Hotfixes
The following lists hotfixes for the SecureAuth® Identity Platform release 22.12.
22.12 hotfixes
Release No. | Release Date | Ref ID | Issue / Description |
|---|---|---|---|
2212-12 | 18-Apr-2024 | EE-3418 | Debug Logs Update – Security update to prevent sensitive information about SQL service accounts in debug logs for SQL connections created in the New Experience. |
EE-3423 | Help Desk Page Issue – Addressed an issue with apostrophe handling in GET User requests for Help Desk pages. | ||
22.12-11 | 13-Mar-2024 | EE-3414 | SecureAuth Auth API Update – Improvements in the SecureAuth API to support Dynamic IP blocking. SecureAuth RADIUS now supports consuming this new change. See the SecureAuth RADIUS release notes for the latest update. |
22.12-10 | 16-Feb-2024 | IDP-12309 | Level of Assurance (LOA) Provider – We've integrated a machine-learning based Assurance Provider to analyze login patterns of users. It generates a Level of Assurance (LOA) confidence score for each user. The LOA score helps decide whether to increase or decrease user friction at the time of login. To learn more about configuring and using LOA, see SecureAuth Level of Assurance (LOA) Provider settings. |
22.12-9 | 29-Jan-2024 | EE-1730, EE-3373 | Security Issue – Security improvements for managing UserExchange Web Service for Custom application integrations. |
EE-3375 | Updates to Send FIDO2 Confirmation Email – Updates include logging enhancement, and a resource field for the replyDisplayName for the email output. This relates to EE-3359 in the 22.12-8 hotfix. | ||
EE-3380 | CyberArk Username Issue – Addressed issue with not saving the CyberArk username in the Advanced Settings (on the Data tab for Datastore connection settings). | ||
EE-3382 | Single User Logout URL Issue – Added logic to the metadata for the single logout service URL. | ||
EE-3385 | ASP.NET Issue – Added improvement to async in ASP.NET targeting dynamic IP blocking. | ||
EE-3391 | Authentication Issue – Addressed an issue with random authentication errors. | ||
22.12-8 | 15-Nov-2023 | EE-3292 | Transparent Single Sign-On Issue – Addressed an issue when using custom token user data with a comma which invalidated the TSSO. We utilized the existing Delimiter setting to allow adjustments to parsing the cookie data with a delimiter known not to clash with user data. |
EE-3317 | CyberArk Credentials Issue – Addressed issue with not being able to save the CyberArk Vault username in the Advanced Settings. | ||
EE-3359 | Send FIDO2 Confirmation Email – Added a configuration setting to send a confirmation email to end users when they enroll or remove a FIDO2 authenticator in their profile. To learn more about configuring this setting, see How to send a confirmation email about a FIDO2 device | ||
22.12-7 | 2-Oct-2023 | EE-3264 | OIDC Endpoint Improvement – Added improvements to consent storage for supporting multiple active tokens during introspection. Update: Added some null checks to fix issues with backward compatibility. |
EE-3275 | HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads. Update: Improvement to append the serial number to the name of the device to display in the MFA options list. | ||
EE-3318 | MFA Method Order Improvement – Added improvement to retain the After installing the hotfix, to apply this update, adjust each policy. Simply tweak a setting in each policy, save, revert, then save again. | ||
EE-3320 | Password Change on Disabled Accounts Issue – Addressed issue affecting disabled accounts with a Change Password on Next login setting. | ||
EE-3325 | Password Reset Issue – Addressed tenant upgrade issue that impacted the "Must change password on next logon" setting in cloud deployments. | ||
22.12-6 | 9-Aug-2023 | EE-3264 | OIDC Endpoint Improvement – Added improvements to consent storage for supporting multiple active tokens during introspection. |
EE-3275 | HID Hard Token Improvement – Added an optional serial number field for HID hard token enrollments. This is also supported in CSV file uploads. | ||
EE-3302 | Configuration Setting for ACS URL Restriction – Added a configuration setting to turn ON or OFF the ACS URL whitelist enforcement. ImportantBefore you install this hotfix, see this KB article: How to establish trust for ACS redirects in SP-initiated SAML requests | ||
22.12-5 | 14-Jul-2023 | EE-3196 | Migration Issue with Profile Datastore – Addressed issue with a SQL profile provider data store not working correctly after a Classic to New Experience realm migration. |
