Monthly Release Notes - December 2025

Jump to:

Agari Alert Logic Automate Beyond Security
Boldon James Bytware CCSS Clearswift
Cobalt Strike Core Security Digital Defense Digital Guardian
Document Management FileCatalyst Fortra Fortra Application Hub
Fortra VM Globalscape GoAnywhere Halcyon
IBM Partnership Insite InterMapper Outflank Security Tooling
Powertech Robot Safestone Sequel
Showcase Tango/04 TeamQuest Terranova Security  
Titus Vera

 

Agari

Version 2025.12

December 2025

Updates

  • Sensor 25.11:

    • Support enforcing messages in sub-folders for on-prem EWS enforcement.

    • Enhance attachment detection.

Fixes

  • Various bug fixes and updates.

Back to Top

 

Alert Logic

Managed WAF

Version 5.2.4.2-3170

December 10, 2025

Features

  • Multiple configuration, use, and performance improvements to Client Protection - Page Integrity.

  • Custom access log configurations with data anonymization enabled.

  • Customizable CAPTCHA pages for built-in challenges.

Enhancements

  • HTTP/2 enabled by default on both existing and new websites.

  • Added information to 400 Bad Request and 408 Timeout Request that appear in deny logs to help troubleshooting.

  • Added option to disable logging of failed/malformed requests.

  • Improved policy report.

Fixes

  • Restored custom IP lists when importing system settings.

  • Recreated data related to API definitions when restoring configuration backups.

  • Removed Fortra identifiers from page integrity injected JavaScript.

  • Made browser session state in local storage WAF host-specific to avoid collisions in the UI.

  • Made DDoS and ICM cluster discovery function with delegated IAM roles.

  • Improved proxy settings import to detect template during import and recreate ACL order when required.

  • Violation overrides for website global and streaming ACL configurations are now respected.

  • Resolved an issue where nginx worker processes did not properly terminate due to unfinished sequences in the WAF core engine.

Back to Top

 

Automate

Version 25.1.1

December 18, 2025

IMPORTANT:
  • Before installing Automate 25.1.1, confirm your version of Microsoft Windows is compatible with .NET Framework 4.8 and .NET 8.0.
  • Before installing Automate Desktop 25.1.1, confirm your version of Microsoft Windows is compatible with .NET Framework 4.8. See .NET Framework System Requirements for more information.

  • As of version 11.7.1, Automate is only available as a 64-bit installer. However, agents can still be installed on both 32-bit and 64-bit platforms.

New Features

  • The new agent can ignore server certificate name mismatch via a setting in AgentPreferences file.

Enhancements

  • Automate installer installs net8 version 8.0.22 if not present. This is required.

  • Added support for agent failover by new agents.

Fixes

  • The Automate Readme correctly identifies the build number and release date.

  • Updated the Changed Agent Notifications panel in Management Console to clarify some ambiguity.

  • Schedule Trigger is working as expected when set to Run Immediately and is late.

  • Server does not indefinitely try to send agent notifications if it fails to send one.

  • SMC (INDICATOR WINDOW) The Show Running Tasks/Agent Tasks window is now fully supported by the new agent.

  • LoginUnlockConfig.cfg is now supported by the new agent. The first time the file is encountered, the settings are read and added to AgentPreferences.json and the file is ignored beyond that point. Updates to the settings need to be performed in the AgentPreferences.json file. Due to the increased speed in the new agent, Fortra recommends updating the LegalNoticeDelayBefore value to add a 1 to 2 second delay if previously working settings from the legacy agent start experiencing an unlock failure in the new agent, as the unlock might be firing before the legal notice is ready to accept input.

  • Updated the new agent so it can connect to server when SSL is enabled.

  • Resolved an issue in the Server Management Console Output Window where step numbers are missing on failures message.

  • Updated extension manifest to bring it into compliance with version 3 manifest standards.

  • Included AMExecute.exe.config as part of distribution.

  • Updated the Data Migration Utility so it can successfully migrate data when Workflow Item Properties is selected.

  • Updated LOOP > FILE CONTENTS activity to process more than 1 line from a file.

  • Predefined SQL Connections work properly when multiple tasks are ran simultaneously.

 

Back to Top

 

Boldon James

Classifier Administration Server

Version 3.21.1

December 23, 2025

New Features
  • For Email and Office Classifier, added support for new "Label History" audit setting.
Enhancements
  • Confirmed support for Windows Server 2025.
Fixes
  • Fixed issue with the Classifier Administration Server not reading rules set at the "Any Label" node in the rule tree.
  • Fixed issue with the Classifier Administration Server installation failing due to a PowerShell script signing issue.

Classifier Reporting Services

Version 2.4

December 23, 2025

Enhancements
  • Boldon James Classifier Reporting Services has been rebranded to Fortra's Classifier Reporting Services.
  • Confirmed support for Windows Server 2025.

