Hotfixes
The following is a list of hotfixes for SecureAuth IdP version 9.2.0.
9.2.0 hotfixes
Release No. | Release Date | Ref ID | Issue |
|---|---|---|---|
9.2.0-39 | 10-Jan-2023 | EE-2967 | API Update – Update compatibility between newer Identity Platform enrollment data and existing APIs. |
9.2.0-38 | 07-Jul-2021 | EE-1825 | QR Enrollment Issue – Addressed issue when using an email address during login to the QR enrollment page. Install this hotfix you have:
|
EE-2086 | OTP Value Reusability – Resolves issue when using the API OTP validate endpoint, it was possible to reuse the same OTP at a later time. Install this hotfix if you have:
| ||
9.2.0-37 | 04-Jun-2021 | EE-2110 | Security Optimization – Redirect pages optimized for security best practices. This hotfix is required for 9.2 deployments. |
EE-2152 | QR Code Registration Support – Addressed an issue to support offline QR code registration for OTP in air-gapped appliances to work with SecureAuth Authenticate app. Install this hotfix if you have:
| ||
9.2.0-36 | 26-Feb-2021 | EE-1608 | Resetting IIS Settings – After making changes to IIS and then changes to the SecureAuth Web Admin, the changes made in IIS were reverted to the previous configuration. Install this hotfix if you have:
|
EE-1810 | OIDC Claim Format Issue – The email_verified claim should be sent as a boolean value. Install this hotfix if you have:
| ||
EE-1844 | Security Optimization – Optimized security with request parameters. This hotfix is required for all customers on SecureAuth IdP version 9.2 to ensure the security of the appliance. | ||
EE-1854 | Web Admin Optimization – Removal of unused code and subfolder from the SecureAuth Identity Platform Web Admin project folder. | ||
EE-1861 | Security Optimization – Sanitize sensitive data in Debug Logs. This hotfix is required for all customers on the SecureAuth IdP version 9.2 to ensure the security of the appliance. | ||
EE-1864 | WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the If a There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list. Install this hotfix if you have:
| ||
EE-1897 | Performance Enhancements – Update exception handling to improve system performance during login and enrollment workflows. | ||
EE-1960 | Hotfix Installer Update – Hotfix installer updates the cloud certificate URL to use | ||
9.2.0-35 | 23-Jul-2020 | EE-1700 | Filebeat Process Improvements – Updates to Filebeats to improve performance. |
EE-1735 | OIDC / OAuth2 Workflow Session Cleanup – Sessions are not properly cleared when user has two browser tabs open when authenticating into a resource. Install this fix if you have:
| ||
EE-1815 | Security Fix – Resolved XSS security vulnerability in path resolution. This hotfix is required for all customers on SecureAuth IdP version 9.2 to ensure the security of the appliance. | ||
EE-1820 | OIDC End Session Redirect – Redirects and session end were not occurring due to parameter requirements. | ||
EE-1830 | WS-Fed and SAML Valid Hours Issue – When the SAML Valid Hours is set to a non-integer value, it does not work for WS-Fed integrations. Install this fix if you have:
| ||
9.2.0-34 | 29-Jun-2020 | EE-1644 | Security Fix – Implemented additional input validation to prevent double curly brackets ( {{ or }} ) in form input fields, including the UserID field. This hotfix is required for all customers on SecureAuth IdP version 9.2 to ensure the security of the appliance. |
EE-1745 | Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication. Install this hotfix if you have:
| ||
9.2.0-33 | 03-Jun-2020 | EE-1680 | Debug Log Cleanup – Debug logs required changes. This hotfix is required for all 9.2 appliances. |
EE-1683 | Azure AD Email Lookup Failure – SecureAuth IdP was not able to effectively retrieve the email address from the Azure AD data store. Install this hotfix if you have:
| ||
EE-1707 | Corrupted CyberArk Username – When using CyberArk for the directory credentials, the username would become corrupted during simultaneous connections. Install this hotfix if you have:
| ||
EE-1743 | WS-Trust Blocking Update – Resolves issue where the WS-Trust Blocking service was not using the appropriate IP address for requests when using a load balancer. Install this hotfix if you have:
| ||
9.2.0-32 | 03-Mar-2020 | EE-1373 | IP Evaluation Update – Resolves issue where the IP Eval service was not using the appropriate IP address for WS-Trust requests when using a load balancer. Install this hotfix if you have:
|
EE-1519 | SameSite Cookie attribute support – Required for compatibility with Google Chrome 80. This hotfix is required for all 9.2 appliances. Ensure that the Microsoft .NET patch is applied prior to installing this hotfix. Read https://support.secureauth.com/hc/en-us/articles/360038330652 for more information. | ||
EE-1524 | Azure AD UPN Domain Check – Resolves issue with unnecessary uppercase and lowercase domain name check in username. Install this hotfix if you have:
| ||
EE-1583 | OIDC Session Cleanup – Resolves issue in which sessions were not properly cleared in OIDC realms, making it impossible to log into multiple clients due to values being cached from the first session. Install this hotfix if you have:
| ||
9.2.0-31 | 12-Dec-2019 | EE-1217 | Updates to Audit Logging for OIDC – Audit Logging updated for OIDC workflows to provide more clarity. Install this hotfix if you have:
|
EE-1422 | Adaptive Auth API Response Updates – Resolved issue when using the Authentication API for adaptive authentication calls; not all actions were available to enable the desired workflow. Install this hotfix if you have:
| ||
EE-1491 | Transformation Engine Group Handling – Resolves issue in which the Transformation Engine could not correctly filter groups by full and common name when used together. Install this hotfix if you have:
| ||
9.2.0-30 | 30-Sep-2019 | EE-1206 | TRX Performance Issue – When there is latency reaching the SecureAuth TRX cloud endpoint, it no longer causes application latency, which would impact user login performance. This hotfix is required for all 9.2 appliances. |
EE-1275 | Authenticate App Enrollment Error – URL enrollments no longer fail on devices using iOS 12+ and when push notifications are not allowed for the application. Install this hotfix if you have:
| ||
EE-1315 | Arbitrary File Upload Vulnerability - Resolves issue in which an authenticated privileged user could upload arbitrary file types. This hotfix is required for all customers on SecureAuth IdP version 9.2 to ensure the security of the appliance. | ||
EE-1334 | Inline Initialization Attribute Clearing – When using Conditional Access for Azure, the Active Directory attribute values that were added during the Inline Initialization self-service process are no longer being cleared. Install this hotfix if you have:
| ||
EE-1357 | mS-DS-ConsistencyGUID Support for Office 365 Integration – The mS-DS-ConsistencyGUID attribute is now supported by SecureAuth IdP to be used as the ImmutableID value for integrations with Office 365. Install this hotfix if you have:
| ||
EE-1363 | Support for AssertionConsumerServiceIndex (SAML) – SecureAuth IdP now supports AssertionConsumerServiceIndex for SAML integrations. Install this hotfix if you have:
For instructions about applying the hotfix for this feature, see SAML integrations using AssertionConsumerServiceIndex hotfix. | ||
9.2.0-29 | 28-Jul-2019 | EE-1298 | Authentication API Updates for User Risk – When using the Authentication API for adaptive authentication, the User Risk feature is now effectively accessed during analysis. Install this hotfix if you have:
|
9.2.0-28 | 27-Jun-2019 | EE-1220 | New userAccountControl Values – SecureAuth IdP now has the most up-to-date userAccountControl values to ensure that certain account statuses are handled appropriately in transactions between LDAP providers and SecureAuth IdP. Install this hotfix if you have:
|
EE-1223 | Enhance Device Recognition Logging – Device Recognition logging was enhanced to make the results of the analysis clearer. Install this hotfix if you have:
| ||
EE-1250 | Reporting Page Time Picker – On the Reporting Page, the time picker functionality now works correctly for realms using the 2016 Light Theme. Install this hotfix if you have:
| ||
EE-1254 | Windows SSO Adaptive Auth Redirect – Realms with Windows SSO for pre-authentication now effectively redirect users per Adaptive Authentication rules. Install this hotfix if you have:
| ||
9.2.0-27 | 05-Jun-2019 | EE-1199 | Third-party JavaScript Libraries Vulnerability – jQuery, Bootstrap, and AngularJS have been upgraded due to a flaw in these libraries that may result in XSS. This hotfix is required for all customers on SecureAuth IdP version 9.2 to ensure the security of the appliance. |
EE-1203 | Incomplete Revocation of App Enrollments – User device enrollments that are revoked on the self-service page are correctly removed when the user immediately re-registers the same device. Install this hotfix if you have:
| ||
EE-1210 | QR Code Missing Secret – Upon successful login to a QR code app enrollment realm, users are now presented with a correct QR Code when a page is refreshed. Install this hotfix if you have:
| ||
EE-1223 | Enhance Device Recognition Logging – Device Recognition logging was enhanced to make the results of the analysis clearer. Install this hotfix if you have:
| ||
9.2.0-25 | 10-May-2019 | EE-1082 | Authentication API Parity – The Yubico OTP option is now available to use via the API and also supported through browser workflow. |
EE-1181 | Novell eDirectory Password Reset Parity – Self-service password reset is now supported for eDirectory integrated realms. | ||
EE-1193 | JWT Missing Claim – In OAuth 2.0 Client Credential Flow, the ‘sub’ (subject) claim is no longer missing in the JWT. | ||
9.2.0-24 | 30-Apr-2019 | EE-1128 | Mobile App PIN Settings – The PIN settings configured for SecureAuth Authenticate are now respected per the configuration or the support. |
EE-1120 | URL Encoding Updates – Updates made to URL encoding to ensure security. | ||
EE-1131 | Device Fingerprint Space Issue – The Device Fingerprint cookie name parses correctly if a space is present in the generated cookie name. | ||
EE-1157 | Transformation Debug Logging – Transformation Engine logging is no longer automatically enabled when Debug logging is enabled, which prevents the potential exposure of sensitive information in the logs. | ||
