We are happy to announce the 2025 annual release of SOLO Server, with numerous enhancements, including improved cookie security, support for the FTC Click to Cancel rule, and an upgrade to .NET Framework 4.7.2!
HTTP Cookie Security Enhancements
To ensure SOLO Server is compliant with the latest security recommendations, especially in legacy portions of the codebase, a new HttpCookieSecurerModule HTTP module has been implemented. When wired in to the HTTP request pipeline, this new module adds support for several new configuration entries which control the security attributes set on all HTTP cookies on a global basis:
EnableLaxSameSiteCookies - When set to true, all cookies include the SameSite=Lax attribute. This setting balances security and usability by restricting cookies from being sent on cross-site subrequests (like images or AJAX) while allowing them on safe top-level navigations, such as clicking a link to the site.
EnableSecureCookies - When set to true all cookies include the secure attribute, meaning thet are only sent to the web server on request over a secure (https) connection.
EnableHttpOnlyCookies - When set to true all cookies include the HttpOnly attribute, meaning they not accessible through client side script.
Support for FTC Click to Cancel Rule
Though the ruling has since been voided by the 8th circuit court, support for compliance with the FTC's Click to Cancel rule for subscription /recurring billing has been implemented.
SOLO Server was already compliant with most aspects of the rule, with the exception being the requirement to "require sellers to get consumers’ informed consent to the negative option features before charging them".
To address this, a new "Require Customer to Accept Terms Above" option has been added to the payment plan options. When enabled, below the Purchase License Text on the shopping cart, the user will be shown a checkbox labeled "I understand and accept the recurring billing terms outlined above" which must be checked in order to check out.
.NET Framework 4.7.2 Support
Other Enhancements
Several other enhancements:
- A new ActivationServer.ActivateLicenseETC web method for use with the Downloadable License with the Encrypted Trigger Code Validation option type has been added that returns the encrypted registration key in the response.
- The license External Reference fields are now included in the license export report.
- For SOLO Server instances hosted by SoftwareKey, a new page in the administrative interface has been added to allow verification of DNS entries required to allow our email provider to send emails from customer domains on our behalf. For more details, see our blog post on Email Deliverability.
- A new Process Manual Request entry has been added to the Customers menu for user with Activate Licenses permission which opens the customer license portal manual request page in new tab.
- The customer country field is now included in the Activation Data Export report.
- For license product options that have the Reset Expiration at Activation option enabled, the license expiration dates are no longer displayed in the Customer License Portal if the license has not been activated since the expiration date will not be determined until activation is completed.
Read the full release notes here. And as always we'd love to hear from you so feel free to reach out and contact us with your questions and feedback.