Technical updates
Admin-relevant notices, prerequisites, and security bulletins for Apteco software.
Bulletin types
- 🔴 Action required: Time-bound. Complete before a specified date or service disruption may occur.
- 🟡 Prerequisite: Install or configure before upgrading to the specified version.
- 🟡 Security bulletin: Apply the linked patch to address a known vulnerability.
- No marker: Informational only. No action required.
Before upgrading
Ensure all Apteco software components are upgraded to the same release version to maintain compatibility. For full upgrade instructions, see Installation and updates.
Q2 2026¶
IP address change for Apteco servers¶
Effective date: Week commencing 27 April, 2026
Action required
You must add the new IP address to your allowlist before the effective date if your IT team restricts outbound traffic by IP address rather than by hostname or domain URL.
Apteco is updating the network component that manages traffic to Apteco servers as it is reaching end of life and will no longer receive security or bug-fix updates. This will result in an IP address change for several Apteco services.
- Old IP address: 65.52.65.107
- New IP address: 52.236.9.107
Are you affected?¶
You are only affected if your IT team restricts outbound traffic by IP address rather than by hostname or domain URL.
Check with your IT or network team whether 65.52.65.107 is on your allowlist:
- Yes: You must take action before the effective date to avoid service disruption
- No: No action is required
Affected services¶
| Service | URL |
|---|---|
| Apteco Email | https://apteco-email.integrations.apteco.com |
| Apteco SMS | https://apteco-sms.integrations.apteco.com |
| Apteco AI proxy | https://apteco-ai-proxy.integrations.apteco.com |
| Apteco AI Tokens | https://tokens-service.integrations.apteco.com |
| Apteco Licensing | https://licence-service-proxy.licensing.apteco.com |
These URLs are called by the following components:
- Web Server (FastStats Web Service and OrbitAPI)
- Application Server (FastStats Service)
- Build Server (FastStats Designer)
Required action¶
Recommended: Add *.apteco.com to your allowlist instead of using a specific IP address.
If you require a specific IP address, follow these steps:
- Before the effective date: Add the new IP address
52.236.9.107to your allowlist alongside the existing entry for65.52.65.107. Do not remove the old IP address yet, as both will be valid during the switchover period. - After the switchover is confirmed: Remove the old IP address
65.52.65.107from your allowlist once you have verified that services are operating correctly.
Impact if no action is taken¶
- Email and SMS services: Affected servers lose access to those services until connectivity is restored.
- AI services: Affected servers lose access to Orin and all AI functions in Apteco Orbit.
-
Licensing service
Degradation occurs in stages:
- Licence refresh fails and warnings are logged:
Error refreshing licences for {systemName} with exception {e.Message} - The system continues on its cached licence for up to two months
- Once the cache expires, a two-week grace period applies
- After the grace period, the FastStats Service will not restart:
Could not find a valid licence for: {systemName}
- Licence refresh fails and warnings are logged:
If you have any questions, please contact the Apteco support team.
Q4 2025¶
.NET Framework 4.8 requirement¶
Prerequisite — install before upgrading to Q4 2025
Installing .NET Framework 4.8 requires a server restart. If your FastStats servers also host live SQL databases or websites, plan this work outside of business hours.
The following FastStats components now require .NET Framework 4.8 or later:
- FastStats Designer
- FastStats Configurator
- FastStats Web Service
.NET Framework 4.8 provides enhanced security and enables future support for OAuth-based SMTP connections. The installer validates that .NET Framework 4.8 is present on your system before proceeding.
For download links and installation guidance, see Requirements and prerequisites.
Q2 2024¶
ASP.NET Core 8 requirement for Apteco Orbit¶
Prerequisite
Install the ASP.NET Core 8 Server Hosting Bundle on the web server before upgrading the Orbit API. We strongly recommend you do this as soon as possible so you can continue receiving Orbit updates.
For details on where to download the update and a list of FAQs, see ASP.NET pre-requisite change for Apteco Orbit.
Q3 2023¶
Security: WebP library vulnerability¶
Security bulletin — CVE-2023-4863
Apply Q3 2023 patch 16 to update the Chromium component within FastStats to version 116.0.230 or later. Verify your installation includes this version after applying the patch.
A heap buffer overflow in the WebP library within Google Chrome, specifically in versions prior to 116.0.5845.187, posed a security risk. This vulnerability allowed a remote attacker to execute an out-of-bounds memory write by exploiting a crafted HTML page.
See CVE-2023-4863 and Patch 16: WebP library security flaw in Apteco FastStats.
Q2 2023¶
SHA-1 hashing algorithm deprecation¶
Security bulletin
If your FastStats system currently uses the SHA-1 Security Hash Method, transition to SHA-256 or later. Follow the steps in the linked guide.
In light of the deprecation of the SHA-1 hash function for digital signatures, we are advising all FastStats systems to transition from SHA-1 to at least SHA-256. This change ensures improved security measures aligning with current standards.
See Change hashing algorithm for FastStats systems.
Technical and organisational measures (TOMs) in Apteco Cloud¶
We are pleased to announce the integration of Technical and Organisational Measures (TOMs) into our Apteco Cloud services. These measures are designed to ensure the utmost security and protection of personal information processed within our cloud environment. They include:
- Access control
- Intrusion prevention
- Unauthorised activities in data processing systems
- Pseudonymisation and anonymisation
- Control procedures
- Separation control
- Input control
- Availability control
- Resilience and fail-safe control
- Order control
For more details, see Technical and organisational measures (TOMs).
Windows OS and .NET Framework 4.7.2 requirement¶
Prerequisite
From the Q2 2023 release, Apteco desktop software requires .NET Framework 4.7.2 or later.
This applies to:
- Client machines: Those running Apteco FastStats or Apteco PeopleStage
- Servers: Those running the FastStats Web Service and FastStats Service components
You can download the latest .NET installers from https://www.microsoft.com/net/download.
Apteco recommends keeping your .NET Framework up to date and ensuring all Windows updates are applied.
.NET Framework 4.7.2 is supported on the following operating systems:
- Windows 7 Service Pack 1
- Windows 8.1
- Windows 10 (all versions)
- Windows Server 2016
- Windows Server, version 1709
- Windows Server, version 1803
- Windows Server, version 1809
- Windows Server 2019
Q1 2022¶
ASP.NET Core 6 requirement for Apteco Orbit¶
Prerequisite
Install the ASP.NET Core 6 Server Hosting Bundle on the web server before upgrading the Orbit API.
The second Orbit release in January 2022 (version 1.10.26) introduced a dependency on the ASP.NET Core 6 Server Hosting bundle for the OrbitAPI. This is now required to be installed on the web server.
For details on where to download the update and a list of FAQs, see ASP.NET pre-requisite change for Apteco Orbit.
Q2 2021¶
Digitally signed binary assets¶
The Q2 2021 release introduced digitally signed binary assets, increasing security by verifying the integrity of code downloaded by the launcher. To take advantage of this feature, the binaries need to be updated and a new launcher created and distributed to users.
Troubleshooting
In the rare event that a new launcher has been configured but the binaries have not been updated, the following exception (or similar) is received when opening the launcher:
Password reset functionality¶
Configuration required
Set the FastStats Web Service URL in the General tab of your Web Service configuration. Without this, the password reset function will not work after upgrading.
The Q2 2021 release requires the URL of the FastStats Web Service to be set for the password reset function. This setting can be found in the General tab of your FastStats Web Service configuration.
Once this change has been made, the FastStats Web Service picks up the configuration after some time, or can be forced to do so by restarting IIS.

