Release Notes 5.22.25:

1. Adding timeout limits to regular expressions to prevent potential DoS attacks:

• Utils.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.None with explicit timeout.
  • Maintain existing functionality for ClearEmailSubject.

• KeycloakPasswordPolicies.cs (lines 85, 107, 129, 150):

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.None with explicit timeout.
  • Maintain existing functionality for password validation.

• AccountingExportsWindow.razor.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• ChangeOrdersByChangeDateTimeReportingWindow.razor.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• EventManagementComponent.razor.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• OrganizationManagementWindow.razor.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• PayrollManagementProcessedWindow.razor.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• SmsService.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.NoneBacktracking with explicit timeout.
  • Maintain existing functionality for phone format number validation.

• SynergyCustomValidators.cs:

  • Add appropriate timeout limits to the Regex.
  • Implement RegexOptions.None with explicit timeout.
  • Maintain existing functionality for phone format number validation.

2. Adding encrypted protocols instead of clear-text protocols:

• Enable SSL option on EmailHelper.cs
  1. Add the enableSSL option on the SmtpClient setup.
• Use the https instead of http in ShippingTrackingComponent.razor
• Use the https instead of http in DispatchingShippingManagementWindow.razor.cs

3. Adding hash verification to remote resources that lack integrity checks:

• Add hash verification string to these remote resources in the _Host.cshtml and _Layout.cshtml files.

4. Not storing a customer profile password in the Database when adding mobile app access so that the user's data is more secure:

When a user with privileges to create a customer saves a customer with mobile access using the Customer Sales and Marketing Management window, the password should not be stored in the cus_pwd column of the Customer table as plain text.

1. On the left side panel, go to Sales & Marketing

2. Click on Customer (CRM)

3. Select Customer Marketing

4. Choose Customer Sales and Marketing Management

5. Open an existing record and go to the Additional Info Tab

5. Being able to open the event by double clicking the row:

• The event modal opens when double clicking on the event row.
• The event modal still opens when double clicking on the edit button.Test_BETA.mp4

6. Working on Group Deployment Approvals into Canaries and Miners:

• The names are now as described in this User Story
• The deployment pipeline has two clearly separated approval stages:
  • Stage 1: Canaries (Prod (Default), TGIS, BSW Bittersweet)
  • Stage 2: Miners (24carrots, Elior, RMFC)
• Each stage requires approval before proceeding to the next.
• Visual grouping is reflected in the CI/CD dashboard or workflow interface.