FOIAXpress Collaboration Portal Release Notes 26.2.1.0

Product Enhancements

1.1 SAML configuration certificate management improvements

This update allows users to enter email addresses with capital letters in the Custodian Email field, ensuring that they are automatically converted to lowercase when saved, which helps Legal Hold App users maintain consistency and avoid manual corrections.

When you open the SAML Configuration page, the application now evaluates the available certificate sources and displays a Click here to download the certificate button when at least one valid source is found. The certificate is delivered as a .cer file using the following priority order:

1. Signature Certificate - if a signature certificate is configured, it is downloaded. No further checks are performed.

2. Certificate Serial Number - if a signature certificate is not available, the system uses the configured serial number to retrieve and download the certificate.

3. Certificate Thumbprint - if neither a signature certificate nor a serial number is available, the system uses the configured thumbprint to retrieve and download the certificate.

If none of the three sources (Signature Certificate, Serial Number, or Thumbprint) are configured, the Click here to download the certificate button is hidden from the SAML Configuration page. No changes are made to the underlying SAML configuration file (SAML.config) when downloading.

Security Updates

We’ve made the following security updates in this version of FOIAXpress.

ID	Description
1458650	Prevented exposure of database credentials in the Sync Configuration module by ensuring they are not embedded in HTML pages, protecting sensitive information from being accessed by end users and strengthening overall application security.
1469117	Addressed code smells and security vulnerabilities identified through Fortify scanning in the PAL Config module by reviewing and remediating issues based on severity. Implemented masking for sensitive data fields in NS PAY and CC Pay payment gateways to prevent exposure of confidential information. These changes enhance data protection, improve code maintainability, and ensure compliance with secure coding standards while resolving Fortify scan findings.

Description

1458650

Prevented exposure of database credentials in the Sync Configuration module by ensuring they are not embedded in HTML pages, protecting sensitive information from being accessed by end users and strengthening overall application security.

1469117

Addressed code smells and security vulnerabilities identified through Fortify scanning in the PAL Config module by reviewing and remediating issues based on severity. Implemented masking for sensitive data fields in NS PAY and CC Pay payment gateways to prevent exposure of confidential information. These changes enhance data protection, improve code maintainability, and ensure compliance with secure coding standards while resolving Fortify scan findings.

Bug Fixes

We’ve addressed the following bugs in this version of FOIAXpress.

ID	Description
1395462	Enhanced input validation in the Pal Config module to detect and prevent illegal characters, embedded JavaScript code, and disallowed HTML tags (such as script, embed, meta, and others), ensuring only valid input values are accepted and improving application security and data integrity.
1500197	Resolved an overflow exception occurring during the consultation document submission process when handling Request IDs greater than 33000. The issue was caused by attempting to parse values into an Int16 type, which exceeded its allowable range. Updated the data handling logic to use a larger numeric type and added validation to ensure Request IDs are processed correctly. This fix restores the complete consultation workflow and prevents runtime errors during document submission.

Description

1395462

Enhanced input validation in the Pal Config module to detect and prevent illegal characters, embedded JavaScript code, and disallowed HTML tags (such as script, embed, meta, and others), ensuring only valid input values are accepted and improving application security and data integrity.

1500197

Resolved an overflow exception occurring during the consultation document submission process when handling Request IDs greater than 33000. The issue was caused by attempting to parse values into an Int16 type, which exceeded its allowable range. Updated the data handling logic to use a larger numeric type and added validation to ensure Request IDs are processed correctly. This fix restores the complete consultation workflow and prevents runtime errors during document submission.