Product Enhancements
Enhancements in Multi-Factor Authentication
#ID 1438085
eCase now supports Microsoft Authenticator as a multi-factor authentication (MFA) option, providing an additional layer of security during user sign-in. Users can securely authenticate using time-based one-time passcodes (TOTP) generated through the Microsoft Authenticator application after entering their username and password.
The enhancement introduces a guided first-time enrollment experience that includes step-by-step setup instructions, QR code registration, and OTP verification. Once enrolled, users can complete future logins using a streamlined OTP verification process through the Microsoft Authenticator app. The solution also includes validation handling for incorrect verification attempts, configurable retry limits, and automatic re-enrollment workflows when MFA is reset or reconfigured.
Administrative enhancements have also been added to support centralized MFA management within eCase. System Administrators can configure Microsoft Authenticator as the active verification method, define maximum OTP retry limits, and manage MFA reset actions for individual users directly from User Management. The platform additionally provides visibility into MFA enrollment status and maintains audit tracking for MFA-related administrative and user actions.
This update strengthens platform security while maintaining a streamlined and user-friendly authentication experience across the eCase application.
Enable or Disable PDF Portfolio Extraction
#ID 1487484
Administrators can now control PDF portfolio extraction through a new Enable PDF Portfolio Extraction setting in General Settings. When enabled, uploaded PDF portfolios are automatically extracted into individual documents based on the configured hierarchy depth. When disabled, PDF portfolios are stored and processed as a single document. This setting applies consistently across all supported upload locations in the eCase platform.
Enhancements in Support Admin Access Management
#ID 1325720
eCase now provides a dedicated Support Admin Access capability that enables authorized Casepoint Support personnel to securely access client environments for troubleshooting and operational assistance. Client Administrators can control support access through a centralized configuration page, allowing Support Admin access to be enabled or disabled on demand without affecting existing users, application functionality, or licensing.
The enhancement introduces IP-based access restrictions through an Allowed IP List, enabling organizations to limit Support Admin sign-ins to approved IP addresses. Support Admin users can authenticate only through a dedicated Support Admin SSO sign-in URL and are restricted to a predefined set of administrative and diagnostic functions. Sensitive user information is suppressed where applicable, and Support Admin accounts are excluded from standard user management and assignment workflows.
Administrative enhancements also provide comprehensive governance and audit capabilities. Client Administrators can enable or disable Support Admin access, manage approved IP address restrictions, and monitor all Support Admin activities through the standard audit framework. The platform records sign-in attempts, sign-outs, access changes, IP restriction violations, SSO attribute mismatches, and administrative actions, ensuring full visibility and accountability for support-related access within the environment.
Security Updates
We’ve made the following security updates in this version of eCase Platform:
ID | Description |
|---|---|
1487298 | Addressed multiple security vulnerabilities including unauthorized API access and cross-site scripting. A new Manage eCaseOData permission has been introduced to control eCase OData API access and token generation. Only users with this permission can generate API tokens. Unused test APIs have been removed from the application. |
1454695 | Resolved a vulnerability in the Query Builder that could allow unauthorized SQL execution when saving queries. Input validation has been strengthened to prevent arbitrary SQL execution through the API. |
1498376 | Resolved a cross-site scripting (XSS) vulnerability in the eCase application where malicious scripts could be injected through user input on certain pages. Input sanitization has been applied to prevent script injection. |
1507626 | Addressed a stored cross-site scripting vulnerability in the eCase Portal and Workflow Management module. Input validation and encoding have been strengthened to prevent persistent script injection. |
1513250 | Resolved an insecure direct SQL execution vulnerability in the API that could allow unauthorized exposure of full user data. Query handling and access controls have been strengthened to prevent unauthorized data retrieval. |
1513250 | Mitigated an insecure direct SQL execution vulnerability in the API that could expose authentication-related data. Validation and database security controls have been enhanced to prevent unauthorized access to sensitive authentication information. |
1513250 | Addressed a stored cross-site scripting vulnerability. Input validation and output encoding have been strengthened to prevent persistent script injection. |
1513250 | Remediated a stored cross-site scripting vulnerability. Input sanitization and rendering controls have been improved to mitigate persistent script injection risks. |
1513250 | Corrected a stored cross-site scripting vulnerability. Additional validation and encoding measures have been implemented to prevent malicious script persistence and execution. |
1513250 | Fixed a stored cross-site scripting vulnerability in the Projects module. Security controls for user-supplied content have been enhanced to prevent persistent script injection attacks. |
Bug Fixes
We’ve addressed the following bugs in this version of eCase Platform:
ID | Description |
|---|---|
1518621 | Improved the performance and stability of choice-list loading during periods of high system activity by reducing query wait times and preventing connection pool exhaustion, resulting in faster and more reliable responses. |
1526570 | Optimized query execution and dynamic query append logic in the Search Folder module to improve performance, strengthen permission validation, ensure consistent authorization checks, and enhance the scalability and maintainability of search operations. |
1526898 | Corrected an issue related to disclaimer text appeared on the right side of the page when the Disclaimer priority order was set to first. The disclaimer is now properly centered on the page. |
1529377 | Increased the SQL Server connection pool size from 100 to 1000 to improve system stability and prevent connection timeout errors during periods of high concurrent user activity. |
1529824 | Fixed an issue where attachments could appear multiple times in the Procedure Attachment tab when creating a project from a template. Attachments are now displayed only once as expected. |
1530321 | Enhanced the Timexpress sub-subtask selection experience by replacing the dropdown-based task selector with the updated search-based control, improving performance, and ensuring complete retrieval of available subtasks in large task environments. |
1531516 | Improved Attachment Tab performance to provide faster loading and navigation experiences, particularly for cases containing a large number of documents, while maintaining existing functionality and data presentation. |