Changelog 2.4.12-1922 - 29th May 2025

Here is a summary of the changes in this release.

Features
* Some changes have been made to reduce the memory footprint of the service when large numbers of users and groups exist.
* Disabled user accounts no longer consume a license seat.
* Failed deliveries via Cloud Messaging now have the capability to retry sending the message.
* Added a new task, Reset Profile, for use in automations and triggers.
* A new permission has been added, Mobile Number Personal, which can be removed from the Everyone Role to disallow users from adding their own SMS mobile numbers.
* Support added for Subject Alternative Names for Let's Encrypt SSL certificates
* When using User Selective 2FA, a default authenticator can now be set.
* The currency symbol can now be changed on the Cost Savings widget

Bugs
* Unlocking an account that was already unlocked now correctly informs you of the state of the account and doesn't error.
* Some text fields that were missing a + button to add the text to a list now have the + button again.
* Configure costs link on Insights tab on the dashboard now links to the correct page.
* Profile Read permission is now default on a new install, this fixes a 403 error on a password reset.
* Forgetting to configure a Yubikey client ID now gives a better error message in the server log file.
* Removed edit action on the Sessions page (sessions cannot be edited, only deleted).
* Users should no longer get password expiring emails even after they have reset their password recently.
* Removed Audit Log->Settings->Notifications as this did not alter which popups appear in the UI.
* License details and profiles widget now shows again on cloud tenants.
* If a user's security question answers do not match, the error message is now correctly displayed in red rather than green.
* A user can now be deleted if they are assigned to a SAML resource.
* Perpetual license now shows the correct support expiry date.

--------------------------------

Changelog 2.4.11-1865 - 24th February 2025

Here is a summary of the changes in this release.

Features
* Added option to log off Azure when signing out of LogonBox (connected to Azure)
* Links for deprecated password manager browser plugins has now been removed from a user's web UI view.
* Updated Bootstrap components to latest version
* Added a new Content-Security-Policy for frame-ancestors to replace the now deprecated X-Frame-Options header
* The /boot partition has been merged into / for new builds as previous VMs had a too small /boot partition.
* Account unlocks should now be a lot faster.
* Clicking the manual Synchronize button will now re-enable the sync schedule if it was in a disabled state.
* Added option to prevent a user deleting their own TOTP authenticator configurations.
* Added TOTP support to the LogonBox Authenticator, which can be used if your mobile cannot contact the server.

Bugs
* Added a Password Policy View permission to fix a 403 error when the Password Generator is enabled.
* Fixed automatic log off in Azure when logging out of LogonBox.
* Services now showing correctly again in VMCentre
* Support callback can now be launched again from the web UI and VMCentre
* A user's password expiry time is now displayed in the UI in the local server timezone rather than UTC.
* Error messages on small (mobile) screens now wrap onto new lines so the full error can be read.
* Fixed a display issue with the database settings on a Windows install, now correctly displays H2 rather than MySQL.
* Fixed an error with the browser password plugin not able to fetch favicon when creating a new password entry.
* The user can now see their Active Directory password policy again on the reset password screen.
* A user's locked status is now updated on a sync if a user has been unlocked directly in AD.
* A suspended user will now resume again as expected after the lockout time expires.


--------------------------------

Changelog 2.4.10-1813 - 7th November 2024

Here is a summary of the changes in this release.

Features
* Can now alter AD sync schedules again in sub-tenants.
* CSR signature algorithm for SSL Certificates has been upgraded to SHA512WithRSA
* JQuery has been updated to version 3.7.1 to address potential vulnerabilities
* Added CSP headers to initial root redirect page /
* Added option to turn off Gzip compression of web pages as another mitigiation for the BREACH vulnerability
* Calls to the password generator API now require an authenticated session.
* Added an index to a database table to improve performance when reading AD groups.
* Option added to Group filter mode for AD - Disable Group Support. This can significantly speed up syncs on large AD domains if you're not interested in managing groups via LogonBox.
* Optimised user property writing during synchronization to avoid excessive database reads of group relationships
* Improvements to account unlocking - optional properties now supported to help speed up slow account unlocks

