Alerts and updates
Subscribe using the DocuSign Trust Center Alerts RSS feed URL: https://www.docusign.com/trust/alerts/feed.
Add an RSS reader extension to your browser (Chrome, Firefox), or enable via Outlook on a PC.
DocuSign has observed a new phishing campaign in which malicious URLs are being hidden in fake/imitation DocuSign-themed emails.
The emails have been spoofed to appear to be sent from dse@docusign[.]net or dse@docusign[.]com. These emails did not originate from our legitimate DocuSign email servers. They contain the following subject line:
“Re: Document to Sign and Complete”
The emails contain a link to a phishing page that is hosted on the following domain:
hxxps://ipfs[.]fleek[.]co/ipfs/<ID of letters and numbers>/
DocuSign does not use this service. Please treat any DocuSign-themed emails with a link to “ipfs[.]fleek[.]co” as phishing.
Do not click on any email or attachment links from unknown or untrusted senders. All customers are reminded that they should continue their own due diligence and identify and report to DocuSign any suspicious emails using legitimate DocuSign accounts and technology (securityaccountabuse@docusign.com), as well as suspicious emails spoofing the DocuSign brand (spam@docusign.com). Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.
For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.
The DocuSign CLM, CLM.CM, and CLM Essentials January 23.1 product release will be released to the UAT environment on Thursday, December 8, 2022, between 8:00 PM and 11:00 PM, US Central Time. We do not anticipate any impact to platform availability or access during this time.
Announcements for this upcoming release can be found on the DocuSign Support Center. Please continue to check the Support Center for enhancements and fixes that will be posted before UAT deployment.
Please contact Technical Support if you have any questions.
Please see the DocuSign Support Portal, Connect Certificates page for further details on the new certificate "Offer" and “Force” scheduled date.
The DocuSign CLM, CLM.CM, and CLM Essentials December 22.8 Product Release will be released to the EU11, EU21 Production environments on Tuesday, November 29, 2022 between 1:30 PM and 5:30 PM, U.S Central Time, and to the NA11, NA21, US11, US12 Production environments on Thursday, December 1, 2022 between 9:00 PM and Midnight, U.S. Central Time. We do not anticipate any impact to platform availability or access during these times.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions.
Please see the DocuSign Support Portal for further details on the new certificate and "Force" scheduled date.
DocuSign CLM Engineering will again be postponing the Certificate Rollout dates listed here. The new dates are:
UAT: Wednesday 16th November 8PM CST
Prod: Friday 18th November 8PM CST
Links to the new certificates can be found on the DocuSign Support Center.
We apologize for any inconvenience caused by this delay. Look for updates on DocuSign's Trust Center Alerts regarding updated information on the status of new CLM public SSO certificates or contact CLM Technical Support at https://support.docusign.com/.
On October 28th, DocuSign became aware of a planned disclosure of the OpenSSL vulnerability (CVE-2022-3602). Upon release of the vulnerability’s details on November 1, 2022 investigations were initiated to assess potential impact and determine risk level. Based on the determined risk level, DocuSign has increased monitoring for CVE-2022-3602 and intends to remediate vulnerable configurations if and when identified through our standard SLAs and patch release activity.
As of November 1, 2022, DocuSign has observed no indicators of compromise in any of its service environments. We continue to investigate and monitor the situation and will provide relevant updates if and when it becomes available.
UPDATE: November 11, 2022
DocuSign CLM Engineering will again be postponing the Certificate Rollout dates listed below. The new dates are:
UAT: Wednesday 16th November 8PM CST
Prod: Friday 18th November 8PM CST
Links to the new certificates can be found on the DocuSign Support Center.
We apologize for any inconvenience caused by this delay. Look for updates on DocuSign's Trust Center Alerts regarding updated information on the status of new CLM public SSO certificates or contact CLM Technical Support at https://support.docusign.com/.
UPDATE: October 31, 2022
DocuSign CLM Engineering will be postponing the Certificate Roll Out dates listed below. The new UAT Roll Out Date will be Friday, November 4, 2022 8:00 - 10:00pm CST. Production will be scheduled at a later date. Look for updates on DocuSign's Trust Center Alerts regarding updated information on the status of new CLM public SSO certificates or contact CLM Technical Support at https://support.docusign.com/.
ORIGINAL: October 26, 2022
On Tuesday, October 25, 2022 CLM Engineering was forced to roll back the new CLM public SSO Cert for UAT to the original. Customers may still access the original CLM public SSO certificate within the UI of their UAT account if needed. Look for updates on https://www.docusign.com/trust/alerts regarding updated information on the status of new CLM public SSO certificates or contact CLM Technical Support at https://support.docusign.com/.
See the original DocuSign Trust Center Alert.
The new Entrust certificate for signature verification is now published. No action is required.
Please see the DocuSign Support Portal here for further details on the new certificate and “Force” scheduled date.
The new site SSL certificate for our AU Certificate is now published.
Please see the DocuSign Support Portal for further details on the new certificate and “Force” scheduled date.