9.2.0-23 | 14-Mar-2019 | EE-1001 | Phone Number Validation – Invalid phone number formats can now be used in API calls. |
EE-1068 | Logging Updates – Updates made to SecureAuth IdP logs ensure security. | ||
EE-1088 | SecureAuth IdP Requirements for Login for Windows – Changes made to accommodate AD user check issues addressed in Login for Windows v1.0.4. | ||
9.2.0-21 | 12-Feb-2019 | EE-867 | Help Desk Validation Dates Issue – Date values for Certificate Validation Date and Mobile Validation Date fields are no longer missing from the Help Desk page. |
EE-1025 | Help Desk “Update” User Account – Incorrect profile data is no longer automatically saved since the Update button is now properly disabled. | ||
EE-1027 | URL Encoding Update – Updates made to URL encoding to ensure security. | ||
EE-1029 | Google Social ID Login – Social ID login feature was updated due to modifications made by Google API. | ||
9.2.0-20 | 21-Dec-2018 | EE-997 | OATH Token JSON Encryption Issue – Data is now correctly read when JSON encryption is selected as the OATH token storage method. |
EE-1000 | Multi-Data Store Timeout – Data tab on a realm configured for multi-data stores now loads faster without timeouts. | ||
9.2.0-19 | 15-Nov-2018 | EE-867 | Cert and Mobile Validation Dates – Cert Validation Date and Mobile Validation Date values now correctly populate the Help Desk page. |
EE-937 | Begin Site Redirect Encoding – Begin site redirect is no longer double encoding the request query, causing the realm to break and the workflow to halt. | ||
9.2.0-19 hotfix – machine learning | Non-issue changes:
| ||
9.2.0-18 | 10-Oct-2018 | EE-678 | SAML Consumer UI – When adding a provider for SAML consumption, SecureAuth IdP Web Admin UI no longer disables editing provider information. |
EE-917 | Unable to Save KBQ / KBA Value – When saving the "helpdesk challenge" on the Self-service Account Update page, the user's knowledge based answer is now saved when data is encrypted. | ||
9.2.0-17 | 07-Sep-2018 | EE-899 | Debug Logging Issue – Self-service Password Reset page now logs correctly on all configurations. |
EE-895 | Symantec VIP Credentials Display – Symantec VIP Credentials table now displays all user information on the Help Desk and Self-service pages. | ||
EE-903 | Country Check Cloud Services – When Cloud Services are down, users are no longer stopped during login when SecureAuth IdP performs a country check. | ||
9.2.0-13 | 18-Jul-2018 | EE-862 | Country Code Support Issue – Certain country codes were not being supported for phone call and / or SMS TOTP delivery. |
9.2.0-10 | 03-Jul-2018 | EE-839 | Adaptive Authentication IPv6 Processing – Adaptive Authentication policies returned invalid data for users with IPv6 addresses. |
9.2.0-9 | 11-Jun-2018 | EE-785 | Adaptive Authentication Redirection – Redirecting the user via an Adaptive Authentication policy with a static query string parameter resulted in a query string with an invalid format. |
9.2.0-8 | 05-Jun-2018 | EE-743 | User Risk Analysis Response – When retrieving a user risk score from certain third-party providers, SecureAuth IdP was not reading a valid score due to a null reference. |
9.2.0-7 | 23-May-2018 | EE-769 | Windows SSO Enhancement – Some IIS settings necessary for Windows SSO / authentication must be manually entered in the web.config, but SecureAuth IdP would remove all these settings if a change was subsequently made on the Workflow tab. |
EE-791 | Adaptive Authentication Redirect Caching – SecureAuth IdP was caching query string parameters from previous Adaptive Authentication redirection URLs, causing redirection failures. | ||
9.2.0-5 | 24-Apr-2018 | EE-703 | Novell eDirectory Lookup – During login, a user’s profile was not being accessed successfully. |
EE-721 | CyberArk Vault Credential Lookup – In multi-domain environments, SecureAuth IdP was not able to retrieve credentials successfully. | ||
9.2.0-4 | 24-Apr-2018 | EE-709 | SA Cloud Timeout and Fail Open – Due to extended timeouts and no fail open functionality, users were unable to log in when SA Cloud services are down. |
9.2.0-3 | 21-Mar-2018 | EE-604 | User Risk Score Bearer Token Authorization – The format for the OAuth2 Bearer Token used when importing a User Risk Score was causing an error, resulting in the inability to import the risk score. |
9.2.0-2 | 10-Mar-2018 | EE-587 | Account Management Updates – Users could access Help Desk pages from the Portal despite not being a member of the designated group set up on the administrative page. |
EE-619 | Interface / Customization Communication – Customizations referencing a certain interface were no longer able to communicate with it. | ||
EE-616 | PIN Not Saved – When updating the PIN field in the self-service realm, the PIN was not successfully saved, causing errors when attempting to use the PIN in subsequent login attempts. |
Notice
Affected SecureAuth IdP Version(s): 9.2
Support Information: Contact SecureAuth Support (support.secureauth.com, support@secureauth.com, or 1-866-859-1526) to have the latest hotfix installed on your SecureAuth IdP v9.2.x appliance.