Vera

February 2023

Version 3.21.2

February 2023

Fixes

• Fixed an issue where the links from Outlook would crash or refuse to open on the Microsoft Edge browser. This issue was noticed with the latest Microsoft Edge Browser update (version 110.0.1587.41).

• Fixed an issue where the secured PDF files would open as unsecured with Adobe 2022.003.20310 (old UI) release.

• Fixed an issue where the AD proxy does not work if the proxy is set to both group sync requests and authentication.

• Fixed an issue where Null Pointer Exception (NPE) occurs when a previously deleted file reappears in the Box folder.

November 2022

Version 3.21.1

November 2022

Updates

• Vera announces the end of support for macOS Catalina with the 3.22.0 release.

• Vera announces the support for macOS Ventura with the 3.21.0 release.

  Vera has verified that the newly released macOS Ventura works as expected with Vera’s previously released 3.21.0 version.

Fixes

• Fixed an issue when performing a perm-sync of files through SharePoint, the evaluated source resulted in FileShare instead of Classification Rules, which impacted folder-level Classification Rules.

• Fixed an issue of the invalid date range in the Licensed Users Report.

• Fixed an issue where the Kerberos Single Sign-On (SSO) authentication did not work with Two-Factor Authentication (2FA).

• Fixed an issue where Vera will notify the users to disable the Adobe Acrobat new UI feature that blocks them from accessing the secured files. Users can revert to the old UI by clicking View > Disable New Acrobat in the Acrobat application.

October 2022

Version 3.21.0

October 2022

New Features

• Vera allows you to secure files based on classification labels and tags. For each classification tag, you can apply rules based on auto-selected folder membership access or group-based membership access for files that are manually or automatically classified. The Classification Rules tab replaces the combined functionalities of the Partner Policy Mapping and Partner Policy Share Mapping tabs.

Updates

• Vera provides an option to their customers to copy Vera events from an AWS S3 bucket, without the need to open inbound ports to their environment or set up a Syslog server.

• The Vera agent may be unstable if the endpoint user installs Vera software first and then an administrator installs System Center Configuration Manager (SCCM). Vera’s installation procedures have been updated to remove user-based installation when Vera is deployed by an administrator via SCCM installation. Vera recommends rebooting the endpoint after the administrator installation.

• Vera has integrated the Titus C++ SDK into the Vera SDK, so when the Netskope discovery scans the file and identifies the partner policy tag, Vera can internally call the Titus SDK to write the Titus data classification tag on the file in Titus readable format and then encrypt the file.

• Vera announces the end of support for macOS Mojave in this release.

• SharePoint support for rendering all VIB-supported files on the browser if the supported application is not present on the desktop.

• Kerberos Single Sign-On Integration - Logs a user into the Vera client automatically if the user signs into Windows via Active Directory.

Fixes

• Fixed an issue where the access request emails were not sent.

• Fixed the low-risk vulnerabilities that were identified by Capital One's internal team.

• Fixed an issue where the SDK third-party authentication OAuth token expires.

• Fixed an issue where user’s session credentials are passed through the URL instead of a cookie.

• Fixed an issue where the application was allowing the client to specify a cipher suite that uses insecure encryption and/or hashing algorithms.

• Fixed an issue where the user export report and the dashboard count do not agree.

• Fixed an issue by creating an API that returns the tenant's correct number of TAD sync-able documents.

• Fixed a security issue with SAML authentication which allowed the user to log in via SAML into the Vera portal even though they were not whitelisted in the authentication settings.

• Fixed an issue where all the file copies were not displayed on the File Details window.

• Fixed an issue where a time-bomb error was reported when the files were opened in the browser.

• Upgraded all the Vera connectors to 3.19.1, allowing the security teams to rescan vulnerabilities.

• Fixed an issue where the watermark is missing when printing a TIFF file to paper from the Windows Photo Viewer.

• Fixed an issue where the multi-install fix is not working when the user is not signed out from the machine.

July 2022

Version 3.20.1

July 2022

New Features

• The native Linux executable is packaged with the Vera SDK. All required executable and libraries are under samples/c++/linux/bin. For more information, see readme.

Fixes

• Fixed an issue by improving the VIB workflows to support opening of secure files in a browser if a Vera-supported application is not present on the desktop.