Email and Office Classifier

Version 3.22

December 23, 2025

New Features
  • Added support for a new audit setting and events to log the results of integrity checks on a documents label history.
Fixes
  • Resolved an issue with text watermarks in Word not being correctly positioned in the center of the document.
  • Restored the ability to apply a label to unlabeled attachments when composing messages in Outlook.
  • Resolved an issue with text alignment in the Outlook summary bar when an Arabic Office language pack was installed.
  • Custom document properties relating to headers and footers are now updated in Excel when the label is changed. This allows the updated values to be available when performing any checks during a save.
  • Resolved formatting issues when inserting a label in the footer or header of a Word document.
  • Attachments labeled by an external Classifier configuration will not trigger the attachment consistency check.

File Classifier

Version 3.17.4

December 23, 2025

Enhancements
  • Confirmed support for Windows Server 2025.
Security Updates
  • Updated to latest dependencies to address identified vulnerabilities.

Mac Classifier

Version 3.12.10

December 23, 2025

Enhancements
  • Confirmed support for Tahoe (macOS 26).

Power Classifier for Files

Version 3.16.1

December 23, 2025

Enhancements
  • Confirmed support for Windows Server 2025.
Security Updates
  • Updated to latest dependencies to address identified vulnerabilities.

Back to Top

 

Clearswift

Secure Email Gateway

Version 6.2.0

December 10, 2025

IMPORTANT:

We strongly recommend that you visit the Installation Guides before installing or upgrading the Gateway.

The Firewall ports topic in the Online Help has also been updated for this release. Please review your port and protocol settings.

NOTE:

If you are upgrading your Gateway using:

DNF - you are advised to use dnf upgrade --nobest, instead of just dnf upgrade. This applies to all upgrades, both from the ISOs and online repositories.

Cockpit - the process should complete without any issues.

Enhancements

  • The "Clearswift Secure Gateway" product range has been rebranded to the "Fortra Secure Gateway" to unify the Fortra's cyber solutions. In accordance with this, changes have been applied to the Gateway user interface and documentation. This rebranding does not affect the existing product functionalities.

  • Product’s platform, Red Hat Enterprise Linux (RHEL), has been updated from version 9.4 to 9.7.

  • A new malicious URL database, "Fortra Threat Brain" has been added under Policy > Policy References > URL Lists. Along with the existing malicious URL lists, the new list can be used in the Sanitize Document Content and Sanitize Message content rules to detect potentially suspicious URLs or hyperlinks. Note that these lists are not suitable for use in an offline environment.

  • For stronger security, HTTP protocol is no longer supported in certain end-user functionalities, such as the Manage Message token/link in Inform, the Digest Messages in PMM and managing Trusted Senders in PMM. These functionalities require a different IP address from the Gateway's web UI via HTTPS.

    If your existing setup is any of the following, it is likely that you need to add the secondary IP address and configure it after you upgrade to version 6.2.0:

    - Using PMM with Digest only mode

    - Using PMM with Lite mode

    - Using the Manage Message token/link in Inform (regardless of using PMM or not)

    Note that:

    - New installs also require the same configuration.

    - For upgrades, old messages (with HTTP end-user links) delivered before the upgrade will not work anymore. After the upgrade, administrators are advised to configure the secondary IP address and schedule a full distribution of the digest messages at earliest convenience, so that all end-user links will be switched to HTTPS with minimum disruption.

    For more information, see this knowledge article in the Fortra Support Portal.

Fixes

  • The default timeout for Avira scans has been increased to ensure that scanning large files completes without errors.

  • The character limit of the Login Page Text setting under System > Gateway Branding has been increased to 4,096 characters, allowing relatively long content, such as legal disclaimers, to be fully displayed on the page.

  • Resolved an issue where the entire message was recorded in the SMTP log if all log levels are set to "Info" under System > SMTP Settings > General Settings > Log Levels.

  • Resolved an issue where the cs-gw-mailshell-service process was consuming 75% of memory. It has been updated to use a newer version of gRPC which should reduce the memory usage.

  • Resolved an issue with downloading Rspamd updates.

  • Addressed SELinux warnings for specific components when running the product on RHEL 9.4 or 9.6.

  • Addressed SELinux errors when joining a domain on RHEL 9.6.

Secure Exchange Gateway

Version 6.2.0

December 10, 2025

IMPORTANT:

We strongly recommend that you visit the Installation Guides before installing or upgrading the Gateway.

The Firewall ports topic in the Online Help has also been updated for this release. Please review your port and protocol settings.

NOTE:

If you are upgrading your Gateway using:

DNF - you are advised to use dnf upgrade --nobest, instead of just dnf upgrade. This applies to all upgrades, both from the ISOs and online repositories.

Cockpit - the process should complete without any issues.

Enhancements

  • The "Clearswift Secure Gateway" product range has been rebranded to the "Fortra Secure Gateway" to unify the Fortra's cyber solutions. In accordance with this, changes have been applied to the Gateway user interface and documentation. This rebranding does not affect the existing product functionalities.

  • Product’s platform, Red Hat Enterprise Linux (RHEL), has been updated from version 9.4 to 9.7.

