# 15-07-2025 (v9.4.4-b81-00-p20)

### Improvements

* Allow "Restore to inbox" to send email to a configurable folder
* Log message location in the export summary for emails that failed to export
* **Matomo**: Classic Search UI improvements
* Add authentication and authorization checks to all actions under `CommonActionServlet`
* **React Search UI**: Optimize Solr calls triggered during search
* Prevent un-escaping of `&` and `"` in payload filtered by AntiSamy while preserving key functionalities
* Default `SameSite` cookie handling to `"Strict"` if unset or invalid
* Ensure `Secure` attribute is always set on all cookies
* **Security**: Improved CSRF (Cross Site Request Forgery) handling
* Upgrade jQuery to latest version
* Upgrade AntiSamy to latest version
* Enhance XSS handling for payloads with HTML entity encoding

### Fixes

* Branding distorted on popup pages in Classic UI
* Error when executing `api-data-guardian-cron-job`
* Deleting a company with a tag that is a prefix of another company's tag may delete unrelated S3 objects — now fixed
* `mbxreader` service container startup failures caused by intermittent S3/Zookeeper issues
* General security improvements
* **Outlook Add-in**: Searching by sender or recipient email was not working
* **React Search UI**: `createUser` call was returning 400 Bad Signature error
* Admin user session terminated after accessing System Monitor page and performing any action