Enterprise Changelog

Enterprise Changelog Archive

5.2.1-b2099

Security update
Remove TLS 1
Upgrade tomcat to 8.5.76 for various security flaws

5.2.0-b2097

URGENT. Fix for timecop issue that caused passcode to not expire properly.

5.1.7-b2093

The Log4J update number four! log4j-2.17.1 See https://logging.apache.org/log4j/2.x/security.html

5.1.6-b2092

The Log4J update number three - log4j-2.17.0 For the record, we do not think we were vulnerable to this attack. See https://logging.apache.org/log4j/2.x/security.html.

5.1.5-b2091

The Log4J update number two. For the record, we do not think we were vulnerable to this attack. See https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/. Again, we should not be vulnerable to this attack. JDNI is not installed on the server.
Networking fix in setup script - properly set gateway and DNS.

5.1.4-b2090

The Log4J update! For the record, we do not think we were vulnerable to this attack.
Upgrade various libraries for security updates, including Log4J, java, tomcat, resteasy, postgresql-jdbc, libtiff, Google Gauva, nss.

5.0.3-b2082

Fix for failed derby starts which could affect logging

5.0.2-b2077

Bug fix for CSRF function on adding administrators

5.0.1-b2072

Bug fix for missing native Active Directory protocol
Fix for "otp_complexity" bug. Assure that field is created during upgrades.

5.0.1-b2071

Addition of RESTful wClient API
Numerous performanace improvements, especially for large user databases
Support for PostgreSQL 9,10 and 11.
Updated Tomcat server
Support for external postgres database
Improved logging system
Increase network client key strength to 4096
Set network client key expiration to match intermediate cert
Updated radius libaries
Direct issue certificates for white label customers
Bug fix for licence miscount

4.2.0-b2053

Fix for potential Cross-site scripting attacks in the WiKIDAdmin WebUI

4.2.0-b2047

Fix for potential SQL Injection on searchDevices.jsp

4.2.0-b2032

Detect null socket in wClient and reconnect to avoid NPE stacktrace
Fix for WiKIDAdmin password output
Update radius jar file
Minor bug fixes

4.2.0-b2028

Update radius library.
Fix for quick-config tool.
Fix exception on eap type for non radius NCs.
Bash script fixes (chown errors).

4.2.0-b2023

Fix for LEAP RADIUS support and NetMotion 2FA integration.

4.2.0-b2020

Fix for JVM crash after updating kernel. Kernel update for CVE-2017-1000364 cause JVM to crash. Expanded thread stack to fix.

4.2.0-b2016

Security fix for AD Protocol. In some instances, the string used to overwrite the passcode failed Windows complexity requirements and the over-write failed and the passcode remained the password. This fix assures that the string meets Windows complexity requirements.

4.2.0-b2014

Fix for wClient API > register a user with a pre-registration code without a group membership
Fix for the radius service not stopping properly

4.2.0-b2007

Fixes memory leak in wAuth API
Improved certificate validation for wAuth API
Support for Centos/RHEL 7
Dropped support for Centos/RHEL 5 and 32-bit platforms (Centos 5 security updates stop March 2017)

4.2.0-b1984

Fixed SQL updates scripts. Fix for missing AD column.
Add the expiration date patch to timecop to avoid older users/devices being deleted.
Add device last_activity to token data in wClient API

4.2.0-b1981

Fix for missing links to add and delete WiKIDAdmin users
Update for API to better reflect 'last activity'.

4.2.0-b1978

Completely updated UI for the WiKIDAdmin web interface.
There's no longer a default password for the WiKIDAdmin (run '/opt/WiKID/sbin/update_wikidadmin_passwd.sh -f' to force a change). It is created during setup.
Added templated for logging into the WiKIDAdmin using Active Directory creds, see https://www.wikidsystems.com/support/installation-how-tos/how-to-use-ad-for-wikidadmin-access/.
Fix wAuth API for complex passwords.
Return multiple RADIUS attributes if a user is in multiple groups.
Pre-registration can add a user to a group.

