Versions Compared

Old Version 67

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 68

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 6.6.0.0224 (February 24, 2023)

Features & Improvements

  • Added support for SMS providers that pass authentication credentials in the HTTP header (4272)
  • Fixed Apache Shiro vulnerable library (CVE-2022-40664) (4163)
  • Fixed Apache Commons Text < 1.10.0 Remote Code Execution (CVE-2022-42889) (4162)
  • Fixed a display problem in the Admin Console related to the newly added Resource Editor feature (4361)

Version 6.6.0.0210 (February 10, 2023)

Features & Improvements

  • Resource Editor for customizing any text in any language 
  • New message templates for token deactivation notice
  • Supports login name format of "username@netbiosname" (4144)
  • Move the credential provider filter from the computer logon client policy to the agent policy (4160)
  • Improved performance of event logs (4202)
  • Updated JQuery in the AppSSO module (4203)
  • Added a new callback URL as a parameter to the SSO's logout URL (4231)
  • Added a new "Logout URL" option to SSO Service Provider to be called at logout (4235)
  • Reordered the SingleLogoutService URLS in the IDP Metadata (4279)

...

  • Outlook Anywhere occasionally created duplicated user accounts (3912)
  • FIDO did not work with Safari on MacOS (3939)
  • Failed to change AD user password via RADIUS/MS-CHAP (3950)

Features & Improvements

  • Added "My Certificates" in DualShield Service Console (2582)
  • Added "User Sign-In Devices" in DualShield Service Console (3829)
  • Added Google Authenticator support for Parallel (3892)
  • Added a new "Locale" policy (3888)
  • Added Device Name and Device Group to the Device Filter in the Logon Policy (3915)

...

  • The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
  • The user agent filter in Logon policy doesn't work for WEB SSO (3789)
  • SSO user interface customization did not work in some circumstances (3797)
  • Creating authorization code in the admin console did not work (3805)
  • in the SendOTP API, password is transmitted in clear text
  • Deleted tokens were still listed in the service console (3827)
  • After a user was access denied, switching to a different user was still access denied (3843)
  • In the safe mode, all access control policies were still effective (3852)

Features & Improvements

  • Added support for reCAPTCHA (3510)
  • Added support for FIDO2 (3727)
  • Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
  • Added access control by the user device (3780)
  • Added access control by geo velocity (3811)
  • Added device filter to the logon policy (3496)
  • Added geo velocity filter to the logon policy (3810)
  • Added user sign-in device management in the admin console (3515)
  • Version 6.5.2.0620 (June 20, 2022)
  • Add the token name to the QR code of the MobileID token (3844)
  • Repetition is disallowed in free navigation in GridID (3819)

...

  • A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
  • Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
  • An incorrect policy could be used when there are multiple domains in a realm (3775)
  • If an AD group is renamed, it became invisible in the DualShield admin console (3763)
  • Web SSO could sometimes mistakenly use the DNA logon procedure (2416)

Features & Improvements

  • Support Access Card authentication with Computer Logon v1.5 client 
  • Support FIDO2 authentication with Computer Logon v1.5 client (not with Web SSO) (3762, 3767)
  • SSO Service Provider created by the IIS Agent will have the option "Sign on SAML Response" enabled by default (3764)
  • Automatically migrate MobileID token to use default FCM with MobileID v6.1 app (3767)

...

  • Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
  • IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
  • When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
  • Cross-origin resource sharing: arbitrary origin trusted (3730)
  • Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
  • The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
  • Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
  • Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
  • Did not include ClientIP in intrusion alert (3713)
  • Import a full-chained certificate gets the error: Certificate not chained (3745)
  • Assigning token in DAC got null pointer exception (3746)
  • False error messages in das6.log:  "The application's global logon procedure is not found: Desktop SSO" (3751)
  • The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
  • Reset token successfully but there is no confirmation on the screen at all (3756)

Features & Improvements

  • Support WSFED for Outlook Web Access (OWA) and EAC (Exchange Access Console) (3758)
  • Support multiple values of a SAML attribute (3648)
  • Querying nested group membership took long time when checking roles and license (3709)
  • New task for pushing MobileID download link in bulk by user group or domain (3718)

Version 6.5.1.0503 (May 03, 2022)

Features & Improvements

  • Support Microsoft Remote Desktop Web Client (3674)
  • Support TLS 1.3 (3703)
  • MS-SQL JDBC driver upgraded to 10.2 (3681)

...