  • For stronger security, HTTP protocol is no longer supported in certain end-user functionalities, such as the Manage Message token/link in Inform, the Digest Messages in PMM and managing Trusted Senders in PMM. These functionalities require a different IP address from the Gateway's web UI via HTTPS.

    If your existing setup is any of the following, it is likely that you need to add the secondary IP address and configure it after you upgrade to version 6.2.0:

    - Using PMM with Digest only mode

    - Using PMM with Lite mode

    - Using the Manage Message token/link in Inform (regardless of using PMM or not)

    Note that:

    - New installs also require the same configuration.

    - For upgrades, old messages (with HTTP end-user links) delivered before the upgrade will not work anymore. After the upgrade, administrators are advised to configure the secondary IP address and schedule a full distribution of the digest messages at earliest convenience, so that all end-user links will be switched to HTTPS with minimum disruption.

    For more information, see this knowledge article in the Fortra Support Portal.

Fixes

  • The default timeout for Avira scans has been increased to ensure that scanning large files completes without errors.

  • The character limit of the Login Page Text setting under System > Gateway Branding has been increased to 4,096 characters, allowing relatively long content, such as legal disclaimers, to be fully displayed on the page.

  • Addressed SELinux warnings for specific components when running the product on RHEL 9.4 or 9.6.

  • Addressed SELinux errors when joining a domain on RHEL 9.6.

Secure ICAP Gateway

Version 6.2.0

December 10, 2025

IMPORTANT:

We strongly recommend that you visit the Installation Guides before installing or upgrading the Gateway.

The Firewall ports topic in the Online Help has also been updated for this release. Please review your port and protocol settings.

NOTE:

If you are upgrading your Gateway using:

DNF - you are advised to use dnf upgrade --nobest, instead of just dnf upgrade. This applies to all upgrades, both from the ISOs and online repositories.

Cockpit - the process should complete without any issues.

Enhancements

  • The "Clearswift Secure Gateway" product range has been rebranded to the "Fortra Secure Gateway" to unify the Fortra's cyber solutions. In accordance with this, changes have been applied to the Gateway user interface and documentation. This rebranding does not affect the existing product functionalities.

  • Product’s platform, Red Hat Enterprise Linux (RHEL), has been updated from version 9.4 to 9.7.

Fixes

  • The default timeout for Avira scans has been increased to ensure that scanning large files completes without errors.

  • The character limit of the Login Page Text setting under System > Gateway Branding has been increased to 4,096 characters, allowing relatively long content, such as legal disclaimers, to be fully displayed on the page.

  • Addressed SELinux warnings for specific components when running the product on RHEL 9.4 or 9.6.

Secure Web Gateway

Version 6.2.0

December 10, 2025

IMPORTANT:

We strongly recommend that you visit the Installation Guides before installing or upgrading the Gateway.

The Firewall ports topic in the Online Help has also been updated for this release. Please review your port and protocol settings.

NOTE:

If you are upgrading your Gateway using:

DNF - you are advised to use dnf upgrade --nobest, instead of just dnf upgrade. This applies to all upgrades, both from the ISOs and online repositories.

Cockpit - the process should complete without any issues.

Enhancements

  • The "Clearswift Secure Gateway" product range has been rebranded to the "Fortra Secure Gateway" to unify the Fortra's cyber solutions. In accordance with this, changes have been applied to the Gateway user interface and documentation. This rebranding does not affect the existing product functionalities.

  • Product’s platform, Red Hat Enterprise Linux (RHEL), has been updated from version 9.4 to 9.7.

Fixes

  • The default timeout for Avira scans has been increased to ensure that scanning large files completes without errors.

  • The character limit of the Login Page Text setting under System > Gateway Branding has been increased to 4,096 characters, allowing relatively long content, such as legal disclaimers, to be fully displayed on the page.

  • Addressed SELinux warnings for specific components when running the product on RHEL 9.4 or 9.6.

  • Addressed SELinux errors when joining a domain on RHEL 9.6.

Back to Top

 

Core Security

Core Impact

Version: 21.8

December 8, 2025

New Features

  • Added OSCI Agent entity in WebApps and Network, configured by exploits leveraging Command Injection vulnerabilities.

  • Support Agent generation mapped in RX memory pages.

    • Does not apply if "ENCRYPT CODE" is enabled.

  • Added the ability to export workspace information in Syslog CEF format. Module: "Export results into Syslog (CEF formatted)"

Enhancements

  • Added handling for SQL Server Express 10GB limitations. Core Impact is now stopped if it reaches 95% (9.5 GB) of the 10 GB limit, allowing for workspace cleanup.

  • A host can now be added by IP address and name.

  • Exploits / Checkers execution has been removed from the Information Gathering RPT wizard.

  • Added the ability to spawn a WebServer used by the UI in HTTP/HTTPS ("Core Impact Web Server Service" service)

  • Enhanced the Privilege Escalation Exploit's successful check. Now checked by SID.

  • Enhanced the WebView2 Runtime dependency installation.

Fixes

  • Support integration with latest Metasploit framework version.

  • Information Gathering can now be re-executed over created hosts.

