Authentication Proxy - Release Notes | Duo Security

Skip navigation

Documentation

Authentication Proxy - Release Notes

Release notes for recent Authentication Proxy versions.

Version 2.11.0 - November 2018

Added support for channel binding validation during LDAP authentication over SSL\TLS on Windows Server. See KB 4034879 for more information about the LdapEnforceChannelBinding setting.
The connectivity troubleshooting tool now checks that the api_host in a [cloud] section is accessible.
Corrected an installation issue on Linux systems due to the PYTHON environment variable.
Reworded fail mode result messages to improve logging consistency.

Version 2.10.1 - September 2018

Corrected an installation issue on Linux systems.

Version 2.10.0 - September 2018

Added a new flag to authproxy_passwd that allows you to encrypt all the passwords and secrets in the configuration at once.
Fix bug in Authentication Proxy Connectivity Tool that caused us to report an incorrect time drift.
Added 2fa factor used to the SIEM digestible log output (authevents.log).
Simplified example content in the authproxy.cfg file shown at first use.

Version 2.9.0 - May 2018

Introduced new connectivity troubleshooting tool
Python 2.7 now bundled with Authentication Proxy install
The HTTP Proxy feature now accepts CIDR ranges as permitted client_ip values.
Previous 2.8.1 Windows-only EAP/TLS 1.2 fix for NetMotion implemented in Linux proxy as well

Version 2.8.1 - March 2018

Corrected issue with EAP and TLS 1.2 for NetMotion EAP clients
Released for Windows only

Version 2.7.0 - December 2017

Supports OpenSSL 1.1.0
New LDAP server option: allow_unlimited_binds
Additional bug fixes

Version 2.6.0 - October 2017

This is the minimum required version for OpenLDAP sync and the minimum recommended version for AD sync.

Password authentication for OpenLDAP and AD sync
Fixed bug that caused an authentication event to be logged twice in authevents.log
Additional bug fixes

Version 2.5.4 - August 2017

SIEM-consumable authentication event logging with new configuration option log_auth_events
Corrected ad_client host failover behavior when using ldap_server_auto
Additional bug fixes

Note: Interim versions between 2.4.21 and 2.5.4 are internal builds not released to customers.

Version 2.4.21 - March 2017

Linux logging fix
Bug fixes

Version 2.4.20 - February 2017

Bug fix for premature TLS disconnect

Version 2.4.19 - December 2016

LDAPS bug fixes

Version 2.4.18 - December 2016

Ease-of-use improvements to authproxy.cfg file
Updated to OpenSSL 1.0.2h and PyOpenSSL to 16.2
RADIUS and LDAP bug fixes
Fixed inappropriate fail open behavior when api_timeout is reached (DUO-PSA-2016-002)

Version 2.4.17 - May 2016

Enhanced authentication proxy configuration reporting to Duo
Fixed handling of primary authentication failures in radius_server_eap (DUO-PSA-2016-001)

Version 2.4.16 - May 2016

Fixed handling of missing LDAP passwords (DUO-PSA-2016-001)

Version 2.4.15 - May 2016

Debug logging to file obscures password information
Improved handling of NTLM and UPN Active Directory authentication
Improved handling of mixed format line endings in the config file
Checks config file for duplicate sections at proxy start

Version 2.4.14.1 - February 2016

Directory Sync and HTTP Proxy bug fixes

Version 2.4.14 - December 2015

New LDAP server option: allow_searches_after_bind
Updated EULA

Version 2.4.13 - November 2015

Added support for proxying HTTPS traffic from Duo client applications: http_proxy

Version 2.4.12 - August 2015

Updated to OpenSSL 1.0.1p
Handling for Palo Alto Client-IP attribute

Version 2.4.11 - March 2015

Updated to OpenSSL 1.0.1m

Version 2.4.10 - March 2015

Updated to OpenSSL 1.0.1l
LDAP enhancements and improved logging
Fix proxy startup on Ubuntu LTS
New RADIUS exemption option: exempt_username_1
RADIUS client Message-Authenticator validation

Version 2.4.9 - February 2015

This is the minimum required version for AD sync.

Improved logging
AD Sync improvements

Version 2.4.8 - November 2014

AD Sync connection detection

Version 2.4.7 - November 2014

Fixes for Linux hosts

Version 2.4.6 - October 2014

Updated to OpenSSL 1.0.1j
AD Sync performance enhancement

Version 2.4.5 - September 2014

AD domain discovery feature in ad_client: domain_discovery
AD Sync improvements

Version 2.4.4 - August 2014

AD Sync improvements
Fix LDAP filter extensions

Version 2.4.3 - July 2014

Update ad_client time out logic
RADIUS and LDAP bug fixes

Version 2.4.2 - June 2014

This is the minimum supported version.

Updated to OpenSSL 1.0.1h
TLS v1.2 support
HTTPS proxy support for AD Sync
Support for syslog forwarding (Linux/Unix only): log_file, log_syslog, syslog_facility

Ready to Get Started?

Sign Up Free