Bugs
* Resolved an issue where the Secure Node client could consume max CPU and RAM with constant connection retries
* Users can no longer authenticate when Cache Passwords is set and their account is locked
* Mitigation added for BREACH vulnerability, random bytes can now be written to any gzipped web response
* When using Azure/O365, when a user logs off LogonBox, this now will log the user off Azure as expected
* Profile History graph is now working again on the Insights page of the admin dashboard
* Server log file should log significantly fewer lines when large numbers of groups are excluded in a sync, resulting in much smaller log file.
* Fixed a display order issue with Captcha authentication module when it is placed at the beginning of an authentication flow.
* Fixed incorrect message with the free license which suggested the server was not entitled to updates.
* The Windows Desktop Login (winlogin) authentication scheme can now only be used by the Credentials Provider. This can no longer be authenticated via a web browser.
* Checking for password expiry on linked accounts in secondary directories now correctly reports the expiry days for the linked account.
* Added some missing database cascades which could stop roles from being deleted.
* Duo authentications should no longer end up in an auth loop if Duo bypass MFA is enabled.
* Fixed a memory leak relating to Roles when large amounts of users or groups are present.

--------------------------------


Changelog 2.4.9-1768 - 14th Augus 2024

Here is a summary of the changes in this release.

Features
* New Credentials Provider.
* Performance improvements on a full reconcile.
* New SSL certificate can now replace the existing one

Bugs
* CAPTCHA works again with the new Credentials provider
* Desktop Credentials Providers will see the correct authentication flow again after altering the Windows Login auth flow.
* Fixed an encoding error with an incoming webhook request.
* Deleting a secondary user directory now fully deletes the configuration in the database as expected.
* A user who has been shared a password can now reveal this password for their own use.
* If a device has a small screen height, the Next button on a reset is no longer off the bottom of the screen.
* Fixed an issue with the Duo Admin API causing errors on some profile checks.
* GeoLocation is now working again.

--------------------------------


Changelog 2.4.7-1694 - 3rd June 2024

Here is a summary of the changes in this release.

Features
* Significant performance improvements to some database calls.
* The database improvement that was added in 2.4.6 as an optional property is now the new default, so all customers will benefit from the most commonly called database query being improved by a factor of 100, which will reduce CPU load significantly on a busy system.
* Added a new permission, Authenticator Personal. This enables the LogonBox Authenticator setup in a user?s My Credentials page.
* Moved logging framework for Callback Service from Log4J to Reload4J to resolve vulnerability report (was not susceptible to the vulnerability, but this will stop vuln scanners reporting a potential issue).
* Added HTTP Strict-Transport-Security preload directive to all requests. This isn?t technically required as our HTTP interface is only there to redrect to HTTPS, but adding this directive will stop vulnerability scanners complaining about this missing item.
* An admin can now reset a user?s profile state for Duo credentials from the User Directory page.
* Added hints to the text fields for Security Questions on the profile setup wizard to make it clear that a user needs to set and confirm an answer.
* SMS messaging now accepts HTTP 202 responses, which some messaging providers use.
* Added new account locked event when we detect an AD account has become locked.
* Added permissions to allow delegation of rights to manage users on Secondary Directories
* The password generator on the reset password prompts can now be turned off (Authentication Flows->Authentication Options->Password Reset->Password Generator).
* Added daily server log file rolling for Windows installs, to match how this is done on the VM appliances