4.1.0-b1955

Make the one-time passwords for Active Directory meet complexity requirements
Enable complex one-time passcodes for Active Directory protocol

4.1.0-b1949

Improved security for the WiKIDAdmin interface, SQLi protections
Add Owasp ESAPI library support
Style tweeks and minor UI fixes

4.1.0-b1941

You can now add a 2nd token to an existing user much more easily. Just use the Manually Add a Token page. No need to use the API.
There is now an AD Password reset option - allows AD users to login once with two-factor authentication and then be forced to change their password.
Improved tomcat security headers for XSS, nosniff and X-Frame options

4.1.0-b1926

Added native Microsoft Windows two-factor authentication protocol

4.0.2-b1921

Add logging for WiKID user and device events
Fix User-agent mapping for Android/BlackBerry and older Android only
Update debian dependencies to Java 8
Logging improvements for admins, users

4.0.1-b1821

Minor UI text changes to clarify new CA system
Fix for Select All button on User's tab

4.0.1-b1821

Minor UI text changes to clarify new CA system
Fix for Select All button on User's tab

4.0.2-b1917

Fix User-agent mapping for Android/BlackBerry
Update last activity to include passcode requests
Update debian dependencies to require Java 8

4.0.1-b1905

Update to tomcat 8 - NB: requires Java 8
Fix user counting for users with multiple device registrations.
Change certs to SHA256

4.0.1-b1906

Remove references to certs being emailed.

4.0.1-b1817

Bug fix for DB Connection errors/leaks that could lead to server freezes
Upgrade db drivers
Updates to loggers to remove poor warnings

4.0-B1803

Bug fix for error on Pre-registration page
Known issue: Your list of pre-registered users may not display. Export to see them or pre-register one user and they should display.

4.0-B1798

Bug fix for Blank page on Certificate Signing request page
Bug fix for quick-start setup and Cert upgrade process

4.0-B1787

Added quick-start configuration option to command line
Moved to new Certificate and license management system
Certificate expiration and other warnings
Enabled Radius by default
Many small improvements

3.6.0-B1672

Extend expiration of registered devices
Fixed bug in null user search
Improvements to support jar
Minor UI bug fixes

3.6.0-b1659

Fixed UI bug where domain name change didn't show in Users list
UI now shows Enabled/Disabled on Users list
Fixed bug where domain name change added a '+' for a space (requires 3.1.30 token)

3.5.0-b1580

J2SE token checks for domain name changes.
Add user-token report with duplicates pre-fixed with DUP and case ignored.
Change "Passcode is not a number" to info level logging.
Added support.jar as an optional support data collector.
User count on home page is case-insensitive.

3.5.0-b1542

Performance tuning for high-volume servers with a large number of users.
Make System.out logs dependent on the log4j setting
Fixed the 'null' note in edit user
Pagination and filters added to user page.
Improved user search. The overall user search function at the top is now a substring search.
Improved logging.
Pagination added to log page.

3.5.0-b1472

Better logic for finding a JDK; also report launch errors in a better way
Updates to address ldap and sudo issues

3.5.0-b1438

Set maxlength on radius secret to 128
comment out unneeded tac_plus build

3.5.0-b1428

Update for handling CA cert expiration
Updated arch-setup code
Updated Utilities RPM - Please update both RPMs.

3.5.0-b1421

Fix an issue where pre-registration codes were not visible

3.5.0-b1411

Disable unnecessary HTTP methods

3.5.0-b1403

Change text back to localhost.p12 and passphrase to match documentation
Remove weak SSL ciphers for PCI compliance

3.5.0-b1373

Fix minor typo
Fix for radius config

3.5.0-b1359

Enforce password complexity on WiKIDAdmin for PCI Compliance
Moved Registered URL to bottom. Added link explaining mutual https authentication.
Simplified radius config options.