  • Jitter parameters added to Identity Verifiers.

  • Exception handling for deleting workspaces from the Dashboard.

  • Fixed an exception in the "AD Information Gathering from BloodHound" module when the number of paths was high.

  • Fixed the OS parameter in the shellcode callback of the Agent Transformations feature.

  • Fixed an issue where Scheduled Tasks would not load, and their output would appear in another task.

  • Fixed an issue when setting Reconnection Timeout to a value higher than 14 days.

  • Fixed an issue when opening a workspace whose property contained symbols.

  • Fixed the Quick Information panel of exploited website-entities.

Back to Top

 

Digital Guardian

Agent for Linux

Version: 12.0.0

December 2025

New Features

  • Supporting MIP Rule Properties

    • The DG Agent for Linux version 12.0.0 now supports Microsoft Information Protection (MIP) labels.

      NOTE: Currently, on Linux, the MIP feature is limited to reading labels from files that already contain MIP-supported labels. Therefore, the Linux Agent does not support creating, modifying, or writing MIP labels to any file. Only the label retrieval is supported.

    • The MIP functionality is supported on the following operating systems:

      • RHEL 8.x

      • RHEL 9.x

      • Ubuntu 22.04

      • Ubuntu 24.04

  • ARC Connectivity Requirement

    • Before the Agent can read MIP labels, it must establish a secure and trusted connection with the ARC. To enable a successful ARC communication, the ARC Certificate Authority (CA) must be added to the Linux system’s trust store. Follow the steps below based on your distribution:

      • For RHEL-Based Systems

        sudo cp arccert /etc/pki/ca-trust/source/anchors/

        sudo update-ca-trust extract

      • For Ubuntu-Based Systems

        sudo cp arccert /usr/local/share/ca-certificates/

        sudo update-ca-certificates

Once the ARC CA is installed and the trust store is updated, the Agent can securely authenticate with ARC and proceed with reading MIP labels.

NOTE: Older versions of DGMC, prior to 9.1, do not include Linux support for specific MIP rule properties by default.

This must be enabled manually using the following steps:

  1. Locate and Open the DgMetaRule.xml File:

    1. On the DGMC server, find the DgMetaRule.xml file and open it using Notepad or any preferred text editor.

  2. Update the MIP-Related Rule Properties for Linux Support:

    1. Search within the file for the MIP-related rule properties listed below:

      • evtSrcFilePartnerPolicyTag

      • evtDestFilePartnerPolicyTag

      • evtSrcFileIsPartnerClassified

      • evtDestFileIsPartnerClassified

    2. Update the <Platform> section to include Linux for the each of the above-mentioned entries, as follows:

      Copy

      Before editing the rule properties:

      <prop propType="DGPROP_INT8" platform="Windows,OSX" enumName="DGPROP_EVT_PARTNER_CLASSIFIED_SRC" propName="evtSrcFileIsPartnerClassified">
      Copy
      After editing the rule properties:
      <prop propType="DGPROP_INT8" platform="Windows,Linux,OSX" enumName="DGPROP_EVT_PARTNER_CLASSIFIED_SRC" propName="evtSrcFileIsPartnerClassified">

  1. Recommended to Restart the Application Pool:

    1. Restart the Application Pool associated with the Digital Guardian Application to apply the updated XML changes.

    2. Perform this task during a planned downtime window, as the DGMC application will be temporarily unavailable while the application pool restarts.

  • Certification for Additional Kernels

    This table lists the additional certified Linux kernels for Red Hat Enterprise Linux (RHEL) and Ubuntu in this release. Refer to the Agent for Linux User's Guide for details about the packages required to support the new kernel versions for the Agent. Refer to Agent_for_Linux_v12.x.x_and_Later_RHEL_Certified_Environments and Agent_for_Linux_v12.x.x_and_Later_Ubuntu_Certified_Environments for the complete lists of supported RHEL and Ubuntu kernels.

    Distribution

    Version

    Architecture

    Kernel
    RHEL 10.0 64-Bit kernel-6.12.0-55.46.1.el10_0
    RHEL 9.6 64-Bit kernel-5.14.0-570.66.1.el9_6
    RHEL 8.10 64-Bit kernel-4.18.0-553.85.1.el8_10
    Ubuntu 24.04 64-Bit linux-image-6.14.0-36-generic
    Ubuntu 24.04 64-Bit linux-image-6.8.0-88-generic
Version: 11.2.0

December 2025

New Features

  • Certification for Additional Kernels

    This table lists the additional certified Linux kernels for Red Hat Enterprise Linux (RHEL) and Ubuntu in this release. Refer to the Agent for Linux User's Guide for details about the packages required to support the new kernel versions for the Agent. Refer to Agent_for_Linux_v11.x.x_and_Later_RHEL_Certified_Environments and Agent_for_Linux_v11.x.x_and_Later_Ubuntu_Certified_Environments for the complete lists of supported RHEL and Ubuntu kernels.

