We have released a new build of Exchange Reporter Plus, 5700, with the following security hardening options and issue fixes.
Security Hardening: Now access all the important security-related settings that you must configure to protect Exchange Reporter Plus from security attacks under a single tab. Also, get alerts after every login if any of the important security settings are yet to be enabled.
The options provided under this tab help you:
Mandate HTTPS communication between browser and Exchange Reporter Plus by default.
Enforce default admin password reset.
Enforce two-factor authentication to add an extra layer of security during user logins.
Establish secure LDAP connection between the Exchange Reporter Plus and Active Directory.
Enforce GDPR compliance.
Note: MySQL support has been stopped for Exchange Reporter Plus from build 5700. If you are using Exchange Reporter Plus with MySQL, you must migrate to PostgreSQL or MS SQL database first, to be able to update to the recent build.
To prevent the DOS vulnerability (CVE-2021-45105) in Log4j version 2.16.0, we have updated the JAR file to 2.17.0.
Delayed product startup issue has been fixed.
The average calculation issue in email traffic reports has been fixed.
The loading time for email traffic reports has been reduced.
Few other vulnerabilities have been fixed.