Versions Compared

Old Version 60

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 61

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 6.5.4.0909 (Sept 09, 2022)

Bug Fixes

  • Outlook Anywhere occasionally created duplicated user accounts (3912)
  • FIDO did not work with Safari on MacOS (3939)
  • Failed to change AD user password via RADIUS/MS-CHAP (3950)
  • Added a new "Locale" policy (3888)
  • Added Device Name and Device Group to the Device Filter in the Logon Policy (3915)

Features & Improvements

  • Added "My Certificates" in DualShield Service Console (2582)
  • Added "User Sign-In Devices" in DualShield Service Console (3829)
  • Added Google Authenticator support for Parallel (3892)

Version 6.5.3.0722 (July 22, 2022)

Bug Fixes

  • The option "Sign on SAML Response" was wrongly enabled by default for IIS applications, and caused the issue "OWA Error - Invalid SAML Response: Signature wrapping attack, wrong URI...". It is now disabled by default (3823)
  • The user agent filter in Logon policy doesn't work for WEB SSO (3789)
  • SSO user interface customization did not work in some circumstances (3797)
  • Creating authorization code in the admin console did not work (3805)
  • in the SendOTP API, password is transmitted in clear text
  • Deleted tokens were still listed in the service console (3827)
  • After a user was access denied, switching to a different user was still access denied (3843)
  • In the safe mode, all access control policies were still effective (3852)

Features & Improvements

  • Added support for reCAPTCHA (3510)
  • Added support for FIDO2 (3727)
  • Added support for "StaticPass + OTP" in logins from non-RADIUS clients, e.g. LDAP Broker
  • Added access control by the user device (3780)
  • Added access control by geo velocity (3811)
  • Added device filter to the logon policy (3496)
  • Added geo velocity filter to the logon policy (3810)
  • Added user sign-in device management in the admin console (3515)
  • Version 6.5.2.0620 (June 20, 2022)
  • Add the token name to the QR code of the MobileID token (3844)
  • Repetition is disallowed in free navigation in GridID (3819)

Bug Fixes

  • A bug in the WS-Federation protocol handler caused Office 365 Federated SSO to stop working properly (3794)
  • Change to the "wreply" attribute in SSO Service Provider didn't take effect until the service restarted (3793)
  • An incorrect policy could be used when there are multiple domains in a realm (3775)
  • If an AD group is renamed, it became invisible in the DualShield admin console (3763)
  • Web SSO could sometimes mistakenly use the DNA logon procedure (2416)

Features & Improvements

  • Support Access Card authentication with Computer Logon v1.5 client 
  • Support FIDO2 authentication with Computer Logon v1.5 client (not with Web SSO) (3762, 3767)
  • SSO Service Provider created by the IIS Agent will have the option "Sign on SAML Response" enabled by default (3764)
  • Automatically migrate MobileID token to use default FCM with MobileID v6.1 app (3767)

...

Version 6.5.2.0601 (June 01, 2022)

Bug Fixes

  • Upgrading failed with SQL error when Dualshield is connected to an MS-SQL 2014 server (3757)
  • IIS apps, e.g. OWA, got the error "Invalid SAML Response: Signature verified failed" after upgrading to DualShield 6.5.1 (3750)
  • When signing in from a new device with an Outlook client, it doesn't trigger the device registration alert
  • Cross-origin resource sharing: arbitrary origin trusted (3730)
  • Logon request timed out in OOBA call in a system with 2 or more Dualshield backend servers (3734)
  • The option InResponseTo was not functional and the attribute was always included in the SAML response (3484)
  • Extra 'S' in the SSO URL after using the change FQDN feature to change the HTTP protocol (3658)
  • Failed to generate the SAML response when both assertion and response are ticked for signature (3699)
  • Did not include ClientIP in intrusion alert (3713)
  • Import a full-chained certificate gets the error: Certificate not chained (3745)
  • Assigning token in DAC got null pointer exception (3746)
  • False error messages in das6.log:  "The application's global logon procedure is not found: Desktop SSO" (3751)
  • The DualShield Service Console displays Error 404 when the user has no permission in Token and Account in the Self Service Policy (3754)
  • Reset token successfully but there is no confirmation on the screen at all (3756)

Features & Improvements

  • Support WSFED for Outlook Web Access (OWA) and EAC (Exchange Access Console) (3758)
  • Support multiple values of a SAML attribute (3648)
  • Querying nested group membership took long time when checking roles and license (3709)
  • New task for pushing MobileID download link in bulk by user group or domain (3718)

