Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Check out a new resource: Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products. See the article Does Duo provide advanced notice before releasing product changes? for more information.

What’s in this release? 

New features, enhancements, and other improvements

• Now Generally Available: New Settings Endpoint Parameter for Duo Admin API
• More Consistent Login Experiences across Duo Authentications
• Updates to Trust Assessment Filter in Duo Admin Panel Authentication Log
• Refined Security Measures in Risk-Based Authentication

New and updated applications

• Four New named SAML Applications with Duo SSO
• Duo Network Gateway (DNG) Version 2.3.0 
• Duo Mobile for Android Version 4.47.0
• Duo Mobile for iOS Version 4.47.0

New features, enhancements, and other improvements

Now generally available: New Settings endpoint parameter for Duo Admin API

• Admin API applications with “Grant settings” API permission can now use the Settings endpoint in the Admin API to view or change the enablement of the Global Self-Service Policy feature.
• Because this is no longer in private preview, the related Early Access badge will no longer be visible in the Duo Admin Panel.

More consistent login experiences across Duo authentications

• To align with Duo’s other remembered devices features, Duo Passwordless now offers the checkbox option Remember me instead of Trust this browser during login.

Updates to Trust Assessment filter in Duo Admin Panel Authentication Log

• You can now filter your Authentication Log by these Trust Assessment options:
• N/A
• Normal
• Policy not applied
• Remembered device
• Re-auth required
• Factors restricted

Refined security measures in Risk-Based Authentication

• To improve Duo protection from passcode phishing, Duo’s Risk-Based Factor Selection (RBFS) policy will no longer allow passcodes enabled via SMS, Duo Mobile or hardware tokens as an authentication method on detection of a known attack pattern or anomaly until the user completes MFA with a more secure method.
• This change does not apply to the Auth API.
• RBFS also steps up authentication when a novel ASN (autonomous system number) is detected.
  

New and updated applications

Four new named SAML applications with Duo SSO

• There are now named SAML applications for Datto Workplace, HackerRank, HackerOne and Citrix Workspace to protect using Duo SSO, our cloud identity provider.
• Reminder: Duo Access Gateway will reach end of life October 16 through 26, 2023. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Network Gateway (DNG) version 2.3.0 released

• Added Custom Application Relay support: Secure, protect, and tunnel additional protocols like SFTP, FTP, Telnet, SQL, etc.
• Fixes an issue where non-RSA certificate keys would get logged (ECDSA certificate keypairs and other non-RSA keypairs are unsupported at this time).
• Fixes an issue where the Maximum header size default was 128KB instead of 8KB.
• Fixes an issue where if the certificate uploaded for the Duo Network Gateway didn't match the Duo Network Gateway URL no warning was emitted.
• Upgraded bundled OpenSSL to 1.1.1t.
• Added support for CentOS Stream 9.
• Fixes incorrect OpenAPI specifications.

Duo Mobile for Android version 4.47.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.47.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.