Skip to main content
Mitratech Success Center
Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

LegalHold 4.2.0 Release Notes

  1. Last updated
  2. Save as PDF
                    ***This document is subjected to changes until product release is in production***

These release notes detail the information related to Enhancements, Improvements, and Resolved Issues in LegalHold 4.2.0 release. And this release delivers key improvements across TAP integration, Microsoft 365 Purview, workflow automation, communication clarity, and error handling. Together, these updates enhance system reliability, security, and ease of administration.

  • TAP Integration Enhancements: This release strengthens the integration between LegalHold and TAP with a new test connection screen, improved workflow template management, and API‑based automation for Employee Departure workflows. Administrators can now configure, validate, and trigger TAP processes more seamlessly and reliably.

  • Microsoft 365 Purview Enhancements: LegalHold now runs on an updated Purview integration library for improved security and compatibility.
    A major upgrade adds full multi‑domain Purview support, including a new configuration grid, enhanced domain validation, and Service‑Principal‑only authentication. LegalHold automatically creates Purview cases across all configured domains and enables unified custodian actions across tenants.

  • Improved Custodian Communications: The automated restoration email sent to custodians has been rewritten for clarity and professionalism, ensuring better communication when users are returned to an active hold.

  • Advanced Error Handling for M365 Preservation: A new centralized error aggregation system simplifies the detection and management of failed in‑place preservation actions. Admins can now receive scheduled notifications and use flexible email templates to proactively monitor and resolve issues—reducing risk and saving significant manual effort.

Enhancements/Improvements

Enhancement: We have added a test connection settings screen to support integration between TAP and LegalHold. 
Tracking Code: LH-18449

Enhancement: We added a configuration page in LegalHold for managing TAP Workflow Templates.
Description: Admins can now configure TAP Workflow Templates in LegalHold, view available workflows, store template IDs, access setup help, and download the base template. The system inserts a single record for the “Employee Departure Workflow” during initial setup.
Tracking code: LH-18563

Enhancement: Implemented TAP API consumption in LegalHold’s Employee Departure workflow to trigger TAP processes when a person is marked inactive, using configured integration settings and workflow ID.
Tracking code: LH-18663

Enhancement: Microsoft 365 Purview upgrade
Description: Upgraded Microsoft 365 Purview integration library to version 5.80 to ensure compatibility with the latest APIs, enhanced security, and support for future eDiscovery features.
Tracking code: LH-18647

Enhancement: Domain configurations upgrade and multi-domain purview support
Description: We have replaced the previous single-domain configuration screen with a new grid view that lists all Microsoft 365 Purview integration configurations by domain. The grid supports search and sort functionality and includes actions to view, edit, and delete configurations. 
    A Create New button has been added, allowing users to easily add new domain configurations through an updated form. The new form introduces a mandatory Domain field with validations for uniqueness, non-empty values, and proper format. Additionally, the integration now enforces Service Principal-only authentication, fully removing support for user service accounts to improve security and compliance. 
    After the user saves the legal hold, the system will go through each configured domain, create a matching case in each one, collect all the case IDs, and save them along with the hold. When creating a legal hold, the system now automatically creates matching cases for all configured tenant domains and saves their IDs. All custodians across domains can now be initialized, synchronized, and placed on hold or released with a single action, without any UI changes required.
Tracking code: LH-18652, LH-18653, LH-18815, LH-18651

Enhancement: Improved Language in Restoration Email for Custodians
Description: We have refined the automated email sent to custodians upon their restoration  to an active legal hold. This previous phrasing "You were reassigned to the next hold:" has been replaced with more explicit and professional wording "You have been reassigned to the Hold listed below."
Tracking code: LH-19180

Enhancement: Improved M365 Integration: Error Handling
Description: We’ve introduced centralized error aggregation for failed in-place preservation between LegalHold and Microsoft Purview. Instead of manually checking each custodian or site, admins can now configure scheduled notifications and email templates to proactively manage failures. This reduces legal risk, improves troubleshooting, and saves significant administrative time.
Tracking code: LH-18650, LH-18780

Bug Fixes 

Issue: Resolved a stored XSS vulnerability by sanitizing the question repository, response settings, release Comments, message parameter, notificationId parameter, hold notice and preservation notice parameters to prevent script injection.
Tracking code: LH-18745, LH-18746, LH-18749, LH-18751, LH-18748, LH-18750, LH-18753

Issue: We have fixed guide design issues for non-SSO users by ensuring required variables are available, and updated CSP configuration to improve security by removing unnecessary directives.
Tracking code: LH-18936

Issue: We have fixed a Blind SSRF vulnerability in the FTP test connection endpoint by enforcing strict URL validation and blocking unsafe protocols. Enhanced error handling and network restrictions to prevent internal service access.
Tracking code: LH-18747

Issue: Hardened Security Controls for Email Templates. 
Description: We have improved server-side sanitization and validation rules across all editable email template fields, including Reply-To, Subject, Body, and Footer. This enhancement ensures that all user inputs are securely processed before storage, preventing unauthorized script execution and layout manipulation.
Tracking code: LH-19089, LH-18752

Issue: Resolved an issue where LegalHold users created via email response were incorrectly locked to SSO-only, preventing password login. The system now updates authentication flags when SSO is disabled or a password is set.
Tracking code: LH-19194

Issue: Resolved an issue where the “Released Date” was saved too early in the release workflow, causing inaccurate dates in reports. The date is now only persisted after the release process completes for accurate reporting.
Tracking code: LH-18773

Issue: Resolved an issue where Legal Staff, Interviewer, and IT Admin roles could access the Create New Hold page via direct URL. These roles are now correctly restricted to read-only access for holds and cannot create, update, or modify Unsent or Active Holds.
Tracking code: LH-18391

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Classifications
    This page has no classifications.
  2. Tags
    This page has no tags.