Skip to main content

Enterprise Changelog Archive

6.3.2-b2506/5.4.5-b2557

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • ISO moved to Rocky 9.3
  • Improved support for Hyper-V. 
  • Fix for certain users getting deleted after three years
  • Numerous bug fixes and improvements
  • Tokens with bundled JRE updated to java 1.8

6.2.2-b2402/5.4.4-b2545

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Additional logging for key exchange
  • Fix for not recognizing RHEL as OS
  • Fix for tokens/registrations expiring too early

6.2.0-b2401/5.4.0-b2556

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • RPM now includes an SBOM in /opt/WiKID/.  Please see this blog post for more information
  • Numerous librarys updates for security patches
  • Numerous bug fixes and improvements
  • Improved database handling
  • Systemd support added.

6.1.4-b2324/5.3.5-b2541

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Updated tomcat version to 10.1.14/8.5.95
  • Add group functions to wClient and wClientREST APIs
  • Minor bug fixes and improvements

6.1.3-b2540/5.3.4-b2540

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Updated tomcat version to 10.1.13/8.5.94
  • Change wAuth to return DB connections to the pool after a period of time
  • Use a custom TrustManager for authentication
  • Fix case where the SSL context wasn't properly initialized
  • Add the client IP address to invalid cert connection error message

6.1.2-b2323/5.3.3-b2539

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Updated tomcat version to 10.0.23
  • Minor library upgrades
  • Minor bug fixes

6.1.0-b2323/5.3.2-b2537

  • NB: Version 5 and 6 are functionally equivalent, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Move migrartor to the command line.  You can now run it as "migrator unpack' in the same directory as the zip file.
  • Minor DB tweeks
  • Update libs to match 5.x version

6.1.0-b2321/5.3.2-b2537

  • NB: Version 5 and 6 are functionally equal, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Update tomcat to 8.5.87
  • Added key exchange protocol for clients not yet on RSA
  • Various bug fixes and improvements

6.0.2-b2320

  • NB: Version 5 and 6 are functionally equal, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Fix for missing ipcalc (please install ipcalc if it is missing)
  • Removed references to dbmigrate
  • Bug fixes in pre-registration process

5.2.2-b2102

  • NB: Version 5 and 6 are functionally equal, but have different packages as 5 is for RHEL/Centos 7 & 8 and version 6 is for RHEL 9.
  • Updated tomcat version for security vulnerabilityCVE-2022-4288.
  • Syntax fix for recognizing Postgresql versions.
  • Remove TLS v1.
  • Minor bug fixes.

6.0.1-b2319

  • Fixed java encryption bug that blocked opening the intermediate CA after java upgrade

6.0.1-b2318

  • ISO updated to Rocky 9
  • Released migrator.jar to facilitate upgrades
  • Upgraded tomcat, postgres and other supporting software
  • Upgrade to Log4j 2.19.0
  • upgraded to firewalld
  • Security updates

5.2.1-b2099

  • Security update
  • Remove TLS 1
  • Upgrade tomcat to 8.5.76 for various security flaws

5.2.0-b2097

  • URGENT.  Fix for timecop issue that caused passcode to not expire properly.

5.1.7-b2093

5.1.6-b2092

  • The Log4J update number three - log4j-2.17.0   For the record, we do not think we were vulnerable to this attack.  See https://logging.apache.org/log4j/2.x/security.html.

5.1.5-b2091

5.1.4-b2090

  • The Log4J update!  For the record, we do not think we were vulnerable to this attack.
  • Upgrade various libraries for security updates, including Log4J, java, tomcat, resteasy, postgresql-jdbc, libtiff, Google Gauva, nss.

5.0.3-b2082

  • Fix for failed derby starts which could affect logging

5.0.2-b2077

  • Bug fix for CSRF function on adding administrators

5.0.1-b2072

  • Bug fix for missing native Active Directory protocol
  • Fix for "otp_complexity" bug.  Assure that field is created during upgrades.

5.0.1-b2071

  • Addition of RESTful wClient API
  • Numerous performanace improvements, especially for large user databases
  • Support for PostgreSQL 9,10 and 11.
  • Updated Tomcat server
  • Support for external postgres database
  • Improved logging system
  • Increase network client key strength to 4096
  • Set network client key expiration to match intermediate cert
  • Updated radius libaries
  • Direct issue certificates for white label customers
  • Bug fix for licence miscount

4.2.0-b2053

  • Fix for potential Cross-site scripting attacks in the WiKIDAdmin WebUI

4.2.0-b2047

  • Fix for potential SQL Injection on searchDevices.jsp

4.2.0-b2032

  • Detect null socket in wClient and reconnect to avoid NPE stacktrace
  • Fix for WiKIDAdmin password output
  • Update radius jar file
  • Minor bug fixes

4.2.0-b2028

  • Update radius library.
  • Fix for quick-config tool.
  • Fix exception on eap type for non radius NCs.
  • Bash script fixes (chown errors).

4.2.0-b2023

  • Fix for LEAP RADIUS support and NetMotion 2FA integration.