• Fixed an issue that allows Vera to message when some records are not copied due to co-owner restrictions while cloning access to or from another user.

• Fixed an issue that impacts the performance where slowness occurred in opening unsecured Excel files in SharePoint.

May 2022

Version 3.20.0

May 2022

New Features

• Manage access for files that are shared widely to allow one or more other users to be Co-Owners of the file in the SaaS Windows Client and MacOS Client. File Co-Owners are people and/or groups that can receive and grant access requests, share the file and edit it but cannot change the ownership or remove privileges from the owner. Please see the new File Co-Owners section in the Admin Guide.

• Windows Client - Box Drive - Vera-secured files showing Vera icon

  For Box Drive, the icons of Vera-secured files will show the native application icon (Vera icon) when the Vera Client is installed in the machine.

• Windows Client - Enable the Keyboard Enter Button on Vera Client Login

  If you are not signed into the Vera client and try to open a Vera-protected document, it prompts you to sign in. While signing in, if you press Enter on the keyboard it will sign you in.

Updates

• Vera announces end of support for the following applications/versions on MacOS:

  • AutoCAD, AutoCADLT, Reader and Adobe Illustrator version 2019 in the 3.20.0 release.

  • Office 365 version 15.41.0 and earlier in the upcoming 3.20.0 release.

Fixes

• Fixed an issue where MacOS users with Vera Client installed cannot open and edit unsecured PPT files in SharePoint online.

• Fixed an issue where after installing the SharePoint add-in application, Vera considered normal HTML files (not Vera-secured files) as Vera-secured files and displayed an error when opening the file.

• Fixed an issue where the Vera icon may not display for Dropbox under certain special conditions.

• Fixed an issue where there is a discrepancy in the file name when the file is opened in a browser and in a default application. Vera improved the handling of renamed files when viewing in the browser. Files that have been renamed in the local file system or in SharePoint and subsequently opened using the browser will be noted as such in the file details page.

• Fixed a bug where in some situations, users with privileges to modify the access of multiple files were not able to do so.

April 2022

Version 3.19.3

April 2022

Fixes

• Resolved an issue where Save Policy was not enforced in View-in-Browser (VIB) (Server Only).

March 2022

Version 3.19.2

March 2022

New Features

• Added support for Acrobat 2022 (Adobe Pro DC and Adobe Reader) for Adobe's latest update (22.001.20085) to Windows and Mac clients.

Fixes

• Fixed an issue where if an Adobe Acrobat does not have a .pdf extension in the title, the Windows client opens the file as an unsecured file.

March 2022

Version 3.19.1

March 2022

Updates

• Vera now uses Log4j files 2.17.1, fixing CVE-2021-44832.

• Vera now supports SharePoint 2019 OnPrem.

Fixes

• Fixed an issue where if one user with administrator role (admin1) changed settings for another administrator (admin2) in the portal, admin2’s role was downgraded to that of a regular user, and the audit trail incorrectly identified the transaction.

• Fixed an issue when users opened a secured PDF file, a corrupted file error message displayed and the file did not open. This issue encountered with the Adobe Acrobat latest version 2021.011.20039.

• Fixed an issue where Apple Mail shim in 12.1+ (Monterey) did not work because of the recent Apple Mail updates.

January 2022

Version 3.19.0

January 2022

New Features

• The Vera brand is changing. With this release, the new Vera by HelpSystems logo and logomark will appear in Vera's website, Vera online, Vera documentation, and Vera External APIs.

• A new button is available to update the AppSecret. Users can use the existing download button to get the new configuration.

Updates

• Vera announces the support for Symantec V15.8.

• Vera expands the support for SharePoint. Users can now use the VIB/EIB functionality for protected files hosted on SharePoint.

• Vera announces the support for PDF files rendering by OnlyOffice cluster.

• Vera announces the support for the Outlook new UI with the JS add-in on MacOS.

• Vera announces the support for MangoDB 4.2. MongoDB version 4.0 will reach End of Life (EOL) on April 30, 2022. Atlas clusters currently running MongoDB 4.0, which will be automatically upgraded to MongoDB 4.2 after April 30, 2022.