    Distribution

    Version

    Architecture

    Kernel
    RHEL 10.0 64-Bit kernel-6.12.0-55.45.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.43.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.42.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.41.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.40.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.39.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.38.1.el10_0
    RHEL 10.0 64-Bit kernel-6.12.0-55.37.1.el10_0
    RHEL 9.6 64-Bit kernel-5.14.0-570.64.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.62.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.60.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.58.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.55.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.52.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.51.1.el9_6
    RHEL 9.6 64-Bit kernel-5.14.0-570.49.1.el9_6
    RHEL 9.4 64-Bit kernel-5.14.0-427.100.1.el9_4
    RHEL 9.4 64-Bit kernel-5.14.0-427.97.1.el9_4
    RHEL 9.4 64-Bit kernel-5.14.0-427.96.1.el9_4
    RHEL 9.4 64-Bit kernel-5.14.0-427.94.1.el9_4
    RHEL 9.4 64-Bit kernel-5.14.0-427.92.1.el9_4
    RHEL 9.4 64-Bit kernel-5.14.0-427.91.1.el9_4
    RHEL 8.10 64-Bit kernel-4.18.0-553.84.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.83.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.82.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.81.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.80.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.79.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.78.1.el8_10
    RHEL 8.10 64-Bit kernel-4.18.0-553.77.1.el8_10
    Ubuntu 24.04 64-Bit linux-image-6.14.0-35-generic
    Ubuntu 24.04 64-Bit linux-image-6.14.0-34-generic
    Ubuntu 24.04 64-Bit linux-image-6.14.0-33-generic
    Ubuntu 24.04 64-Bit linux-image-6.8.0-87-generic
    Ubuntu 24.04 64-Bit linux-image-6.8.0-86-generic
    Ubuntu 24.04 64-Bit linux-image-6.8.0-85-generic
    Ubuntu 22.04 64-Bit linux-image-6.8.0-87-generic
    Ubuntu 22.04 64-Bit linux-image-6.8.0-86-generic
    Ubuntu 22.04 64-Bit linux-image-6.8.0-85-generic
    Ubuntu 22.04 64-Bit linux-image-5.15.0-161-generic
    Ubuntu 22.04 64-Bit linux-image-5.15.0-160-generic
    Ubuntu 22.04 64-Bit linux-image-5.15.0-157-generic

Back to Top

 

Document Management (RJS)

IBM i Office Integrator

Version 1.35.2

December 11, 2025

Enhancements

  • Added installer support for IBM i 7.6 and 7.5 with password level 3 or 4, and/or with the built in MFA option enabled.

iForms Library

Version 2.01.3

December 11, 2025

Enhancements

  • Added installer support for IBM i 7.6 and 7.5 with password level 3 or 4, and/or with the built in MFA option enabled.

PCL to PDF Converter/400

Version 6.01.3

December 11, 2025

Enhancements

  • Added installer support for IBM i 7.6 and 7.5 with password level 3 or 4, and/or with the built in MFA option enabled.

Report Splitter

Version 4.71.5

December 11, 2025

Enhancements

  • Added installer support for IBM i 7.6 and 7.5 with password level 3 or 4, and/or with the built in MFA option enabled.

RPG2SQL Integrator

Version 1.58.1

December 11, 2025

Enhancements

  • Added installer support for IBM i 7.6 and 7.5 with password level 3 or 4, and/or with the built in MFA option enabled.

Back to Top

 

Fortra

Endpoint Manager

December 4, 2025
Enhancements

  • Updated EDR and DLP Modules.

Fixes

  • Fixed issue with Edit Module drawer triggering validation errors when saving.

  • Improved styling on the Add/Edit Group drawers and Endpoint Details drawer.

  • Improved styling, search, and filters on the Edit Endpoints page.

  • Resolved security vulnerabilities and minor bug fixes.

Fortra platform

December 5, 2025
Enhancements

  • Combined System and Settings navigation menus.

Fixes

  • Improved styling of login options table.

  • Fixed permission issue with account filter.

  • Fixed issue where adding an account from the second page would redirect back to first page.

  • Fixed issue with insufficient permission error when clicking add or edit user.

  • Resolved security vulnerabilities and minor bug fixes.

Back to Top

 

Fortra Application Hub

Version 1.4.1 (Windows)

December 9, 2025

IMPORTANT: In order to improve product security, the Fortra Application Hub directories can only be accessed by Administrators and the Local Service account. This means that if you try to browse into the directory as an Administrator but not the built-in Administrator account you will get an access denied error message from Windows Explorer. An elevated command prompt or running a tool such as notepad “As Administrator” will not incur such a warning.
New Features

  • Fortra Application Hub is now supported on Microsoft Windows

Fixes

  • The restore PowerShell script shipped with the Windows version contains a error that will prevent data for being restored correctly. Please contact support for an updated version.

  • Steps for setting up a Tomcat certificate on Windows can be found in the online help at Setting up a Trusted Certificate but are not currently available in the product.

