Release Notes 6.3

This release introduces significant security enhancements, including new features and configuration options specifically designed to bolster security. Additionally, it includes some minor general upgrades and improvements, particularly in the areas of analysis and dashboard functionalities.

New Security-Related Features and Options

  • Email Addresses for notifications related to Security Sensitive Events.
    In the web.config file, specify one or more email addresses in the "SecurityAlertEmailAddresses" attribute. Separate each email address with a semicolon (;). These email addresses will receive notifications whenever the application detects security-related events, as outlined in the points below.
  • Request Rate Limit and Denial-of-Service (DoS) attack detection.
    Rate limiting helps prevent abuse and overuse of resources. It can protect against various types of attacks, such as Denial of Service (DoS) attacks, where an attacker floods a system with requests to overwhelm it. To enable rate limiting and DoS detection, set the "RequestRateLimit" in the web.config file to a number greater than 0. This number represents the maximum number of requests the application will allow from the same IP address within one minute. When this limit is reached, the following events occur:

    1) Further requests from the same IP address are discarded at the application level for the next 30 minutes (or until the application is recycled).
    2) A new log entry is added to the application’s Activity Log (Administration) with details of the IP address and the time of the event.
    3) An email is sent by the application with details about the event to all security-related email addresses.

    (We advise setting the value to 200 as individual page rendering requires multiple client-server requests.)
  • Brute-force Failed Login Protection
    By default, the application now protects against consecutive brute-force login attempts. Each failed login attempt is recorded in the application’s Activity Log. After three consecutive failed login attempts, the application performs the following actions:

    1) Sends an email to security-related email addresses with details of the IP address and login name used in the attempts.
    2) Deactivates the user account associated with the login name used (this feature can be enabled by the Admin in Administration > Users).
  • Last Login Information
    All users can see their recent login dates and times in the user settings form. Best practice indicates the login time and dates should be presented to users for detection of unrecognized logins. This practice matches the principle of security in layers, incorporating user awareness for the detection of malicious activity.
  • Mandatory Two-Factor Authentication (2FA) setup
    Kyubit application already supports Two-Factor Authentication, but until now it was only optional for a user to decide if to use it or not. From this release, it is possible to set up mandatory Two-Factor Authentication for all users. This means that users will not be able to work with application data until they configure Two-Factor Authentication. To set up mandatory Two-Factor Authentication (2FA), open the web.config file and set the attribute "Mandatory2FA" to "1".
  • Improved security related to XSS attack prevention
    Cross-site scripting (XSS) is an attack where an attacker injects harmful scripts into the code of a trusted application or website. Typically, attackers start an XSS attack by sending a malicious link to a user and persuading them to click on it. By default, the application is now secured from the 'Stored XSS attacks'. Optionally, for maximum security related to the 'Reflected XSS attacks', the application could be configured to disallow usage of certain characters ()\/{}'". For this option, set the "AdditionalXSSAttackPrevention" attribute to "1" in the web.config file.
  • Generic messages on login attempts and application error messages
    At certain events, the application sends generic (less descriptive) messages to the user to avoid sending valuable application architecture information to potential hackers. Specifically, this is related to failed login attempts and application error messages. Fully descriptive error messages could always be seen at Forms/Diagnostics.aspx by the application Admin role.
  • Uploading files improved security
    The application performs additional security checks while uploading files to the application.

Other Improvements and New Options

  • Dashboard Font Sizes Management
    Control the font size of the dashboard chart items and chart label values for the individual dashboard. While working in the dashboard design mode, open the 'Details' > 'General' form and set up the font size for the chart items and chart value labels separately. Immediately after clicking on the 'OK' button, the dashboard will be displayed with defined font sizes, so the dashboard designer can quickly try several options and fine-tune the desired display.
  • Define NULL values display
    Previously, NULL values were displayed as '-' in various views. To control what will be displayed in the whole application (analyses and dashboards) for NULL values, open the web.config file and set the appropriate character or text in the "NULLValueDisplay" attribute.
  • Explicitly set time zone for subscriptions
    By default, the time zone is related to the server Windows regional settings. In some situations, the server is not in the required time zone and now you can configure the time zone explicitly by setting the "ExplicitTimeZone" attribute in the web.config file. For example, 'Central Europe Standard Time', 'Middle East Standard Time', 'W. Australia Standard Time', etc. Full list at https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-time-zones?view=windows-11.
  • Subscription mode to save content as files on the server
    In the subscription form, there is an option to set if you prefer a particular subscription report to be saved as files (Excel, PDF) on the server. In the C:\Program Files\Kyubit\SubscriptionService\Kyubit.SubscriptionService.exe.config you control where these files will be saved. For example... <add key="ReportFilesPath" value="C:\Temp" /> You can also save it on a network folder as <add key="ReportFilesPath" value="\\kyubitfiles\reports" /> If this attribute remains empty (<add key="ReportFilesPath" value="" />) the files will be saved on the C:\Program Files\Kyubit\SubscriptionService\Log path. Files will be saved on the targeted path in the subfolder with the date as the name of the folder. So, if you have a subscription running every day for some report, it will not overwrite the previous file but everything will be organized in folders for every day. In case you have a subscription running multiple times within a single day, the report files will be overwritten in the folder for that day.
  • Disable the usage of Analytic Models
    Disable the usage of Analytic Models by setting the "AnalyticModelsDisabled" attribute to "1" in the web.config file.
  • Disable the 'Custom Drillthrough' action for non-Admins
    Disable the 'Custom Drillthrough' action for non-Admins by setting the "OnlyAdminCustomDrillthrough" attribute to "1" in the web.config file.
  • Data Source Name in the OLAP grid analysis
    The data source name is displayed in the OLAP grid analysis below the cube Name to give the current user more information about the source of the currently used data.
  • OLAP analysis, Member properties order
    If OLAP analysis includes the display of member properties, they will be always displayed in the same order as belonging attributes in the analysis.