The latest version of Group-Office, 6.8.40, includes significant security enhancements that have been made to better protect your data. Following a recent penetration test conducted by an external party, we identified and promptly resolved several vulnerabilities to enhance the overall security of the platform.
To strengthen security measures, we have implemented the following improvements:
- Regular password checks using the "Have I been Powned" API to prevent the use of leaked passwords
- Introduction of a new feature that allows an admin to enforce users to select a new password
- Enhanced fail2ban configuration to prevent brute force attacks
- Elimination of timing attacks on the login and forgotten password processes
- Resolution of various security-related bugs
Furthermore, we highly recommend utilizing the existing two-factor authentication and restricting authentication to authorized locations for an additional layer of protection.
Our dedication to enhancing security remains unwavering, and we will continue to prioritize the security of your data. To ensure the utmost security of your information, it is imperative to regularly update to the latest version of Group-Office.
If we host your Group-Office, you are already on the latest version. If not contact us for a free upgrade.
If you self host, then don't wait any longer – upgrade to the latest version now to take advantage of the
enhanced security features and protect your data effectively.
Upgrade