1: For CVE-2023-46589, CVE-2023-45648, CVE-2023-44487, CVE-2023-42795,only need to update xeams.jar and webfornt.zip? Or we need to the JRE software?
2: New features configuration is only show once,if need to update,which link it is?
3: Server Configuration>>Manage Alerts>>First Login Alert
Even you click to enable it and save,it never work,always is disabled
4: For Generate NDRs,the Message-ID is added or not?
5: When view a message>>Forward To>>
(1)NDR-Junk,the message is not about junk,but as blow:
Remote host said: 550 Requested mail action not taken: mailbox unavailable
(2)NDR-User not found,it is correct info:
Remote host said: 450 Requested mail action not taken: mailbox unavailable

1. You only need Xeams.jar and webfront.zip. These CVEs are related to Tomcat, not the JRE.
2. Correct. This page is only displayed once. Every field on this page exists on other pages. Click the question mark icon for details. For example, the number of days to avoid logging in is under the Server Configuration Advanced tab.
3. This is a bug. We will fix it in the next update.
4. Yes
5. We're investigating this on our end.