1.3.5 (January 7 2025)
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
- Removed the 'Hide OTP Password' and 'Allow Reset' settings.
- Added support for OpenOTP push commit methods when MFA is enabled.
- Added client certificate support with MFA login.
1.3.4 (April 12 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
1.3.3 (March 6 2024)
- Added a WAPI function for SelfDesk to check weak and pwned passwords.
1.3.2 (November 22 2023)
- The PasswordStrength setting now uses locally-downloaded password
blacklists for weak or leaked passwords found on public sources.
- Fixed ActiveDirectory password re-use check not working.
1.3.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.3.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
- Added Require Certificate setting.
- Fixed locked-out account unlocking.
1.2.1 (March 27 2023)
- Added compatibility with WebADM 2.3.
- Removed Default Backend and Allow PKI settings.
> PKI wan now be used transparently in normal and MFA mode and will bypass
the username input.
1.2.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
- Expiration time for a reset request is now in hours.
1.1.7 (November 1 2022)
- Removed default value for Minimum Password Length.
- Policy requirements are not displayed when a custom policy message
is configured.
- Added automatic language switching based on LDAP user language.
1.1.6 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.1.5 (April 22 2022)
- Display policy check error message on password change due to backend
password policy check constraints.
- Fixed several issues with password policy rules display.
- Added a setting to provide additional policy information to the users.
1.1.4 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Fixed broken PKI login.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.1.3 (July 7 2021)
- Create a logfile event for every user operation.
1.1.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.1.1
- Added compatibility with WebADM 2.0.11.
1.1.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for OpenOTP virtual attributes.
- Added 'None' method not to send the one-time request via Mail or SMS.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
1.0.15
- This update is required for WebADM version >= 1.7.6.
- Added support for Client policy -based access restrictions.
- Added a 'Cancel' button when accessing the application via a link.
- Fixed 'Close' buttons sometimes not closing/blanking correctly.
- Fixed one-time access link not beeing expired after an OpenOTP login.
- Fixed several wrong file permissions.
1.0.14
- Added optional MFA requirement in the Manager method.
- Added a configuration to require access via email links (like SelfReg).
- Fixed other methods' list in the login pages not displayed when only one
other method is available.
1.0.13
- Added support for WebADM v1.7 (it does not work with previous versions).
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Added max password length to the password policy settings.
- Added a setting to reject SAML requests not patching a client policy.
- Added a setting to enable/disable the PKI login feature.
- Added German translations.
1.0.12
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- Added support for password blacklist checking at haveibeenpwned.com.
> The embedded password blacklist has been removed.
> Requires WebADM to have Internet access (direct or via HTTP proxy).
- Added exported framework function to be used by SelfDesk password change.
- Fixed 'close' button not always displayed after password reset.
- Minor cosmetic enhancements.
1.0.11
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of Password Reset.
1.0.10
- Added WAPI methods for sending password reset requests to users or groups.
- Added a Manager method to batch-send password reset requests.
- Removed OpenOTP and TiQR custom URL settings.
- Added Admin pages for LDAP users and groups.
1.0.9
- Fixed issues with OpenOTP/TiQR authentication when AD account is locked.
- Added support for ActiveDirectory "user must change password" state.
- Added ActiveDirectory Account unlocking (AD Lockout).
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
1.0.8
- Added multilingual support (French translation for now and more to come).
- Added support for upcoming U2F on Firefox and Opera browsers.
> You need OpenOTP v1.3.2 with this version of PwReset.
- Added support for the new OpenOTP Push Login methods.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
1.0.6
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added brute-force attack protection with source IP address blacklisting.
1.0.5
- U2F uses embedded javascript and does not require the Google Chrome extension.
- Added a setting to force challenge and hide the OTP input in the login form.
- Added support for WebADM user_level configurations in webadm.conf.
- Changed default minimum password length to 6 characters.
1.0.4
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- Added dynamic password change complexity based of new password length.
- Added support for OpenOTP v1.2 and FIDO U2F authentication.
- Added an option to switch between Simple and Normal OpenOTP login modes.
> The default mode is now Simple Login.
- Added support for OpenOTP contextual authentication with trusted contexts.
1.0.2
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Fixed password refused with challenged OTP.
- User cannot set a new password equal to the previous password.
- Passwords change respects the AD password history policy.
- Added a PKI login mode which bypasses OTP and TiQR authentication.
1.0.1
- Added an option to require the expired LDAP password validation.
- Added configurations for min password length up to 16 characters.
1.0.0
Initial Password Reset release.
- Application authentication is done via OTP or TiQR.
- Supports LDAP and AD Domain password reset.