• Vera announces the end of support for Microsoft IE11 for VIB/EIB:

  • With the Vera 3.19.0 release, the View-in-Browser/Edit-in-Browser (VIB/EIB) functionality is no longer supported on Internet Explorer 11 (IE11). Other browsers, such as Microsoft Edge, Google Chrome, Mozilla Firefox, and Safari, will continue to be supported. There are no changes to file types, sizes, or any other capabilities of VIB/EIB.

  • This decision is prompted by several factors. Microsoft has set IE11 on a sunset path, with O365 already not supporting it, and planning to withdraw operating system support for IE11 in Q2 2022. Usage of IE has been steadily declining in the Vera user base, with Edge increasing share. As a security company, Vera always recommends using the newest, best-supported version of software. This includes Vera's underlying Javascript libraries, which are also dropping IE11 support with this and subsequent releases.

• Vera announces the end of support for the following MacOS applications in the upcoming releases:

  • AutoCAD, AutoCADLT, Reader, and Adobe Illustrator version 2019 in the upcoming Vera Release 3.20.0.

  • Outlook shim in the upcoming Vera Release 3.21.0.

  • Office 365 version 15.41.0 and earlier in the upcoming Vera Release 3.20.0.

Fixes

• Fixed an issue where export and dashboard counts do not match:

  • Fixed an issue where the Statistical reports included some duplicate users.

  • Fixed an issue where some leftover content remained during a npm install/npm build.

• Fixed an issue where Excel experienced slowness when Vera is installed.

• Fixed an issue where Office 365 latest and Office 2019 – V.16.57 applications were crashed when Vera 3.18.x is installed on Mac. This issue is fixed for all Vera supported OS X versions.

• Fixed an issue where securing a large file failed using Veracmd.

• Fixed an issue where TAD Vera client (3.17) service stopped from time to time with the "Event 1000, application error" message on the Windows application logs and caused the key syncing to stop.

• Fixed an issue where now admin has the option not to show the login button on the download page if User portal access is disabled.

• Fixed an issue where the error messages provided too much information when you log in to the Vera portal.

• Fixed an issue to merge the duplicate users and now the user count matches the export count.

• Fixed an issue that was related to npm install/npm build that did not remove the files properly.

December 2021

Version 3.18.3

December 2021

Updates

• Updated Apache Log4j2 version to 2.17.0 (NVD-CVE-2021-44228 and CVE-2021-45105 (nist.gov)).

Version 3.18.2

December 2021

Fixes

• Added fixes to the Vera Infrastructure to address the zero-day vulnerability related to Apache Log4j2 (NVD - CVE-2021-44228 (nist.gov)).

November 2021

Version 3.18.1

November 2021

Updates

• Vera announces the support for PDF files rendered in OnlyOffice, so the PDF files will not use the PDFJS add-in when enabled; instead, the PDF files will go to the OnlyOffice cluster for rendering. This option can be turned on in Settings by the administrator.

• Vera announces the support for Android 64 bit, Android 10, and Android 11. The Android Vera app is available on Google Play Store.

• Vera announces the support for the recent Apple Monterey (Mac) and iOS 15.

• Vera announces the support for Windows 11.

• Vera announces the support for User Authentication through Ping MFA. Administrators can configure Ping through the Auth Rules window on the portal. Current support is for Authentication through the Primary Device in Ping.

Fixes

• Fixed an issue where the Apple Mail returned an "Incompatible plug-ins disabled" error while enabling Vera mail bundle in the Monterey release. The Vera Mail bundle is enabled and the user can secure the file using the Vera plugin.

October 2021

Version 3.18.0

October 2021

New Features

• Vera has now added the ability to view secured .msg files in browser flow (VIB) as PDF’s. Following attachment types will be rendered along with the email body - .pdf, .docx, .doc, .xlsx., xls, .ppt, .pptx.

NOTE: Admin must log into the Vera portal and enable viewing of secured .msg files in "Enable Browser Viewing" under general settings to allow the opening of these files in VIB.

NOTE: If using On prem FCC or On prem FSC setup, these will also need to be upgraded by admin to the latest version (3.18.0).

NOTE: .msg files secured before the 3.18 release will continue to be treated as Access Control files. Users will have to unsecure and re-secure these files to upgrade their protection for access control to DLP.

• Vera announces the support for most recent versions of the Apple iOS 14.5, 14.6, and 14.7.

• Vera provides an option to select a specific PING ID when multiple secure options are available.

• Vera enables Administrators to manage k8s clusters for GFCC connectors validation and deployment.