4.2.0-b2020

  • Fix for JVM crash after updating kernel.  Kernel update for CVE-2017-1000364 cause JVM to crash.  Expanded thread stack to fix.

4.2.0-b2016

  • Security fix for AD Protocol.  In some instances, the string used to overwrite the passcode failed Windows complexity requirements and the over-write failed and the passcode remained the password.  This fix assures that the string meets Windows complexity requirements.

4.2.0-b2014

  • Fix for wClient API > register a user with a pre-registration code without a group membership
  • Fix for the radius service not stopping properly

4.2.0-b2007

  • Fixes memory leak in wAuth API
  • Improved certificate validation for wAuth API
  • Support for Centos/RHEL 7
  • Dropped support for Centos/RHEL 5 and 32-bit platforms (Centos 5 security updates stop March 2017)

4.2.0-b1984

  • Fixed SQL updates scripts.  Fix for missing AD column.
  • Add the expiration date patch to timecop to avoid older users/devices being deleted.
  • Add device last_activity to token data in wClient API

4.2.0-b1981

  • Fix for missing links to add and delete WiKIDAdmin users
  • Update for API to better reflect 'last activity'.

4.2.0-b1978

  • Completely updated UI for the WiKIDAdmin web interface.
  • There's no longer a default password for the WiKIDAdmin (run '/opt/WiKID/sbin/update_wikidadmin_passwd.sh -f' to force a change).  It is created during setup.
  • Added templated for logging into the WiKIDAdmin using Active Directory creds, see https://www.wikidsystems.com/support/installation-how-tos/how-to-use-ad-for-wikidadmin-access/.
  • Fix wAuth API for complex passwords.
  • Return multiple RADIUS attributes if a user is in multiple groups.
  • Pre-registration can add a user to a group.

4.1.0-b1955

  • Make the one-time passwords for Active Directory meet complexity requirements
  • Enable complex one-time passcodes for Active Directory protocol

4.1.0-b1949

  • Improved security for the WiKIDAdmin interface, SQLi protections
  • Add Owasp ESAPI library support
  • Style tweeks and minor UI fixes

4.1.0-b1941

  • You can now add a 2nd token to an existing user much more easily. Just use the Manually Add a Token page. No need to use the API.
  • There is now  an AD Password reset option - allows AD users to login once with two-factor authentication and then be forced to change their password.
  • Improved tomcat security headers for XSS, nosniff and X-Frame options

4.1.0-b1926

  • Added native Microsoft Windows two-factor authentication protocol

4.0.2-b1921

  • Add logging for WiKID user and device events
  • Fix User-agent mapping for Android/BlackBerry and older Android only
  • Update debian dependencies to Java 8
  • Logging improvements for admins, users

4.0.1-b1821

  • Minor UI text changes to clarify new CA system
  • Fix for Select All button on User's tab

4.0.1-b1821

  • Minor UI text changes to clarify new CA system
  • Fix for Select All button on User's tab

4.0.2-b1917

  • Fix User-agent mapping for Android/BlackBerry
  • Update last activity to include passcode requests
  • Update debian dependencies to require Java 8

4.0.1-b1905

  • Update to tomcat 8 - NB: requires Java 8
  • Fix user counting for users with multiple device registrations.
  • Change certs to SHA256

4.0.1-b1906

    • Remove references to certs being emailed.

4.0.1-b1817

  • Bug fix for DB Connection errors/leaks that could lead to server freezes
  • Upgrade db drivers
  • Updates to loggers to remove poor warnings

4.0-B1803

  • Bug fix for error on Pre-registration page
  • Known issue: Your list of pre-registered users may not display. Export to see them or pre-register one user and they should display.

4.0-B1798

  • Bug fix for Blank page on Certificate Signing request page
  • Bug fix for quick-start setup and Cert upgrade process

4.0-B1787

  • Added quick-start configuration option to command line
  • Moved to new Certificate and license management system
  • Certificate expiration and other warnings
  • Enabled Radius by default
  • Many small improvements

3.6.0-B1672

  • Extend expiration of registered devices
  • Fixed bug in null user search
  • Improvements to support jar
  • Minor UI bug fixes

3.6.0-b1659

  • Fixed UI bug where domain name change didn't show in Users list
  • UI now shows Enabled/Disabled on Users list
  • Fixed bug where domain name change added a '+' for a space (requires 3.1.30 token)

3.5.0-b1580

  • J2SE token checks for domain name changes.
  • Add user-token report with duplicates pre-fixed with DUP and case ignored.
  • Change "Passcode is not a number" to info level logging.
  • Added support.jar as an optional support data collector.
  • User count on home page is case-insensitive.

3.5.0-b1542

  • Performance tuning for high-volume servers with a large number of users.
  • Make System.out logs dependent on the log4j setting
  • Fixed the 'null' note in edit user
  • Pagination and filters added to user page.
  • Improved user search. The overall user search function at the top is now a substring search.
  • Improved logging.
  • Pagination added to log page.

3.5.0-b1472

  • Better logic for finding a JDK; also report launch errors in a better way
  • Updates to address ldap and sudo issues

3.5.0-b1438

  • Set maxlength on radius secret to 128
  • comment out unneeded tac_plus build

3.5.0-b1428

  • Update for handling CA cert expiration
  • Updated arch-setup code
  • Updated Utilities RPM - Please update both RPMs.

