Version 6.6.0.0224 (February 24, 2023)
Features & Improvements
- Added support for SMS providers that pass authentication credentials in the HTTP header (4272)
- Fixed Apache Shiro vulnerable library (CVE-2022-40664) (4163)
- Fixed Apache Commons Text < 1.10.0 Remote Code Execution (CVE-2022-42889) (4162)
- Fixed a display problem in the Admin Console related to the newly added Resource Editor feature (4361)
Version 6.6.0.0210 (February 10, 2023)
Features & Improvements
- Resource Editor for customizing any text in any language
- New message templates for token deactivation notice
- Supports login name format of "username@netbiosname" (4144)
- Move the credential provider filter from the computer logon client policy to the agent policy (4160)
- Improved performance of event logs (4202)
- Updated JQuery in the AppSSO module (4203)
- Added a new callback URL as a parameter to the SSO's logout URL (4231)
- Added a new "Logout URL" option to SSO Service Provider to be called at logout (4235)
- Reordered the SingleLogoutService URLS in the IDP Metadata (4279)
...
- Outlook Anywhere occasionally created duplicated user accounts (3912)
- FIDO did not work with Safari on MacOS (3939)
- Failed to change AD user password via RADIUS/MS-CHAP (3950)
Features & Improvements
- Added "My Certificates" in DualShield Service Console (2582)
- Added "User Sign-In Devices" in DualShield Service Console (3829)
- Added Google Authenticator support for Parallel (3892)
- Added a new "Locale" policy (3888)
- Added Device Name and Device Group to the Device Filter in the Logon Policy (3915)
...
- The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
- The user agent filter in Logon policy doesn't work for WEB SSO (3789)
- SSO user interface customization did not work in some circumstances (3797)
- Creating authorization code in the admin console did not work (3805)
- in the SendOTP API, password is transmitted in clear text
- Deleted tokens were still listed in the service console (3827)
- After a user was access denied, switching to a different user was still access denied (3843)
- In the safe mode, all access control policies were still effective (3852)
Features & Improvements
- Added support for reCAPTCHA (3510)
- Added support for FIDO2 (3727)
- Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
- Added access control by the user device (3780)
- Added access control by geo velocity (3811)
- Added device filter to the logon policy (3496)
- Added geo velocity filter to the logon policy (3810)
- Added user sign-in device management in the admin console (3515)
- Version 6.5.2.0620 (June 20, 2022)
- Add the token name to the QR code of the MobileID token (3844)
- Repetition is disallowed in free navigation in GridID (3819)
...
- A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
- Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
- An incorrect policy could be used when there are multiple domains in a realm (3775)
- If an AD group is renamed, it became invisible in the DualShield admin console (3763)
- Web SSO could sometimes mistakenly use the DNA logon procedure (2416)
Features & Improvements
- Support Access Card authentication with Computer Logon v1.5 client
- Support FIDO2 authentication with Computer Logon v1.5 client (not with Web SSO) (3762, 3767)
- SSO Service Provider created by the IIS Agent will have the option "Sign on SAML Response" enabled by default (3764)
- Automatically migrate MobileID token to use default FCM with MobileID v6.1 app (3767)
...
- Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
- IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
- When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
- Cross-origin resource sharing: arbitrary origin trusted (3730)
- Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
- The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
- Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
- Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
- Did not include ClientIP in intrusion alert (3713)
- Import a full-chained certificate gets the error: Certificate not chained (3745)
- Assigning token in DAC got null pointer exception (3746)
- False error messages in das6.log: "The application's global logon procedure is not found: Desktop SSO" (3751)
- The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
- Reset token successfully but there is no confirmation on the screen at all (3756)
Features & Improvements
- Support WSFED for Outlook Web Access (OWA) and EAC (Exchange Access Console) (3758)
- Support multiple values of a SAML attribute (3648)
- Querying nested group membership took long time when checking roles and license (3709)
- New task for pushing MobileID download link in bulk by user group or domain (3718)
Version 6.5.1.0503 (May 03, 2022)
Features & Improvements
- Support Microsoft Remote Desktop Web Client (3674)
- Support TLS 1.3 (3703)
- MS-SQL JDBC driver upgraded to 10.2 (3681)
...