Version 7.3.5.20250701 (July 07, 2025)

Bug Fixes

  • API /auth/verify did not check the lockout policy (6521)
  • API /auth/sendActivationCode could accept any recipient (6520)
  • Failed to activate T-Pass token (6535)

Version 7.3.4.20250530 (June 01, 2025)

New Features & Improvements

  • Upgraded Log4j and other dependencies to the latest version (6414)
  • Added a new report: users without tokens (6393)

Bug Fixes

  • Skip MFA stopped working in Web SSO (6411)
  • Error occurred when user has a disabled T-pass token (6436)
  • LDAP Broker doesn't return all group memberships (6438)
  • LDAP Broker returns wrong user's SID (6439)
  • Web SSO authentication failed due to Chrome Autofill (6444)

Version 7.3.3.20250501 (May 05, 2025)

New Features & Improvements

  • Added C&R and Sign enable/disable options in the MobileID QR code (6251)
  • Added MobileID app security options in the MobileID QR code and policy (6272. 6273)
  • When OOBA is the only method in the step, it will be automatically executed (6315)
  • Added support for OATH 2.0 between DualShield RADIUS and the DualShield AUTH server (6387)
  • Improved support for LDAP Broker
  • Improved unlock account and reset password link in SSO (6246)

Bug Fixes

  • In the Outlook Anywhere agent login, when a DevicePass credential had been changed, users were not able to update the DevicePass token (6385)
  • Fixed issues in OWA login after changing password (5712, 6101)
  • Fixed the incorrect usage of formControlName related to 3rd-party password managers (6249)
  • Inactive DevicePass was used in login (6282)
  • SAML response did include the password attribute (6303)
  • Unable to publish the SP entry generated by the IIS Agent to the SSO Index page (6329)
  • Cannot provision tokens to a group/unit of users (6333)
  • Registration of FIDO keys times out too quickly on the Web SSO screen (6344)
  • Wrong certificate in IDP Metadata downloaded from Frontend SSO (6477)
  • ii8n message resources not loading properly (6339)

Version 7.3.0.20250214 (February 18, 2025)

New Features & Improvements

  • Added support for 30 seconds TOTP to the MobileID token (6187)
  • Added Reset Password link in the SSO login process (6209)
  • Added Unlock User Account link in the SSO login process (6210)
  • Added support for OATH 2.0 between DualShield Agents and the DualShield Auth server (6131, 6132)
  • Removed "authc/getSsoVersion"  from REST API (6225)
  • Removed Swagger UI

Bug Fixes

  • Email and SMS buttons for sending authorisation code on the SSO screen disappear when the option "prevent name guessing is enabled" (6154).
  • Some display issue on the "purge old audit trail records" task parameters (6215)
  • Error "Group already exists" when assigning Radius attributes to groups (6172)

Version 7.2.2.20250102 (January 02, 2025)

You only need to upgrade to this update if

  • you are running DualShield v7.2.0 or 7.2.1
  • you have enabled the Content Security Policy(CSP)
  • you have implemented or you are planning to implement the Outlook Anywhere Agent-Based MFA solution.

Bug Fixes

  • If the Content Security Policy (CSP) is enabled, then the login page of the Outlook Anywhere Agent gets a script error (6062)

Version 7.2.1.20241125 (November 27, 2024)

New Features & Improvements

  • Add options to enable, disable or change the level of Content-Security-Policy (6012)

Bug Fixes

  • FIDO function did not work when Windows Hello is enabled (6030)

Version 7.2.0.20241112 (November 16, 2024)

New Features & Improvements

  • Support external SAML IdPs for external SPs (5531)
  • Support HTTP Content Security Policy (CSP) configuration & customization (5729)
  • Support HTTP Referrer-Policy (6009)
  • Change syslog connection to asynchronous 
  • Support JavaScript in the UI customization (5983)

Bug Fixes

  • Syslog sends password in clear text from version. This bug was introduced in DualShield v6.6.0 (5880)
  • Unable to delete device certificate (5887)

Version 7.1.1.20240801 (August 01, 2024)

Bug Fixes

  • The max number of devices option in the DeviceID policy left unassigned devices in the repository (5679)
  • Cannot create a helpdesk role with only lock/unlock permission (5713)
  • Removed the "/sso/version.txt" page (5728)
  • In RADIUS login, OOBA timeout causes the user account to be locked (5730)
  • Fixed the "Cannot get property 'user' on null object" error when scanning an expired QR code (5750)

Version 7.1.0.20240702 (July 10, 2024)

New Features & Improvements

  • Add support for GSSAPI in the LDAP connection to Active Directory servers
  • Add the UI to manage system and server jobs in the Admin Console (5237)
  • Exclude non-Windows devices from the desktop to Web SSO (5492)
  • Improve the UI for replacing the SSL certificate of the Web consoles (5494)
  • Improve the UI for managing server certificates (5495)
  • Add a new set of options for the network access control in the Computer Logon Client policy (5509)
  • Make the UI of the application index page customizable (5524)
  • Authentication Server upgrade will not overwrite custom cypher settings in the server.xl file (5566)
  • Support SAML logout using HTTP-Redirect (5613)
  • Add a new task for monitoring COPU load (5672)
  • Add a new button to reload the license count (5688)

Bug Fixes

  • The Server Certificates repository displays duplicated certificates (5496)
  • SAML attributes disappear after cloning a Service Provider (5496)
  • Issues with Authentication Activity Report when adding Timestamp in Condition Builder (5530)
  • Log fields are empty in exported audit logs (5533)
  • log4j 1.x file was accidentally re-included in the previous update (5541)
  • LDAP connection failure on one identity source could bring down other services that are not directly connected to the identity source (5562)
  • Fixed some issues in the SSO Federation (5591, 5592, 5616)
  • Hiding domain selection caused the SSO Federation to fail (5517)
  • DAS throws an exception when the RADIUS EAP certificate is missing or invalid (5691)
  • Error: Cannot get property 'certificate server' on null object (5691)

Version 7.0.0.20240411 (April 08, 2024)

New Features & Improvements

  • Password is encrypted in the communication between the SSO frontend and the SSO backend server (5306)
  • Add the support of implicit UPN, i.e. a username can only be treated as either a SAMaccount name or an implicit UPN (5347)
  • Add a new role permission ('Verify' in the 'User' object) for DHV (DualShield Helpdesk Verification) console (5370)
  • Add options in the User Identity policy to control how X-User-Identity should be handled (5398)
  • Change the DualShield installation on Linux OS to support systemd service (5418)

Bug Fixes

  • 2FA could be bypassed by attacking the username in the Outlook Agent-Based 2FA (5365)
  • The 2nd step was skipped if the 1st step was set to Computer Fingerprint in the Outlook Agent-Based 2FA (5385)
  • The DualShield service was unable to automatically start in Ubuntu 20.04 (5312)
  • The geolocation feature on MobileID Push Notification did not consider reverse proxy (5322)
  • The device filter feature in the Logon policy did not work properly (5356)
  • Query is not saved in the Condition Builder when the value is set to 0 (5459)
  • Unable to change the type of a logon procedure (5211)
  • The "Export MobileID Tokens" task shows success even when it failed (4280)
  • Fixed the error "org.hibernate.exception.SQLGrammarException: could not get table metadata: user_device" (5209)
  • Updating the "Entity ID" of the SSO server is not reflected in the SSO metadata output/export (5399)
  • Fixed the error "An internal error occurred in the Microsoft Internet extensions" related to localStorage (5397)
  • Duplicated DevciePass tokens were created when the connection speed was slow (5445)


  • No labels