Versions Compared

Old Version 64

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 65

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 6.5.5.1028 (November 21, 2022)

Bug Fixes

  • SSO got stuck on the last step (4077)
  • Some prompt and error messages were truncated ending "{0}" (4102)

Improvements

  • Self-Service Console - the main menu is expanded by default (4074)
  • Self-Service Console - if the user has no permissions at all on a section, such as Site Stamp, then the section is removed from the main menu  (4070)
  • Self-Service Console - add access control permissions to the user device section (4072)

Version 6.5.5.1028 (October 28, 2022)

Bug Fixes

  • Error "Unknown Algorithm Name: PROX/TOTP" when upgrading from DualShield 5.9.x to DualShield 6.5.x (3991)
  • Error "org.hibernate.NonUniqueObjectException" (3990)
  • Error "java.lang.NullPointerException: Cannot invoke method tokenize() on null object" occurred when a new computer logon client  is connected with an old MFA server (3984)
  • Error "Cannot get property 'category' on null object" (4050)
  • The Reset Password Service got an exception error when UPN was used as the login name (3993)
  • The MFA server failed to initialize when AWS MySQL is being used (4025)
  • The username autofill did not work in the Activate module in the DualShield Deployment Service (DDS) did not work (4033)
  • Changing FQDN on Linux failed (4045)

Improvements

  • Resource Editor for customization & localization (3877)
  • Replaced port 8005 with port 18005 (3985)
  • Added a new policy option 'Deployment Service URL' to the Self-Service Policy (4032)
  • Added a new wildcard [[ACLINKUPN]] to the Activation Code message template (4036)
  • Added Device Name and Device Group into the Device Filter in the Logon Policy (3915)
  • Ready for FCM update in the MobileID/Android app (3989)

Version 6.5.4.0914 (Sept 14, 2022)

Bug Fixes

  • Fixed a compatibility issue with the old versions of the DualShield Windows Logon client  that caused error "Cannot set property 'ip' on null object" (3980)

Improvements

  • The function "Enroll DeviceCert" in the DualShield Service Console is disabled on non-Windows OS (3959)
  • Added a new token permission for "Export Token" and "Download DeviceCert" in the DualShield Service Console (3961)

Version 6.5.4.0909 (Sept 09, 2022)

Bug Fixes

  • Outlook Anywhere occasionally created duplicated user accounts (3912)
  • FIDO did not work with Safari on MacOS (3939)
  • Failed to change AD user password via RADIUS/MS-CHAP (3950)

...

Version 6.5.3.0722 (July 22, 2022)

Bug Fixes

  • The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
  • The user agent filter in Logon policy doesn't work for WEB SSO (3789)
  • SSO user interface customization did not work in some circumstances (3797)
  • Creating authorization code in the admin console did not work (3805)
  • in the SendOTP API, password is transmitted in clear text
  • Deleted tokens were still listed in the service console (3827)
  • After a user was access denied, switching to a different user was still access denied (3843)
  • In the safe mode, all access control policies were still effective (3852)

...

  • Added support for reCAPTCHA (3510)
  • Added support for FIDO2 (3727)
  • Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
  • Added access control by the user device (3780)
  • Added access control by geo velocity (3811)
  • Added device filter to the logon policy (3496)
  • Added geo velocity filter to the logon policy (3810)
  • Added user sign-in device management in the admin console (3515)
  • Version 6.5.2.0620 (June 20, 2022)
  • Add the token name to the QR code of the MobileID token (3844)
  • Repetition is disallowed in free navigation in GridID (3819)

Bug Fixes

  • A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
  • Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
  • An incorrect policy could be used when there are multiple domains in a realm (3775)
  • If an AD group is renamed, it became invisible in the DualShield admin console (3763)
  • Web SSO could sometimes mistakenly use the DNA logon procedure (2416)

...

Version 6.5.2.0601 (June 01, 2022)

Bug Fixes

  • Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
  • IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
  • When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
  • Cross-origin resource sharing: arbitrary origin trusted (3730)
  • Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
  • The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
  • Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
  • Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
  • Did not include ClientIP in intrusion alert (3713)
  • Import a full-chained certificate gets the error: Certificate not chained (3745)
  • Assigning token in DAC got null pointer exception (3746)
  • False error messages in das6.log:  "The application's global logon procedure is not found: Desktop SSO" (3751)
  • The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
  • Reset token successfully but there is no confirmation on the screen at all (3756)

...

