Viewer

  PwReset Changelog

File: Changelog_pwreset.txt
Size: 4 KBytes
MD5: 82526E5B28DBC0EB3B10EC847EAAFBFD

1.0.15
    - This update is required for WebADM version >= 1.7.6.
    - Added support for Client policy -based access restrictions.
    - Added a 'Cancel' button when accessing the application via a link.
    - Fixed 'Close' buttons sometimes not closing/blanking correctly.
    - Fixed one-time access link not beeing expired after an OpenOTP login.
    - Fixed several wrong file permissions.
    
1.0.14
    - Added optional MFA requirement in the Manager method.
    - Added a configuration to require access via email links (like SelfReg).
    - Fixed other methods' list in the login pages not displayed when only one
      other method is available.

1.0.13
    - Added support for WebADM v1.7 (it does not work with previous versions).
    - Fixed AD account unlock not working (requires WebADM v1.6.9-2).
    - Added max password length to the password policy settings.
    - Added a setting to reject SAML requests not patching a client policy.
    - Added a setting to enable/disable the PKI login feature.
    - Added German translations.
    
1.0.12
    - Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
      > This option requires OpenOTP v1.4.2.
    - Added support for password blacklist checking at haveibeenpwned.com.
      > The embedded password blacklist has been removed.
      > Requires WebADM to have Internet access (direct or via HTTP proxy).
    - Added exported framework function to be used by SelfDesk password change.
    - Fixed 'close' button not always displayed after password reset.
    - Minor cosmetic enhancements.
    
1.0.11
    - Added support for FIDO2 (CTAP and WebAuthn enrollemnts).
      > You need OpenOTP v1.5 with this version of Password Reset.

1.0.10
    - Added WAPI methods for sending password reset requests to users or groups.
    - Added a Manager method to batch-send password reset requests.
    - Removed OpenOTP and TiQR custom URL settings.
    - Added Admin pages for LDAP users and groups.
    
1.0.9
    - Fixed issues with OpenOTP/TiQR authentication when AD account is locked.
    - Added support for ActiveDirectory "user must change password" state.
    - Added ActiveDirectory Account unlocking (AD Louckout).
    - Added support for WebADM v1.6 (this version does not run on previous WebADM).
    - Added support for access restrictions based on a client policies.
    
1.0.8
    - Added multilingual support (French translation for now and more to come).
    - Added support for upcoming U2F on Firefox and Orpera browsers.
      > You need OpenOTP v1.3.2 with this version of PwReset.
    - Added support for the new OpenOTP Push Login methods.
    - Device Id context uses HTTP Cookie instead of Browser fingerprint.

1.0.6
    - Uses the new WAPI framework from WebADM v1.5.0.
    - Added product categorization for WebADM v1.4.5.
    - Complete facelift with new design and login workflows.
    - Added brute-force attack protection with source IP address blacklisting.

1.0.5
   - U2F uses embedded javascript and does not require the Google Chrome extension.
   - Added a setting to force challenge and hide the OTP input in the login form.
   - Added support for WebADM user_level configurations in webadm.conf.
   - Changed default minimum password length to 6 characters.
   
1.0.4
    - This version is designed for WebADM v1.4 and is not compatbile with v1.3.
    - Added dynamic password change complexity based of new password length.
    - Added support for OpenOTP v1.2 and FIDO U2F authentication.
    - Added an option to switch between Simple and Normal OpenOTP login modes.
      > The default mode is now Simple Login.
    - Added support for OpenOTP contextual authentication with trusted contexts.
    
1.0.2
    - OTP inputs do not display the OTP password (required for protecting OTP PIN).
    - Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
    - Fixed password refused with challenged OTP.
    - User cannot set a new password equal to the previous password.
    - Passwords change respects the AD password history policy.
    - Added a PKI login mode which bypasses OTP and TiQR authentication.
    
1.0.1
     - Added an option to require the expired LDAP password validation.
     - Added configurations for min passord length up to 16 characters.
    
1.0.0
     Initial Password Reset release.
     - Application authenication is done via OTP or TiQR.
     - Supports LDAP and AD Domain password reset.
     - Supports password complexity policies.