Hello, how can we help you?

Recent Searches: Communication in the portal - Portal presentation - Viewing a portal - Adding elements to portals

Configuration - 2.2.0

Correction of vulnerabilities

  • Some specific cases of the XSS and Path Traversal vulnerabilities have been fixed in the product.
  • The recording of error logs in environments with PostgreSQL database has been fixed not to display sensitive information such as: connection user and password.
  • The user photo viewing features have been adjusted to require the requester user to be authenticated in order to view the photo.
  • The Open Redirect vulnerability present in the persistence logic of some resources of the product has been fixed.
  • An additional security layer has been created in the product to mitigate SQL Injection attacks.
  • Update of the Memcached service version (cache service) on Linux environments.
 

Due to restrictions in the technology, there were no changes to the Memcached service on Windows environments.

The guidance, in this case, is to increase security at the network level to avoid undue access to the cache service, such as: blocking external access to the service port in the Firewall rules.

 

 

Support to the OpenIDConnect (OIDC) protocol

In version 2.2.0, the system now supports the OpenIDConnect (OIDC) authentication protocol, which uses the OAuth2.0 authorization protocol as a base to authorize and authenticate a user in the SoftExpert Suite login step.

This protocol fits under the integrated authentication category and supports Single Sign-On (SSO).

 

SCIM provisioning: Enter the organizational unit

Support has been added to sending information of the organizational unit of which the provisioned user is part.

Thus, by allocating the user to their department and position, we ensure they will be under their organizational unit.

The used field is Organization, which can be added when mapping the attributes sent to SoftExpert Suite:

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization

According to the example, there are several departments with the same name (Information Technology), each with their respective ID #s and allocated under the organizational unit.

With this new attribute, the system can map the departments and add the user under the correct unit.

In the example above, the user myUser would be added to the Information Technology located under the Softexpert-EUR organizational unit.

 

My Tasks

Aiming to improve performance, we have changed the rule of the Update tasks button on the "My Tasks" menu.

Now, when the user clicks on this button, a request will be added to the job queue to count the tasks; therefore, updating the tasks may take a few moments, depending on the queue status.

 

Index status warning in the indexing service

If the search index for an on-premise customer has the read-only status, SoftExpert Suite will generate an alert message that can be viewed through the General search (CM032) or Alerts (CM034) screens.

 

New e-mail server creation screen (CM010)

The layout for the e-mail server creation screen has been updated, as seen in the images below:

 

User absence record

A validation has been added when selecting a user responsible for tasks when another user is absent.
If the selected user is also configured to be absent during the entered period, they cannot be selected as the responsible party.

 

Automatic license selection

As an improvement in the automatic license key distribution process, during user login, some configurable options are available for the system administrator to choose to use:

  • The latest license chosen by the user;
  • The license with the least permissions;
  • The license with the most permissions.

Once the user logs in, the license priority will be defined according to this configuration.

If this configuration is not filled out/changed, the default system behavior will be applied, giving priority to the latest license chosen by the user.

 

Full-text Search synonyms (CM032)

Aiming to continuously improve the search feature within SoftExpert Suite, from this version onwards, it will be possible to create synonym groups on the Full-text search Configuration screen (CM032).

Upon creating a synonym group, it will be possible to inform the search system that all words in that group have the same meaning. This will allow searches made within SoftExpert Suite to return customized results according to the needs of each customer.

For example: If a synonym group is created with the words “Employee”, “Worker”, and “User”, whenever a person searches for “Employee”, records with the words “Worker” and “User” will also be returned.

This configuration will enable the customization of the results of searches made within SoftExpert Suite and better compliance of the product with the needs of our customers.

 

View the latest improvements made to this component:


Was this article helpful?