on - edited on by
DuoKristina
Hello everyone! Here are the release notes for our most recent updates to Duo.
Public release notes are published on the Customer Community every other Friday, the day after the D-release is completely rolled out. You can subscribe to notifications for new release notes by following the process described here. If you have any questions about these changes, please comment below.
Check out the Guide to Duo End-of-Life and End-of-Support Plans. This guide provides an up-to-date list of current and past end-of-life plans for Duo products.
What’s in this release?
- What’s in this release?
- New features, enhancements, and other improvements
- Now in public preview: Continuous Identity Securityfeaturing Duo Identity Security
- Duo policy defaultupdates for customers with Duo Advantage and Duo Premier editions
- LastPass is now compatible with the Duo Universal Prompt
- New location for What's New content in the Duo Admin Panel
- Improvements to enrollment in the Duo Universal Prompt
- New and updated applications
- Six new named SAML applications with Duo Single Sign-On
- Duo Multifactor Authentication for Cisco ISE
- Duo Authentication Proxy version 6.4.0 and version 6.4.1 released
- Duo Network Gateway version 3.1.0 released
- Duo Desktop version 6.7.0 released
- Duo Desktop public beta version 6.6.1 released
- Duo for OWA 2.1.0 released
- Duo Mobile for Android version 4.64.0 released
- Duo Mobile for iOS version 4.64.0 released
- Bug fixes
New features, enhancements, and other improvements
Now in public preview: Continuous Identity Security featuring Duo Identity Security
Our integration with Cisco Identity Intelligence adds value on top of your identity and security investments like Microsoft Entra and Okta. It uses AI to analyze all identity-related activity across all accounts, all devices and IdPs to provide deep visibility into identity infrastructure and continuously inform Cisco Duo enforcement points.
Duo policy default updates for customers with Duo Advantage and Duo Premier editions
- Remembered Devices policy now defaults to Duo Risk-Based Remembered Devices.
- Verified Duo Push is no longer enabled by default when Duo Risk-Based Factor Selection is enabled.
- These new policy defaults will not modify existing policies. They apply to global policy for new customers and new custom policies for all customers.
LastPass is now compatible with the Duo Universal Prompt
- The Duo-protected LastPass application will now show that it is Ready to Activate in the Duo Admin Panel after you authenticate to LastPass with the "Use Duo Web SDK when possible" option enabled in your LastPass Duo multifactor settings.
New location for What's New content in the Duo Admin Panel
- What’s New content has been relocated from the Dashboard to the Help menu, where it offers better navigation experience and is accessible from every page in the Duo Admin Panel.
Improvements to enrollment in the Duo Universal Prompt
- Updated content to provide clearer instructions to enrolling users.
- Removed the following two cards from the enrollment flow.
|
|
New and updated applications
Six new named SAML applications with Duo Single Sign-On
- There are now named SAML applications to protect Verkada, Freshworks, WP Engine, Trend Vision One, Hootsuite and ThousandEyes with Duo Single Sign-On (SSO), our cloud identity provider.
- Reminder: Duo Access Gateway reached the last date of support on October 26, 2023. The DAG end-of-life milestone scheduled for March 30, 2024 was canceled. At this time, existing DAG applications will continue to work after March 30, 2024. Please see the Guide to Duo Access Gateway end of life for more details.
Duo Multifactor Authentication for Cisco ISE
- Beginning with Cisco ISE Release 3.3 Patch 1, you can directly integrate Cisco Duo with Cisco ISE as an external identity source for VPN and TACACS+ multifactor authentication.
- Two named applications are now available in the Duo Admin Panel to support Duo ISE integration: Cisco ISE Auth API and Cisco ISE Admin API.
- In earlier releases of Cisco ISE, Cisco Duo was supported as an external RADIUS proxy server and this configuration continues to be supported.
Duo Authentication Proxy version 6.4.0 and version 6.4.1 released
- Version 6.4.0
- Fixes unnecessarily strict Connectivity Tool validation of ldap_server_auto SSL certificates.
- Improves logged error messaging for AD DIR_ERROR responses.
- The Authentication Proxy Manager now displays additional error information in certain failure scenarios.
- Updates the internal build process to use scoped package names.
- Upgrade to Cryptography 42.0.5 / OpenSSL 3.2.1 to address CVE-2024-26130, CVE-2023-50782, and CVE-2024-0727.
- This version of OpenSSL changes the default SSL/TLS security level from
1to2. As a result of the default security level change, certificates with key lengths less than 2048 are no longer acceptable for inbound and outbound SSL, LDAPS, or STARTTLS connections to the Authentication Proxy. Our recommendation is that you reissue your certificates with key lengths of 2048 or greater. If you cannot update your certificates now, a workaround is available. Please see Duo KB article 8866 for details.
- This version of OpenSSL changes the default SSL/TLS security level from
- Upgrade Python to 3.11.9 to address CVE-2023-6597 and CVE-2024-0450.
- Upgrade OpenSSL FIPS module to 3.0.9 to address CVE-2023-1255.
- Updates various internal dependencies.
- Version 6.4.1
- Fixes a resource leak related to failed TLS connections in ldap_server_auto.
- Please review the information in the 6.4.0 release note. If you experience issues with LDAPS/STARTTLS connections after installing 6.4.1, and your certificate(s) have key lengths less than 2048, see Duo KB article 8866 for a workaround.
Duo Network Gateway version 3.1.0 released
- New web application setting to configure Proxy buffer size.
- New feature flag to enable worker thread shutdown timer in DNG scripted configurations.
- Updated lxml to 5.2.1 to address CVE-2022-1873.
- Updated golang.org/x/text to 0.14.0 address CVE-2022-32149.
- Updated Python to 3.10.13 to address CVE-2022-2464, CVE-2022-4568, CVE-2015-0814, CVE-2018-2503.
- Updated Dependencies: Rust to 1.76.0, Openresty to 1.25.3, isodate to 0.6.1, pbr to 6.0.0, Node to 20.11.1, and Go to 1.22.0.
Duo Desktop version 6.7.0 released
- macOS version 6.7.0.0
- Minor improvements and enhancements.
- Windows version 6.7.0
- Internal changes to support future compatibility with Windows Server.
Duo Desktop public beta version 6.6.1 released
- macOS beta version 6.6.1.0
- Minor improvements and enhancements.
- Windows beta version 6.6.1
- Minor improvements and enhancements.
Duo for OWA 2.1.0 released
- Duo MFA parameters now correctly removed from the OWA URL after Duo authentication.
- Corrects an issue affecting redirection to shared mailboxes after Duo MFA.
Duo Mobile for Android version 4.64.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements.
Duo Mobile for iOS version 4.64.0 released
- Miscellaneous bug fixes and behind-the-scenes improvements.
Bug fixes
- Fixed issue with Udemy certificate expiration time limit.
- Authentication experience changes made to specific users will now be included in the Administrator Actions Log
- When new user policy for Duo Device Management Portal for End Users is configured to Allow access without 2FA, partially enrolled users will no longer be blocked when attempting to continue enrollment.
- Improved the error message for end-users blocked when logging into an application protected by Duo Trusted Endpoints from a device that is not trusted, when policy is configured to Require endpoints to be trusted. The Universal Prompt will now display this card:
- The Policies page banner informing Duo administrators about Better protection with risk-based factor selection policy will now only appear for customers with Duo Advantage and Duo Premier editions.
