Skip navigation
Documentation

Duo Network Gateway - Release Notes

Last Updated: April 18th, 2022

Duo Network Gateway allows your users to access your on-premises websites, web applications, and SSH servers without having to worry about managing VPN credentials, while also adding login security with the Duo Prompt.

Download the current release from the Checksums and Downloads page.

Version 2.0.0 - April 5, 2022

  • General availability of Remote Desktop access protected by Duo Network Gateway.
  • Updated OpenSSL to version 1.1.1n to address CVE-2022-0778.
  • Added configuration checking capabilities to the DNG Admin UI.
  • No longer executes connectivity checks between the DNG and the internal hosts for RDP and SSH relays.
  • General fixes to RDP features for issues encountered during the public preview phase.
  • Reworded help text around "Subdomains" and "App Relay" RDP configuration sections in the UI.
  • Added anti-caching headers in the DNG Admin Panel to prevent browser caching of potentially sensitive information.
  • Updated Portal, Admin, and DNS containers to use Debian 11.
  • Replaced NGINX with OpenResty version 1.19.9.1

Version 1.6.1 - February 22, 2022

  • Fixed issue with dngdns DNS container for RDP to make it pass DNS delegation check performed by Windows Server.
  • Improved logging output for dngdns DNS container for RDP.
  • Fixed issues that treated RDP and SSH internal hostnames as case-sensitive.
  • Offboarding a user now also terminates active SSH and RDP sessions.

Version 1.6.0 - November 18, 2021

  • Public preview of Remote Desktop access protected by Duo Network Gateway. This feature requires a new additional DNS container, created with network-gateway-1.6.0-subzero.yml.
  • New configuration checker check-config command line tool too assist with troubleshooting. See the Duo knowledge base for more info about using this tool.
  • Updated terminology from "SSH Servers" to "SSH Relay"in the admin UI.

Version 1.5.14 - September 29, 2021

Version 1.5.13 - August 24, 2021

  • Updates NGINX to version v1.20.1 to address CVE-2021-23017.
  • Improves performance and robustness when updating configuration.
  • Renames "URI Whitelisting" to "URI Allowlist" in the DNG admin UI with corresponding changes in the scripted config sample and template to use allowlist_* instead of whitelist_*.
  • Additional bug fixes.

Version 1.5.12 - May 11, 2021

  • Now reports errors using a password-protected SSL key in either the DNG admin console or scripted configuration instead of causing the admin container to become unresponsive.
  • Permits setting the maximum body size of a POST request to a value beyond the previously-fixed maximum of 128 MB via the DNG admin console and scripted configuration.

Version 1.5.10 - January 27, 2021

  • Improved performance under high loads
  • Disables TLS 1.0 and TLS 1.1 support for improved security.
  • Adds support for the Duo Universal Prompt with the "Enable Frameless" option for Web and SSH applications.

Version 1.5.9 - October 21, 2020

  • Obscures SAML response signatures in logs so that they cannot be replayed.
  • Improved logging.
  • Enables future support for the Duo Universal Prompt.

Version 1.5.8 - July 16, 2020

  • A disabled login page will now show when the admin UI is disabled using scripted config instead of an error page.
  • Bug fixes.

Version 1.5.7 - June 8, 2020

  • For Duo Network Gateways behind load balancers, added the option to specify the addresses of the load balancers so that Duo Network Gateway can trust the X-Forwarded-For header from the load balancer and use the true client IP address for logging, IP restrictions, and passing upstream to protected applications.
  • Increased the maximum permissible size of Duo Network Gateway restore files to 128MB.

Version 1.5.6 - March 25, 2020

  • Modified SameSite cookie settings to account for some specialized Duo Network Gateway deployments.
  • Increased NGINX buffer size to support bigger headers sent from protected applications.

Version 1.5.5 - February 17, 2020

Version 1.5.4 - January 8, 2020

  • Addressed a potential security risk due to the recent NGINX bug fix on incorrect handling of redirection with "error_page" directive.

Version 1.5.3 - November 2019

  • Fixed bug that would not honor session durations for greater than 24 hours.
  • Added support for choosing the Host header sent to the protected application.
  • Added support for using a wildcard in the subdomain for external URLs to be redirected to a specific internal application. Read more at Configure an Application in Duo Network Gateway

Version 1.5.0 - May 2019

  • Add support for X-Forwarded-Host and X-Forwarded-Proto headers to be sent in requests to protected applications.
  • Changes to Let's Encrypt to support future requirements from the service.

Version 1.4.4 - March 2019

  • Containers now get their resolver from the system /etc/resolv.conf at startup
  • Support for customizing upstream response timeout on web applications
  • Disabled insecure SSL/TLS versions
  • Secure TLS redis connections by validating certificates. See the following KB article if you must use a certificate not signed by an authority in the Mozilla CA bundle.

Version 1.4.3 - November 2018

  • Added support for larger headers from protected web applications.

Version 1.4.2 - October 2018

  • Fixed bug that would cause Duo Network Gateway to not correctly establish a successful SSH connection in some situations.
  • Fixed Scripted Configuration bug that would cause Scripted Restore to fail in some cases.

Version 1.4.1 - October 2018

Version 1.4.0 - September 2018

  • Added the ability to configure Duo Network Gateway without having to use the Admin UI. Read more at Scripted Configuration for Duo Network Gateway
  • Fixed Let's Encrypt bug that would cause Duo Network Gateway to not renew certificates

Version 1.3.5 - August 2018

Version 1.3.2 - April 2018

Version 1.3.1 - April 2018

  • Bug fixes

Version 1.3.0 - March 2018

  • Added the ability to protect SSH servers behind the Duo Network Gateway
  • UI improvements
  • Now requires minimum version of Docker v1.12 and Docker Compose v1.10

Version 1.2.10 - December 2017

Version 1.2.6 - October 2017

  • Improved experience when using an internal certificate
  • Only need to accept Let's Encrypt EULA once
  • Bug fixes

Version 1.2.5 - September 2017

  • Bug fixes
  • Updated UI in the Duo Network Gateway admin console

Version 1.2.4 - September 2017

  • Bug fixes

Version 1.2.3 - August 2017

  • Performance improvements
  • Updated UI in the Duo Network Gateway admin console

Version 1.2.2 - July 2017

  • Bug fixes

Version 1.2.1 - June 2017

  • Added support for free, automatically renewing certificates from Let's Encrypt
  • Updated UI in the Duo Network Gateway admin console
  • Bug fixes

Version 1.1.0 - March 2017

  • Added Backup and Restore capabilities
  • Bug fixes

Version 1.0.0 - February 2017

  • Initial Release