Mail Express was updated with the changes described below. To view a complete version history and to download the latest version, go to http://www.globalscape.com/support/gme.aspx.
Added ability to use TLS 1.1 or 1.2 and Perfect Forward Secrecy
Miscellaneous security updates
Support for the Mail Express Add-In in Outlook 2016.
Localization bug fix
OpenSSL update to address security vulnerabilities in earlier SSL versions
Option to expire links immediately (upon first use)
Include latest Java Runtime (JRE)
Email and attachments managed by Mail Express can be processes by antivirus and data loss prevention tools before being sent.
Added a Scan Activity report to show processing errors and successful/failed attempts for processing by antivirus and data loss prevention tools.
Audit Event History can now be filtered by specific Event Types.
Added language support for Italian and Portuguese
Email managed by Mail Express sent from the Outlook Add-in or the web portals can be encrypted so that only the sender and the receiver can read its content
Updated interfaces in the web portals
Administrators can now require verified users in the Reply portal
Semicolons are allowed as email delimiters in the To, Cc, and Bcc fields of the Drop-off, Reply, and Internal portals
Default package expiration is now 1 year instead of 1 month
Limit the number of attachments allowed for emails in the Internal Settings and the Drop-Off Settings.
The Request Account link on the Drop-Off Portal can be visible or hidden based on the setting in General User Settings.
Allow an internal user account to expire based on the Internal Users expiration settings on the General User Settings page.
In the DMZ Gateway configuration, you can specify which portals are to be accessed through the DMZ Gateway address, and whether LDAP authentication is to be used for portals accessed through DMZ Gateway.
Purge internal user accounts (same as external user accounts)
Removed support for Outlook 2003.
A 64-bit SQL Express installer is included in the Mail Express 32-bit installer.
Updated Tomcat native connector to address "Heartbleed" SSL vulnerability
Added static configuration item to prohibit invalid characters from LDAP query usernames.
File-type exclusion added to Internal Portal and Outlook Add-In—Administrators can prevent internal users from sending certain types of files. The user may still be able to send the files without Mail Express, if the Outlook Add-In is configured to allow it. The system notifies users if they attempt to send files with a restricted extension, allowing them to remove the restricted file.
Password policy added for Internal user accounts—Administrators can specify password reset, expiration, reuse, and user notification of password expiration. The settings apply to internally managed account, external user accounts, and administrator accounts.
Account lockout added for Internal user accounts—When using Active Directory for user authentication, a user (or malicious user) could lock themselves out of their account with too many failed attempts to log in. Mail Express provides the ability to lockout a user prior to the AD lockout, and the ability for the administrator to manually lock or unlock the account.
Increased Client Access Licenses (CAL) available to 100,000 (depending on the number purchased). The total number of CAL available is displayed on the General Configuration page under Licensing and Registration. The number of licenses consumed is displayed on the Mail Express Status page.
Administrator can configure FIPS 140-2-compliant protocol (TLS) and algorithms for communication across the system (to support HIPAA compliance) on the General Configuration page under Enhanced Communication Security.
The Outlook Add-In (OAI) can connect to a newer version of Mail Express Server. However, an OAI cannot connect to an older Mail Express Server. This setting allows existing clients to connect when the Server is upgraded, without immediately upgrading the OAI to the new version (within 2 minor versions, that is, 4.0 to 4.1 and 4.2)
External web users can be presented with a Terms of Service agreement upon first log in. Administrators can enable/disable this functionality and can customize the message that is presented.