Version 6.5.1.0503 (May 03, 2022)

Features & Improvements

  • Support Microsoft Remote Desktop Web Client (3674)
  • Support TLS 1.3 (3703)
  • MS-SQL JDBC driver upgraded to 10.2 (3681)

Bug Fixes

  • DualShield with SQL server database upgrading to v6.5.0 failed (3671)
  • Deleting and re-adding DeviceID tokens in the same user account caused the license count to increment (3488)
  • The user search filter stopped working after moving to the next page (3645)
  • Login via the Deepnet Authenticator (DNA) sometimes caused a deadlock (3653)
  • OOBA by SMS and Call did not work in v6.5.0 (3679, 3880)
  • The "Users have been inactive for n days" did not work (3690)

...

  • DeviceID registration and renewal verification using Deepnet Authenticator (3469)
  • Introduced DeviceID renewal (3469)
  • Improved extraction of DeviceID properties (3473, 3525, 3563)
  • Added FIDO2 support (3420)
  • Travel velocity detection (3017)
  • Replaced log4j with logback in the authentication server module (3447)
  • Replaced log4j with logback in the certificate server module (3441)
  • Upgraded log4j from 1.2.17 to 2.17.2 in the management console module (3451)
  • New Device Sign-in support for Outlook Anywhere and ActiveSync (3516)
  • New Device Sign-in support for Computer Logon (3528)
  • New Device Sign-in support for Deepnet Authenticator (3529)
  • Automatically renew the SSO certificate when the associated let's encrypt certificate has been renewed (3564)
  • DualShield Deployment Service - support incoming username as a URL parameter 'username' (3582)
  • DualShield SSO - support incoming username as the NameID attribute in the SAML request (3612)
  • DualShield SSO - upgraded jquery to 3.6.0 (3590)
  • Added "Send Activation Code via email" for DeviceID

Bug Fixes

  • Failed to save the Product value in the task 'delete token by product' (3415)
  • Error - "500:no enum constant com.deepnet.das.util.LogicalOperator", when navigating to Reports (3463)
  • Error - "Gateway type not matched for TELEPHONE" in the Admin Console (3489)
  • DualShield Service Console - user-defined token properties were not displayed for T-Pass and MobileID (3545)
  • User's external status (Active/Disabled) change not reflected immediately (3561)
  • Querying available channels for activation code raised exception (3565)
  • LDAPBroker integration error: No signature of method (3569)
  • In push token email, QR-Code is always included (3620)
  • Searching LDAP user by internal attribute didn't work (3621)
  • After LDAP user's internal attributes have been updated, DAC always shows the old values (3624)

Version 6.4.20.1215 (December 15, 2021)

Bug Fixes

  • Failed to create new tokens for users who have no tokens (3438)
  • Failed to work with DualShield IIS Agent if FQDN was changed in the past (3437)
  • Log4J upgraded to 2.16  (3439)

...

  • Add support for external SQL based user directory, e.g. Keycloak (3344, 3346)
  • Release DualShield MyVD (Beta)

Bug Fixes

  • In SSO, the delivery channels for the activation code were missing (3393)
  • In SSO, error when attempting to register FIDO keys with PIN enabled (3328, 3376)
  • In DAC, group search in the policy window did not work
  • In DAC, executing the AUthentication Activity  task failed (3414)

...

  • Support Let's Encrypt
  • Support Deepnet Authenticator in RADIUS logon
  • Support UAC Prompt in the Windows Logon 6.2 and the Computer Logon 1.3
  • Support Network Drive Map in the Windows Logon 6.2 and the Computer Logon 1.3
  • Add new device access notification
  • Add token assignment expiration notification
  • Improve FQDN change and certificate change and renewal
  • Improve performance in AD group membership lookup when there is a larger number of nested groups
  • Administrators can generate the Authorisation Code in the admin console
  • Tokens can be exported from the server and import into the Computer Logon Client to be used for offline logon
  • Support SID as a form of user's login identity, along with SAM account name, down-level domain logon name and UPN
  • Return a RADIUS attribute with multiple values as multiple attributes of the same name

Bug Fixes

  • German umlaut letters caused errors in OOBA push authentication
  • Audit Logs were not exported according to the display filter
  • Preview of User Interface Customisation did not work properly
  • MS-SQL deadlock at a high volume of traffic
  • QR code is not displayed in Gmail
  • Mapping the Personal Email identity attribute to an AD attribute got the error "Attribute is intrinsic"
  • Intrusion Alert did not work
  • WINSSO caused exception
  • MobileID OOBA push message did not beep
  • Renewing a self-signed certificate resulted in different self-signed certificates in different DualShield servers in a cluster
  • Unable to set a default pin in token polices
  • GridID asks for resetting path even if the mode is set to free navigation
  • At login, the answer in Q&A was visible
  • Many minor issues were fixed in the Admin Console

...