Bugs
* On browser windows less than 1100 pixels wide, the user list in User Directory now displays as expected rather than getting pushed down the page.
* Add All, Remove All and Reset actions in multi-select fields are now correctly showing as buttons rather than links and have a consistent text size.
* The column filter on the Users page had a blank entry. This is now correctly named after the Actions tab and shows/hides the Actions column.
* Features can now be removed again from Updates, Features & Licensing.
* The setup prompt for the LogonBox Authenticator QR code now has the app store icons below it correctly justified.
* Removing a Role from a user in the Roles tab when a user object has been expanded with the + button now works again.
* If an AD user is locked, you can no longer log into LogonBox if you have Cache Passwords turned on.
* Fixed an issue with registering a ToTP authenticator (Microsoft, Google, Authy) on a sub-realm if using the Realm Selector dropdown. This now registers correctly again.
* Fixed prompts for PIN on profile completion wizard which was not happening if User Selective 2FA was also in use.
* Altered server log rolling so that logs roll over once per day as they used to. A bug was introduced with the Log4J2 upgraded where logs would rotate every 20Mb and then never get cleaned up after their max age.
* Attachments can be sent on a message template again
* Fixed an issue where you couldn?t update the user directory configuration when the UI was set to Portuguese language.
* Removed redundant search buttons for filter input text boxes on System Configuration->SSL.
* Added an expiry time to some of the recently introduced caching to reduce memory load over time.
* Altered JSON response returned on bad username during login to not return the username (only happened previously when verbose errors were on which falsely triggered some vulnerability scanners).
* It?s possible to add multiple certificates to the HTTPS Interface again.
* When you edit a user, any read-only fields (such as the ones in the status tab) are now correctly showing as uneditable labels rather than text entry fields or dropdowns.
* Users can now be deleted successfully if they had previously set a PIN. (DB cascade)
* When creating a new AD account via LogonBox, the user?s UserAccountControl attribute is now correctly set to 0x0200 (NORMAL_ACCOUNT).
* Fixed up hyperlink for end user SAML Browser Resources so clicking on the name now have the same action as Actions->Launch.

--------------------------------

Features
* Buy or Upgrade button is now always shown on license status widget
* Added support for further improvement to some database calls
* Do not show local login link for non-administration login schemes.
* Don't throw exceptions if no content-length header present in request (which can happen behind some reverse proxies)
* Updated syslog library to fix SSL over TCP support
* License reminders removed from product, as reminders are already sent out by our CRM automatically

Bugs

* Fixed issue with Secure Node not closing some connections properly
* Fixed issue with Secure Node which caused reconciles to not get rescheduled after completing
* Password Reset no longer bypasses PIN if Force Change on Login is set
* Fixed a couple of issues with Update Realm and edit principal which were not showing the new value after changes (caching issue)
* Fixed a number of missing database CASCADES on some tables (could stop some resources types from being delete)
* Fixed a possibility of Null Pointer Exception if an extension declares an extension that doesn't exist.
* Some license states were too aggressively preventing updates.
* Issue fixed with uploading certificates when using the 'Setup the SSL certificate' wizard from the dashboard.
* Support callback now shows as expected if cloud licensing feature is installed
* AD reconcile time default was incorrectly set to every 4 minutes rather than every 4 hours.


--------------------------------



--------------------------------

Changes
------------

Features
* Various libraries updated to address vulnerability reports (commons-io, apache-tika, spring-framework, PostgreSQL (driver), metadata-extractor)
* Improvements to remote realm synchronization. Now scheduled to run at certain fixed times (using cron expressions) instead of intervals. Active directory has two schedules, one for partial and one for full.
* Significant performance improvements, mainly more database caching and fixing faulty caching (e.g. broken negative caching).
* There is a new cache status page on System Configuration->Caches.
* Sessions are now transient. If you restart a server, all sessions will be invalidated.
* Improvements to the job status page with meaningful job names.
* ON/OFF switch element changed to a different library to address a vulnerability scan report
* Added a new task for Start Reconcile for use in Automations and Triggers
* One Time Password configuration has been pulled into a single realm setting rather than per authentication module
* Password expiry notification jobs can now be turned off by disabling the template (previously, the job still checked all users but didn't email if disabled)
* When editing an AD user, searching in the Manager field now searches all users
* Server now caches some calls from the Credentials Provider to improve performance/reduce load

