Hello everybody,

We are glad to announce the release of our latest build, Exchange Reporter Plus build 5802!

Enhancement:

• Duo Security certificates update: The Duo Universal Java SDK has been updated to version 1.3.1 to address expiring certificates in Duo's integration bundles. The Java libraries dependent on the SDK have also been updated to maintain compatibility.

Security fixes:

• A stored XSS vulnerability reported by C311 in the following reports of the Exchange Server reporting module has been fixed.

• • Permissions Based on Mailboxes (CVE-2026-27655)

  • Non-Owner Mailbox Permission (CVE-2026-4108)

  • Folder Message Count And Size  (CVE-2026-4107)

  • Public Folder Client Permissions (CVE-2026-3880)

  • Equipment Mailbox Details (CVE-2026-3879)

  • Mails Exchanged Between Users (CVE-2026-28703)

  • Permissions based on Distribution Groups (CVE-2026-28756)

  • Distribution Lists (CVE-2026-28754)

  • Email-based delivery time

  • No. of Mails Received by a Specific User

  • No. of Mails Sent by a Specific User

  • Size of Mails Received by a Specific User

  • Size of Mails Sent by a Specific User

  • Room Mailbox Details

  • Traffic Between Two Specific Users

  • Size of Mails Sent to a Specific Domain

  • No. of Mails Sent to a Specific Domain by a Given User

  • Message Delivery Restrictions

  • Folder - wise Unread Mails with Subject

  • Folder - wise Read Mails with Subject