Back to Top

 

IBM Partnership

Backup, Recovery, and Media Services (BRMS)

Product 5770-BR2 Version: PTF 7.6 SJ07561, 7.5 SJ07560, 7.4 SJ07559

December, 2025

Enhancements

  • BRMS web interface has been enhanced to provide action support for Media, Network and Administration functionality. See the BRMS wiki for more information at https://ibm.biz/brms-enhancements.

Fixes

In version 7.4 and later:

  • Fixed issue where the BRMS web interface and SQL service QUSRBRM.BRMS_CONTROL_GROUP_OMITS do not show object omits.

  • Fixed issue where the SQL service QUSRBRM.BACKUP_HISTORY fails with message MSGCPD4019.

  • Fixed issue where the STRMNTBRM command fails with message MSGCPD4019.

  • Fixed issue where the STRMNTBRM command may send the Media Report by Expiration Date to the wrong output queue.

  • Fixed issue where the SQL service object for BRMS functional authority is QUSRBRM is installed with the owner of the user profile running the installation or the INZBRM OPTION(*SQLSRVINZ) command instead of the expected user profile QBRMS.

  • Fixed issue where the BRMS web SQL statement string may not match all the fields returned in the table display.

Back to Top

 

Powertech

BoKS Manager

Version 9.0 (version update)

December 17, 2025

Client c-9.0.0.4
NOTE:

This version requires SELinux package 1.20 or newer for SELinux support on Ubuntu.

To install this package on Master/Replicas machines, you must install server package s-9.0.0.3 or newer.

New Features

  • Added support for Debian 13 x64.

  • Added information about SELinux domains to boksinfo.

  • Added improvements to boksconfig --prune.

  • Added SELinux support for Ubuntu 24.04.

  • Added SELinux support for Ubuntu 22.04.

  • Added support for Amazon Linux 2023 x64.

  • Added support to maintain Kerberos keytab files for service accounts that exist in Active Directory.

  • Added support for RHEL 8 on s390x.

  • Added support for RHEL 9 on s390x.

Updates

  • Upgraded BoKS OpenSSL version to 3.5.4.

Fixes

  • Use sha512 password hash if yescrypt not available in BoKS (CVE-2025-13532).

  • Fixed installation of RHEL10.0 native packages on RHEL10.1.

  • Fixed bokssetup error with multiple sshd* users in /etc/passwd.

  • Fixed BoKS passwd fail with long username.

  • Fixed nodekey auto-update running too frequently on AIX.

  • Fixed uname error while installing AIX package.

  • boks_udsqd to set max number of file descriptors based on bridge/servc/receive/max-connections.

  • servc send bridge to find new replica if first call fails.

  • boksedit and sudoedit tells who else is editing the same file.

Version 9.0 (version update)

December 17, 2025

Server s-9.0.0.3
NOTE:

This version must be installed together with client package c-9.0.0.4 or newer.

New Features

  • Added the ability to set password last change time backwards.

  • Added support to maintain Kerberos keytab files for service accounts that exist in Active Directory.

Enhancements

  • BoKS OpenSSL version upgraded to 3.5.4.

Fixes

  • Fixed BCC Kerberos password authentication fail.

  • servm.slow monitoring file fixes.

  • Fixed error when listing access rules for an access rule set with ABAC.

  • Fixed very long distinguished names truncated in AD tree listing.

  • Fixed boksrule accepted ANY/* as source for non-host rules.

Back to Top

 

Terranova Security

Version: 1.119

December 16, 2025

Fixes

  • Special characters in the HTML file attachment were displayed correctly in preview but were missing during simulation after launch. This issue has been resolved.

  • The application crashed when attempting to manually delete a user from a course after the course status was modified for that particular user through User Profile. This issue has been resolved.

  • A course modified by removing the original content and adding new content displayed both the deleted and newly added items instead of replacing the old content. This issue has been resolved, and only the newly added content is now displayed after modification.

  • The Phish Submitter Add-in button did not function as expected for simulation emails sent using Microsoft Direct Message Injection (DMI), although it worked correctly for Gmail DMI. This issue has been resolved, and the add-in now works properly for both Microsoft and Gmail DMI.

Version: 1.118.1

December 11, 2025

Enhancements

  • A new yellow banner is now displayed under the Schedule tab when a large number of recipients are added to a phishing simulation. This banner notifies users that the recipient list creation process is in progress in the background.

 

Fixes

  • A phishing simulation created for a large number of recipients initially displayed a recipient count of 0 on the simulation details page, rather than the actual number. Additionally, launching the simulation displayed an unexpected error message. Both issues have been resolved.

  • Launching a scheduled phishing simulation sometimes resulted in timeouts, requiring clients to reschedule multiple times before it could start successfully. This issue has been resolved.