Bugs
* Browser was not caching user icons on the User Database page.
* Show user status dates in the system or user-configured timezone.
* Fixed start-up order of encryption services, which may fail, particularly on 2.3 -> 2.4 upgrades.
* Delegated access to users now shows the correct users when using the "Users not logged on in 30 days" filter.
* Could not edit non-AD attributes when AD was in read-only mode.
* Various missing text localization keys added
* Removed Excessive popup notification messages when sessions are invalidated
* Fixed a problem with the Azure login module integration
* SMS delivery was broken in some places; now fixed
* Fixed a database cascade issue with shared password resources
* Could not change graph type in perfmon extension dashboard.
* Some "flash" error notifications were being incorrectly suppressed.
* Fixed issue with firstName missing in message when sent to additional contact
* Account linking messages were not working
* Fixed an issue where a user could register only one Yubikey on a system from the user profile completion wizard.
* If configuration help text contained hyperlinks, changing the associated field would turn the link text back into raw HTML
* Password last changed time now displayed in local server timezone
* Reconcile hashes should no longer get out of sync and cause unnecessary full reconcile cache rebuilds
* Fixed an issue where a group ID was being used in place of a user ID on reconciles, which would invalidate the cache
* One Time Password authentication should now correctly save email addresses to the directory if the option Save to Directory is turned on
* Create Password task now works as expected.
* Linux Secure Node clients are now showing again in the UI
* Appearance menu now shows again when logged on to a cloud tenant as the tenant admins
* Fixed an issue with a low default channel count in Secure Node

--------------------------------

* Windows install correctly installs the callback service again, which means server starts up correctly after setup wizard completes.
* MySQL connector version has been updated
* SAML working correctly again on the VPN client
* SAML issues with cookies have been resolved
* SAML now working correctly again with user login and password reset
* SMS configuration tabs visible again in the UI and moved to Messaging
* Realms are now visible again from the Manage Realms menu when cloud services is installed
* Some fixes to database table column lengths which could stop DB imports from working
* Upgrading to latest version doesn't overwrite existing SMTP settings with the new cloud messaging feature

--------------------------------



--------------------------------



--------------------------------

LogonBox SSPR 2.3.19

Features
o Twilio SMS support was added and set to default on a cloud evaluation.
o SSH Directory now supports password and account locks on Redhatsystems (faillock and passwd -l).
o SSH Directory can now read in /etc/passwd files larger than 32KB.
o We have improved how the Desktop Credentials Provider registers itself with the server.
o Changes added to validated emails with OTP (AD email changing, use Additional Emails).
o New option to show Administration link.

Bugs
o AD user?s Fullname attribute incorrectly using AD?s description attribute.
o End users now receive Account Suspended emails again.
o Completed profile counts are now consistent (graphs vs profile counts on the Users menu).
o Added some missing database cascades, which prevented some resources from being deleted.
o Let?s Encrypt adds the intermediate certificate.
o Profile status gets updated when PIN and Questions are in use.
o Added some missing i18 strings for Lock Threshold, Window and Time.
o Added permissions to fix 403 error on My Resources->Passwords.
o Added missing i18n strings on some AD attributes (givenName, sn, displayName) visible in User Directory->User Attributes and on the end user My Profile.

--------------------------------

Features
* Profile checks are now significantly quicker.
* Password Expiring alerts can now run against linked accounts on a secondary directory.
* Password Expiring alerts can also run for active users only.
* Secure Node now has a smaller memory footprint per connection.

Bugs
* Users no longer get a JSON 404 error when the Password Server feature is enabled.
* Fixed a memory leak in Secure Node on the server side.
* Secure Node clients now automatically upgrade themselves again
* Geo IP Restrictions now support a more extensive list of countries in a single rule (it was previously limited to around 52 countries)
* The defaults for the database connection pool size are limited to a value which will not run out of connections to the underlying MariaDB database


--------------------------------



--------------------------------

LogonBox SSPR Release Notes

Features:
* Added support for importing images from Active Directory's thumbnailPhoto attribute for displaying as the LogonBox user's profile image.
* User Selective 2FA no longer prompts you to select an authentication module if you only have one available.
* Added an option in Sessions->Session Options->Websocket to add allowed origins for any WebSocket communication.
* Added an option in System Configuration->Security to enable X-Forwarded-For headers.
* Added Referrer-Policy and Permissions-Policy attributes to HTTP headers.
* Changed the default AD fields a user has access to in their profile from Editable to View only.
* Added an option in Authentication Flows->Authentication Options->Security to require the current password for Change Password. Turning this off will allow password changes on Azure if you have Azure MFA configured.


