Duo Release Notes for November 8, 2019

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

New features, enhancements, and other improvements

Azure Active Directory Sync updated with new features

Transition to Cisco’s Privacy Statement

  • Effective October 28, 2019, Duo Security transitioned to Cisco’s Privacy Statement. The Privacy Data Sheet provides additional detail and transparency regarding the data that Duo Security processes and demonstrates our commitment to Cisco’s standards, but it is important to note that Duo Security has not made any changes to the data we collect or how we use such data in connection with this transition.
  • View the Duo Privacy Data Sheet.

Miscellaneous enhancements

  • When a Duo Authentication for Windows Logon/RDP or macOS application is targeted by a policy that requires users to enroll wherever possible, a notification will appear on that application’s properties page in the Duo Admin Panel in the policy section indicating that self-enrollment is not possible with that application.
  • When a Duo Administrator manually adds or removes a username alias, the event logged in the Administrator Actions report in the Duo Admin Panel now includes details about the alias added or removed.
  • Synchronized Azure directories can no longer share a name with another Azure directory in the Duo Admin Panel.
    • New directories with the same Org Name in Azure will be appended indexes (for example, Name (2), Name (3)).

New and updated applications

GPG key update for Duo Unix

  • On November 4, 2019, we updated the GPG key used to sign Duo Unix distribution packages to improve the strength and security of our package signatures. If you are currently using this application, the next time that you upgrade the Duo Unix package via yum, apt, or apt-get, you will also have to update the key.
  • Learn more in this Community post.
  • If you are running Duo Unix on CentOS5, RHEL 5, Debian 6, or Debian 7, you do not need to update your GPG key as these distributions are no longer supported by Duo and the latest version of Duo Unix available on these distributions are signed using the deprecated GPG key. Note that the deprecated GPG key expires in August 2020, after which the GPG signature on these packages will fail to verify.

Duo Access Gateway 1.5.10 released

  • Fixed an issue where users who could authenticate through first factor could modify the SAML response sent to the Duo Access Gateway and it would be accepted. This issue only affected Duo Access Gateways configured to use a SAML IdP authentication source. (DUO-PSA-2019-002).

Bug fixes

  • Corrected grammatical errors in an Admin Panel SSO error message. Previously, the error stated “SAML IdP assertion was rejected: The Message of the Response is not signed and the SP require it”. Now it states “SAML IdP assertion was rejected: SAML Response must be signed.”
  • Read-only Administrators may no longer interact with the Change User Status button in the Duo Admin Panel. While this button was previously clickable, it had no effect on user status.
  • Fixed issues with numbered list items in the administrator activation process for the Admin Panel.
  • Fixed an issue where error messages on the Admin Panel login page would immediately “flicker” away if the administrator had a password manager autofill enabled.
  • Fixed an issue on the Users and Admins pages in the Admin Panel that caused the LastPass plugin to autofill fields on those pages.
1 Like