• Vera now supports short-lived access tokens that are valid for 4 hours. The administrators are requested to re-authenticate their Dropbox share for this to take effect. From September 2021, Dropbox will retire the creation of long-lived access tokens and will introduce the new short-lived access tokens.

• Vera introduces an event log for unauthorized users trying to access a Vera secured file. Whenever an unauthorized user tries to open a Vera secured file, the event log will be updated with a log.

• Create New Users on invitation - This setting will create new users in the Vera system when they are invited to collaborate on documents through Box, instead of waiting until they accept the invitation. This setting applies for new Box users only when the Box Share is configured to scan All Folders.

NOTE: Connector is required to enable the "Create New Users" feature.

Security Updates

• Vera has restricted the HTTP endpoint so that it can only open files with the Vera solution.

NOTE: Each Vera.exe instance owns a local-host HTTP server that is responsible for opening the locally secured files. When a secured file is opened, the encrypted HTML version is opened via the browser, and then an HTTP request is issued. However, it was observed that this HTTP request can be used to open any file, not just those previously secured by Vera. To avoid any possible attack, Vera has restricted the HTTP endpoint.

• To avoid XSS attacks, all user inputs will be sanitized before being returned to the user. All special characters (such as < > " ' &) will be converted into their corresponding HTML escape characters. Also, all user-provided data will be subject to input validation (such as numeric, date, and alphanumeric).

• Vera has taken the following steps to prevent the Server-Side Request Forgery attack:

Fixes

• Fixed an issue which allows the user can to unsecure a file with "Maintain Original Owner" Saving Policy after multiple Save/Save As operations. This fix was related to an issue with UI automation.

• Fixed an issue where the Windows Outlook pop-up asking to select policy is shown even if the recipient has access to the secure attachment.

• Fixed an issue where the TAD Server Windows client keeps crashing.

• Fixed an issue where the Windows Outlook Share Info feature was broken.

• Fixed an issue where the Veraadminservice.exe was crashing.

• Fixed an issue where the custom install location feature was not working in the Windows client installer.

August 2021

Version 3.17.1

August 2021

New Features

• Vera has introduced the image zoom-in and zoom-out options in the browser mode without compromising the image quality. Supported file types are .bmp, .jpg, .jpeg, and png.

• Vera has introduced how to install Windows Vera in a custom location.

• Vera now supports short-lived access tokens that are valid for 4 hours. The administrators are requested to re-authenticate their Dropbox share for this to take effect. From September 2021, Dropbox will retire the creation of long-lived access tokens and will introduce the new short-lived access tokens.

• Vera introduces an event log for unauthorized users trying to access a Vera secured file. Whenever an unauthorized user tries to open a Vera secured file, the event log will be updated with a log.

Security Updates

• Vera has restricted the HTTP endpoint so that it can only open files with the Vera solution.

NOTE: Each Vera.exe instance owns a local-host HTTP server that is responsible for opening the locally secured files. When a secured file is opened, the encrypted HTML version is opened via the browser, and then an HTTP request is issued. However, it was observed that this HTTP request can be used to open any file, not just those previously secured by Vera. To avoid any possible attack, Vera has restricted the HTTP endpoint.

• To avoid XSS attacks, all user inputs will be sanitized before being returned to the user. All special characters (such as < > " ' &) will be converted into their corresponding HTML escape characters. Also, all user-provided data will be subject to input validation (such as numeric, date, and alphanumeric).

• Vera has taken the following steps to prevent the Server-Side Request Forgery attack:

Fixes

• Fixed an issue where the Vera application would fail to open or crash on launch after the recent iOS upgrades. This issue was encountered in iOS 14.5, 14.6, and 14.7.

• Fixed an issue where the user was unable to copy from a Vera secured Word, PowerPoint, or Excel file in the protected view and paste the data in the regular view file even if the copy-paste policy was enabled.

• Fixed an issue where the user was unable to open a Vera secured file that was created using MS Office suite 97/2000/2003.

• Fixed an issue where the data leak was happening from the MS Office clipboard, even with the copy policy disabled or enabled only between the secured files.

• Fixed an issue where the Adobe Acrobat and Reader were crashing when the user was trying the snapshot option with copy policy disabled for the secured file.