Bugs:
* Fixed a persistent XSS in a user's Custom Questions page.
* Fixed a persistent XSS in a user's My Profile page.
* Fixed a couple of XSS issues in JSON responses.
* Anti-CSRF tokens added to a small number of pages that had them missing.
* Accounts requested using the Create Account feature now correctly write the user's email address to the user directory.
* It is now possible to delete a Security Question that already has existing answers set by users.
* Top 5 Operating Systems, Top 5 Browsers, Top 5 Users and Top 10 Resources graphs are now available to display again in the admin dashboard.
* Checks for profile completion now accurately calculate a complete profile for users when Assigned Flow module is in use.
* The synchronize button is now visible again for admins on a non-system realm.
* Profile history graph displays in the same chronological order as the other graphs.
* LDAP user directory option is now visible again in Configure User Database.
* Added some performance changes to the database to reduce table locks when sending emails.
* More than two authentication factors are now working as expected for User Login.

--------------------------------

LogonBox SSPR release notes

Features:
* Administrative access can now be configured to use a different port if required:
- To do this, create a new interface from System Configuration->Interfaces and set the port number in this interface (requires a restart).
- Then in System Configuration->Configuration->Authentication, in Admin Interfaces, add your new interface to the Included section.
- Note that after making this change, the Administration Link will still exist on the main interface, but you will not be able to authenticate, so you may wish to also turn off the Administration link.
* Support Callback service has been completely re-coded to allow us to help you better on more complicated support cases. It is recommended to run apt upgrade on a VM or run the new installer if you use Windows to ensure you get this update.
* The LogonBox Authenticator app is now available for Apple mobile devices in the Appstore.
* LogonBox now dynamically scales the number of threads based on CPU count for better performance and reliability under high load.
* Added option in Messages->Settings->SMTP->Debug for troubleshooting SMTP message issues.
* The Synchronize button in User Directory->Users will now re-enable a reconcile if it was disabled due to previous connection errors.
* Added new permission to delegate the user Synchronize button to User Directory->Users.
* Added new permission to delegate the Configure User Directory link in User Directory->Users.
* Added some additional links and information in the text in the QuickStart widget in Dashboard->Get Help.
* The User Selective 2FA wizard now provides options to apply the 2FA modules to any Authentication Flow.
* Changed the default ordering of the widgets on the Dashboard->Get Help page.
* Reformatted Dashboard->Get Help->Configuration Links to make the widget more readable.

Bugs:
* Fixed a problem with Performance Monitor feature, which prevented the LogonBox service from starting up.
* Added some missing options to the service configuration file on the Windows install, which could cause issues with AD connections.
* Removed duplicate entries in the Select Language menu.
* Fixed some issues with the user profiles filter. The user count should now match the number in use on the licensing widget.
* Configure User Database shows correctly for the admin account on non-system realms.
* Realm Administrators can now see Cloud Domains if Cloud DNS feature is installed.
* Corrected a username enumeration issue in the Reset Password flow when One-Time Password is being used.
* Fixed an issue where importing a PKCS12 certificate could result in a bad certificate type.
* Change Password widget removed from the Dashboard on Foundation Edition as this feature is not supported and therefore would not work.
* HaveIBeenPwned password checking can now be enabled on a per-realm basis.


Thanks,
The LogonBox team.



--------------------------------

Identity Manager

Features:
* Push authentication support added for LogonBox Authenticator.
* Added support for emails for Linux users using the SSH user directory.
* The left-hand menu is pinned open by default to make it easier for end-users to find their settings.
* Added an option to set the default visibility of the left-hand menu.
* Added a maximum number of backups setting to Backup and Restore in VMCentre.
* Updated the Quick Start instructions in Get Help in the main dashboard.
* An account unlock action can be attempted as an admin even if the server doesn't think the account is currently locked (saves forced sync to update the status of a known locked account).
* Added an option on administrator password reset to re-send a user created notification.
* Added an option for Force Change at Logon when an admin sets a user's PIN.
* A user's PIN can now start with a 0.