  • Expiration notification service for AD password
  • Device Quarantine UI for DevicePass, DeviceID and DeviceCert
  • Organizations and users can publish custom applications on the SSO portal and Self-Sevice console.

Bug Fixes

  • DualShield root CA did not have a CN
  • When FQDN is being changed, its self-signed certificate is not updated
  • In some cases, OOBA doesn't work on iOS devices if there are multiple DualShield servers in the system
  • Alert messages do not appear in the Inbox
  • Occasionally, creating a group policy caused Hibernate lazy init error
  • On the DevicePass and DeviceCert activation page, Contact Info is missing

...

  • Expiration notification service for token PIN and PATH
  • Add "last access ip" into token
  • Auto refresh user status after lockout period ends
  • If the token does not have PIN, hide the "PIN" entry box
  • Make "Enable Agent Registration" persistent across all DAS instances
  • New UI for RADIUS server EAP options
  • Add "System Info" to show info such as the version of Java, Tomcat and MySQL
  • Enhance the Self-Service Policy so that the Self-Service Console can be completely customised

Bug Fixes

  • At RADIUS logon, token auto provisioning did not work
  • FaceSense enrollment shows black image on Mac
  • Cannot download HOTP token in Deployment Service
  • Scan QR code of HOTP token results "null in ocraSuite" error
  • QR code of Google Authenticator was not displaying in the  Deployment Service if Authorization Code is required
  • Several reflected XSS in DSC, DUA and DRP modules
  • Tomcat 9 error 400 includes the Tomcat version
  • A possible hibernate SQL injection in the message search function in DAC and DMC
  • After upgrade to 6.0, some newly tokens cannot be seen in the user account
  • SAML SP attribute entry box does not accept manual entry
  • Agent's Public URL cannot be set to empty
  • Upgrading 2 DualShield servers simultaneously caused optimistic lock error

Version 6.1.0.0304

Bug Fixes

  • Failed to register RADIUS server 
  • Failed to install DualShield on a machine where JAVA is already installed
  • Unable to edit Radius Client when it is connected to multiple Radius Servers

...

  • Deepnet Authenticator is now available for Web and Cloud applications
  • New authentication method DeviceCert is now available for Web, and Cloud application as well as Modern Authentication for Office clients
  • Smartcard certificate authentication method is now also available for Web and Cloud applications
  • Changing FQDN is now availbale within the admin console.  
  • Changing and Renewing the certificate of the web consoles is now available within the Admin Console
  • New option "Download Token in MobileID App" added to the MobileID policy
  • New option "Remember last login username" added to the Logon policy
  • New option "Remember last login methods" added to the Logon policy

Bug Fixes

  • Downloading token from the MobileID app was malfunctional
  • Remembering last logon methods did not work in a multi-step logon procedure
  • Disabled users were allowed to reset password 
  • The system admin account (SA) was not allowed to login when the license key has expired
  • Application Self Test failed with an incorrect error message
  • The QR code for the Google and Microsoft Authenticator did not work
  • Office 365 ECP login did not work
  • Unable to add Base DN when creating a new Identity Source of OpenLDAP
  • Password Reset did not work in OpenLDAP (ClearOS)
  • Radius server association was lost after editing a radius client
  • Selecting "MS-CHAP2" in RADIUS authentication caused RADIUS authencation to fail
  • Installing DualShield on Linux without legacy components would fail
  • The value of RelayState was not URL encoded
  • HTTP proxy did not work
  • SAML response did not include the correct value of the SAML attribute "SessionNotOnOrAfter", causing some SPs to terminate sessions  within 5 minutes
  • A CORS related issue
  • Trying to unregister OOBA from the MobileID app caused a JSON error
  • In the admin console, some passwords such as the Access User in the Identity Source was included in the data stream
  • On an iOS device clicking "Download App" in DualShield Deployment Service (DDS) console took the user to Google Play

...