• Fixed an issue where the user was receiving an error message “Error opening file. Please try to open it again” when clicking on any link after a search in WinOS.

June 2021

Version 3.17.0

June 2021

New Features

• Vera has introduced the image zoom-in and zoom-out options in the browser mode without compromising the image quality. Supported file types are .bmp, .jpg, .jpeg, and png.

• Vera now supports short-lived access tokens that are valid for 4 hours. The administrators are requested to re-authenticate their Dropbox share for this to take effect. From September 2021, Dropbox will retire the creation of long-lived access tokens and will introduce the new short-lived access tokens.

• Vera introduces an event log for unauthorized users trying to access a Vera secured file. Whenever an unauthorized user tries to open a Vera secured file, the event log will be updated with a log.

Security Updates

• Vera has restricted the HTTP endpoint so that it can only open files with the Vera solution.

NOTE: Each Vera.exe instance owns a local-host HTTP server that is responsible for opening the locally secured files. When a secured file is opened, the encrypted HTML version is opened via the browser, and then an HTTP request is issued. However, it was observed that this HTTP request can be used to open any file, not just those previously secured by Vera. To avoid any possible attack, Vera has restricted the HTTP endpoint.

• To avoid XSS attacks, all user inputs will be sanitized before being returned to the user. All special characters (such as < > " ' &) will be converted into their corresponding HTML escape characters. Also, all user-provided data will be subject to input validation (such as numeric, date, and alphanumeric).

• Vera has taken the following steps to prevent the Server-Side Request Forgery attack:

Fixes

• Fixed an issue where the user was unable to copy from a Vera secured Word, PowerPoint, or Excel file in the protected view and paste the data in the regular view file if the copy policy was enabled.

• Fixed an issue where the user was unable to open a Vera secured file that was created using MS Office suite 97/2000/2003.

• Fixed an issue where the data leak was happening from the MS Office clipboard, even with the copy policy disabled or enabled only between the secured files.

• Fixed an issue where the Adobe Acrobat and Reader were crashing when the user was trying the snapshot option with copy policy disabled for the secured file.

• Fixed an issue where the user was receiving an error message “Error opening file. Please try to open it again” when clicking on any link after a search in WinOS.

April 2021

Version 3.16.0

April 2021

New Features

• Vera has introduced the new end-user help portal. The end-users can navigate to the newly introduced help portal to have access to end-user-relevant documents, multimedia, and some new features that were unavailable in the legacy (admin) help portal.

• Vera has introduced a flag to allow permission sync in SharePoint when a file is uploaded by a collaborator. Previously, this permission sync occurred only when the owner of the file uploaded it.

• Vera has introduced a "View in Browser" permission. Now the administrators can restrict the users from viewing any file in the browser mode.

Updates

• Vera extends its support for Apple M1 on macOS with Rosetta mode. To enable this support, users have to force all the supported universal applications that are being used with Vera secured files to run under Rosetta emulation instead of natively. For more information, go to Vera Admin Portal > Knowledge Base Articles > How to force universal Mac applications to run under the Rosetta emulation instead of native emulation?

• Vera extends its support for Microsoft Office 365 groups. For more information, go to Vera Admin Portal > Technical Guides > Microsoft O365 Group Integration Guide.

• Vera now supports a custom KEYSTORE location option so that the administrators can store the list of access keys at a customized location. For more information, go to Vera Admin Portal > Technical Guides > Total Access Device Support for Vera Client.

• Vera announces the end of support for macOS 10.13 with the Vera release 3.16.0.

Fixes

• Fixed a security issue of possible Cross-Site Scripting (XSS) vulnerability in the activity log page. This issue has been fixed by using the following changes:

• (WinOS) Fixed an issue where the user tried to copy content from a Vera secure file with copy disallowed to another Vera secured file, the copy was blocked but the user was seeing a “Word has encountered a problem” error.

• (WinOS) Fixed an issue where the data leak was observed when using the translator option and copying the data to OneNote.

• (WinOS) Fixed an issue where the Adobe Acrobat was crashing when the user was performing the Redact operation.

• (WinOS) Fixed an issue where the user was using the look-up feature on Adobe Acrobat with selected words, the dictionary.com was opening and making selected words available for copying.