Bugs:
* OTP will no longer prompt the user for an email if an Additional Contact number is available and Use Directory Email is off.
* Azure users can now change their password from My Profile->Change password.
* Users that need to set up a PIN don't receive a prompt when they log in.
* Non-system realms can now override SMTP server settings again.
* SSH users password expiring notifications now triggering as expected.
* Scheduled backups are now working correctly in VMCentre.
* Administrators can now delete a user with custom questions.
* Reset User Profile action on a user now also resets custom questions.
* When changing a filter on Audit Log or Users and you are on page 2 or higher, changing the filter, which results in just one page, will show that page as expected.
* Clicking Synchronize when managing a Secondary Directory now synchronizes that directory rather than the primary.
* A username with a # in the name now automatically generates a user profile image.
* A self-service account unlock records a successful audit log entry rather than a failed one.
* VMCentre logs no longer overgrow if the server idle time is greater than maxInt seconds.
* Setting attributes in a CSV export from the user's page now works if you mix local and AD users.

--------------------------------

Features:

* The default behaviour of the menu has changed. This menu is now pinned open by default, making it easier for users to understand this menu exists on their account.
* Added a Synchronise Profile option in the options menu on the Users page to force the system to recheck a user's profile complete status. This option also exists as a Force Sync link when you expand a user.
* Expanding a user with the + button on the Users page now shows more information on a user's profile completion status, along with the complete/incomplete state of all assigned authentication modules.
* The Users page has two new filters added. You can now filter users by 'Users not logged on in the last 30 days' and 'Users who have never logged on'.


Bugs:

* The system should now prompt for all missing information for every authentication module a user has access to when they log on to My Account.
* Changed how user properties are handled on a synchronise to resolve performance issues on a reconcile.
* User delegations now work with nested groups on a sub-realm
* When a user session times out whilst the left menu is pinned open, it no longer displays over the portal page.
* When a user session times out, the menu still works without having to refresh the page.
* Azure Include/Exclude group filters now work regardless of the Pre-load option value.
* When using an Automation to perform a Generate Audit CSV task, choosing Last Week or Last Month options no longer results in an error.
* Invalid OTP entry results in an invalid credentials event rather than an invalid principal name in the Audit Log.
* Duo authenticator now works as expected on Windows Desktop login.


--------------------------------

Features:

User delegations feature added.
New Desktop Credentials Provider released.
SAML updated to support SHA2 signatures.
SAML now supports encrypted assertions.
System IP restrictions merged into the new service-based set of rules. The new IP Authentication menu now looks and works more like a set of Firewall rules.
Added an option not to show a default realm if you use the realm dropdown to login pages.
Email subsystem reworked - Emails will now be sent only in plaintext if there is no HTML content.
Email subsystem reworked - Batched emails (i.e. password reminders, profile reminders) should now send significantly faster (several per second rather than once per few seconds).
New permission added for User Dashboard view. Remove this permission from the Everyone Role if you don't want users to see the new User Dashboard on login.
Added a CSV Export option for items stored in the Password Server.
Password Reveal now generates audit events.
The Portuguese language added.
System Configuration->Configuration->Application Name now accepts a - character.


Bugs:

Changing SMTP hostname no longer requires a restart to take effect.
We fixed some issues with sessions not timing out as expected when on certain pages.
On session timeout, the system will automatically refresh the login screen rather than only doing so after the next page interaction after the expiry.
A bug restricted automatic account linking to only the first 100 accounts. The job now correctly iterates through all users.
The user's credentials page incorrectly interpreted the username as an email address.
SSH User directory now correctly prompts for an authenticity check on the first connection to the remote server.
Deleting users from a secondary directory no longer throws a 404 error when performing a bulk delete.
We fixed an issue with the Duo widget not displaying for a password reset.
LogonBox authenticator app for Android now correctly displays text when in dark mode.
Authentication flows will now iterate through nested group memberships for the Assigned Flow authentication module.
Dashboard password reset statistics are no longer one day out of sync.
Password Expiring alerts should now run correctly for secondary accounts.
Combining an Assigned Flow with User Flow Selection in Authentication Flows now works as expected.
Realm Selection dropdown option now working on Windows installs.
Secure Nodes should now connect to a realm correctly if you entered the configured hostname with a different case.
Password server features are now visible for Enterprise licenses.