  • Support Microsoft Remote Desktop Web Client (3674)
  • Support TLS 1.3 (3703)
  • MS-SQL JDBC driver upgraded to 10.2 (3681)

Bug Fixes

  • DualShield with SQL server database upgrading to v6.5.0 failed (3671)
  • Deleting and re-adding DeviceID tokens in the same user account caused the license count to increment (3488)
  • The user search filter stopped working after moving to the next page (3645)
  • Login via the Deepnet Authenticator (DNA) sometimes caused a deadlock (3653)
  • OOBA by SMS and Call did not work in v6.5.0 (3679, 3880)
  • The "Users have been inactive for n days" did not work (3690)

...

  • DeviceID registration and renewal verification using Deepnet Authenticator (3469)
  • Introduced DeviceID renewal (3469)
  • Improved extraction of DeviceID properties (3473, 3525, 3563)
  • Added FIDO2 support (3420)
  • Travel velocity detection (3017)
  • Replaced log4j with logback in the authentication server module (3447)
  • Replaced log4j with logback in the certificate server module (3441)
  • Upgraded log4j from 1.2.17 to 2.17.2 in the management console module (3451)
  • New Device Sign-in support for Outlook Anywhere and ActiveSync (3516)
  • New Device Sign-in support for Computer Logon (3528)
  • New Device Sign-in support for Deepnet Authenticator (3529)
  • Automatically renew the SSO certificate when the associated let's encrypt certificate has been renewed (3564)
  • DualShield Deployment Service - support incoming username as a URL parameter 'username' (3582)
  • DualShield SSO - support incoming username as the NameID attribute in the SAML request (3612)
  • DualShield SSO - upgraded jquery to 3.6.0 (3590)
  • Added "Send Activation Code via email" for DeviceID

Bug Fixes

  • Failed to save the Product value in the task 'delete token by product' (3415)
  • Error - "500:no enum constant com.deepnet.das.util.LogicalOperator", when navigating to Reports (3463)
  • Error - "Gateway type not matched for TELEPHONE" in the Admin Console (3489)
  • DualShield Service Console - user-defined token properties were not displayed for T-Pass and MobileID (3545)
  • User's external status (Active/Disabled) change not reflected immediately (3561)
  • Querying available channels for activation code raised exception (3565)
  • LDAPBroker integration error: No signature of method (3569)
  • In push token email, QR-Code is always included (3620)
  • Searching LDAP user by internal attribute didn't work (3621)
  • After LDAP user's internal attributes have been updated, DAC always shows the old values (3624)

Version 6.4.20.1215 (December 15, 2021)

Bug Fixes

  • Failed to create new tokens for users who have no tokens (3438)
  • Failed to work with DualShield IIS Agent if FQDN was changed in the past (3437)
  • Log4J upgraded to 2.16  (3439)

...

  • Add support for external SQL based user directory, e.g. Keycloak (3344, 3346)
  • Release DualShield MyVD (Beta)

Bug Fixes

  • In SSO, the delivery channels for the activation code were missing (3393)
  • In SSO, error when attempting to register FIDO keys with PIN enabled (3328, 3376)
  • In DAC, group search in the policy window did not work
  • In DAC, executing the AUthentication Activity  task failed (3414)

...

  • Support Let's Encrypt
  • Support Deepnet Authenticator in RADIUS logon
  • Support UAC Prompt in the Windows Logon 6.2 and the Computer Logon 1.3
  • Support Network Drive Map in the Windows Logon 6.2 and the Computer Logon 1.3
  • Add new device access notification
  • Add token assignment expiration notification
  • Improve FQDN change and certificate change and renewal
  • Improve performance in AD group membership lookup when there is a larger number of nested groups
  • Administrators can generate the Authorisation Code in the admin console
  • Tokens can be exported from the server and import into the Computer Logon Client to be used for offline logon
  • Support SID as a form of user's login identity, along with SAM account name, down-level domain logon name and UPN
  • Return a RADIUS attribute with multiple values as multiple attributes of the same name

Bug Fixes

  • German umlaut letters caused errors in OOBA push authentication
  • Audit Logs were not exported according to the display filter
  • Preview of User Interface Customisation did not work properly
  • MS-SQL deadlock at a high volume of traffic
  • QR code is not displayed in Gmail
  • Mapping the Personal Email identity attribute to an AD attribute got the error "Attribute is intrinsic"
  • Intrusion Alert did not work
  • WINSSO caused exception
  • MobileID OOBA push message did not beep
  • Renewing a self-signed certificate resulted in different self-signed certificates in different DualShield servers in a cluster
  • Unable to set a default pin in token polices
  • GridID asks for resetting path even if the mode is set to free navigation
  • At login, the answer in Q&A was visible
  • Many minor issues were fixed in the Admin Console

...

