saved in Outlook (according to local SendSecure settings) when a recipient has no display name.
    • Other minor improvements and fixes.


  • A new version of XM SendSecure for Outlook ( is available:
    • SendSecure for Outlook is now compatible with 64-bit versions of Outlook 2010, 2013 and 2016.
    • Users can now select the language in which the recipients will be notified (English, French, German, Spanish, Italian or Portuguese).
    • A progress bar (with percentage) is now displayed when uploading the files attached to the secure message.
    • New options are available in local user settings to allow to:
      • Set the default language to be used for recipient notifications.
      • Enable/disable the message summary saved (by default) in Sent Items.
      • Include or not the double encryption key in this message summary.
    • Service Type can now be specified at installation to allow using SendSecure for Outlook with either of the two available SendSecure solutions: Cloud Service or On-Premises Server.
    • Other minor improvements and fixes.


  • Secure file exchanges via SafeBoxes can now be initiated by anyone, using Secure Links:
    • A Secure Link is a reusable public URL that can be distributed to allow anyone to initiate a SafeBox on behalf of a SendSecure user, in order to securely exchange information/files with this user.
    • Users can enable their own Personal Secure Link.
    • Administrators can create multiple Enterprise Secure Links tailored to specific business needs.
  • The responsiveness of the SafeBox management interface has been improved to provide a better user experience:
    • The SafeBox list can now be scrolled down with a smooth result; the loading of further list items is scalable.
    • The SafeBox list is now automatically refreshed according to the latest occurring events (new SafeBox created, SafeBox contents read/unread count...).
    • A notice of update now appears on top of the SafeBox preview pane when a new event occurs in the currently displayed SafeBox (system event, participant reply...).
  • The file upload management has been improved and complemented with options:
    • SafeBox participants (owner and guests) can now upload very large files: the system supports up to 5TB per file (except from SendSecure for Outlook, still supporting up to 5GB per file).
    • Administrators can restrict the maximum size of files that participants can upload to SafeBoxes.
    • An anti-virus has been implemented to scan all files being uploaded to a SafeBox by any participant.
  • Additional SafeBox life cycle management functionalities are available to users (via Security Profiles):
    • When creating a SafeBox, users can now set the latter to close at a Specific Date/Time (a duration can still be set instead).
    • Users can now manually delete a SafeBox (i.e. its content) without waiting the scheduled automatic deletion.
  • New settings are available to users in their SendSecure Options:
    • Enable/disable the storage of the double encryption key in their browser.
    • Enable/disable the auto mark as read of SendSecure contents with option to define the auto mark as read delay.
    • Define the default SafeBox list filter and enable/disable the automatic opening of the first item in SafeBox list.
    • Define the default language used to notify SafeBox recipients and display SafeBoxes in their Web browser.
  • Users can now select Spanish, Italian and Portuguese as the SafeBox recipient notification language (in addition to English, French and German). The SafeBox guest pages are also now available in all these languages.
  • Users are now warned – by email and through visual cue in SafeBox – if the notification sent to a SafeBox recipient has been bounced (i.e. a Non Delivery Report has been issued).
  • Security Profiles have been improved and complemented with options:
    • Administrators can now define permissions on security profiles to specify which users (or groups) can use them.
    • Administrators can now define a default security profile per user (or group).
    • Security Profiles can now be set to enable/disable the sending of double encryption key by email to the SafeBox owner.
    • Security Profiles can now be made usable (or not) for Secure Links and include specific settings for that context (guest email verification, use of a Captcha).
  • New APIs are now available to list and manage SafeBoxes, and to manage favorites.
  • A service can now be installed on customer premises to poll command files (json) and deliver them to the SendSecure cloud service (for custom integrations).
  • System infrastructure segregation has been increased to improve security.
  • Various other improvements and security fixes.


  • New version of SendSecure APIs (v2) to support our SDKs.
  • Audit Record PDFs received by email will now properly show up on IOS devices.
  • Various other improvements and security fixes.


  • Improved wrapping of messages in SafeBoxes.
  • Multiple security codes requested in a row are now all valid to access the SafeBox.
  • Web user interface is now tablet-optimized.
  • Added a progress bar to the Search File functionality.
  • Administrators can now disable lookup of users and favorites in recipient autocomplete.
  • Administrators can now choose to generate Audit Records in PDF or in PDF/A.
  • Audit Record now includes the PDF creation date.
  • Activity Detail and Audit Record now include Security Profile details.
  • Closed SafeBox access attempts are now recorded in the Event History.
  • SafeBox access attempts by revoked participants are now recorded in the Event History.
  • Canada is now available in the country dialing plan list.
  • Emails are now sent from "no-reply@xmedius.com" instead of "system@xmedius.com".
  • Various other improvements and security fixes.
Have more questions? Submit a request


Powered by Zendesk