Release 1.2.78 (06/12/2021)
- [Bugfix] Changing PIN - the old PIN is still in play using an old authKey
Release 1.2.77 (20/09/2021)
- CRM Support staff generates OTP for Application User
- CRM Support staff updates user's email or mobile number in AN Task
- Dependency improvements
Release 1.2.76 (24/08/2021)
- IAM Introspect API endpoints:
- Get IAM User details
- Get IAM User devices
- Lock/unlock IAM User
- Lock/unlock IAM User device
- Delete IAM User device
- Dependency updates to fix published CVEs
Release 1.2.75 (21/06/2021)
- New Feature: User endpoint to be able to change their pin
- Performance improvements
- Security - Dependency Updates
Release 1.2.74 (23/04/2021)
- Transactionality improvements in Add and Activate user
- DB index improvements
Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.74
Release 1.2.72 (17/02/2021)
- Supports FIDO2 Web Authentication (WebAuthn)
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.72
Release 1.2.71 (04/01/2021)
- Non-authenticated Customer OTP API has an option to encrypt OTPs with a asymmetric key pair
- Non-authenticated Customer OTP API supports option to save OTPs at users' details, so they can access them once they log in successfully
- Non-authenticated Customer OTP API implements brute force protection
- Authenticated Customer OTP API has an option to encrypt OTPs with a asymmetric key pair
- Authenticated Customer OTP API implements brute force protection
- CRM Generated OTP API has an option to encrypt OTPs with a asymmetric key pair
- CRM Generated OTP API supports option to save OTPs at users' details, so they can access them once they log in successfully
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.71
Release 1.2.70 (9/12/2020)
- Support CRM generated OTPs with multiple purposes
- Enhance other OTP APIs
- Fix false positive error related to JWT tokens
- OIDC service APIs support Step-Up Authentication with OTPs
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.70
Release 1.2.69 (1/12/2020)
- Re-enable scheduled task with performance enhancement
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.69
Release 1.2.68 (24/11/2020)
- Applications can generate and validate OTPs for non-authenticated users
- Applications can generate and validate OTPs for authenticated users
- Note: It contains the same patch as in build-1.2.65.1 and build-1.2.67.1
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.68
Release 1.2.67.1 (18/11/2020)
- Disable a scheduled task that may cause performance issues.
- Note: If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.67.1
Release 1.2.67 (10/11/2020)
- Anonymous OTP API
- Security updates
- If you’re currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60, you must update to 1.2.65 and then you can update directly to release version 1.2.67.
Release 1.2.66 (21/10/2020)
- Authenticated users can set up a PIN on their pinless devices
- Update API documentation
- Security updates
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60 you can update directly to release version 1.2.66.
Release 1.2.65 (31/07/2020)
- Optimised audits search
- Dependency updates
- Security updates
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release version 1.2.60 you can update directly to release version 1.2.65.
Release 1.2.64 (02/06/2020)
- Security updates
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from version 1.2.59. Once on release version 1.2.60 you can update directly to release version 1.2.64.
Release 1.2.63 (07/05/2020)
- Security updates
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from version 1.2.59. Once on release version 1.2.60 you can update directly to release version 1.2.63.
Release 1.2.62 (07/04/2020)
- Bug fix: Customer Support Console users didn't get the persisted value of the property "Forbid adding devices" at the page user details
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on version 1.2.60, please update to release version 1.2.62.