3.5.0-b1359

Enforce password complexity on WiKIDAdmin for PCI Compliance
Moved Registered URL to bottom. Added link explaining mutual https authentication.
Simplified radius config options.

3.5.0-b1373

Fix minor typo
Fix for radius config

3.5.0-b1403

Change text back to localhost.p12 and passphrase to match documentation
Remove weak SSL ciphers for PCI compliance

3.5.0-b1352

Fixed EAPMD5 issue where the server would validate the passcode but client would still fail
Fix a bad registration code killing the wClient connection
Added the ability to update a users "note" via the API
Fixed valid OTP rejected after invalid OTP is given - radius only
Fixed issue with mutual https authentication

3.5.0-b1342

Upgraded Tomcat to version 7
Add log4j to tomcat libs for clean shutdown
Fix for radius reports MESSAGE AUTHENTICATOR IS INCORRECT
Fix for Sorting by Type & Last Activity on user page result in blank page
Run WiKID as non-Root user (wikid)
Updates to compile with gcc3
Release of 64-bit Utitilies RPM
Add new pre-registration mode for multi-server pre-registration
Better handling of various java installs
Fix for MD5 radius errors
Updated Radius plugin

3.4.87-b1216

Disallow blank or null passwords for directory binds since this falls back to an anonymous bind and appears to succeed.
Catch exception other than NamingException in adregister2 example script.
Log4j db appender module for WiKID logging
Intellij IDEA module file for Android token
Set Content-Type to "" to get past mod_security.
Bug fixes

3.4.87-b1169

Fixes bug when attempting to add a second software token to an existing user

3.4.87-b1159

Edit Username after registration
Token Type listed in User Tab
Add note to user/token
Improved Radius start time
Client port restriction update
Allow multiple groups per user
Option to automatically re-enable users after certain time period
Schema update to support multiple group assignment and precedence.
Query the database to retrieve a full list of users for audit purposes

3.4.87-b1092

Added the ability to create pre-registration codes via the wClient API.
Fix an issue where a null group name is converted to a string literal "null".
Allow overriding an existing pre-registration.
Fix a typo where missing quotes broke the jsp
Update example.jsp documentation
Fix an issue where a null values were converted to a string literal "null".
Throw an IllegalArgumentException if you try to set the userid to null
Make radius return non-string attribute values when appropriate.
Added a service script in /etc/WiKID/conf/templates
query they database to retrieve a full list of users for audit purposes
Fixed issue causing server to freeze occasionally, especially under replication
Fixed issue causing bad password attempts to not be counted properly
Add an API call to delete a device by ID
Added Reports

3.4.87-b839

Disable domain caching
correct oss/enterprise bracketing
Added the ability to create pre-registration codes via the wClient API (see example.jsp)

3.4.87-b824

Example 2-Factor app using wClient
fix lingering old ldap ports
New home for ruby client
Comment out dedicated domain code
make sure root owns the files
SRVTHREE-2 - Multiple pre-registration for a single token
Allow the same username across pre-registration domains and add domain column to display
Domains can be limited to locked, wireless or locked & wireless software tokens
Fix android wireless detection bug.

Fix a bug that equated the selection of wireless tokens to locked tokens.

3.4.85-b780

Fix broken Unicode in portuguese brazilian translation
make path to dpkg explicit
fix typo in build script
added %dir to /bin of the spec file for usogres inclusion
Update radserver jar (Fixes slow radius start bug)
Update build file to add wClient jar
Example for using wClient

3.4.81-b676

Fixes for AD self-registration scripts.
Removed $JAVA_HOME/bin/ from the keytool command for openjdk compatibility
Fix missing imports statements
Automatically delete registration codes when deleting the associated domain. - Fixes "unable to delete domain bug".
Catch integrity violation in dbmigrate11 that was preventing subsequent DB updates.
Added the ability to create pre-registration codes via the wClient API.

Questions? Feedback?Olark live chat software