Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

What’s in this release?

New features, enhancements, and other improvements

• Improved Passwordless Reporting in the Duo Admin Panel
• Update to Duo Admin API Endpoints

New and updated applications

• Five New Named Applications with Duo SSO
• Duo Device Health Application Version 4.5.0.0
• Duo Authentication Proxy Version 6.0.0
• Duo Two-Factor Authentication for macOS Version 2.0.2
• Duo Splunk Connector Versions 1.2.0, 1.2.1 and 1.2.2 released
• Duo Mobile for Android Version 4.42.0
• Duo Mobile for iOS Version 4.42.0

Check out a new resource: the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.

New features, enhancements, and other improvements

Improved Passwordless reporting in the Duo Admin Panel

• The Reports > Single Sign-On Log provides more detail for Passwordless authentications, including the authentication method, access device info and application.

Update to Duo Admin API endpoints

• We’ve updated the label response key on the Retrieve WebAuthn Credentials by User ID endpoint to include:
  • “Passkey"
  • “Windows Hello”
  • “Android biometric”
  • “Face ID / Touch ID (iOS)”
  • "Face ID / Touch ID (iPadOS)”
• Previous WebAuthn authenticator values were “TouchID” and “Security Key.”

New and updated applications

Five new named applications with Duo SSO

• There are now named applications to protect Bonusly, SonicWall SMA 200 Series, GoTo Apps, Monday and CrashPlan using Duo SSO, our cloud identity provider.
• Reminder: Duo Access Gateway will reach end of life in October 2023. Please see the Guide to Duo Access Gateway end of life for more details.

Duo Device Health Application version 4.5.0.0 released

• Support tool can gather additional logging.
• Home screen now indicates if users do not have the latest Apple Rapid Security Response updates.

Duo Authentication Proxy version 6.0.0 released

• SHA1 signed certificates are no longer supported for LDAPS or StartTLS connections. This affects Duo Single Sign-On Active Directory authentication, Active Directory Sync, OpenLDAP Directory Sync, and ad_client configuration for RADIUS or LDAP authentication. SHA1 certificates issued to Active Directory domain controllers or LDAP directory servers must be reissued as SHA256 or greater. If a SHA256+ certificate cannot be obtained, the alternative is to use unsecured (CLEAR) transport.
• NTLM1 is disabled in FIPS mode, and deprecated in non-FIPS mode.
• Linux installer now supports ARM64/AARCH64 in addition to the existing AMD64/x64 support.
• Updated Cryptography to 40.0.2 to address CVE-2020-25659 and CVE-2020-36242.
• Updated OpenSSL to 3.1.1.
• Updated Python to 3.8.16 to address CVE-2022-26488, CVE-2016-3189, CVE-2019-12900, CVE-2018-25032, CVE-2020-10735 and CVE-2022-37454.

Duo Two-Factor Authentication for macOS version 2.0.2 released

• Minor log filtering improvements.
• Security fixes.

Duo Splunk Connector version 1.2.0 released

• Corrects an issue present in earlier releases where the Duo secret key was logged in plain-text when DEBUG logging was enabled in the Duo Splunk configuration. We encourage you to generate a new Duo secret key for the Admin API application used with the Splunk Connector and then update the secret key stored in the Duo Splunk config with the new value.
• Removed support for Python 2 and Splunk releases below 8.0.
• Updated dependencies:
  • splunk-sdk 1.7.3
  • duo-client 4.7.1
  • pytz 2023.3
  • six 1.16.0
• Duo Splunk Connector installer no longer creates the duo index automatically for new installs.

Duo Splunk Connector version 1.2.1 released

• Corrects an issue in Duo Splunk Connector 1.2.0 where the default/indexes.conf index was inadvertently removed from Splunk Cloud if it already existed.

Duo Splunk Connector version 1.2.2 released

• Correctly restores default/indexes.conf if it already existed.
• Updates app.manifest and app.conf with the correct version number.

Duo Mobile for Android version 4.42.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.

Duo Mobile for iOS version 4.42.0 released

• Miscellaneous bug fixes and behind-the-scenes improvements.