Product news
Recent security improvements in Exact Globe+ and Synergy
Recent product updates for our software packages, Exact Globe+, Exact Globe Next and Exact Synergy, have brought about significant security improvements to ensure the protection of our users' data. In this post, we will discuss some of the key security enhancements that have been implemented.
Exact Globe+, Exact Globe Next en Exact Synergy
OAuth: token-based authentication
From product update 257 and 412 Exact Synergy Enterprise and Exact Globe+ support Token-based authentication which can be used for Federated identity. This means that you can now log into Exact Synergy Enterprise using Auth0 or WAAD (Windows Azure Active Directory) via OAuth 2.0 or SAML 2.0 protocols, and login to Exact Globe+ using Auth0 or WAAD (Windows Azure Active Directory) via the OAuth 2.0 protocol. This functions as a replacement for Basic Authentication for SMTP in Exchange Online, which is no longer supported by Microsoft. To send emails via Exchange Online, users can now authenticate via OAuth. The system administrator can easily retrieve IDs from Microsoft Azure and then enter them into the Synergy settings, providing an improved level of security. Please note that not all Exact Synergy Enterprise and Exact Globe+ features support Token-based authentication at current releases. Please see the list here for an overview which features/solutions support Token-based authentication as of which product update.
TLS 1.2
We have also updated the Transport Layer Security (TLS) protocol used in our software, with Exact Globe+ and Exact Globe Next now supporting TLS 1.2. This is in line with our ongoing efforts to ensure that our clients' data is transmitted securely. To support this, we no longer support TLS 1.0 and 1.1 in our REST v2 API since March 30, 2022. Clients using these versions were expected to upgrade to our new standards of TLS 1.2 to avoid any security risks.
Exact Globe+ en Exact Globe Next
Digipoort (NL)
Our customers active in the Netherlands benefit from updates to certificates used for Digipoort end points, ensuring that communications remain secure. Digipoort is used for electronic submission of tax returns and financial reports to the Dutch government. The service was introduced with SBR (Standard Business Reporting) and is mandatory for VAT returns, ICP reports, and salary tax returns. Exact Globe has been updated to support the submission of salary tax returns through Digipoort. These latest changes were made in October and November 2022, as the validity period of the previous certificates expired. Users can change or remove a tax return by deleting the original submission via the declaration management screen. However, it's important to note that tax returns can't be deleted or changed once they've been sent.
Exact Synergy
Attachment whitelisting
We have also implemented a whitelist mechanism for attachment upload in Synergy to prevent the uploading of malicious files. This uploading enables system administrators to limit the files that users can upload to avoid the upload of potentially corrupted files. The system Administrator is able to define the file type/extension that is allowed to upload to be uploaded to Synergy (System ->Setup > Settings - General > All).
User rights adjustment
Administrators are now exclusively reserved the right to view the settings page, which was previously accessible to more users. Now, only users with the Administrator role or function right 1063 - Allow to view baco settings will be able to view this page.
Third party updates
Lastly, our software packages have also undergone upgrades to third party components, ensuring that any potential vulnerabilities are resolved. This includes updates to React, jQuery, jQueryUI, and Telerik versions in Synergy.
Previous enhancements
In November 2020, we carried out security fixes on the following modules. Here you can find additional information on these improvements.
- General & System
- Configurator
- CRM
- Document
- ECP
- PSA
- Service Management
- Social Collaboration
- SOI
- Workflow
- Workspace
In conclusion, these recent updates to our software packages, Exact Globe+ and Synergy, are a testament to our commitment to providing our clients with the highest level of security for their data.