D257: Duo Release Notes for Jan 20, 2023

Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

New and updated applications

Bug fixes

See all bug fixes

New features, enhancements, and other improvements

Now in Public Preview: Duo Network Gateway API

  • Duo Network Gateway 2.2.0 and later may be configured and administered via the Duo Network Gateway API.
  • Previously, Duo Network Gateway (DNG) configuration required either the DNG Admin UI or DNG Scripted Configuration.
  • Now the Duo Network Gateway API lets administrators configure the DNG through a RESTful API with methods for creating, retrieving, updating, and deleting core configuration in the DNG, as well as configuration and management of DNG web, SSH, RDP, and SMB/file share applications.

Operating systems policy version will be updated for Windows

  • Effective February 6, 2023, Windows 8.1 will be marked end-of-life for operating system policy purposes.

Duo Single Sign-On Log now includes failed SSO authentications

New Duo policy defaults for browser and operating systems policies

  • Browser policy defaults as of D257 will enable Warn users if their browser is out of date.
  • Operating system policy defaults as of D257 will disable Allow Blackberry devices and Allow Windows Phone devices.
  • Following the D256 general availability release of Duo policy defaults, Duo continues to roll out new policy defaults designed to give our customers a security posture that is resilient against trending attack patterns.
  • As before, please note that the new policy defaults feature will not modify your existing policies.

Duo Admin Panel menu improvements

  • Improved organization of Lockout and Fraud settings menu:

  • A new tooltip in the Duo Risk-based factor selection policy builder menu describes Policy Impact and gives admins insight into how often most organizations could expect to step up.

  • A Dashboard banner and Authentication Log and Policies page simplify the option to turn on Verified Duo Push.

New and updated applications

Duo Network Gateway version 2.2.0 released

  • Public preview of Duo Network Gateway API for DNG administration.
  • General availability of SMB/File share access protected by Duo Network Gateway.
  • Prevention of Server-Side Request Forgery (SSRF) attacks where an upstream DNS entry is pointed at the AWS metadata service at
  • Supports proxying upstream TLSv1.3 connections.
  • Permits setting the maximum header size of a request to a value beyond the previously-fixed maximum of 8 KB via the DNG admin console and scripted configuration.
  • Fixes an issue with setting a port for the external URL of a web application in DNG admin console.
  • Fixes an issue where browsing to an SSH or Application relay application in a web browser would present an OpenResty page.
  • Updated dependencies: Python to 3.9.6, PCRE to 10.40, libxml2 to 2.10.2, cryptography to 36.0.2, pyOpenSSL to 22.0.0, and libxslt to 1.1.37.

DuoConnect version 2.0.4 released

  • Updated Go version used to compile DuoConnect to v1.19.1.

Duo Single Sign-On for Datadog

Duo Mobile for Android version 4.32.0 released

  • Do not prompt for autofill when performing verified push.
  • Disallow device-to-device transfers on Android 12 and up. This was already restricted on earlier Android versions.

Duo Mobile for iOS version 4.32.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.

Bug fixes