Showing results for 
Search instead for 
Did you mean: 
Cisco Employee
Cisco Employee

Hello everyone! Here are the release notes for our most recent updates to Duo.

Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.

Check out a new resource: Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products. See the article Does Duo provide advanced notice before releasing product changes? for more information.


What’s in this release? 

New features, enhancements, and other improvements

New and updated applications


New features, enhancements, and other improvements


Now generally available: New Settings endpoint parameter for Duo Admin API

  • Admin API applications with “Grant settings” API permission can now use the Settings endpoint in the Admin API to view or change the enablement of the Global Self-Service Policy feature.
  • Because this is no longer in private preview, the related Early Access badge will no longer be visible in the Duo Admin Panel.


More consistent login experiences across Duo authentications


Updates to Trust Assessment filter in Duo Admin Panel Authentication Log

  • You can now filter your Authentication Log by these Trust Assessment options:
    • N/A
    • Normal
    • Policy not applied
    • Remembered device
    • Re-auth required
    • Factors restricted


Refined security measures in Risk-Based Authentication

  • To improve Duo protection from passcode phishing, Duo’s Risk-Based Factor Selection (RBFS) policy will no longer allow passcodes enabled via SMS, Duo Mobile or hardware tokens as an authentication method on detection of a known attack pattern or anomaly until the user completes MFA with a more secure method.
  • This change does not apply to the Auth API.
  • RBFS also steps up authentication when a novel ASN (autonomous system number) is detected.


New and updated applications


Four new named SAML applications with Duo SSO


Duo Network Gateway (DNG) version 2.3.0 released

  • Added Custom Application Relay support: Secure, protect, and tunnel additional protocols like SFTP, FTP, Telnet, SQL, etc.
  • Fixes an issue where non-RSA certificate keys would get logged (ECDSA certificate keypairs and other non-RSA keypairs are unsupported at this time).
  • Fixes an issue where the Maximum header size default was 128KB instead of 8KB.
  • Fixes an issue where if the certificate uploaded for the Duo Network Gateway didn't match the Duo Network Gateway URL no warning was emitted.
  • Upgraded bundled OpenSSL to 1.1.1t.
  • Added support for CentOS Stream 9.
  • Fixes incorrect OpenAPI specifications.


Duo Mobile for Android version 4.47.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.


Duo Mobile for iOS version 4.47.0 released

  • Miscellaneous bug fixes and behind-the-scenes improvements.
Cisco Employee
Cisco Employee

Updated Refined security measures in Risk-Based Authentication to include information about ASN on 9/15/23.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links