LogonBox VPN 2.3.13 has been released
Changes in this release
- Added support for importing images from Active Directory's thumbnailPhoto attribute for displaying as the LogonBox user's profile image.
- User Selective 2FA no longer prompts you to select an authentication module if you only have one available.
- Added an option in Sessions->Session Options->Websocket to add allowed origins for any WebSocket communication.
- Added an option in System Configuration->Security to enable X-Forwarded-For headers.
- Added Referrer-Policy and Permissions-Policy attributes to HTTP headers.
- Changed the default AD fields a user has access to in their profile from Editable to View only.
- Fixed a persistent XSS in a user's Custom Questions page.
- Fixed a persistent XSS in a user's My Profile page.
- Fixed a couple of XSS issues in JSON responses.
- Anti-CSRF tokens added to a small number of pages that had them missing.
- It is now possible to delete a Security Question that already has existing answers set by users.
- Top 5 Operating Systems, Top 5 Browsers, Top 5 Users and Top 10 Resources graphs are now available to display again in the admin dashboard.
- The synchronize button is now visible again for admins on a non-system realm.
- LDAP user directory option is now visible again in Configure User Database.
- Added some performance changes to the database to reduce table locks.
- More than two authentication factors are now working as expected for User Login.
VPN client changes:
- Dark branding colours for links in dark mode were hard to read
- Better transition to remote authorisation page on first load.
- Improved look of remote authorisation.
- Better clean up on shutdown of service.
The LogonBox team.