  • Expiration notification service for AD password
  • Device Quarantine UI for DevicePass, DeviceID and DeviceCert
  • Organizations and users can publish custom applications on the SSO portal and Self-Sevice console.

Bug Fixes

  • DualShield root CA did not have a CN
  • When FQDN is being changed, its self-signed certificate is not updated
  • In some cases, OOBA doesn't work on iOS devices if there are multiple DualShield servers in the system
  • Alert messages do not appear in the Inbox
  • Occasionally, creating a group policy caused Hibernate lazy init error
  • On the DevicePass and DeviceCert activation page, Contact Info is missing

...

  • Expiration notification service for token PIN and PATH
  • Add "last access ip" into token
  • Auto refresh user status after lockout period ends
  • If the token does not have PIN, hide the "PIN" entry box
  • Make "Enable Agent Registration" persistent across all DAS instances
  • New UI for RADIUS server EAP options
  • Add "System Info" to show info such as the version of Java, Tomcat and MySQL
  • Enhance the Self-Service Policy so that the Self-Service Console can be completely customised

Bug Fixes

  • At RADIUS logon, token auto provisioning did not work
  • FaceSense enrollment shows black image on Mac
  • Cannot download HOTP token in Deployment Service
  • Scan QR code of HOTP token results "null in ocraSuite" error
  • QR code of Google Authenticator was not displaying in the  Deployment Service if Authorization Code is required
  • Several reflected XSS in DSC, DUA and DRP modules
  • Tomcat 9 error 400 includes the Tomcat version
  • A possible hibernate SQL injection in the message search function in DAC and DMC
  • After upgrade to 6.0, some newly tokens cannot be seen in the user account
  • SAML SP attribute entry box does not accept manual entry
  • Agent's Public URL cannot be set to empty
  • Upgrading 2 DualShield servers simultaneously caused optimistic lock error

Version 6.1.0.0304

Bug Fixes

  • Failed to register RADIUS server 
  • Failed to install DualShield on a machine where JAVA is already installed
  • Unable to edit Radius Client when it is connected to multiple Radius Servers

...

  • Deepnet Authenticator is now available for Web and Cloud applications
  • New authentication method DeviceCert is now available for Web, and Cloud application as well as Modern Authentication for Office clients
  • Smartcard certificate authentication method is now also available for Web and Cloud applications
  • Changing FQDN is now availbale within the admin console.  
  • Changing and Renewing the certificate of the web consoles is now available within the Admin Console
  • New option "Download Token in MobileID App" added to the MobileID policy
  • New option "Remember last login username" added to the Logon policy
  • New option "Remember last login methods" added to the Logon policy

Bug Fixes

  • Downloading token from the MobileID app was malfunctional
  • Remembering last logon methods did not work in a multi-step logon procedure
  • Disabled users were allowed to reset password 
  • The system admin account (SA) was not allowed to login when the license key has expired
  • Application Self Test failed with an incorrect error message
  • The QR code for the Google and Microsoft Authenticator did not work
  • Office 365 ECP login did not work
  • Unable to add Base DN when creating a new Identity Source of OpenLDAP
  • Password Reset did not work in OpenLDAP (ClearOS)
  • Radius server association was lost after editing a radius client
  • Selecting "MS-CHAP2" in RADIUS authentication caused RADIUS authencation to fail
  • Installing DualShield on Linux without legacy components would fail
  • The value of RelayState was not URL encoded
  • HTTP proxy did not work
  • SAML response did not include the correct value of the SAML attribute "SessionNotOnOrAfter", causing some SPs to terminate sessions  within 5 minutes
  • A CORS related issue
  • Trying to unregister OOBA from the MobileID app caused a JSON error
  • In the admin console, some passwords such as the Access User in the Identity Source was included in the data stream
  • On an iOS device clicking "Download App" in DualShield Deployment Service (DDS) console took the user to Google Play

...