--------------------------------

LogonBox version 2.3.7-1478 now available

Features:
* Added support for a new Hotfix subscription license. This is positioned between the Foundation and Professional editions and gives Foundation features plus Appearance settings along with security updates and email support.
* Added a logs upload feature for help with support.
* Added the option to write a mobile number back to AD when validating a new mobile.

Fixes:
* Custom Favicon now works as expected.
* Returned missing Banned Passwords settings back into the UI.
* Fixed some database cascade issues that could cause errors with deleting users, clearing sessions or deleting a realm.
* Reset Profile now correctly removes any validated email or mobile numbers from the user profile.
* Fixed an i18n error on the Password Manager browser extension login page.
* Updating a mobile number in AD now updates the mobile shown in the LogonBox user.
* Foundation edition now showing correct version in the footer.
* Azure users now showing password last changed dates.
* Self service account create now works if a default group no longer exists.

--------------------------------



--------------------------------

LogonBox version 2.2.13-2067 now available

Profile reminders:
* Don't send or attempt to send reminder if the profile has no missing credentials.
* Profile Completeness checks now returns a value indicating if state has changed.
* Fixed some issues with profile check not always setting a profile to complete when it should do.

Automations/Triggers:
* User properties now being passed to password reset events.
* Added mechanism to get attributes from previous event principals.
* Support for alerts in authentication.

Fixes:
* Handle other attributes in the data URI for embedded images in HTML when emailing.
* Changed default authentication module to Security Questions for password reset.
* Fixed issue with daily password expiry jobs not notifying.
* Fixed issue with logonbox sometimes rebooting when VMCentre is launched.
* Limit logo uploads to image file types.

--------------------------------

LogonBox version 2.2.8-2041 now available

Features:
* New default replacement to return user groups
* New system option for unlocking or generating new admin account from command line
* APT sources are now adjusted based on the LogonBox version number.
* LogonBox Authenticator is now available in the Professional Edition
* You can now connect your LogonBox account to your server to synchronise licenses automatically after purchase or update.
 
Fixes:
* Secure node does not pick up email route from customer realm.
* Valid host setting has been removed. This can be replicated with other Realm options without causing fatal access issues when valid hosts is not configured correctly.
* When creating local users in various parts of the system the principal description was passed incorrectly resulting in the user having no description.
* Unhide "Show in schemes" settings to allow option to add reset/unlock link to other authentication schemes.
* When updating a password resource do not require the password so that other elements can be updated.
* Duo authentication does not work with account unlock
* Log rotate not truncating old files correctly
* Added libpamd module for more graceful shutdown of SSH sessions on shutdown





--------------------------------

LogonBox version 2.2.7-1988 now available

Changes:
* When a user logs on, their My Profile menu will now be the default view
* Removed deprecated browser extension popup

Features:
* You can now reset the system administrator account from VMCentre on the console
* New task added for Automations and Triggers: Create Active Directory User

Bugs:
* Duo authenticator no longer redirects back to username after authentication
* Fixed some display issues in Triggers, Automations and Webhooks
* Some Geo IP fixes
* Fixed an issue where groups could not be added to a user account in Update Active Directory user task


--------------------------------

LogonBox version 2.2.7-1983 now available

Changes:
* When a user logs on, their My Profile menu will now be the default view
* Removed deprecated browser extension popup

Features:
* You can now reset the system administrator account from VMCentre on the console
* New task added for Automations and Triggers: Create Active Directory User

Bugs:
* Duo authenticator no longer redirects back to username after authentication
* Fixed some display issues in Triggers, Automations and Webhooks
* Some Geo IP fixes
* Fixed an issue where groups could not be added to a user account in Update Active Directory user task


