CX Release Notes 5.1.0

Includes the GraalVM stability improvements. CX deployments running on GraalVM now handle security certificates more reliably during builds and at runtime.

Improves the CX platform security based on findings from the CX 5.0 penetration assessment. This hardens multiple components, reducing the attack surface and increasing protection against potential threats. The improvements focus on infrastructure and configuration rather than user‑visible behavior, so administrators can upgrade to this release and get enhanced security without changing existing workflows or settings.

Strengthens the security posture of CX 5.x by addressing high and critical vulnerabilities previously identified in core services and supporting components. We updated and rebuilt container images and dependencies so that all affected services pass Trivy v2 security scans without any known critical or high‑severity issues, except for documented false positives or vulnerabilities with no upstream fix yet available.

• Customers can request a detailed vulnerability assessment report from Expertflow Support.

• For detailed findings, see the updated Vulnerability Report for CX Components 5.1.x.

• After these improvements, CX 5.1.x has no known open critical or high‑severity vulnerabilities.

Improves CX Bulk Customer Upload to auto-detect existing customers using channel identifiers, prevent duplicates, and intelligently merge or update records based on admin‑selected options. The upload summary now clearly shows how many records are inserted, ignored, updated, replaced, appended, or rejected. This reduces manual clean‑up, improves campaign targeting accuracy, and lowers the risk of over‑contacting the same customer.

Each CX service now uses its own least‑privilege database credentials managed in Vault, improving tenant and service isolation. This reduces configuration drift and connectivity issues during deployments and upgrades, with no changes to agent or supervisor workflows.

The searchConversation GraphQL API now returns channel information for each conversation, so clients can immediately identify whether a conversation came from web, email, WhatsApp, or another channel.

The API also supports a generic searchTerm parameter that lets clients run free-text searches, including by customer firstName, without specifying a particular field. These enhancements improve how UIs and integrations search and display conversation history.

Fluent Bit is now part of the standard CX platform Helm chart. The platform enables centralized logging for all Kubernetes workloads by default, reducing manual setup. For configuration details and advanced usage, see Deploy Fluentbit for Opensearch .

Introduces a targeted and reliable way to update forms. Rather than resending the entire form for a small correction, the system now transmits only the specific change, such as a corrected typo, minimizing unnecessary updates.

CX now requires all EFCX users to change temporary passwords on their first login to AgentDesk and Unified Admin. Users can update their passwords anytime from their profile. After a password change, CX automatically logs the user out and requires re-authentication with the new password to ensure account security.

The UI now shows password policy requirements when users change their passwords. Users can view policy details via an info icon and see which rules their new password meets or fails, using clear visual indicators. This helps users create compliant passwords on the first attempt and reduces failed password update attempts.

Unified Admin now records audit logs for key configuration changes, including teams, pull mode lists, reasons, agent desk settings, and locale settings. The system formats logs using our standard logging guide, following OpenTelemetry (OTLP). Fluent Bit acts as the log collector, applying filtering and forwarding rules before sending the logs to opensearch, where they are indexed and made searchable in OpenSearch Dashboards for analysis and monitoring.

CX can now support more than 10 tenants without impacting existing tenants. The platform removes the previous limitation that made the first tenant unavailable after adding the 11th tenant, so multi‑tenant deployments scale more reliably.

Enhances CX API Gateway authentication to validate tokens against tenant-specific realms in multi-tenant deployments. The gateway now selects the correct realm at runtime based on tenant context or token metadata, while existing single-tenant deployments continue to work without any configuration changes.

Tenant admins can now upload, update, and remove tenant-specific logos from the tenant configuration so CX applications (Unified Admin and Unified Agent) display the organization’s logo instead of the default ExpertFlow branding. The applications load the logo dynamically from the File Engine on login screens and in-app headers, and fall back to the default logo if no tenant logo is available. For consistent display across all placements, use a logo with a 4:1 aspect ratio.

CX now supports configuring a dedicated media server per tenant through the CX Tenant service. Instead of hard‑coding the FreeSWITCH / media server URL in the deployment config, the media server settings are stored in tenant metadata and retrieved dynamically by Agent Desk

Creates CX conversations as soon as agents press Dial. The system consistently captures every outbound attempt, successful or failed, and logs standardized failure reasons and detailed timing metrics (start time, end time, duration, talk time, and hold time) to fully reflect manual outbound activity in historical, summary, and conversation-level reports.

Calls now remain connected even if customers remove microphone or camera access in their browser. The widget instantly stops audio/video, shows the mic or camera as off, and guides customers to re‑enable permissions if they want to turn them back on.

Campaign reporting gold tables are now managed in the Data Build Tool (DBT), but table names and schemas stay the same, to keep existing reports and integrations working.

• For environments using the Data Platform, follow the (5.1.0) Upgrade Guide for Data Platform - Draft for the required upgrade steps.

• For environments with existing campaign history, follow the Data Platform upgrade steps in the Upgrade Guide CX5.0.2 to CX5.1.0 to run the schema migrations.

The Queue Stats Summary panel now right-aligns the Name and Channel Category columns for a right-to-left (RTL) language user in summary dashboards. This update improves readability and visual consistency for supervisors working in RTL locales.

Supports screen recording URLs through the Push Voice Activities API using a new MEDIA_RECORDING event. The API accepts both voice and screen recording media types in a single request, so the system can store and process complete call and screen recordings in your downstream systems.