Monthly Release Notes - January 2023

Jump to:

 

Clearswift


Secure Email Gateway

Version 5.5.1

January 12, 2023

Fixes
  • This release corrects a problem introduced in V5.5.0 where TLS would fail if the TLS configuration depended on CA/Intermediate certificates which were in the Gateway configuration but not in the Red Hat certificate store. The fix is applied automatically when the system is upgraded to V5.5.1.

Back to Top

 

Core Security


Core Impact

Version: 21.3

January 8, 2023

New Features
  • New Modules:
    • Post exploitation module to execute .NET assemblies
    • Post exploitation module to simulate a Ransomware attack
  • Support Beacon Object File (BOF) execution from any Windows agent. Core Impact can now leverage from the extensive BOF library created by the community as well as enabling execution of any custom BOF.
  • Added capability to tunnel traffic through a SOCKSProxy Server, thus enabling exploit execution through a Cobalt Strike beacon for example.
Enhancements
  • Added support to UNICODE environments. Expanding systems that Core Impact can pentest and hosts where it can be installed as well.
  • Dependencies updated:
    • OpenSSL
    • mimikatz
  • Updated support to OWASP Top10 2021 in WebApps RPT.
  • Allow triggering one-shot-exploits (modules that could leave the exploited service unavailable) when running a Vulnerability Scanner Validation.
  • Added option to trigger Metasploit exploits when running a Vulnerability Scanner Validation. In order to do so Metasploit integration has to be setup within Core Impact.
Fixes
  • Core Impact agent through HTTP / HTTPS channel can be deployed in Ubuntu 22.04.

  • Enlarged length of commands that could be executed in shells.

  • Showing full output of commands in Powerhsell shell.

  • Enhanced exception handling in Attack Map View.

  • Customer reported issues when importing scan result from Acunetix / Burp / Nexpose / Nessus.

  • DNS Channel now responds to NS requests, allowing usage with OpenDNS.

Back to Top

 

Document Management (RJS)


Webdocs

Version: 2.1.9

January 9, 2023

New Features
  • Added orphaned document search for administrator users
  • Added ability for Administrators and Route Managers to reassign route documents to other users via the routing interface. Validation will insure the new selection is valid for the route and route step of the given document.
  • Workflow Inbox Redesigned.
  • Added new reporting feature where users can view workflow task status and summary information to the home screen based on group permission access.
  • Added new reporting feature where users can view workflow task status and summary information to the home screen based on group permission access.
  • Added delete button to user defined inboxes.
  • Added user defined inboxes listing.
  • Added default user inbox list that is not modifiable.
  • Added bulk take ownership option to routing inboxes.
  • Added bulk give ownership option to routing inboxes.
  • Added ability to view items in shared inboxes assigned to other users.
  • Added ability to see and take ownership of shared items from the routing inbox.
  • Added counts and limits to routing inbox display.
  • Added ability to reassign document ownership of a document on a route for administrators and route managers.
  • Added user defined sort options to search screen
  • Created new role type of Inbox Designer which controls access to the new Add and Edit Inbox buttons. New role can be added to any group in Webdocs.
  • Added new function to allow users to split a document into 2 from the document viewer in Webdocs.
  • Created new document split feature where a user can select pages to be split into a new document from the document viewer.
  • Added OCR option to Document Details keys for PDFs.
  • Added Transfer Route option to new Work Inbox feature.
Enhancements
  • Added sorting to the Document History tab.
  • Document Viewer now supports Word shape objects.
  • Added error message when user attempts to add a document to the same route.
  • Documents in Routing inbox page which are assigned to other users are now visible to users that share the routing permissions.
  • Added step number to Next Steps dropdown in workflow.
  • Document viewer now supports charts in DOCX files.
  • Added Submit and Next button to routing approval screen, to automatically navigate to the next item for approval.
  • Allow for blank values in REST API searching.
  • Added the owner of the document on a route to the UI for all documents on routes. Previously this was hidden from the current user if it was another user.
  • Added Link to Routing Inbox to route notification email body.
  • Added new Thumbnail Drag event to Document Viewer, to enable save after pages are reordered.
  • Added unique key to workflow document records to improve reporting capabilities.
  • Added user defined inboxes.
  • Added all document information to route step approval screen.
  • Optimized the notes creation process to keep users on a single screen so details can be viewed while adding a note.
  • Added check for note created by so that a user can only edit their own notes.
  • Optimized history tab loading to no longer reload entire page.
  • Optimized versions tab loading to no longer reload entire page.
  • License validation modified to only include active users in the total calculation that determines if the license key is valid.
  • Updated saved search functionality to no longer save every search, users can elect to save searches which will save all criteria.
  • Added entire folder path to Move Folder action on Document Details.
  • Added new default date options to Advanced Search for Last Week, Last Month, Last 3 Months, and Last Year
  • Added dialog to allow users to delete a saved search.
  • Saved Searches updated to save all additional user defined criteria such as document and folder filters and advanced search options.
  • Added Clear button to search page.
  • Added the ability to navigate directly to a specific page in the search results.
  • Added the ability to navigate directly to a specific page in the document list page.
  • Allow users to select more than 1 thumbnail from the document viewer.
  • Added Does Not Contain option to advanced search by title/key feature.
  • Added Is Blank option to advanced search by title/key feature.
  • Added Is Not Blank option to advanced search by title/key feature.
  • Added automatic redirection to search links and edit document links when authentication is required.
  • Updated UI with Fortra branding guidelines.
Fixes
  • Fixed document type drop down on document details page, where changing the document type would force a post back, making it impossible to cancel your changes.
  • Fixed issue where special characters at the beginning of the Title field would not work in the advanced search options.
  • Fixed (removed) whitespace gap below in browser viewer on search page.
  • Fixed issue where show/hide of in-browser viewer could cause document tabs to draw incorrectly.
  • Fixed issue where Page count did not properly update when changing the number of results per page.
  • Fixed issue where some browsers would allow folder list to be too small for accurate display.
  • Fixed the width of the email field on the new contact screen.
  • Fixed issue where really long folder names caused UI to be unusable.
  • Fixed column view button on orphaned documents screen.
  • Fixed issue with font color on add new folder screen, in Edge browser.
  • Fixed issue with direct page navigation in in-browser viewer
  • Added tooltip to warn users of an invalid folder name.
  • Added tooltip to routing inbox ownership buttons.
  • Fixed issue in document inbox where username wasn't always displaying correctly in the next step dropdown.
  • Fixed issues with advanced search and search operators being inconsistent.
  • Fixed issue where after URL search, sorting the search results would cause navigation to disappear.
  • Corrected several typos on the self-registration screen.
  • Fixed issue on document details page where actual root folder name did not display.
  • Fixed issue where self-registration page would not display after a user was deleted from Webdocs.
  • Fixed issue where search list bottom toolbar could sometimes draw offscreen after an error message is displayed.
  • URL searching now uses the same function as UI searching for consistency.
  • Fixed bad margins on document details tabs, which could cause loading icon to occur but not load the tab.
  • Fixed issue where a 0KB file would make the viewer display incorrectly.
  • Fixed issue where list controls could not be seen after deleting documents from the list.
  • Fixed issue where edit note button was visible when user could not edit the note.
  • Fixed drop downs on search page in Firefox.
  • No longer allow user to place a document on the same route twice from the UI.
  • Fixed issue with document viewer toolbar controls causing postback to not save changes to the document details.
  • Updated license model to allow trial keys with unlimited users.
  • User list in system settings now displays a message when the user limit has been reached.
  • Updated jQuery to 3.6.
  • Fixed several issues with the self registration page to provide better feedback to users about account issues such as a duplicate account or invalid password length.
  • Fixed several issues with the change password page to provide better feedback to users about password issues such as invalid password length.
  • Fixed issue with Link feature where background of dialog could be transparent.
  • Fixed issues with self registration page.
  • Fixed issue where Full Text OCR of Rasterized PDF would not index all pages.
  • Fixed issue where user could not create a DocumentType from the REST API.
  • Updated OWIN library to address CVE-2022-29117.
  • Updated Newtonsoft library to address possible DoS vulnerability.
  • Updated the moment.js library to address CVE-2022-31129 and CVE-2022-24785.

