14/5/2026

What’s New

#1 [MST][Auto-Consolidation] - custom: part#1 - implementation of logic updated for auto consolidation process

Overview
This release improves the MST Golf automation process to make invoice consolidation and submission more reliable, automated, and easier to monitor.

The update includes:
1. Improved automation scheduling

These changes help reduce manual work and improve visibility when issues happen during automated processing.

1. What Has Changed
1. Updated Auto-Consolidation & Submission Schedule

The automation timing has been improved:

Auto-consolidation will now run on:
3rd of the month at 9:00 AM

Auto-submission will now run on:
7th of the month at 4:00 PM

A safety-net process is also added on:
7th of the month at 10:00 PM

This ensures pending records are still processed if they were previously paused or missed.

2. Where This Is Reflected in the Portal

3. Impact
1. Reduced manual processing effort
2. Better automation reliability
3. Improved monitoring and troubleshooting
4. Lower risk of missed submissions
5. MST automated schedules have changed

#2 [MST][automation] customs: Part#1 auto convert and submit to LHDN for invoice amount more than 10k

Overview

This release improves the MST Golf automation process to make invoice consolidation and submission more reliable, automated, and easier to monitor.
The update includes:

1. Auto-conversion and auto-submission enhancements
2. New conversion log monitoring

These changes help reduce manual work and improve visibility when issues happen during automated processing.

1. What Has Changed
1. Improved 10k Auto-Conversion & Auto-Submission

The system now automatically:
- Converts eligible 10k draft invoices
- Submits them automatically during scheduled runs

This reduces manual intervention and improves processing efficiency.

2. Where This Is Reflected in the Portal
Convert Log Page (New)

Users can now monitor:
1. Invoice conversion status
2. Submission results
3. Error details for failed processes

3. Impact
1. Better automation reliability
2. Lower risk of missed submissions

#3 [MST][automation] customs: part#2: implementation failure notification setup for auto convert and submit to LHDN for invoice amount more than 10k

Overview
This release improves the MST Golf automation process to make invoice consolidation and submission more reliable, automated, and easier to monitor.
The update includes:

1. Better failure tracking and notification handling

These changes help improve visibility when issues happen during automated processing.

1. What Has Changed
1. Better Error Handling & Notifications

The system can now:
- Track conversion/submission failures more clearly
- Store error messages for troubleshooting
- Send failure notification emails when automation issues happen

This allows faster monitoring

2. Where This Is Reflected
Failure notification emails will now be triggered automatically when automation issues occur.

3. Impact
Faster issue detection through email alerts

#4 [MST][Auto-Consolidation] - custom: part#2 implementation of pause mechanism to hold auto submission process

Overview

This release improves the MST Golf automation process to make invoice consolidation and submission more reliable, automated, and easier to monitor.
The update includes:

1. Pause/unpause control for consolidation

These changes help improve visibility when issues happen during automated processing.

1. What Has Changed
1. Pause / Unpause Function Added

Users can now pause and resume MST auto-submission directly from the Consolidation Log page.

Additional improvement:
The system will automatically unpause paused companies during the 10:00 PM safety-net process to avoid invoices being left unsubmitted.

2. Where This Is Reflected
Pause / Unpause action in Consolidation Log

3. Impact
- Lower risk of missed submissions
- Paused companies will now be automatically resumed during the safety-net process

Bug Fixes

#1 [Self Billed][Direct Upload] - Bugs: Reinvestigate Non-consol self-billed invoice stuck in Draft on the second attempt for submission

Overview

This update improves the handling of self-billed invoices uploaded via CSV.

Previously, if a non-consolidated self-billed invoice failed during submission and users re-uploaded the corrected invoice, the invoice could remain stuck in Draft status and would not be resubmitted automatically.

With this enhancement, corrected invoices will now automatically move back into the processing queue for resubmission, reducing manual intervention and improving processing reliability.

1. What Has Changed
1. Automatic Reprocessing for Corrected Invoices

The system can now detect previously failed or draft invoices during CSV upload.

When users re-upload corrected invoice data:

- The invoice status will automatically be updated to Queue
- The system will automatically pick it up again for submission processing

This removes the need for manual status updates or re-triggering.

2. Reset of Previous Submission Information

To avoid conflicts from earlier failed submissions, the system now automatically clears old submission-related information before retrying.
This ensures the invoice is treated as a fresh submission attempt.

3. Improved Validation During CSV Upload

Additional validation has been added during CSV processing to ensure:

- Buyer information is properly validated
- Supplier information is properly validated
- Multi-line invoices are processed more consistently

This helps improve overall data accuracy and reduces submission issues.

