ManageEngine Exchange Reporter Plus
Reporting, auditing, and monitoring for Exchange Server and Microsoft 365
Exchange Reporter Plus is in security-and-compatibility mode, chasing Microsoft's cmdlet deprecations and closing XSS reports.
◆Recent moves
- 3mo ago
Build 5802: Duo SDK certificate update and XSS fix
Build 5802 updates the Duo Universal Java SDK for expiring certificates and fixes a stored XSS (CVE-2026-27655) — dependency maintenance plus a security patch, consistent with the security-first cadence.
- 5mo ago
Build 5801: searchable scheduled-task history and fixes
Build 5801 makes Scheduled Tasks History searchable with source-server and collection-period visibility, plus content-search and mail-config fixes — a genuine usability gain amid the maintenance stream.
- 6mo ago
Build 5800: Exchange Online moves to Entra app registration
Build 5800 drops the dedicated service-account requirement for the Exchange Online module in favor of an Entra app registration, removing the need to disable MFA — a meaningful auth-modernization and security-posture improvement.
- 8mo ago
Build 5726: migrate to Get-MessageTraceV2 cmdlet
Build 5726 migrates reports and audits to Microsoft's Get-MessageTraceV2 cmdlet ahead of the deprecation of Get-Message and updates the bundled JRE — compatibility work needed to keep reporting uninterrupted.
- 11mo ago
Build 5724: stored XSS fixes in Audit and Reports
Build 5724 patches four stored XSS vulnerabilities in the Audit and Reports modules plus assorted issue fixes — bug-bounty-driven security maintenance.
- 1y ago
Build 5723: XSS, path traversal, and Redis auth fixes
Build 5723 fixes stored XSS, a Schedule Reports path traversal, and an unauthenticated Redis exposure — a security-hardening release with no new features.