Correction of vulnerabilities

 

Removal of the HTTP SEARCH method usage

The SEARCH method of the HTTP protocol is not officially validated by W3C (World Wide Web Consortium) and it was reported as a potential vulnerability by some WAF (Web Application Firewall) tools in the market.

Therefore, from this version onwards, SoftExpert Excellence Suite no longer uses the HTTP SEARCH method, to be in compliance with the HTTP specifications officially validated by W3C.

 

Tomcat update

In version 2.1.7, the Tomcat (web server used by the application) version has been updated from version 7 to version 9.

 

Discontinuing depreciated authentication methods

The integrated authentication via NTLMv2 SSO has been disabled. If it is still being used, we recommend migrating to SAML.

 

New shortcuts to facilitate resizing images in rich text fields

Shortcuts have been created for images added to a rich text field to facilitate resizing them to preset sizes, which are:

▪Thumbnail size: the image is automatically resized to approximately 200px, with the possibility of a small variation in this value, according to the dimensions of the image, especially if its width is bigger than its height or vice-versa;

▪Original image size: any customizations previously made to the width or height of the image are made to restore its original dimensions.

 

To access these shortcuts, simply click on the image you wish to resize on the rich text field edit mode.

 

 

 

Security improvements in the authentication layer

Reinforcement in the login screen security and increase in the security against brute force attacks.

 

System alert screen evolution

The alert screen (CM034) of the system, released in version 2.1.6, has been evolved to facilitate the understanding of reported problems and the viewing of the alert history.

 

Previous versions

View also the improvements made to this component in previous versions: