Duo Release Notes for September 13, 2019

Hello everyone! Here are the release notes for the most recent updates we’ve made to Duo.

You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

New features, enhancements, and other improvements

Duo Administrator self-remediation

  • Duo administrators who lock themselves out of the Duo Admin Panel due to too many incorrect password attempts can now self-remediate by following an emailed link that will reset their password lockout.
  • Locked-out administrators and all Owners of a Duo account will be notified of a lockout via email.
  • An Administrator Actions log entry will be recorded when an administrator becomes locked out.

Duo Admin Panel visual changes and other improvements

  • When applying a policy, the list of policies is now displayed in alphabetical order.

New and updated applications

Duo for Windows Logon and RDP 4.0.6 released

  • Added a support tool that sanitizes and packages config and log files into a zip file you can send to Duo Support when troubleshooting issues.
  • Added log file rotation.
  • Added additional UI installer options for http proxy settings.
  • Updated GPO template to include log file rotation and Offline Authentication configurations.
  • Removed .NET dependency for the installer connectivity check.
  • Fixed a bug that would result in “Ordinal Not Found” being displayed in certain scenarios.
  • Fixed the flow of windows password changes that could cause re-enrollment in Offline Authentication.
  • Removed errant log message stating “Duo Auth Not Configured”.
  • Response to CERT/CC Vulnerability Note VU#576688.
  • Security improvements for Offline Authentication.
  • Additional bug fixes and security enhancements.

Trusted Endpoints now compatible with Cisco AnyConnect clients

  • Cisco AnyConnect clients (4.7.04056 and newer for Windows, 4.8.00175 and newer for macOS, 4.8.00807 and newer for iOS) now work with Duo’s Trusted Endpoints solution. The updated clients, once deployed, will report the device trust status back to Duo to aid with the enforcement of the Trusted Endpoint policy.

Duo Mobile for iOS versions 3.29.1 released

  • Miscellaneous bug fixes and improvements.

Duo Access Gateway version 1.5.7 for Windows and Linux released

  • Updated the minimum version of PHP to 7.3.8 or greater.
  • Added the ability to disable scoping when using AD FS as your SAML IdP authentication source.
  • Added more actionable error messaging and better LDAP logging.
  • Added support for upcoming Google Chrome version 80 SameSite cookie change.
  • mS-DS-ConsistencyGuid can now be used as the sourceAnchor attribute for Microsoft Office 365.
  • Bug fixes and security enhancements.

Duo Mobile for Android 3.29.1 released

  • Miscellaneous bug fixes and improvements.

Bug fixes

  • Links to users sharing a device on the 2FA Devices page of the Duo Admin Panel now link to the correct user.
  • Fixed a bug that prevented Help Desk administrators from performing a single user directory sync for users with multiple aliases from the user detail page in the Duo Admin Panel.
  • Fixed a bug that caused Azure Directory Sync to incorrectly retry synchronization if it exceeded the user hard limit.
1 Like