Release 1.2.61 (31/03/2020)
- Support pinless device authentication
- Log improvements
- Security updates
- Note: If you're currently on release version 1.2.59 or below you must update to milestone release version 1.2.60 from release version 1.2.59. Once on release 1.2.60, please update to 1.2.61
Release 1.2.60 (04/03/2020)
- Repair DB schema
- Security updates
- Milestone release: Please update to milestone release version 1.2.60 from release version 1.2.59 before updating to anything above version 1.2.60
- Release disclaimer 1: Please upgrade to this release (build-1.2.60) only from the previous one (build-1.2.59), otherwise Blue-Green deployment and backwards compatibility are not supported
- Release disclaimer 2: For new deployments please start with this release (build-1.2.60)
Release 1.2.59 (20/02/2020)
- Switch off DB schema updates (Only on this docker version)
- Security updates
- Release disclaimer 1: This docker has deactivated the DB schema updates and therefore cannot be used on a brand new installation
- Milestone release: If you are updating your platform from a version older than 1.2.56, it's mandatory to update first to the version 1.2.56, then you could update directly from 1.2.56 to 1.2.59
Release 1.2.58 (30/01/2020)
- Root and Customer Support users can now see the group on user details
- Security updates
Release 1.2.57 (02/12/2019)
- Support to retrieve organisation user group information
Release 1.2.56 (21/11/2019)
- Maintenance update to delete code related to a deprecated DB column that will be deleted in a future release
Release 1.2.55 (11/11/2019)
- DB connection pool connects only to master DB node preventing Read Only errors in case of a DB master-slave failover
- Audit the JWT claims granted to users
Release 1.2.54 (22/10/2019)
- Fix the pagination object at the endpoint that retrieves application's users
- Delete a deprecated column at two tables
- Regular security updates at the docker SOE
Release 1.2.53 (20/09/2019)
- Fixes bug at the claims of the JWT
Release 1.2.52 (9/09/2019)
- Document how to monitor Haventec dockers on-premise
- Authenticate apps only contain Authenticate application users and not Console Org Admin
- Support API Key rotation
- Include KeyPairUuid at the response of forgot-pin
- Log improvements - new parameters to the JSON logs: statusCode and uri
- Security updates
Release 1.2.51 (26/08/2019)
- Document error flows at the add and login users endpoint
- Delete the parameter client_secret at the /authorize endpoint in order to follow the OpenID Connect standard
- Console administrator users can only login to Console and not to the applications that they own
- Security updates
- Log improvements
Release 1.2.50 (13/08/2019)
- Add audits to JWT controller
- Option to encrypt the response parameter resetPinToken at the forgot-pin API
- Log improvements
Release 1.2.49 (24/07/2019)
- Option to switch off NGINX logs at the dockers
- Add a successful login counter at the logs
- Security updates
Release 1.2.48 (08/07/2019)
- Display the "timestamp" at the JSON logs in Zulu time zone and without the character "@".
- Security updates
- Log improvements
- Minor bug fixes
Release 1.2.47 (13/06/2019)
- Root administrator can mark a specific organisation with segregation of duties
- The response parameter expires_in at the OpenID API /token is aligned with session TTL updates
- Security updates
- Log improvements
- Minor bug fixes
- Release disclaimer: This docker image contains a backwards compatible DB schema update. In order to support Blue-Green deployment, both products require an update from the immediate previous version (build-1.2.46).
Release 1.2.46 (30/04/2019)
- Logs with JSON format if specified at the container env variable (LOGS_FORMAT=JSON)
- Audit deleted devices due to 90 days of inactivity
- Network resilience - The number of allowed retries to log in with the same authKey is now configurable per application
- Option to forbid add new devices for a specific user
- nonce parameter supports now an UUID with the character "-"
- Device name with "," is now allowed
- Reset the number of failed attempts after resetting the PIN successfully
- Security updates
Release 1.2.45 (10/04/2019)
- Security updates
- Log improvements
Release 1.2.44 (02/04/2019)
- Add network resilience for authentication
Release 1.2.43 (14/03/2019)
- Auditing updates
- Deletes inactive devices after 90 days of inactivity
- Limit Customer Support users privileges
- Option to set the JVM Options of the docker container
- Security updates
Release 1.2.42 (28/02/2019)
- Auditing updates
- Security updates
- Performance updates
Release 1.2.41 (06/02/2019)
- Device activation tokens can now be sent encrypted to your application
- Rename '/jwt/refresh/' endpoint to '/jwt/renew'
- Remove deprecated '/integration/lap' endpoints
- Auditing updates
- Security updates
- Minor bug fixes
Release 1.2.40 (17/01/2019)
- Minor bug fixes
Release 1.2.39 (15/01/2019)
- New API to generate a OTP direct from Authenticate
