Duo Release Notes for March 29, 2019


Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

New features, enhancements, and other improvements

Expanded pagination capabilities added to Duo Admin API

  • In order to improve reliability and response times of Duo’s Admin API, we have extended pagination capabilities to all Admin API endpoints that return lists of objects. This change will allow us to better predict and manage load on our backend services to support current and future volume of Admin API requests.
  • Pagination is now enabled for the following endpoints (in addition the endpoints for which pagination was already enabled):
    • /admin/v1/users/[user_id]/bypass_codes
    • /admin/v1/users/[user_id]/phones
    • /admin/v1/users/[user_id]/groups
    • /admin/v1/users/[user_id]/u2ftokens
    • /admin/v1/users/[user_id]/tokens
    • /admin/v1/groups
    • /admin/v1/tokens
    • /admin/v1/admins
  • If calls to any of these endpoints are not coded to utilize pagination, they will only return the maximum possible set size.
  • Learn more about Admin API pagination in the Knowledge Base.

Duo Mobile for Android now utilizes Firebase Cloud Messaging

  • Because Google is ending support for Google Cloud Messaging (GCM) in April 2019, we have migrated our services for Duo Mobile for Android to Firebase Cloud Messaging (FCM).
  • This change should not have any impact on Duo Mobile users. If you encounter Duo Push notification issues on Android for any reason, always be sure to use the troubleshooting steps in this article to resolve them.

New and updated applications

Duo Authentication Proxy 3.0 released

  • This new version of the Duo Authentication Proxy features several notable changes, including moving the default minimum TLS version to TLSv1.2.
  • Learn more about the changes introduced in version 3.0 in our Community post or in the documentation.

Duo Network Gateway (DNG) 1.4.4 released

  • Containers now get their resolver from the system /etc/resolv.conf at startup.
  • Added support for customizing upstream response timeout on web applications.
  • Disabled insecure SSL/TLS versions.
  • Secure TLS redis connections by validating certificates. Read this Knowledge Base article if you must use a certificate not signed by an authority in the Mozilla CA bundle.

Duo Mobile for Android 3.26.0 released

  • Includes Push notification system updates required by Google.

Bug fixes

  • In the Duo Admin Panel, all fields on a pending-deletion user’s page are now read-only.
  • Azure Sync now properly respects and handles cyclical group memberships.
  • Removed counts of 2FA devices in Duo Admin Panel navigation menu. This was planned to be removed previously (as part of an initiative to improve Duo Admin Panel performance), but was accidentally missed.
  • CSV and JSON exports of Authentication Logs now include a row with an explicit error message when the service times out during export.
  • Fixed a version caching bug occurring on certain Android devices/versions that prevented policies from being enforced properly when responding to a push.
  • Added Android Q as a beta version for Android to prevent users from being blocked by OS policy restrictions when running the beta version.
  • Updated Duo-supported Admin API client libraries for Python, Perl, PHP, Swift, NodeJS, Go, C#, Java, and Ruby to automatically backoff and retry requests when API rate limits are hit.