Duo Network Gateway - Release Notes

Duo Network Gateway allows your users to access your on-premises websites, web applications, and SSH servers without having to worry about managing VPN credentials, while also adding login security with the Duo Prompt.

Download the current release from the Checksums and Downloads page.

Version 1.5.10 - January 27, 2021

Improved performance under high loads
Disables TLS 1.0 and TLS 1.1 support for improved security.
Adds support for the Duo Universal Prompt with the "Enable Frameless" option for Web and SSH applications.

Version 1.5.9 - October 21, 2020

Obscures SAML response signatures in logs so that they cannot be replayed.
Improved logging.
Enables future support for the Duo Universal Prompt.

Version 1.5.8 - July 16, 2020

A disabled login page will now show when the admin UI is disabled using scripted config instead of an error page.
Bug fixes.

Version 1.5.7 - June 8, 2020

For Duo Network Gateways behind load balancers, added the option to specify the addresses of the load balancers so that Duo Network Gateway can trust the X-Forwarded-For header from the load balancer and use the true client IP address for logging, IP restrictions, and passing upstream to protected applications.
Increased the maximum permissible size of Duo Network Gateway restore files to 128MB.

Version 1.5.6 - March 25, 2020

Modified SameSite cookie settings to account for some specialized Duo Network Gateway deployments.
Increased NGINX buffer size to support bigger headers sent from protected applications.

Version 1.5.5 - February 17, 2020

Added support for Google Chrome version 80 SameSite cookie change.
Updated the way Duo Network Gateway generates self-signed certs to conform to macOS 10.15 requirements. Self-signed certs are used during initial setup of the DNG.

Version 1.5.4 - January 8, 2020

Addressed a potential security risk due to the recent NGINX bug fix on incorrect handling of redirection with "error_page" directive.

Version 1.5.3 - November 2019

Fixed bug that would not honor session durations for greater than 24 hours.
Added support for choosing the Host header sent to the protected application.
Added support for using a wildcard in the subdomain for external URLs to be redirected to a specific internal application. Read more at Configure an Application in Duo Network Gateway

Version 1.5.0 - May 2019

Add support for X-Forwarded-Host and X-Forwarded-Proto headers to be sent in requests to protected applications.
Changes to Let's Encrypt to support future requirements from the service.

Version 1.4.4 - March 2019

Containers now get their resolver from the system /etc/resolv.conf at startup
Support for customizing upstream response timeout on web applications
Disabled insecure SSL/TLS versions
Secure TLS redis connections by validating certificates. See the following KB article if you must use a certificate not signed by an authority in the Mozilla CA bundle.

Version 1.4.3 - November 2018

Added support for larger headers from protected web applications.

Version 1.4.2 - October 2018

Fixed bug that would cause Duo Network Gateway to not correctly establish a successful SSH connection in some situations.
Fixed Scripted Configuration bug that would cause Scripted Restore to fail in some cases.

Version 1.4.1 - October 2018

Fixed Scripted Configuration bug that would cause an extra period to be prepended to permitted suffixes

Version 1.4.0 - September 2018

Added the ability to configure Duo Network Gateway without having to use the Admin UI. Read more at Scripted Configuration for Duo Network Gateway
Fixed Let's Encrypt bug that would cause Duo Network Gateway to not renew certificates

Version 1.3.5 - August 2018

Added the ability for Active / Active High Availability
Bug fixes

Version 1.3.2 - April 2018

Added the ability for Scripted Backup and Restore

Version 1.3.1 - April 2018

Bug fixes

Version 1.3.0 - March 2018

Added the ability to protect SSH servers behind the Duo Network Gateway
UI improvements
Now requires minimum version of Docker v1.12 and Docker Compose v1.10

Version 1.2.10 - December 2017

Security patches to address CVE-2018-7340 (DUO-PSA-2017-003)
Bug fixes

Version 1.2.6 - October 2017

Improved experience when using an internal certificate
Only need to accept Let's Encrypt EULA once
Bug fixes

Version 1.2.5 - September 2017

Bug fixes
Updated UI in the Duo Network Gateway admin console

Version 1.2.4 - September 2017

Bug fixes

Version 1.2.3 - August 2017

Performance improvements
Updated UI in the Duo Network Gateway admin console

Version 1.2.2 - July 2017

Bug fixes

Version 1.2.1 - June 2017

Added support for free, automatically renewing certificates from Let's Encrypt
Updated UI in the Duo Network Gateway admin console
Bug fixes

Version 1.1.0 - March 2017

Added Backup and Restore capabilities
Bug fixes

Version 1.0.0 - February 2017

Initial Release

Government Solutions

Use Cases

Support for Administrators

Support for Duo End Users

Additional Topics

Popular Topics

Docs for Duo Editions

Integrations