Back to Top

 

Powertech


BoKS Manager

Version 8.1 (version update)

January 25, 2023

New Features
  • New configuration parameter authentication/always-allow-root-sudo has been added with a default value of true.

    Normally when a user does sudo to another user, a request is sent to servc on a Replica to check if it is allowed. If this parameter is set to true, no request is sent to servc when root does sudo to another user. In cases where local applications frequently do sudo from root to an application account to perform some action, performance can be improved. If root does sudo -i to another user and does not specify full path to the program to run and the program is not in root's PATH, sudo will fail unless this parameter is set to true, as the full program path is needed when checking with servc if the access is allowed. Note: If this parameter is set to true, there is no way to get keystroke log for root doing sudo.

  • Support is added for SuSE 12 s390x (Server Agent only).

  • Support is added for SuSE 15 s390x (Server Agent only).

Fixes
  • Installation of RHEL9.0 native packages in RHEL9.1.

BoKS Manager

Version 8.1 (version update)

January 12, 2023

New Features
  • Support is added for RedHat 9 on PowerPC LE (Server Agent only).

  • Boksinfo now includes both boks-server and boks-client native package versions when both native packages are installed.

Enhancements
  • Sudo now resolves any symbolic links before authorization.

Fixes
  • Curl library has been upgraded to 7.86.0.

Back to Top

 

Titus


Policy Manager

Version 2023.01

January 27, 2023

New Features
  • Added support for six new Titus Classification Suite (TCS) for Windows Custom Conditions. Custom Conditions in Policy Manager are similar to Dynamic Properties in the Administration Console. The new Policy Manager Custom Conditions (Administration Console Dynamic Properties names in parenthesis) are:

    • Check AD group membership (HasGroup in the Administration Console)

    • Check if AD is online (IsOnline in the Administration Console)

    • Check if alternate AD is online (AlternateAdisOnline in the Administration Console)

    • Check AD attribute (Get AD attribute in the Administration Console)

    • Get attribute from alternate AD forest (AlternateAdGetAttribute in the Administration Console)

    • Get text from file (GetTextFromFile in the Administration Console)

  • Added these Schema configuration options for Titus Classification Suite (TCS) for Windows:

    • Schema Fields: Additional entries, Tooltip, and Description

    • Schema Values: Description

Enhancements
  • Tested support for multiple license configurations. Currently, the Policy Manager supports separate licenses for Titus Classification Suite (TCS) for Windows and Web Classification (includes Titus Office Add-in and Titus Classification for Google Workspace).

  • Updated appearance of the Rules, Custom Conditions, and Actions libraries on the Policies page. Library categories now appear on the bottom of the Policies page as separate tabs, and the saved items in each library will appear in alphabetical order.

Fixes
  • App Settings error validation showed wrong message.

  • Targeting error message remained after a different configuration was selected.

  • Improved Tooltip interface to make it easier for users to see longer messages.

  • Updating the names of Custom Conditions, Custom Properties, and Rules was not working as expected in the Policy Manager.

Back to Top