Back to Top

 

Titus

DCS for Windows

Version 6.1

December 15, 2025

IMPORTANT: Microsoft ended support for Windows 10, Office 2016 and Office 2019 in October 2025. Our policy is not to support Microsoft products that are out of extended support.
New Features
  • Added support for configuring portion marking in DCS Policy Manager.
  • Added support for configuring the "Check Policy" feature in DCS Policy Manager for email messages or calendar items. The option to use this feature in documents is still only supported in DCS Administration Console at the time of this DCS for Windows release.
  • Added support for the "Enable justification" setting for Schema Fields behavior. If enabled, users must justify why they are updating classification values.
  • Added support for the "Retain fields" parameter for the “Apply advanced header or footer” action in DCS Policy Manager. This feature allows you to retain selected built-in fields from Microsoft Word, when using the “Remove markings” parameter.
  • Added support for the "Attachment.Metadata" audit property selection for DCS Audit Settings in DCS Policy Manager. If enabled, this captures attachment metadata in DCS for Outlook events.

  • Added support for DCS Policy Manager updates to the "Severity" parameter of the different alert and set classification action types. Updates include:

    • You can alert users that they are not following best practices with an “Information” option.

    • You can select the "Prevent" option to block users from sending emails, saving documents, or printing documents when there are policy violations.

  • Added support for configuring App Settings in DCS Policy Manager that allows users to reset classification to the default state.

  • Added support for configuring App Settings in DCS Policy Manager that upgrades message classification when adding attachments.

  • Added support for configuring "SharePoint Interoperability" App Settings in DCS Policy Manager.

  • Added support for configuring the "Smart Regular Expression" Custom Condition in DCS Policy Manager. This new Custom Condition functions similar to the "Titus.SmartRegex.Extensibility.SmartRegexCustomCondition" Dynamic Property in the DCS Administration Console. Key differences include:

    • You can enter a custom JSON in DCS Policy Manager instead of needing to upload a JSON file.

    • The "Password" parameter is not supported in DCS Policy Manager.

  • Added support for configuring App Settings in DCS Policy Manager for Microsoft Sensitivity Label Interoperability.

    NOTE: For DCS Administration Console users, there are new MIP registry keys. See Data Classification Suite for Windows Working with Microsoft Sensitivity Labels for more information on configuring the App Settings and registry keys.

  • DCS for Windows Microsoft Sensitivity Label Interoperability now supports GCC High environments.

Enhancements
  • Added support for configuring the "Apply subject label" action in DCS Policy Manager for the "Email > on classification change" event.
  • Added support for applying body tags in Outlook plain text messages and calendar items when changing the classification.
Fixes
  • Recalled messages in Outlook can now have their classification changed.
  • DCS for Desktop now correctly processes MSG files that contain v3 and v4 metadata and shows the expected Overlay Icon.
  • Fixed issue with the Advanced button still appearing in the ribbon when it was disabled in the configuration.
  • Fixed issue with DCS for Outlook not reading the requested user property from the Transport Header if the MAPI property is not available on the message.
  • If a document header or footer contains a table, the markings added by DCS for Windows with the apply headers or footers action are now correctly placed above the table.
  • Fixed issue with the classification dialog not appearing in all instances when closing an Excel document.
  • Corrected attachment processing in DCS for Outlook to allow Zedmail Add-in to encrypt the message successfully.
  • Fixed issue with users not being alerted when downgrading the classification of an attachment.
  • Fixed issue with text redaction not working as expected.
  • Fixed issue related to Help Page URL links that contained a '#' character for web page sections.
  • Body tags are now correctly updated when updating a meeting or resending a message.
  • Audit TMQ max message count can now be configured using a registry key.
  • Fixed issue where raw HTML code was displayed instead of formatted text for the HTML header/footer action.
  • Improved accessibility on Policy Alert UI for Screen Reader users.
  • Improved accessibility on Manage Favorites for screen reader users.
  • Improved accessibility on Favorites Task Pane for screen reader users.
  • Corrected issue where the metadata was not read and displayed correctly when dealing with multiple inline reply messages.
  • Fixed Undo History issue when using track changes in conjunction with inserting a document marking.
  • Draft messages no longer lose their classification if moved to other folders.
  • Titus v3 metadata handler was not including the Property Name when creating the v3 x-header.
  • DCS for PowerPoint no longer adds an entry called "Last" in the Undo History.
  • Fixed issue that caused alert dialogs to appear even when the "Severity" parameter of the alert action was set to "Log Only".

DCS One (Customer-hosted)

Version 5.1

December 23, 2025

New Features

  • Added support for customers to create custom actions for the "Email > On send" policy event. After developing the code, you can configure the custom action in DCS Policy Manager.

    NOTE: Custom actions is a preview feature for DCS One. Contact Fortra Support for additional instructions.

  • If enabled in the DCS One manifest files, you can add portion marks to individual portions of an email, or document. Portion marking is configured in DCS Policy Manager.

    NOTE: Portion marking is a preview feature for DCS One.

  • Added support for a new “Information” option for the "Severity" parameter of the different alert action types in DCS Policy Manager.