3.5.0-b1421

  • Fix an issue where pre-registration codes were not visible

3.5.0-b1411

  • Disable unnecessary HTTP methods

3.5.0-b1403

  • Change text back to localhost.p12 and passphrase to match documentation
  • Remove weak SSL ciphers for PCI compliance

3.5.0-b1373

  • Fix minor typo
  • Fix for radius config

3.5.0-b1359

  • Enforce password complexity on WiKIDAdmin for PCI Compliance
  • Moved Registered URL to bottom. Added link explaining mutual https authentication.
  • Simplified radius config options.

3.5.0-b1359

  • Enforce password complexity on WiKIDAdmin for PCI Compliance
  • Moved Registered URL to bottom. Added link explaining mutual https authentication.
  • Simplified radius config options.

3.5.0-b1373

  • Fix minor typo
  • Fix for radius config

3.5.0-b1403

  • Change text back to localhost.p12 and passphrase to match documentation
  • Remove weak SSL ciphers for PCI compliance

3.5.0-b1352

  • Fixed EAPMD5 issue where the server would validate the passcode but client would still fail
  • Fix a bad registration code killing the wClient connection
  • Added the ability to update a users "note" via the API
  • Fixed valid OTP rejected after invalid OTP is given - radius only
  • Fixed issue with mutual https authentication

3.5.0-b1342

  • Upgraded Tomcat to version 7
  • Add log4j to tomcat libs for clean shutdown
  • Fix for radius reports MESSAGE AUTHENTICATOR IS INCORRECT
  • Fix for Sorting by Type & Last Activity on user page result in blank page
  • Run WiKID as non-Root user (wikid)
  • Updates to compile with gcc3
  • Release of 64-bit Utitilies RPM
  • Add new pre-registration mode for multi-server pre-registration
  • Better handling of various java installs
  • Fix for MD5 radius errors
  • Updated Radius plugin

3.4.87-b1216

  • Disallow blank or null passwords for directory binds since this falls back to an anonymous bind and appears to succeed.
  • Catch exception other than NamingException in adregister2 example script.
  • Log4j db appender module for WiKID logging
  • Intellij IDEA module file for Android token
  • Set Content-Type to "" to get past mod_security.
  • Bug fixes

3.4.87-b1169

  • Fixes bug when attempting to add a second software token to an existing user

3.4.87-b1159

  • Edit Username after registration
  • Token Type listed in User Tab
  • Add note to user/token
  • Improved Radius start time
  • Client port restriction update
  • Allow multiple groups per user
  • Option to automatically re-enable users after certain time period
  • Schema update to support multiple group assignment and precedence.
  • Query the database to retrieve a full list of users for audit purposes

3.4.87-b1092

  • Added the ability to create pre-registration codes via the wClient API.
  • Fix an issue where a null group name is converted to a string literal "null".
  • Allow overriding an existing pre-registration.
  • Fix a typo where missing quotes broke the jsp
  • Update example.jsp documentation
  • Fix an issue where a null values were converted to a string literal "null".
  • Throw an IllegalArgumentException if you try to set the userid to null
  • Make radius return non-string attribute values when appropriate.
  • Added a service script in /etc/WiKID/conf/templates
  • query they database to retrieve a full list of users for audit purposes
  • Fixed issue causing server to freeze occasionally, especially under replication
  • Fixed issue causing bad password attempts to not be counted properly
  • Add an API call to delete a device by ID
  • Added Reports

3.4.87-b839

  • Disable domain caching
  • correct oss/enterprise bracketing
  • Added the ability to create pre-registration codes via the wClient API (see example.jsp)

3.4.87-b824

  • Example 2-Factor app using wClient
  • fix lingering old ldap ports
  • New home for ruby client
  • Comment out dedicated domain code
  • make sure root owns the files
  • SRVTHREE-2 - Multiple pre-registration for a single token
  • Allow the same username across pre-registration domains and add domain column to display
  • Domains can be limited to locked, wireless or locked & wireless software tokens
  • Fix android wireless detection bug.
  • Fix a bug that equated the selection of wireless tokens to locked tokens.

3.4.85-b780

  • Fix broken Unicode in portuguese brazilian translation
  • make path to dpkg explicit
  • fix typo in build script
  • added %dir to /bin of the spec file for usogres inclusion
  • Update radserver jar (Fixes slow radius start bug)
  • Update build file to add wClient jar
  • Example for using wClient

3.4.81-b676

  • Fixes for AD self-registration scripts.
  • Removed $JAVA_HOME/bin/ from the keytool command for openjdk compatibility
  • Fix missing imports statements
  • Automatically delete registration codes when deleting the associated domain. - Fixes "unable to delete domain bug".
  • Catch integrity violation in dbmigrate11 that was preventing subsequent DB updates.
  • Added the ability to create pre-registration codes via the wClient API.

 

 

 

 

 



 

Copyright © WiKID Systems, Inc. 2024 | Two-factor Authentication