Release 1.2.38 (09/01/2019)
- New API to refresh a session token
- Security updates
- Minor bug fixes
Release 1.2.37 (03/12/2018)
- Validate OpenID client_secret field
Release 1.2.36 (29/11/2018)
- Addition of APP_USER application user role to enable stronger privileges
- Minor bug fixes
Release 1.2.35 (27/11/2018)
- Minor bug fixes
Release 1.2.34 (21/11/2018)
- Log improvements
- Security updates
Release 1.2.33 (01/11/2018)
- Email parameter is not required when adding a user
- Audit logging is now asynchronous
- Minor bug fixes
Release 1.2.32 (18/10/2018)
- The TTL of the user OTP is now configurable per application
- Supports single use device
- Release disclaimer: This release blocks the Audits table at start up due to a DB schema change and that impacts some use-cases. In order to avoid this issue please upgrade first to the Release build-1.2.31.1 and then to Release build-1.2.32
Release 1.2.31 (09/10/2018)
- Enable the "iss" parameter for Open ID applications to be modified
- Enable the redirect URL for Open ID applications to be modified
- Open ID parameters redirect_uri and state no longer mandatory
- Pagination of Applications List
Release 1.2.30 (24/09/2018)
- Audit records for Self-Service Add User and Device
- 5 Minute lock for first-time failure of PIN authentication sequence
- OpenID /authorize relays all valid OpenID parameters
- Security updates
- Minor bug fixes and improvements
Release 1.2.29 (13/09/2018)
- Enable updating a user using an external IAM to authenticate
- Logging improvements
- Minor bug fixes
Release 1.2.28 (04/09/2018)
- User list pagination
- Org users paged audit list
- Minor bug fixes
Release 1.2.27 (22/08/2018)
- Allow a user to delete their current device
Release 1.2.26 (14/08/2018)
- Improves logs
- Security updates
Release 1.2.25 (03/08/2018)
- Search application users by username, email, or mobile
- Adds a JWT protected API to reset PIN of a user's device and send the token to an external URI configured per application
- Minor bug fixes
Release 1.2.24 (19/07/2018)
- Adds a new frontend look, with drill-downs and a breadcrumb trail for improved navigation
- Minor bug fixes
- Security updates
Release 1.2.23 (13/07/2018)
- Adds Application Audit
- Security updates
Release 1.2.22 (28/06/2018)
- Adds a new user type: Support. They can only see users and edit their details
- Adds functionality to generate a one time PIN for a specific user
- Security updates
Release 1.2.21 (04/06/2018)
- Supports the OpenID parameter "nonce"
- Security updates
Release 1.2.20
- Adds the claim “preferred_username” to the JWT of OpenID applications
- Sets the issuer claim "iss" to "https://api.haventec.com" to the JWT of new OpenID applications
- Adds an OpenID API to retrieve the public JSON Web Key set (JWKS)
- Security updates
Release 1.2.19
- Adds new attributes "username", "email", and "phone_number" to OpenID Claim
- Adds the Sanctum service option for new Applications
- Improves the navigation UI for Root admins and Organisation admins
- Improves the SMTP configuration page UX
- Updates the Root and Organisation admin dashboards
- Publishes the Haventec Authenticate Error codes in doc.haventec.com
Release 1.2.18
- Organisation admin can view organisational details
- Adds expiration time for added devices/reset pin on devices
- Improved Console error messages
- Updates OpenID Connect authorisation code TTL
Release 1.2.17
- Allow admin set TTL for token expiry per application
- Add a setup wizard for on premise installations
Release 1.2.16
- View list of organisations
- Edit device information
- Allow admin set TTL for activation token per application
Release 1.2.15
- Username are now case insensitive
- Update to API documents
- Delete application
- Delete user device
- Security updates
Release 1.2.14
- UX improvements
- Fixed API bug: /self-service/user mobileNumber returned as null
Release 1.2.13
- Set the "from" email address and name in SMTP properties
- Add mobile number to self-service add user API
- Return mobile number in the following APIs forgot PIN, self-service add device, list application users and list single application user
- Lock/unlock user
- Minor bug fixes
Release 1.2.12
- LDAP integration
Release 1.2.11
- UX improvements
Release 1.2.10
- Logging updates
- Monitoring updates
Release 1.2.9
- Base release to support Haventec Sanctum
Release 1.2.8
- UI improvements
- Device fingerprinting
- Add user
Release 1.2.7
- OpenID connect provider
Release 1.2.6
- View user devices
- Lock and unlock user devices
Release 1.2.5
- UI improvements
- URL API versioning improvements
Release 1.2.4
- Add new device
- UI improvements
- URL API versioning improvements
- Messaging improvements
- Updates to the Haventec Sample App
- Updates to the Haventec Sample Server
Release 1.2.3
- Delete Application users
- New NPM common-js
- Updates to the Haventec Sample App
- Updates to the Haventec Sample Server
Comments
0 comments
Please sign in to leave a comment.