- Supports password complexity policies.
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
- Removed the 'Hide OTP Password' and 'Allow Reset' settings.
- Added support for OpenOTP push commit methods when MFA is enabled.
- Added client certificate support with MFA login.
1.3.4 (April 12 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
1.3.3 (March 6 2024)
- Added a WAPI function for SelfDesk to check weak and pwned passwords.
1.3.2 (November 22 2023)
- The PasswordStrength setting now uses locally-downloaded password
blacklists for weak or leaked passwords found on public sources.
- Fixed ActiveDirectory password re-use check not working.
1.3.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.3.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
- Added Require Certificate setting.
- Fixed locked-out account unlocking.
1.2.1 (March 27 2023)
- Added compatibility with WebADM 2.3.
- Removed Default Backend and Allow PKI settings.
> PKI wan now be used transparently in normal and MFA mode and will bypass
the username input.
1.2.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
- Expiration time for a reset request is now in hours.
1.1.7 (November 1 2022)
- Removed default value for Minimum Password Length.
- Policy requirements are not displayed when a custom policy message
is configured.
- Added automatic language switching based on LDAP user language.
1.1.6 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.1.5 (April 22 2022)
- Display policy check error message on password change due to backend
password policy check constraints.
- Fixed several issues with password policy rules display.
- Added a setting to provide additional policy information to the users.
1.1.4 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Fixed broken PKI login.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.1.3 (July 7 2021)
- Create a logfile event for every user operation.
1.1.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.1.1
- Added compatibility with WebADM 2.0.11.
1.1.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for OpenOTP virtual attributes.
- Added 'None' method not to send the one-time request via Mail or SMS.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
1.0.15
- This update is required for WebADM version >= 1.7.6.
- Added support for Client policy -based access restrictions.
- Added a 'Cancel' button when accessing the application via a link.
- Fixed 'Close' buttons sometimes not closing/blanking correctly.
- Fixed one-time access link not beeing expired after an OpenOTP login.
- Fixed several wrong file permissions.
1.0.14
- Added optional MFA requirement in the Manager method.
- Added a configuration to require access via email links (like SelfReg).
- Fixed other methods' list in the login pages not displayed when only one
other method is available.
1.0.13
- Added support for WebADM v1.7 (it does not work with previous versions).
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Added max password length to the password policy settings.
- Added a setting to reject SAML requests not patching a client policy.
- Added a setting to enable/disable the PKI login feature.
- Added German translations.
1.0.12
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- Added support for password blacklist checking at haveibeenpwned.com.
> The embedded password blacklist has been removed.
> Requires WebADM to have Internet access (direct or via HTTP proxy).
- Added exported framework function to be used by SelfDesk password change.
- Fixed 'close' button not always displayed after password reset.
- Minor cosmetic enhancements.
1.0.11
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of Password Reset.
1.0.10
- Added WAPI methods for sending password reset requests to users or groups.
- Added a Manager method to batch-send password reset requests.
- Removed OpenOTP and TiQR custom URL settings.
- Added Admin pages for LDAP users and groups.
1.0.9
- Fixed issues with OpenOTP/TiQR authentication when AD account is locked.
- Added support for ActiveDirectory "user must change password" state.
- Added ActiveDirectory Account unlocking (AD Lockout).
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
1.0.8
- Added multilingual support (French translation for now and more to come).
- Added support for upcoming U2F on Firefox and Opera browsers.
> You need OpenOTP v1.3.2 with this version of PwReset.
- Added support for the new OpenOTP Push Login methods.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
1.0.6
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added brute-force attack protection with source IP address blacklisting.
1.0.5
- U2F uses embedded javascript and does not require the Google Chrome extension.
- Added a setting to force challenge and hide the OTP input in the login form.
- Added support for WebADM user_level configurations in webadm.conf.
- Changed default minimum password length to 6 characters.
1.0.4
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- Added dynamic password change complexity based of new password length.
- Added support for OpenOTP v1.2 and FIDO U2F authentication.
- Added an option to switch between Simple and Normal OpenOTP login modes.
> The default mode is now Simple Login.
- Added support for OpenOTP contextual authentication with trusted contexts.
1.0.2
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Fixed password refused with challenged OTP.
- User cannot set a new password equal to the previous password.
- Passwords change respects the AD password history policy.
- Added a PKI login mode which bypasses OTP and TiQR authentication.
1.0.1
- Added an option to require the expired LDAP password validation.
- Added configurations for min password length up to 16 characters.
1.0.0
Initial Password Reset release.
- Application authentication is done via OTP or TiQR.
- Supports LDAP and AD Domain password reset.
- Supports password complexity policies.