LogonBox VPN 2.3.13 Released

LogonBox VPN 2.3.13 has been released

Changes in this release

Features:

• Added support for importing images from Active Directory's thumbnailPhoto attribute for displaying as the LogonBox user's profile image.
• User Selective 2FA no longer prompts you to select an authentication module if you only have one available.
• Added an option in Sessions->Session Options->Websocket to add allowed origins for any WebSocket communication.
• Added an option in System Configuration->Security to enable X-Forwarded-For headers.
• Added Referrer-Policy and Permissions-Policy attributes to HTTP headers.
• Changed the default AD fields a user has access to in their profile from Editable to View only.

Bugs:

• Fixed a persistent XSS in a user's Custom Questions page.
• Fixed a persistent XSS in a user's My Profile page.
• Fixed a couple of XSS issues in JSON responses.
• Anti-CSRF tokens added to a small number of pages that had them missing.
• It is now possible to delete a Security Question that already has existing answers set by users.
• Top 5 Operating Systems, Top 5 Browsers, Top 5 Users and Top 10 Resources graphs are now available to display again in the admin dashboard.
• The synchronize button is now visible again for admins on a non-system realm.
• LDAP user directory option is now visible again in Configure User Database.
• Added some performance changes to the database to reduce table locks.
• More than two authentication factors are now working as expected for User Login.

VPN client changes:

• Dark branding colours for links in dark mode were hard to read
• Better transition to remote authorisation page on first load.
• Improved look of remote authorisation.
• Better clean up on shutdown of service.

Thanks,
The LogonBox team.