Hotfixes
The following is a list of hotfixes for SecureAuth IdP version 9.3.
9.3 hotfixes
Release No. | Release Date | Ref ID | Issue |
|---|---|---|---|
9.3.0-26 | 10-Jan-2023 | EE-2967 | API Update – Update compatibility between newer Identity Platform enrollment data and existing APIs. |
9.3.0-25 | 10-Aug-2022 | EE-2116 | OpenID Connect Scopes Issue – Resolved an issue with OpenID scope values not rendering correctly for OIDC Authorizations. Install this hotfix if you have:
|
EE-2181 EE-2713 | Webservice Profile Lookup Issue – Addressed issue causing removal of profile data. The following describes this issue in more detail. A rare scenario occurs in the web service when the lookup for a user's membership succeeds, and in the same request, the profile lookup times out. The user does not receive an error and it allows the user to proceed in the login workflow. If the login workflow included a multi-factor method (MFA), a different error message would display, related to not finding any MFA in the user's profile. If the login workflow is only username and password, then the login would succeed and save an empty profile for the user. This issue clears all writable values in the user profile. This issue first occurred after a previous hotfix (EE-2253) to reduce the web service timeout to a reasonable value (5 seconds). Web service timeouts usually occur when the login to a realm has been idle for too long and suspends itself. The hotfix prevents the user profile from clearing out by not allowing the user to continue in the current login request during a timeout. If the timeout is due to an idle realm, the second attempt normally succeeds and the user can continue the login workflow. | ||
EE-2773 | Security Optimization – JQuery.js file optimized for security best practices. | ||
EE-2777 | Air-Gapped QR Code Support – Added support for QR enrollments for time-based one-time passcodes (TOTP) in an air-gapped environment. | ||
9.3.0-24 | 29-Oct-2021 | EE-2345 | Web Admin UI Issue – Addressed issue with the Test Connection button on the Data tab. |
EE-2438 | JSON Web Token Support - Added support for | ||
9.3.0-23 | 30-Aug-2021 | EE-2253 | WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups. |
EE-2265 | This is an update to the following issue reported under EE-1967 in hotfix 9.3.0-22. Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable. | ||
9.3.0-23 | 30-Aug-2021 | EE-2253 | WebServices Timeout Issue – Added logic to optimize timeout values for profile lookups. |
EE-2265 | This is an update to the following issue reported under EE-1967 in hotfix 9.3.0-22. Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable. | ||
9.3.0-22 | 03-Jun-2021 | EE-1748 | Maximum Device Count – Resolved an issue where, when users reached the maximum limit of registered devices, no warnings were displayed. |
EE-1967 | Data Store Connection Issue – Addressed an issue causing intermittent problems in the Identity Platform when the connected data store is slow or unreliable. | ||
EE-2059 | Web Service Realm Issue – Resolved an issue that caused disabled WebService realm to continue to function if the username and password existed. Install this hotfix if you have:
| ||
EE-2060 | Security Optimization – OIDC authorization with PKCE optimized for security best practices. This hotfix is required for 9.3 deployments. | ||
EE-2110 | Security Optimization – Redirect pages optimized for security best practices. This hotfix is required for 9.3 deployments. | ||
9.3.0-21 | 26-Feb-2021 | EE-1810 | OIDC Claim Format Issue – The email_verified claim should be sent as a boolean value. Install this hotfix if you have:
|
EE-1854 | Web Admin Optimization – Removal of unused code and subfolder from the SecureAuth Identity Platform Web Admin project folder. | ||
EE-1864 | WS-Federation Update – In realms that use WS-Federation, this update requires allow-listing of URLs for the If a There is also a new optional setting to support allow-listing of more than one URL by using a comma-delimited list. Install this hotfix if you have:
| ||
EE-1897 | Performance Enhancements – Update exception handling to improve system performance during login and enrollment workflows. | ||
EE-2051 | Self-Service Account Update Theme Issue – There were some missing labels on the AccountUpdate.aspx page using 2016 or 2019 Themes. Install this hotfix if you have:
| ||
EE-2060 | Security Optimization – OIDC authorization with PKCE optimized for security best practices. This hotfix is required for all 9.3 deployments. | ||
EE-1960 | Hotfix Installer Update – Hotfix installer updates the cloud certificate URL to use | ||
EE-2046 | Hotfix Installer Update – Hotfix installer uninstalls Metricbeat. | ||
9.3.0-20 | 08-Jan-2021 | EE-1804 | Submit Form Post Issue Update – Update to a previous hotfix for this issue. The Submit Form Post realm incorrectly removes password data following certain special characters. Install this fix if you have:
|
EE-1826 | Transformation Engine Support for OIDC/OAuth2 Workflows – Transformation Engine now supports OIDC / OAuth2 workflows. Install this fix if you have:
| ||
EE-1844 | Security Issue – Resolved security issue with request parameters. This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance. | ||
EE-2204 | SAML Request Signature Validation Certificate Issue – In certain SAML workflows, signature validation was not successful. Install this fix if you have:
By installing this hotfix, any expired signing certificate is now enforced by the certificate expiration date. To override this setting to allow expired certificates, set the following application setting in the web.config: <add key="BlockSAMLRequestCertExpiration" value="False" /> | ||
9.3.0-19 | 08-Oct-2020 | EE-1381 | Data Store Connection Issue – Resolves intermittent data store connection issues to an Application realm created in the New Experience. Install this hotfix if you have:
|
EE-1778 | OIDC / OAuth2 Workflow Session Issue – OIDC queries in OAuth workflows are now read correctly when a user has two browser tabs open when authenticating into a resource. Install this fix if you have:
| ||
EE-1804 | Submit Form Post Issue – The Submit Form Post realm no longer removes password data following certain special characters. Install this fix if you have:
| ||
EE-1815 | Security Fix – Resolved XSS security vulnerability in path resolution. This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance. | ||
EE-1819 | Database Logging Issue – Resolves issue in which database logs experiencing a table lock stopped writing new log entries. Install this hotfix if you have:
| ||
EE-1843 | Token Issue – Resolves token caching issues impacting logins for admin realms in the New Experience. Install this hotfix if you have:
| ||
EE-1860 | Performance Optimizations – Realms created in the Classic UI are now optimized to reduce latency. Install this hotfix if you have:
| ||
EE-1861 | Security Optimization – Sanitize sensitive data in Debug Logs. This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance. | ||
9.3.0-18 | 17-Jun-2020 | EE-1762 | Adaptive Authentication Licensing – The Adaptive Authentication settings were not displaying the correct license information. Install this hotfix if you have:
|
9.3.0-17 | 05-Jun-2020 | EE-1644 | Security Fix – Implemented additional input validation to prevent double curly brackets ( {{ or }} ) in form input fields, including the UserID field. This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance. |
EE-1680 | Debug Log Cleanup – Debug logs required changes. This hotfix is required for all 9.3 appliances. | ||
EE-1745 | Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication. Install this hotfix if you have:
| ||
9.3.0-16 | 04-Feb-2020 | EE-1426 | Content and Localization Spacing Issue – Resolves issue in which after making customizations that include leading spaces, the spacing presents as expected until content and localization is edited at a later point, where then the spacing is removed. Install this hotfix if you have:
|
EE-1432 | SAML Request Signature Validation – In certain SAML workflows, signature validation was not successful. Install this hotfix if you have:
| ||
EE-1519 | SameSite Cookie attribute support – Required for compatibility with Google Chrome 80. This hotfix is required for all 9.3 appliances. Ensure that the Microsoft .NET patch is applied prior to installing this hotfix. Read https://support.secureauth.com/hc/en-us/articles/360038330652 for more information. | ||
