Product Enhancements
1.1 Enforce Collaboration Portal Users on Concurrence
ID# 1277924
We have enhanced the Collaboration Portal to ensure that Collaboration Portal users adhere to the agency's Collaboration Portal License for concurrent users. With this update, a Collaboration Portal user will be restricted from logging in when the maximum number of concurrent users have already logged in.
Bug Fixes
Weāve addressed the following bugs in this version of FOIAXpress:
ID | Description |
83167 | Enhanced formatting of the Administration pageās left navigation in the Collaboration module. |
99166 | Fixed a bug causing Selection under Page Range to appear grayed out in Find & Unredact on the Folder level. |
100618 | Addressed an issue allowing the number of scan users permitted in the license to be exceeded due to inaccurate counting of number of allowed Collaboration scan users while the scanning role window is open. |
100435 | Resolved an error encountered when adding a Correspondence attachment to Collaboration message on the Collaboration portal, that caused the window shift out of view thereby restricting any user interaction. |
89247 | Fixed a bug causing a mismatch of Workload counts and Group Queue Assignments counts on the Action Office Dashboard. |
Security Updates
Weāve made the following security updates in this version of FOIAXpress:
ID | Description |
1278800 | Updated Aspose, NLog, and other system libraries and DLLs to enhance performance and compatibility of PAL and PAL Configuration. |
1278978 | Configured SQL Server to use non-standard ports in PAL/PAL Configuration and Collaboration. |
1279115 | Tested accessibility and implemented remediation for the required compliance points of Collaboration module. |
1279241 | Encrypted all configuration files for PAL and PAL Configuration modules to further safeguard system credentials and configurations from unauthorized access. |
1290223 | Updated JavaScript libraries to fix vulnerabilities in PAL and PAL Configuration modules. |
1290228 | Fixed a vulnerability that allowed an authorized user to view the names of the non-owned folders in the Document Management System. |
1292611 | Deprecate unload function in PAL. |
1294479 | Introduced output encoding (e.g., HTML entity encoding), input validation, and Content Security Policy (CSP) headers. |
1295860 | Implemented rate limiting on OTP verification to mitigate brute-force vulnerability identified. |
1298392 | Introduced output encoding (e.g., HTML entity encoding), input validation, and Content Security Policy (CSP) headers. |
1298396 | Introduced output encoding (e.g., HTML entity encoding), input validation, and Content Security Policy (CSP) headers. |
1298397 | Sanitized all user inputs rendered into HTML, used templating engines with auto-escaping, and limited rendering of untrusted content. |
1298821 | Prevented vulnerability of Improper HTML Control Handling in PAL modules. |
1299788 | Restricted the number of password reset verification code requests within a defined time frame to enhance security and prevent abuse. |
1303264 | Fixed a security vulnerability in PAL Configuration for pal_adminlogin page. |
1304324 | Introduced output encoding (e.g., HTML entity encoding), input validation, and Content Security Policy (CSP) headers. Sanitized certain user inputs rendered into HTML, used templating engines with auto-escaping, and limited rendering of untrusted content. |
1306051 | Reviewed and corrected access control policies, implemented deny-bydefault strategies, and validated user roles per request. |