Enhancements
  • Confirmed support for Exchange Server Subscription Edition.
Considerations
Browser Latest version of one of the following browsers for Outlook Online and Office Online (Word/Excel/PowerPoint) for Windows:

  • Google Chrome

  • Microsoft Edge

  • Mozilla Firefox

NOTE: Apple Safari is not supported for Outlook Online and Office Online.
Microsoft Outlook Desktop In Outlook Desktop, users can classify messages in New Outlook for Windows and New Outlook for Mac.
NOTE:

Users cannot classify messages in:

  • Classic Outlook for Windows

  • Classic Outlook for Mac

DCS Policy Manager (Customer-hosted)

Version 5.2

December 1, 2025

New Features

  • For DCS for Windows, DCS for DaR, and DCS One:

    • Added support for importing customer-defined custom condition JSON files.

    • Added support for “Apply custom action”.

  • For DCS for Windows and DCS One:

    • Added support for the Portion Marking feature, which is only available in the Ultra product edition. Only DCS for Windows will support the policy event and action for documents. Both will support App Settings for email and documents, with DCS Windows supporting a few more settings than DCS One due to technical limitations.

    • Changed the “Warn” parameter to “Severity” for the “Alert”, “Alert – attachment classification”, “Alert – recipient”, and “Set classification” actions. The “Deny” action has also been removed because you can set “Severity” to “Prevent”.

    • Added a new “Information” option for the “Severity” parameter for the “Alert”, “Alert – attachment classification”, “Alert – recipient” actions. You could use this type of alert to notify the user that they are not following best practices.

  • For DCS for Windows:

    • Added “Email > On open” event that occurs when a user opens a received message or calendar item.

    • Added “Email > On check policy” event that occurs when a user clicks the “Check Policy” button in a message or calendar item. To use this feature, you must enable two different App Settings. You must enable the button in the “Check Policy Settings” group, and you must enable the Options Ribbon in the “Ribbon Settings” group.

    • Added “Enable justification” setting for Schema Fields in the “Field behavior” tab. Enable this setting if you want users to justify why they are updating classification values.

    • Added “Retain fields” parameter for the “Apply advanced header or footer” action. This feature allows you to retain selected Microsoft Word fields if you enabled the “Remove markings” parameter.

    • Added “SharePoint Interoperability” App Settings under “Office Add-in Settings” group. Classifying documents with DCS for Windows adds custom document properties. Classifying documents in SharePoint adds document server properties. If your organization has classified Microsoft Office documents in SharePoint and other repositories, use this feature to warn users and resolve metadata conflicts if the DCS custom document properties differ from the SharePoint document server properties.

    • Added “Attachment.Metadata” audit properties selection option under the “DCS Audit Settings” App Settings group.

    • Added new App Settings that allows users to reset classification to the default state (under Classification Selection UI).

    • Added new App Settings for Microsoft Sensitivity Label Interoperability (under User Settings).

  • For DCS for DaR:

    • Added “Set custom property” action. This feature allows you to add or modify a custom property for files during a DCS for DaR scan.

    • Added “DaRImport” Schema Mapping Namespace selection option for a DCS for DaR Import Scan.

Enhancements
  • Updated the “Apply subject label” action to also support the “Email > on classification change” event.
  • Updated the display names of the Data Detection Engine custom conditions to change the cloud term to “SaaS” and the on-premises term to “customer-hosted.”
  • Updated HTML Editor alignment formatting to fix visual markings issue.
  • Updated the “Company” value in published TCPG files to display the customer domain instead of “HelpSystems”.
  • Improved certificate filtering functionality during the installation.
  • Updated the “Documentation” page to open in a new tab.
  • Improved “Documentation” page access in internet-isolated environments.

DCS Services Layer (Customer-hosted)

Version 5.1

December 1, 2025

New Features
  • Added support for the Ultra product edition in licenses. This update is for customers who want to configure Portion Marking in DCS Policy Manager.

Back to Top

 

Vera

Version 3.24.5

December 2025

New Features

  • Support for RHEL 8 and 9 On-Prem Connectors - Vera SaaS - Digital Guardian Secure Collaboration (Vera) announces support for Red Hat Enterprise Linux (RHEL) v8 and 9 On-Prem connectors. The release include the following Cloud and On-Prem versions:

    • Cloud Server version - 3.24.3

    • On-Prem Connector version - 3.24.3

Updates

  • Dropbox SDK Upgraded to Maintain API Connectivity - Updated the Dropbox connector to use the latest Dropbox core SDK (7.0.0) so Digital Guardian Secure Collaboration (Vera) continues to connect to Dropbox APIs after Dropbox’s upcoming root certificate changes.

    NOTE: No functional change is expected for end users.
Fixes and Security Updates

  • Fixed an issue where, upon node restart, the ISPN cluster environment variable is wiped out, causing it to default to the variable name instead of the intended value for the ISPN cluster name. This affects customer login credentials.

  • Improved REST API security by replacing detailed Tomcat exception reports with generic error responses, preventing exposure of server type and version across all affected APIs.

  • Fixed an issue in the portal GUI where, when creating an On-Prem SP share, the credentials drop-down always defaulted to and displayed the first credential, regardless of the user’s actual selection.

  • Fixed the SharePoint connector UI so uploaded certificates are correctly shown as “Yes” and the issuer field is displayed as “Hidden” instead of appearing empty.

Back to Top