Product Enhancements
1.1 Rebranding Casepoint as a Unified Platform
Introduced a new release to unify all products under the Casepoint brand, updating branding elements across the platform to deliver a consistent and cohesive brand experience.
1.2 RoboHelp to Doc. 360 KB Migration
#ID 1365176
A Smarter, Better Resource Center - Now Live!
We are delighted to announce that our legacy Resource Center has been successfully migrated to a new, modern, and feature-rich Knowledge Base - marking an exciting step forward in our commitment to continuously improving your experience.
You may now access all resources and Knowledge Base articles at our new location: š https://guide.casepoint.com/resource-center/
Please be informed that the previous link (https://docs.opexustech.com/docs/resourcecenter/) will soon be unavailable. We encourage you to save the new link for future access.
NOTE: If you experience any difficulty accessing the new link, kindly request your IT or support team to whitelist guide.casepoint.com to ensure seamless access.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
1.3 PDF Portfolio Upload to eCase
ID #1369634
eCase now supports uploading PDF Portfolio files from multiple entry points with a consistent processing experience. Uploaded portfolios are automatically processed in the background, embedded documents are extracted, and the extracted content is organized in a structured hierarchy for easier access and review.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
From a project, go to Attachments > Add From > My Computer, select a PDF Portfolio, and click Add. The portfolio is added to the grid and extraction starts automatically; completion is communicated through an email notification.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
To review portfolio contents, open the portfolio row menu and select Edit > Online, then open the Portfolio tab to view embedded documents individually for preview or download.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
To submit a PDF Portfolio through eCase Portal, go to eCase Portal > Allegation Information > Add / View Attachments, select the portfolio, upload it, and submit the allegation. The uploaded portfolio becomes available in eCase for processing and review.
1.4 SAML SSO Configuration Management
#ID 1279450
This release introduces enhanced functionality that allows clients to manage and update the SAML certificate directly through the Admin Web Application.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
A new SAML SSO Configuration page is now available under System Configuration in the Admin application. Access to this page is restricted to users with the appropriate permissions, and only authorized administrators can view and manage SAML SSO settings.
The configuration page includes a toggle that allows administrators to enable or disable SAML SSO. When the toggle is enabled, all configuration fields become mandatory.
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
Administrators are required to provide complete configuration details, including uploading the SAML certificate file. Separate fields are available for entering the Admin Partner Service URL and uploading the Admin Partner Certificate File.
When the SAML SSO toggle is disabled, field-level validation is not enforced, and SAML SSO remains inactive. In this state, no configuration changes are applied, allowing administrators to safely disable SAML SSO without impacting existing settings.
1.5 Password Security Settings Enabled for SAML Authentication with NoPiv
#ID 1370064
.png?sv=2022-11-02&spr=https&st=2026-03-10T00%3A41%3A53Z&se=2026-03-10T00%3A55%3A53Z&sr=c&sp=r&sig=TTk74YSwzTnNOK7z%2BikPBcId90FfsgLO6SAOan55oSY%3D)
With this update, password security settings have been enabled for SAML authentication when using NoPiv.aspx. These settings now align with the password security controls available for authentication forms, ensuring consistent security behavior across authentication methods.
Security Updates
ID | Description |
|---|---|
1396320 | Resolved a Stored Cross-Site Scripting (XSS) vulnerability in the Outreach module by sanitizing user input and securely encoding report output, preventing malicious script execution across application views, downloaded reports, and emailed HTML attachments. |
1396321 | Resolved a Stored Cross-Site Scripting (XSS) vulnerability in the Preliminary module by sanitizing user input and securely encoding report output, preventing malicious script execution in application views, saved reports, and emailed HTML files. |
1369915 | Addressed Stored XSS vulnerabilities in all eCase Admin text editors by implementing secure input handling and output encoding to prevent unauthorized script execution. |
1369937 | Addressed Stored XSS vulnerabilities in static text editor fields across eCase by enforcing secure input validation to block malicious scripts and unsafe HTML. |
1369954 | Addressed Stored XSS vulnerabilities in Portal Admin text editors by implementing secure input handling and output encoding to prevent unauthorized script execution. |
1369963 | Addressed Stored XSS vulnerabilities in static text editor fields across the eCase Portal by enforcing secure input validation to block malicious scripts. |
1369689 | Resolved an Insecure Direct Object Reference (IDOR) vulnerability in the WFM module by enforcing serverāside ownership validation and sessionābased user identification, preventing unauthorized access or modification of other usersā data. |
1420580 | Resolved an Insecure Direct Object Reference (IDOR) vulnerability in the Portal by enforcing proper authorization checks on message access, preventing users from viewing or modifying other usersā messages through ID manipulation. |
1423466 | Addressed improper error handling in the eCase Public Portal that exposed detailed server error information. Generic error responses are now enforced to prevent disclosure of internal system and framework details. |
1423491 | Resolved an issue in the Forgot Password flow where response differences could reveal whether a username exists. A single generic response is now returned to prevent user enumeration and targeted attacks. |
1432755 | Addressed an issue where manipulating message IDs in the URL could allow unauthorized access to other usersā messages. Proper authorization checks are now enforced to ensure users can access only their own data. |
1434238 | Resolved an information disclosure issue where the application exposed underlying ASP.NET framework version details in HTTP responses. Version information is now suppressed to reduce attack surface. |