2. Where This Is Reflected in the Portal
CSV Invoice Upload Process

Users uploading corrected self-billed invoices via CSV will now experience:
- Automatic reprocessing of previously failed invoices
- Improved validation checks during upload
- Reduced cases of invoices remaining stuck in Draft status

3. Impact
- Reduced manual intervention for failed invoice resubmissions
- Faster recovery for corrected invoices

#2 [Production] Consol invoice issue date got changed due to the 72 hours limitation bypass feature

Overview

This update improves how the system handles invoice dates during submission, especially for consolidated invoices and Request E-Invoice processes.

Previously, the system could automatically replace the original invoice date with the submission date due to the 72-hour validation bypass logic. This behaviour was intended for standard invoices but unintentionally affected consolidated documents as well.

With this enhancement, consolidated invoices will now retain their original invoice dates correctly.

1. What Has Changed
1. Improved Invoice Date Handling

The system now applies automatic invoice date adjustment only for standard invoices.
For:
- Consolidated invoices
- Request E-Invoice processes

The original invoice date will now remain unchanged.

2. Original Invoice Date Is Now Preserved

When the system performs a submission date override for eligible invoices, the original invoice date will still be stored internally for reference and audit purposes.
This improves traceability and data accuracy.

3. Improved Consistency Across Submission Methods

The enhancement has been applied across multiple submission channels, including:
- CSV uploads
- SFTP integrations
- Manual submissions
- Automated background processing

This ensures consistent behaviour regardless of how invoices are submitted.

2. Where This Is Reflected in the Portal
Request E-Invoice Module

Users will notice:

- Original invoice dates are preserved correctly
- Reduced unexpected invoice date changes
- Consolidation Module

Consolidated invoices will now maintain the intended invoice dates during submission and processing.

Integration Flows (CSV / SFTP)

Backend processing for uploaded and integrated invoices now follows the corrected date-handling logic consistently.

3. Impact
1. Standard invoices will continue following the existing 72-hour validation bypass process
2. Consolidated invoices are now excluded from automatic date override logic
3. Prevents unintended invoice date changes for consolidated documents
4. Improves compliance and data accuracy

#3 [Bugs-Perm Fix] [API] [Customer/Supplier] Logic Mismatch in is_foreign_company Validation During API Creation

Overview

This update improves how the system identifies Malaysian and foreign companies.

Previously, some Malaysian companies were incorrectly marked as foreign companies due to inconsistent data values. This could cause incorrect behaviour in certain validation and processing flows.

With this enhancement, the system now better recognizes Malaysian companies even when older or inconsistent values exist in the data.

1. What Has Changed
Improved Company Classification Logic

The system logic has been updated to better detect companies that should be classified as Malaysian companies.

Additional validation has been added to:
- Support older existing data values
- Correctly recognize companies marked as “Malaysia”
- Prevent Malaysian companies from being incorrectly treated as foreign companies

This helps maintain more accurate company information and processing behaviour.

2. Where This Is Reflected
Company Profile & Invoice Processing

Users may notice more accurate behaviour in flows that depend on company classification, including:
- Validation processes
- Invoice-related processing
- Country-based logic and checks

This improvement works in the background and does not introduce any UI changes.

3. Impact
- Improves data consistency
- Existing Malaysian companies with inconsistent values will now continue to work correctly
- No manual action is required from users

#4 [Ticket: 59829: JomeInvoice Response to Supply Chain Attack Due to Tampering of Software Component "axios"

Overview

This update is related to a security review triggered by reported Axios vulnerabilities (CVEs flagged by SHAPM HQ).

After investigation, it was confirmed that the JomeInvoice system is not exposed to these vulnerabilities. The affected CVEs apply to specific server-side Node.js usage patterns, which are not used in our system.

Even though there is no active security risk, we are upgrading the Axios library as a precaution and to ensure compliance with security scanning tools.

1. What Has Changed
1. Security Review Completed

A full assessment was performed on how Axios is used in the system. The findings confirmed:
- The backend is built using PHP/Laravel (not Node.js)
- Axios is only used on the frontend for internal API calls
- All API calls are restricted to our own system endpoints

2. Additional Protection Confirmed

The system already includes safeguards that prevent the reported vulnerabilities from being exploited:
- Requests only go to internal application endpoints
- CSRF protection is enabled for all requests
- Requests require valid session-based security tokens

3. Axios Library Upgrade

The Axios dependency has been upgraded from version 1.6.8 to 1.15.0 as a preventive measure and to clear security scanner warnings.

2. Where This Is Reflected in the Portal
- Frontend Application (Web Portal)
- This update applies to the web interface where Axios is used for API communication.
- Users will not see any visible changes in the UI or workflow.

3. Impact
- Ensures system is aligned with security best practices
- Removes false-positive vulnerability flags from security scanners
- Strengthens long-term maintenance of frontend dependencies
- Confirms system is not exposed to reported Axios CVEs