LogonBox SSPR 2.3.13 has been released
Changes in this release
- Added support for importing images from Active Directory's thumbnailPhoto attribute for displaying as the LogonBox user's profile image.
- User Selective 2FA no longer prompts you to select an authentication module if you only have one available.
- Added an option in Sessions->Session Options->Websocket to add allowed origins for any WebSocket communication.
- Added an option in System Configuration->Security to enable X-Forwarded-For headers.
- Added Referrer-Policy and Permissions-Policy attributes to HTTP headers.
- Changed the default AD fields a user has access to in their profile from Editable to View only.
- Added an option in Authentication Flows->Authentication Options->Security to require the current password for Change Password. Turning this off will allow password changes on Azure if you have Azure MFA configured.
- Fixed a persistent XSS in a user's Custom Questions page.
- Fixed a persistent XSS in a user's My Profile page.
- Fixed a couple of XSS issues in JSON responses.
- Anti-CSRF tokens added to a small number of pages that had them missing.
- Accounts requested using the Create Account feature now correctly write the user's email address to the user directory.
- It is now possible to delete a Security Question that already has existing answers set by users.
- Top 5 Operating Systems, Top 5 Browsers, Top 5 Users and Top 10 Resources graphs are now available to display again in the admin dashboard.
- Checks for profile completion now accurately calculate a complete profile for users when Assigned Flow module is in use.
- The synchronize button is now visible again for admins on a non-system realm.
- Profile history graph displays in the same chronological order as the other graphs.
- LDAP user directory option is now visible again in Configure User Database.
- Added some performance changes to the database to reduce table locks when sending emails.
- More than two authentication factors are now working as expected for User Login.
The LogonBox team.