Duo Network Gateway - Release Notes

Download the current release from the Checksums and Downloads page.

Version 2.0.0 - April 5, 2022

• General availability of Remote Desktop access protected by Duo Network Gateway.
• Updated OpenSSL to version 1.1.1n to address CVE-2022-0778.
• Added configuration checking capabilities to the DNG Admin UI.
• No longer executes connectivity checks between the DNG and the internal hosts for RDP and SSH relays.
• General fixes to RDP features for issues encountered during the public preview phase.
• Reworded help text around "Subdomains" and "App Relay" RDP configuration sections in the UI.
• Added anti-caching headers in the DNG Admin Panel to prevent browser caching of potentially sensitive information.
• Updated Portal, Admin, and DNS containers to use Debian 11.
• Replaced NGINX with OpenResty version 1.19.9.1

Version 1.6.1 - February 22, 2022

• Fixed issue with dngdns DNS container for RDP to make it pass DNS delegation check performed by Windows Server.
• Improved logging output for dngdns DNS container for RDP.
• Fixed issues that treated RDP and SSH internal hostnames as case-sensitive.
• Offboarding a user now also terminates active SSH and RDP sessions.

Version 1.6.0 - November 18, 2021

• Public preview of Remote Desktop access protected by Duo Network Gateway. This feature requires a new additional DNS container, created with network-gateway-1.6.0-subzero.yml.
• New configuration checker check-config command line tool too assist with troubleshooting. See the Duo knowledge base for more info about using this tool.
• Updated terminology from "SSH Servers" to "SSH Relay"in the admin UI.

Version 1.5.14 - September 29, 2021

• Addresses the Let's Encrypt "DST Root CA X3" root certificate expiration on September 30, 2021.
• Bug fixes.

Version 1.5.13 - August 24, 2021

• Updates NGINX to version v1.20.1 to address CVE-2021-23017.
• Improves performance and robustness when updating configuration.
• Renames "URI Whitelisting" to "URI Allowlist" in the DNG admin UI with corresponding changes in the scripted config sample and template to use allowlist_* instead of whitelist_*.
• Additional bug fixes.

Version 1.5.12 - May 11, 2021

• Now reports errors using a password-protected SSL key in either the DNG admin console or scripted configuration instead of causing the admin container to become unresponsive.
• Permits setting the maximum body size of a POST request to a value beyond the previously-fixed maximum of 128 MB via the DNG admin console and scripted configuration.

Version 1.5.10 - January 27, 2021

• Improved performance under high loads
• Disables TLS 1.0 and TLS 1.1 support for improved security.
• Adds support for the Duo Universal Prompt with the "Enable Frameless" option for Web and SSH applications.

Version 1.5.9 - October 21, 2020

• Obscures SAML response signatures in logs so that they cannot be replayed.
• Improved logging.
• Enables future support for the Duo Universal Prompt.

Version 1.5.8 - July 16, 2020

• A disabled login page will now show when the admin UI is disabled using scripted config instead of an error page.
• Bug fixes.

Version 1.5.7 - June 8, 2020

• For Duo Network Gateways behind load balancers, added the option to specify the addresses of the load balancers so that Duo Network Gateway can trust the X-Forwarded-For header from the load balancer and use the true client IP address for logging, IP restrictions, and passing upstream to protected applications.
• Increased the maximum permissible size of Duo Network Gateway restore files to 128MB.

Version 1.5.6 - March 25, 2020

• Modified SameSite cookie settings to account for some specialized Duo Network Gateway deployments.
• Increased NGINX buffer size to support bigger headers sent from protected applications.

Version 1.5.5 - February 17, 2020

• Added support for Google Chrome version 80 SameSite cookie change.
• Updated the way Duo Network Gateway generates self-signed certs to conform to macOS 10.15 requirements. Self-signed certs are used during initial setup of the DNG.

Version 1.5.4 - January 8, 2020

• Addressed a potential security risk due to the recent NGINX bug fix on incorrect handling of redirection with "error_page" directive.

Version 1.5.3 - November 2019

• Fixed bug that would not honor session durations for greater than 24 hours.
• Added support for choosing the Host header sent to the protected application.
• Added support for using a wildcard in the subdomain for external URLs to be redirected to a specific internal application. Read more at Configure an Application in Duo Network Gateway

Version 1.5.0 - May 2019

• Add support for X-Forwarded-Host and X-Forwarded-Proto headers to be sent in requests to protected applications.
• Changes to Let's Encrypt to support future requirements from the service.

Version 1.4.4 - March 2019

• Containers now get their resolver from the system /etc/resolv.conf at startup
• Support for customizing upstream response timeout on web applications
• Disabled insecure SSL/TLS versions
• Secure TLS redis connections by validating certificates. See the following KB article if you must use a certificate not signed by an authority in the Mozilla CA bundle.

Version 1.4.3 - November 2018

• Added support for larger headers from protected web applications.

Version 1.4.2 - October 2018

• Fixed bug that would cause Duo Network Gateway to not correctly establish a successful SSH connection in some situations.
• Fixed Scripted Configuration bug that would cause Scripted Restore to fail in some cases.

Version 1.4.1 - October 2018

• Fixed Scripted Configuration bug that would cause an extra period to be prepended to permitted suffixes

Version 1.4.0 - September 2018

• Added the ability to configure Duo Network Gateway without having to use the Admin UI. Read more at Scripted Configuration for Duo Network Gateway
• Fixed Let's Encrypt bug that would cause Duo Network Gateway to not renew certificates

Version 1.3.5 - August 2018

• Added the ability for Active / Active High Availability
• Bug fixes

Version 1.3.2 - April 2018

• Added the ability for Scripted Backup and Restore

Version 1.3.1 - April 2018

• Bug fixes

Version 1.3.0 - March 2018

• Added the ability to protect SSH servers behind the Duo Network Gateway
• UI improvements
• Now requires minimum version of Docker v1.12 and Docker Compose v1.10

Version 1.2.10 - December 2017

• Security patches to address CVE-2018-7340 (DUO-PSA-2017-003)
• Bug fixes

Version 1.2.6 - October 2017

• Improved experience when using an internal certificate
• Only need to accept Let's Encrypt EULA once
• Bug fixes

Version 1.2.5 - September 2017

• Bug fixes
• Updated UI in the Duo Network Gateway admin console

Version 1.2.4 - September 2017

• Bug fixes

Version 1.2.3 - August 2017

• Performance improvements
• Updated UI in the Duo Network Gateway admin console

Version 1.2.2 - July 2017

• Bug fixes

Version 1.2.1 - June 2017

• Added support for free, automatically renewing certificates from Let's Encrypt
• Updated UI in the Duo Network Gateway admin console
• Bug fixes

Version 1.1.0 - March 2017

• Added Backup and Restore capabilities
• Bug fixes

Version 1.0.0 - February 2017

• Initial Release