Viewer

  SelfDesk Changelog

File: Changelog_selfdesk.txt
Size: 12 KBytes
MD5: 57DC17DB8D7B348CDA0CD4E9FF643B47

1.1.11
    - This update is required for WebADM version >= 1.7.6.
    - Prevent key import not matching the configured key size for SpanKey.
    - Added support for SpanKey DSA with 2048 and 4096 bit keys.
    - Fixed several wrong file permissions.

1.1.10
    - Added support for Client policy -based access restrictions.
    - Added support for SpanKey count-limited keys.
    - Added SSH Public Key import with copy/paste for SpanKey registration.
    - Users cannot self-configure SSH key expiration or max use.
    
1.1.9
    - Added support for WebADM v1.7 (it does not work with previous versions).
    - Added more expiration time values for Emergency OTP management.
    - Added support for Emergency OTPs with limited usage count.
    - Fixed AD account unlock not working (requires WebADM v1.6.9-2).
    - Fixed support email failing with a sendmail error.
    - Hide the OTP PIN prefix input.
    - Added German translations.
    
1.1.8
    - Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
      > This option requires OpenOTP v1.4.2.
    - U2F / FIDO2 registration choice is now automatic (based on client policies).
    - Fixed Token registration when Soft Token expiration time is set to '0'.
    - Removed password policy configurations.
      > Password change is available only when PwReset is enabled and uses PwReset
        password policy settings.
      > You must edit the SelfDesk configuration and re-apply it in WebADM.
    - OTP prefix change is now avaialbe when OTP prefix is enabled in client policies.
    - Added Emergency OTP registration with configurable automatic expiration.
    
1.1.7
    - Added support for FIDO2 (CTAP and WebAuthn enrollemnts).
      > You need OpenOTP v1.5 with this version of the Self-Service.
    - Removed OpenOTP and TiQR custom address settings.
    - Fixed incomplete token name with QRCode enrollments.
    - Fixed Trusted U2F Devices feature not working on Chrome version >= 66.
    - Setting Allowed Self-Registration 'U2F' is replaced by 'FIDO'.
      > You may need to adjust and re-apply your configuration in WebADM!
    - Added the 'FIDO Device Management' setting section.
    
1.1.6
    - Added support for WebADM v1.6 (this version does not run on previous WebADM).
    - Added support for access restrictions based on a client policies.
    - Added SpanKey enrolment setting 'Allowed SSH Key Types' to limit the type of
      SSH keys to be self-enrolled.
    - Removed OpenOTP Application Passwords without expiration (OpenOTP v1.3.7).
    - Fixed non working per-user and group policies for AllowOTPTypes, AllowRegister,
      AllowTokenTypes and DefaultTokenType.

1.1.5
    - Added support for OpenOTP MSS login method.
    - Fixed an issue with Yubikey registration with YubiCloud.
    - Added support for newer RCDevs software Token.
    - New RCDevs Token logo image.
    
1.1.4
    - Added multilingual support (French translation for now and more to come).
    - Added password expiration notification on the home page.
    - Added support for OpenOTP contextual authentication when two-factor is enabled.
    - Device Id context uses HTTP Cookie instead of Browser fingerprint.
    - Added an option to configured the list of allowed OTP methods to be selected.
    - Allowed OTP Tokens and methods can be defined per LDAP user or group.
    - Better support for PKI user authentication via WAProxies.
    - Removed SMSCount and MailCount user statistics (for OpenOTP v1.3.3-2).
    
1.1.3
    - Added support for upcoming U2F on Firefox and Orpera browsers.
      > You need OpenOTP v1.3.2 with this version of SelfDesk.
    - Added support for the new OpenOTP Push Login methods.
    
1.1.2
    - Added a new enrolment workflow with RCDevs Software Authenticator.
    - Google Authenticator Token icon is replaced by RCDevs Authenticator.
    - Removed the possibility to configure the OTP length setting.
    - Added an option to download both the PEM and PPK SpanKey private
      keys bundled in a ZIP file.

1.1.1
    - Added support for RCDevs SSO v1.2.x with OpenID Connect.
      > This version of SelfDesk is not compatible with the previous versions of
        RCDevs OpenID/SAML IdP.

1.1.0
    - Added support for RCDevs SpanKey Server.
    - Fixed wrong display of registered OTP list size.
    - Removed the ability to configure the OTP list algorithm.
    - Removed the ability to configure application passwords's expiration.
    - Removed 'Allow OpenID' settings (uses the 'Allow Config' setting on OpenID).
    
1.0.20
    - Uses the new WAPI framework from WebADM v1.5.0.
    - Added product categorization for WebADM v1.4.5.
    - Complete facelift with new design and login workflows.
    - Added an OTP validation with HOTP and TOTP QRCode registration.
    - Added brute-force attack protection with source IP address blacklisting.
    
1.0.19
     - Remove resynchronization for Yubikeys which is not necessary.
     - Added an option to require a second login factor (OTP or U2F).
     - Many general user experience enhancements.

1.0.18
     - Users can optionally set friendly names or short descriptions for U2F devices.
     - U2F uses embedded javascript and does not require the Google Chrome extension.
     - When PKI management is disabled, the PKI menu is now hidden.
     - Added support for WebADM user_level configurations in webadm.conf.
     - The OpenID & SAML SSO page has been simplified.
     - OATH TOTP Token choice is prioritized over HOTP.
     - Changed default minimum password length to 6 characters.
     - Changed the Yubikey registration image to include Yubikey Nano.

1.0.17
     - This version is designed for WebADM v1.4 and is not compatbile with v1.3.
     - The 'Allow Unused Tokens Only' setting is removed and enabled by default.
     - Added dynamic password change complexity based of new password length.
     - Added support for OATH tokens supporting MD5 algorithm (ex. RedHat FreeOTP).
     - Support form and Token download URLs are hidden if not configured.

