Summary of Recent Technical Developments

Lantero maintains an active agenda for ongoing technical development. This applies to our whistleblowing service as well as support services regarding compliance, user management, and the redaction service, Redact.

The following is a summary of some of the technical and security-related changes implemented over the past year.

Cloudflare Turnstile

The reporting form in the whistleblowing service now utilizes Cloudflare Turnstile, which provides a seamless way to protect against bots without disrupting the user experience.

Infrastructure Overview

Our internal monitoring has been better structured to allow us to proactively handle issues before they impact the customer. We have real-time monitoring in place, providing immediate feedback regarding any disturbances in our systems or services. Bitdefender is active on all our servers, and we apply maintenance and upgrade procedures on a daily, weekly, and monthly basis to ensure everything runs smoothly and predictably.

Information and Operational Security

Some of our initiatives during the year include:

• Anonymized Application Logs: We have established anonymized logs to protect personal data.
• Vulnerability Patching: Patched several known vulnerabilities (CVEs) across the npm ecosystem.
• Dependency Updates: Ensured that all major code libraries have been updated, such as Express, Vite, and Qs.
• JWT-based Verification: We have modernized the authentication flow by switching to JWT-based user verification. In practice, this means the server does not need to store information about logged-in users, providing a more secure and reliable method for session management.
• Deletion Protection: Implemented protection against deleting a channel that still contains active cases, serving as an extra safeguard for case information.

Infrastructure and Performance

Several efforts have been made to make the platform faster, more stable, and easier to maintain. During the past year, we have, among other things, completed the following:

• MongoDB Upgrade: Upgraded to the latest version, v7. This brings several security enhancements, as well as improvements in encryption, stability, and cluster management, while securing long-term support.
• React Upgrade: Upgraded to React v19.2, the latest stable version of React 19. This version represents a paradigm shift in how the framework handles interface updates. Among other benefits, it reduces the need for manual routines and offers advantages for search engine optimization (SEO).
• Node.js 24 Support: Provides more efficient memory management and improved support for the latest API standards.
• Email Queue: Implementation of an email queue to avoid issues caused by too many simultaneous SMTP connections.
• Autosave Functionality: Improved functionality for automatic saving.
• Session Renewal: Minute-by-minute session renewal to reduce the risk of being logged out while working.
• Nginx Improvements: Updated to follow best practices, including log rotation and HTTP/2 configuration.

Do not hesitate to contact us if you would like to learn more about our development and security efforts.