--------------------------------

LogonBox version 2.2.6-1961 now available

Features:
* Getting started instructions now show as a popup on login
* User logos now start with a default logo, users have permissions to change logo on newly deployed systems
* Support added for Geo Restrictions. Block or Allow access by country rather than IP range (System Configuration->Geo Restrictions)
* Changed default log on after password reset, web page will now redirect to portal after a password reset


Bugs:
* Can now create users in an OU with a DN longer than 64 characters
* Minimum security question answers required changed to 5
* Missing primary email now correctly writes the email to the user account
* Removed non-working NTLM authentication from AD connections
* Default text in browser header now correctly states LogonBox
* Fixed permissions issue with sending OTP to secondary contact info
* IP restrictions service dropdown now shows available services
* Can now use hyphens on subdomains when creating a tenant in SaaS
* Updated the default syslog application name text to LogonBox.
* Fixed export database task, will now export the database regardless of database type
* Fixed issue with archiving of audit log not working
* Fixed issue with exiting VMCentre causing LogonBox service to stop


Deprecations:
* Browser Passwords (SSO) feature no longer supported. Replaced by extensions to existing Password Vault in next release
* LogonBox mobile application no longer needed, functionality replaced by the new LogonBox Authenticator


--------------------------------

LogonBox version 2.2.5-1928 now available

Features:
* Profile image support - users can add an image to their account (needed for LogonBox authenticator).
* Realm users can upload their own SSL Certificates (to help support custom domains on SaaS).
* New Create Password task for automations to create a password vault object.
* Added Minimum Questions Required to Complete Profile option.
 
Fixes:
* Fixed an issue with reconciles getting into a locked state.
* Search filters now show results on every keypress rather than every other key.
* Duo Authenticator now works with the Desktop Credentials Provider (requires update of the provider app).

--------------------------------

LogonBox version 2.2.4-1918 now available

Features:
* Added support for new LogonBox Authenticator app for Enterprise licenses.
 

Fixes:
* Password expiry notifications no longer sent to disabled users.
* Automations now work with a period longer than 24 days.
* Option to connect to local database via Unix Sockets for better performance.
Fixed timeouts when an SMTP server becomes unresponsive.
* Batch processing will now ignore realms that are currently syncing (emails and account linking) to reduce locks.
* Batch processing now uses IDs only for realms and principal IDs to avoid other possible locking scenarios.
* Synchronisation fired needless password change events due to last password change date rounding.
* Hashing wrong due to last password change date rounding causing needless updates.
* Micro optimisation done around logging. Some less useful logging reduced to logon, "spammy" event output reduced (where audit logged).
* Azure email attribute now working.
* Fixed issue with outbound emails being throttled.

--------------------------------

NOTE: This release has several internal changes to prepare for the imminent release of version 2.3.
As such if you upgrade from the Web UI the service may not start up successfully.

Therefore for this release only we recommend upgrading from a terminal or SSH connection with the following commands (these same commands can also be used to fix the upgrade if it fails from the Web UI):

apt update
apt upgrade

Fixes:
Apart from several internal changes to support the upcoming next release, the following bugs have been resolved.

* Cannot synchronize if more than 1000 groups exist
* Duo authenticator does not work when using the Select Authentication module

--------------------------------

The 2.2.1-1792 release for LogonBox is now available to download from the admin portal Dashboard. The release includes: 

Added include/exclude filters for groups to compliment the current OU filtering.
Query against group names directly, or by DN. If DN (server-side) is used, this can significantly speed up sync times.
Significant user synchronisation speed improvements.
LogonBox runs full synchronisations every 5 syncs, to improve speed, each sync in between only captures changes reported by AD.

The full release notes can be found here:
https://crm.logonbox.com/app/manpage/agent/article/2588285

For questions about this release, please contact us at, support@logonbox.com.

Thanks!
The LogonBox team.

 

--------------------------------



--------------------------------

Added a Banned Passwords feature
Changed how the User Delete function works
The delete action is now in the green gears icon
Fixed permissions issue that could lead to user list being visible
Fixed locking of scheduled jobs if any return an error state

--------------------------------



--------------------------------



--------------------------------



--------------------------------