1.0.16
     - Added support for OpenOTP v1.2 and FIDO U2F device management.
     - Changed Allowed Token Types and Default Token Type settings to be more specific.
       > You need to re-configure these settings if they were enabled.
     - Simplified the OTP authentication test.
     
1.0.15
     - OTP inputs do not display the OTP password (required for protecting OTP PIN).
     - With password change, user cannot set a new password equal to the previous password.
     - SMS and Mail choices are removed from the 'Allow Self-Registration' setting.
     - List choice in the 'Allow Self-Registration' setting is renamed to OTPList.
     - Added support for OpenOTP Software Token Expiration and auto re-enrolement process.
     - Added support for OpenOTP/TiQR LoginEnabled configuration.
     - Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
     - Added support for TiQR v1.1 and RSA cryptography.
     - Added support for OpenOTP 1.1.5 and Application Passwords.
     - Passwords change respects the AD password history policy.
     - With OTP PROXY mode, OTP Type is changed to TOKEN after Token enrolment.

1.0.14
     - Added configurations to allow or not SMS and Mail OTP registration.
     - Added support for several Tokens enrolment with Google Authenticator.
     - Added issue URI parameter for Google Authenticator.
     - Added compatibility with OpenID/SAML WebApp v1.1.x.
     - Added compatibility with WebADM per-application session timeouts.
     - Enhanced password update forms.
     - Added Yubikey registration with WebADM Inventory (simply by pressing the Yubikey).
     - Added support for YubiCloud-based Yubikey enrolment.
     - Added a setting to prevent a user from enroling Tokens already used by another user.
     - The Default Token Type HARDWARE is replaced by HARDWARE-OATH and HARDWARE-YUBIKEY.
       If you had configured HARDWARE, please change to one of the options after upgrade.
     - Added actions to de-activate and re-activate registered Tokens.
     - Added a new setting to allow or not user password change.
       > In previous versions, password change used the Allow User Infos Management policy.
     - Self application settings' management (OTP, TiQR, SSO, PKI) are disabled by default.
     - OpenOTP/TiQR Login Mode and OTP Prefix policies cannot be edited by users anymore.
     
1.0.13
     - New aplication architecture designed for WebADM v1.2.6.
     - OpenOTP, TiQR and OpenID settings are disabled when application is not present.
     - Added support for expired LDAP passwords.
     - Adapated HTML for WebADM 1.2.5-1 rendering.
     - Completely re-designed login form.
     - Changed OTP and TiQR texts to be more user-friendly.
     - Added support for WebApp authentication requiring user certificates.
     - Multiple minor other enhancements.

1.0.12
     - Added simple Hardware Token registration with serial numbers. This registration
       mode is highly recommended when dealing with large amounts of Hardware Tokens.
     - PIN change is now allowed without having to enable "Allow OpenOTP Management" feature.
     - Added support for OTP Prefix (PIN) management with OpenOTP v1.1.1.
     - All PIN code values are displayed as bullets.
     - Input length validations for new password, OTP prefix and PIN code.

1.0.11
     - Added support for OpenOTP v1.1 with multi Token and new Fallback methods.
     - Added the possibility to un-register a Token.
     - The Allow Register setting can restrict self-registration to specific Tokens.
     - Added support for users with multiple mobile numbers or email addresses.
     - Added a 'Default Token Type' setting to set the default token type in the token
       registration form.
     - Added PDF OTP list export.

1.0.10
     - Updated for WebADM 1.2.
     - TOKEN, LIST, LASTOTP fallback modes are allowed with any OTPType (OpenOTP 1.0.14).
     - Added SMSMode MailMode configuration (for Ondemand / Prefetch OTP).
     - Users can review all their OTP type settings without changing OTP type.
     - Added "Allowed Token Types" setting allowing to restrict the types of
       Tokens which can be registered.
     - Simplified user interface.
     - Compliance with TiQR Server 1.0.1.
     - Fixed certificate a creation problem when user has no email address.

1.0.9
     - Added support for TiQR Service.
     - Many enhancements.
     
1.0.8
     - Update required with WebADM-1.1.1.
     - Added RADIUS Proxy OTP Type support.
     - Added SHA256 and SHA512 key registration support for TOTP/OCRA Tokens.
     - Added support for OpenOTP 1.0.11-1.
     - Added a setting to allow Token download, registration, resync, test.
     - Added a setting to set OpenOTP logintest URL if not local.
     - Added LDAP password policy settings.
     - Added OpenOTP password list support.
     - Added TOTP resync utility.
       > OpenOTP computes the Token time offset and keeps the offset for OTP culculations.
     - Added OATH OCRA support.

1.0.7
     - Added RCDevs OpenID Provider management features.
     - Added Google Authenticator support with QRCode registration.
     - OpenOTP Token register enhancements.
     - Added QR Barcode-based Token key registration.
     - Added OpenOTP login test page.

1.0.6
     - Uses the new WebADM UI framework.

1.0.5
     - Added OTPFallback configuration.
     - Fixed certificate download problems.

1.0.4
     - Requires WebADM >= 1.0.5.
     - Minor corrections and code enhancements.
     - Text corrections.

1.0.3
     - Added YubiKey Tokens support.

1.0.2
     - Support for Mobile-OTP Software Tokens (motp.sourceforge.net).
     - PIN Code editor for MOTP.
     - Minor code enhancements.

1.0.1
     - Added account unblocking feature and block counter display.
     - Added PKI functionalities (user certificate mamagement).
     - Added OpenOTP Secure Mail functionality.

1.0.0
     Initial SelfDesk release.