D214: Duo Release Notes for April 30, 2021

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

We have recently added the public version number to the title of release notes posts. This number can be found in the Duo Admin Panel and describes the version assigned to core components of the Duo service. Learn more here.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New and updated applications

New features, enhancements, and other improvements

Bug fixes

See all bug fixes


New and updated applications

Duo Authentication Proxy version 5.3.0 released

  • Timestamps in authproxy.log output now show milliseconds.
  • The authproxy_passwd tool now preserves comments when encrypting all passwords and secrets in the authproxy.cfg file with the --whole-config option.
  • When security_group_dn is defined in an ad_client section, the connectivity tool confirms that an LDAP search for the group distinguished name returns a result.
  • Fixes the connectivity tool’s error detection for mismatched TLS certificate keypairs.
  • When upgrading an existing install, the Authentication Proxy installer runs the connectivity tool to validate your configuration for correctness.

Duo Mobile for iOS version 3.54.0 released

  • Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

Duo Mobile for Android version 3.54.0 released

  • Various behind-the-scenes improvements and minor bug fixes to enhance your authentication experience.

New features, enhancements, and other improvements

Banner message added to top of administrator activation emails

  • Added text at the top of emails sent to new Duo administrators as part of the workflow to add administrators. The text reads: This is an automated message from Duo Security. This text will also be added to emails generated by other administrator workflow tasks in a future update.

Duo Admin API endpoints now return hardcoded values for legacy parameters

  • Legacy parameters can still be sent to the Admin API without error and will continue to have no effect, as stated in Duo’s documentation. However, these values are no longer stored and now return hardcoded values. If you have scripts that rely on these legacy parameters, we recommend you update them.
  • Responses from the following endpoints will contain the listed values for the specified legacy parameters:
    • Retrieve Groups and Create Group (/admin/v1/groups); Get Group Info and Update Group (/admin/v1/groups/[group_id])
      • push_enabled: false
      • sms_enabled: false
      • voice_enabled: false
      • mobile_otp_enabled: false
    • Retrieve Integrations and Create Integration (/admin/v1/integrations); Retrieve Integration by Integration Key and Modify Integration (/admin/v1/integrations/[integration_key])
      • enroll_policy: ''
      • ip_whitelist: []
      • ip_whitelist_enroll_policy: ''
      • trusted_device_days: 0
    • Retrieve Settings and Modify Settings (/admin/v1/settings)
      • push_enabled: false
      • sms_enabled: false
      • voice_enabled: false
      • mobile_otp_enabled: false

duo_client_python now supports methods for external password management via the Duo Admin API

  • Updated the duo_client_python Github repository with client functions to support external password management for Duo administrators via the Duo Admin API.

Added additional countries to country/region options in the Duo Admin Panel

  • Approximately 45 additional countries, including Laos, Micronesia, South Korea, Bangladesh, and Taiwan, have been added as options to fields in the Admin Panel that allow you to set a country or region.

Bug fixes

  • Fixed a bug where account pages for administrators in a non-editable state showed Duo Push reactivation options that did not work. These UI controls are now hidden in this scenario.
  • Fixed a bug that caused the Directory Sync error Unable to parse response string as JSON when a session timeout occurred. This error also sometimes occurred when Managed Service Provider administrators or other administrators with access to sub-accounts switched between accounts.