EE-1530 | Help Desk Page Input Requirements – Resolves issue on the Help Desk client-side page, where some fields were acting as required to update the user profile even though they were configured to be “Show Disabled”. Install this hotfix if you have:
| ||
EE-1540 | OIDC Workflow Wipes KBAs – After authenticating in an OIDC workflow with consent storage, users’ knowledge-based answers is no longer deleted from their profile. Install this hotfix if you have:
| ||
EE-1564 | Inline Password Reset Issue – Resolves issue with using the 2016 Light Theme, where the Inline Password Reset function was not working as expected for all use cases. Install this hotfix if you have:
| ||
EE-1576 | Inline Password Reset Forced Updates – Resolves issue in which users were being forced to update their password even though their password had not yet expired. Install this hotfix if you have:
| ||
9.3.0-15 | 20-Dec-2019 | EE-1373 | IP Evaluation Update – The IP Eval service now uses the appropriate IP address for WS-Trust requests when using a load balancer. Install this hotfix if you have:
|
EE-1388 | API Password Reset – IdM API password reset did not always work if user account was locked. Install this hotfix if you have:
| ||
EE-1391 | Updates to Secure Storage – Updates made to Secure Storage to avoid corruption. This hotfix is required for all 9.3.0 appliances. | ||
9.3.0-14 | 09-Dec-2019 | EE-1217 | Updates to Audit Logging for OIDC – Audit Logging updated for OIDC workflows to provide more clarity. Install this hotfix if you have:
|
EE-1422 | Adaptive Auth API Response Updates – Resolved issue when using the Authentication API for adaptive authentication calls; not all actions were available to enable the desired workflow. Install this hotfix if you have:
| ||
EE-1434 | YubiKey Enrollment with Proxy – Resolved issue in which YubiKey enrollments were not honoring the proxy settings configured in the realm, which led to user verification failures. Install this hotfix if you have:
| ||
EE-1442 | Help Desk Verification Unmasking – When typing in the help desk verification answer on the Self-service Account Update page, there is now an option to “unmask” the answer, as there is with knowledge-based answers. Install this hotfix if you have:
| ||
EE-1455 | Enhancements to User Risk Logging – Enhancements were made to logging for user risk information gathered during adaptive authentication, to provide more clarity. Install this hotfix if you have:
| ||
EE-1475 | Web.config Updates for SISU – Web.config updates required for SISU to work properly. Install this hotfix if you have:
| ||
9.3.0-13 | 29-Oct-2019 | EE-1355 | Last Access Time Issue – For device enrollments (Authenticate app), issue is resolved in which an enrollment was not replaced when the end user reached the maximum number of enrollments allowed. Install this hotfix if you have:
|
EE-1363 | Support for AssertionConsumerServiceIndex (SAML) – SecureAuth IdP now supports AssertionConsumerServiceIndex for SAML integrations. Install this hotfix if you have:
For instructions about applying the hotfix for this feature, see SAML integrations using AssertionConsumerServiceIndex hotfix. | ||
9.3.0-11 | 11-Sep-2019 | EE-1206 | TRX Performance Issue – When there is latency reaching the SecureAuth TRX cloud endpoint, it no longer causes application latency, which would impact user login performance. This hotfix is required for all 9.3 appliances. |
EE-1357 | mS-DS-ConsistencyGUID Support for Office 365 Integration – The mS-DS-ConsistencyGUID attribute is now supported by SecureAuth IdP to be used as the ImmutableID value for integrations with Office 365. Install this hotfix if you have:
| ||
EE-1365 | Enhance Device Recognition Logging – Device Recognition logging was enhanced to make the results of the analysis clearer. Install this hotfix if you have:
| ||
EE-1367 | Geo-velocity Cloud Communications Error – When comparing previous and current IP addresses, some logins were generating an “unavailable” result. Install this hotfix if you have:
| ||
9.3.0-10 | 06-Sep-2019 | EE-1354 | Symbol-to-Accept API Support – The Symbol-to-Accept MFA method is now supported in the Authentication API. Install this hotfix if you have:
|
9.3.0-9 | 13-Aug-2019 | EE-1305 | QR Code Enrollment False Error – The hotfix resolves an issue where the QR Code App Enrollment page was inaccurately displaying an error (“Invalid Code. Please try again.”), despite successful enrollment. This was caused by double-clicking before the page finished loading. Install this hotfix if you have:
|
EE-1315 | Arbitrary File Upload Vulnerability – An authenticated privileged user can no longer upload arbitrary file types. NOTE: This vulnerability applies ONLY to the Web Admin application. This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance. | ||
EE-1326 | Authentication API Updates for User Risk – When using the Authentication API for adaptive authentication, the User Risk feature is now effectively accessed during analysis. Install this hotfix if you have:
| ||
EE-1329 | OATH Token JSON Encryption Issue – Data is now correctly read when JSON encryption is selected as the OATH Token Data Format method. Install this hotfix if you have:
| ||
9.3.0-8 | 26-Jul-2019 | EE-1282 | Password Throttling Count Issue – The saved count for Password Throttling now effectively clears the bad password attempts to make way for the valid password entries. Install this hotfix if you have:
|
EE-1273 | Logging Updates – Adaptive Authentication logging now correctly writes actual parameters instead of dictionary lines for certain requests. Install this hotfix if you have:
| ||
9.3.0-7 | 26-Jun-2019 | EE-1220 | New userAccountControl Values – SecureAuth IdP now has the most up-to-date userAccountControl values to ensure that certain account statuses are handled appropriately in transactions between LDAP providers and SecureAuth IdP. Install this hotfix if you have:
|
9.3.0-6 | 05-Jun-2019 | EE-1225 | Mobile Cookie Name – Mobile cookies that include spaces in the name now process correctly. Install this hotfix if you have:
|
9.3.0-5 | 21-May-2019 | EE-1186 | App Enrollment Maintenance – App enrollment for users made on previous versions of SecureAuth IdP work correctly after the upgrade. |
9.3.0-4 | 10-May-2019 | EE-1073 | Password Reset LDAP Issue – Administrative Password Reset with History Check functionality now working with LDAP containing protocol requirements. |
EE-1082 | Authentication API Parity – The Yubico OTP option is now available to use via the API and also supported through browser workflow. | ||
EE-1149 | Passcode Registration Screen – When using the Default theme, the SecureAuth Passcode registration screen now works correctly. | ||
EE-1167 | Incorrect SMS MFA Option – When users select the SMS OTP option, they no longer randomly receive an incorrect Link to Accept message. | ||
EE-1182 | Begin Site Redirect Encoding – Begin site redirect is no longer double encoding the request query, causing the realm to break and the workflow to halt. | ||
9.3.0-3 | 12-Apr-2019 | EE-1075 | Data Parsing in SAML Attribute – Data is now correctly parsed when sent in a SAML attribute. |
EE-1124 | OIDC Claim Issue – Sub claim is now present when updates are made to library. | ||
EE-1089 | Application API Proxy Support – Calls made through the Application API correctly honors proxy settings. | ||
EE-1120 | URL Encoding Updates – Updates to URL encoding to ensure security. | ||
EE-1131 | Device Fingerprint Space Issue – The Device Fingerprint cookie name now parses correctly if a space is present in the generated cookie name. | ||
EE-1067 | Logging Updates – Updates to SecureAuth IdP logs to ensure security. | ||
9.3.0-2 | 14-Mar-2019 | EE-1049 | Auto-encrypt Tools Issue – Issue resolved in which auto-encrypting the web.config caused SecureAuth tools to work ineffectively. |
EE-1088 | SecureAuth IdP Requirements for Login for Windows – Changes made to accommodate AD user check issues addressed in Login for Windows v1.0.4. | ||
9.3.0-1 | 20-Feb-2019 | EE-1030 | Google Social ID Login – Modifications made to support Google API updates for Social ID login. |
EE-1049 | Auto-encrypt Tools Issue – Issue resolved in which auto-encrypting the web.config caused SecureAuth tools to not function effectively. | ||
EE-1056 | Web Admin UI Updates – Updates made to the Adaptive Authentication UI reflect supported features. | ||
EE-1067 | Logging Updates – Enhancements made to logging ensure greater security. |
Affected SecureAuth IdP Version: 9.3
Support Information: Contact SecureAuth Support (support.secureauth.com, support@secureauth.com, or 1-866-859-1526) to have the latest hotfix installed on your SecureAuth IdP v9.3.x appliance.