EE-3202 | Setting to Pre-Populate Username Field – Added setting to turn on or off the username autofill setting for SP-initiated login workflows. By default, this setting is turned on. Contact Support to turn this on or off. | ||
EE-3259 | Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm. | ||
EE-3289 | Fix for ACS URL Restriction in SAML Integration – Bug fix for ACS URL whitelist functionality related to EE-3252 in the previous 22.12-4 hotfix. | ||
22.12-4 | 23-Jun-2023 | EE-2557 | Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen. |
EE-3212 | Identity Platform Upgrade Issue with Data Store – Addressed issue with edge cases around a data store that is no longer functional in the New Experience after an Identity Platform upgrade. | ||
EE-3225 | AD-LDS Password Validation Issue – Addressed issue with AD-LDS connections that use user + password workflows in the Advanced Settings (formerly Classic Experience). | ||
EE-3230 | API Calls and Push Notification Issue in Login for Windows – Added logic for stateless API calls to load balancers for push to accept in Login for Windows. | ||
EE-3252 | ACS URL Restriction in SAML Integration – Added logic to restrict incoming ACS URL in the SAML request by validating them against a whitelist. | ||
EE-3257 | Conditional Access – Added out of the box integration with Conditional Access and the Identity Platform. To learn more, see Microsoft Conditional Access Custom Controls integration guide. | ||
EE-3258 | FIPS Compliance on User Handler Web Service Page – Added logic to make EncryptUser.aspx page compliant with FIPS. | ||
EE-3259 | Metadata File Download – The metadata file download in the New Experience now also goes to the root of the application realm. | ||
22.12-3 | 21-Apr-2023 | EE-3175 | Realm Migration Issue – Addressed Classic to New Experience realm migration issue with case sensitivity in folder names. |
EE-3201 | Pre-populate Username Field Issue – Addressed bug with prefilling the username field using the querystring value for SP-initiated workflows, during the login redirect to the SecureAuth IdP. | ||
EE-3205 | Missing MFA on 2016 Theme in New Experience Applications – Addressed issue with Admin API ignoring a setting required by only the 2016 Theme for displaying all expected MFA. | ||
EE-3207 | Unhandled SecurePortal Error – Anonymous users landing on the SecurePortal would encounter an on-screen error instead of being redirected to login screen. | ||
EE-3210 | Allow Password Suppression Issue – Addressed issue with password suppression not triggering when used with symbol-to-accept MFA. | ||
EE-3221 | Auth API Issue – Added logic to better handle TOTP brute force throttling for the Auth API. Change will benefit API consumers (i.e. RADIUS) when validating TOTP for users with multiple enrollments. | ||
22.12-2 | 29-Mar-2023 | EE-2846 | API Calls and Push Notification Issue – Added logic for stateless API calls to load balancers for push to accept. |
EE-3035 | Login for Endpoints Improvement – Added improvements to better handle connectivity when a service goes offline. | ||
EE-3055 | ASP.NET DB Support – Added support for the ASP.NET database to the data store integrations in the New Experience. | ||
EE-3073 | EncryptUser Issue – Addressed issue with a truncated URL in EncryptUser.aspx. | ||
EE-3091 | Submit Button in 2019 Theme Issue – Addressed issue in 2019 Theme where the Submit button was not in focus when an MFA option is selected. | ||
EE-3093 | Realm 997 cleanup – Realm 997 was previously reserved for another Identity Platform integration and thus would sync SSO with Realm 0. We've removed the integration; this ticket removes the synchronization to performs as expected if you have an application using this realm number. | ||
EE-3098 | LDAP Authentication Improvement – Added logic to make LDAP authentication over SSL/TLS more secure. | ||
EE-3139 | SVG Image Support – Added support for .svg images in Advanced Settings for Company Logo on login pages. | ||
EE-3165 | Security Issue – Added logic to improve masking of a password field in Advanced settings. | ||
22.12-1 | 24-Jan-2023 | EE-2684 | Passcode App Update – Supports the ability to register on more than one computer. This requires an updated version of Passcode for Windows or Passcode for Mac. |
EE-2968 | YubiKey HOTP Issue – Addressed issue with a login loop if a user taps their YubiKey and inadvertently clicks the Submit button. | ||
EE-3039 | New Experience Realm Issue – Addressed issue with setting up a New Experience realm without a data store configuration. | ||
EE-3088 | Support for SCIM Provisioning – Added more support for SCIM features like profile updates, group provisioning, and so on. To learn more, see SCIM provisioning overview. |