• (WinOS) Fixed an issue where the users were getting a data leak issue when opening the file as a recipient using the clipboard option in normal view on a Microsoft Excel, Word, or PowerPoint file. Users were able to copy-paste content from the secured file even if the copy-paste policy was disabled.

• Fixed an issue where the Vera secured files stored in Box or Dropbox with a PDF link functionality enabled were opening in the browser mode even when the particular file type was disabled from the "Enable Browser Viewing" option.

• Fixed an issue where permission syncing was not working in a few cases where there were too many entries in the Cloud Storage folder.

• Fixed an issue where the "Permanently delete unsecure file", "Place unsecure file in recycle bin", and "Retain metadata" headings were inconsistent for different shares like SMB, Box, Dropbox, and SharePoint.

• Fixed an issue where the user was uploading the secure file from SMB to the SharePoint folder, sometimes the permissions from SMB and SharePoint were getting merged, but sometimes they were not getting merged.

• Fixed an issue where certain assets in the application do not enforce the use of TLS/SSL to encrypt traffic over the network.

• Fixed the following customer-reported tickets:

• (Zendesk-17174) Fixed an issue where the mail merge option in Microsoft Word was not working with the Vera client installed.

• (Zendesk-17086) Fixed an issue where the existing user’s access was getting revoked when a new user was granted access.

• (Zendesk-17123, 17164) Fixed an issue where the AD Connector Membership Sync was not working when the gateway URL had a double backslash in the URL.

March 2021

Version 3.15.0

March 2021

New Features

• Vera now provides a link to the terms of use and privacy policy in the sidebar of the Vera portal. The values are configurable in the administrator’s settings in the Branding section.

Updates

• Vera extends its support for Adobe Acrobat DC version 21.001.20135 on macOS and Windows operating systems.

• Vera extends its support for Adobe Acrobat Reader version 21.001.20135 on Windows operating systems.

• Vera announces the end of support for macOS 10.13 with the Vera release 3.16.0.

Fixes

• Fixed the following security issues:

  • Cross-Site Scripting (XSS) attacks using the username prevention and stored documents. Vera has initiated a white list policy, all the received user’s inputs are now sanitized before returning it to the user. All special characters (such as < > " ' &) will be converted into their corresponding HTML escape characters. Also, all user-provided data will be subject to input validation (such as numeric, date, and alphanumeric).

  • Certain fields were missing values for a few audit records; now the audit logs will capture Username, User email ID, Policy name, EnforcePolicyInfo, and RuleName.

• Fixed an issue of the customer error pages. Vera now displays the custom error pages with the error codes.

• Fixed an issue of audit search confusing and unintuitive. When customers conducted a generic audit search in the administrator portal, Vera occasionally brought up unrelated search results because diagnostic fields in the records were added to the search results.

• Fixed an issue where the user was creating a subfolder in a Vera-secured folder in OneDrive and moving it to a new share location and ACEs, the shared processor was getting removed and started again.

• Fixed the JS Add-in Trust Certificate issue where if the user has skipped or canceled the trust certificate settings pop-up while using the Outlook JS add-in option, then they can change the settings by following the steps mentioned in the error message.

• Fixed an issue CVE (CVE-2021-3156) in Sudo-1.8.23-10.el7_9.1.x86_64.

• Fixed the following customer-reported tickets:

• (Zendesk-16939) Fixed an issue where the user was opening a .tiff orientation 6 file in the browser mode and it was showing as a mirror image of the original image.

• (Zendesk-17009) Fixed an issue where the file owner was setting the forwarding policy as positive and sending the file to a recipient, the recipient was not getting the file forwarding option.

• (Zendesk-16976) Fixed an issue where the Vera help page would display an AWS error message on the home search bar.

• (Zendesk-16963) Fixed an issue where some authorized users were unable to work with Vera clients and were getting stuck at the authentication page.

• (Zendesk-16970) Fixed an issue where the users were getting an error “There was an error opening the document. This file cannot be found”. This issue was seen with Adobe version 20.013.20074.

• (Zendesk-16915) Vera has made changes to mitigate the Slowloris vulnerability.

• (Zendesk-16536) Fixed an issue where few users were seeing an error message "File not found" while opening files from MS Visio from SMB. This issue was found with client version 3.9, Windows 10, and Visio Standard 2016-version 2010.

• (Zendesk-16856 and 16919) Updated the activity log display in the user detail page with a focus on recent events.