Subscribe to PortalGuard's Quarterly Newsletter for News & Updates on the Latest Release! Click to Subscribe

PortalGuard v6 Change Log

PortalGuard Version 6.x

2019-08-12 - v6.2.2.6 (PG.dll)

  1. Fix in PW expiration checking to honor the hours, minutes and seconds instead of truncating them. This helps prevent PG from treating passwords as expired a day early.

2019-08-12 - v6.2.2.6 (PG_IdP.dll)

  1. Support for RS256, RS384, RS512 signing for OIDC
  2. Added HS256, HS384 & HS512 algorithms to "id_token_signing_alg_values_supported" in the OIDC/jwks.json metadata 
  3. Substituting accesstoken in IdPAgentOAuthToken if nonce is missing (for compatibility with Citrix NetScaler).

2019-08-07 - v6.2.2.5 (PG.dll)

  1. Support for Agreements - Can require users to "accept" an agreement before accessing specific federated applications or getting a valid logon session with the PG server. The "accept" (or "reject") timestamps can be reported on from SQL. This feature is an extension to the Announcements feature and is good for ensuring users see and confirm Acceptable Use Policies before continuing.
  2. Optional email notifications for all Account Management actions
  3. Support for sending email notifications when a user changes their password through PG

2019-07-30 - v6.2.2.4 (PG.dll)

  1. Fixed crash when "prevent session re-use" and directory fallback were both enabled

2019-07-23 - v6.2.2.4 (PG.dll)

  1. Fix in CPSHTTPClient to only change WINHTTP_OPTION_CLIENT_CERT_CONTEXT when SSL is enabled
  2. Fix in URLDecode -AND- URLEncode to support UTF-8 chars up to 0xFF (including the £ char).

2019-07-22 - v6.2.2.4 (PG_IdP.dll)

  1. Fix in URLDecode -AND- URLEncode to support UTF-8 chars up to 0xFF (including the £ char)

2019-07-01 - v6.2.2.4 (PG.dll)

  1. Fix in URLDecode to support UTF-8 chars up to 0xFF (including the £ char)

2019-06-27 - v6.2.2.3 (PG.dll)

  1. Support for BIO-key's WEB-key offering as 2nd factor method

2019-06-26 - v6.2.2.2 (PG.dll)

  1. Using new SQL connect timeout setting of 10 sec

2019-06-26 - v6.2.2.2 (PG_IdP.dll)

  1. Using new SQL connect timeout setting of 10 sec

2019-06-24 - v6.2.2.2 (PG.dll)

  1. Support for directory failover.
  2. New HelpDesk & Dashboard user lookup using drop-down list for choosing repository.

2019-06-11 - v6.2.2.1 (PG.dll)

  1. Fix for Account Activation and "PG-POST-File" param being seen as "extra" data
  2. Fix for enforcing Strike Expiration even when Lock Expiration is disabled (ensures the StrikeDateTime field is written when *either* feature is enabled)

2019-06-07 - v6.2.2.1 (PG.dll)

  1. If the username contains a backslash, we'll never be able to save or restore user profiles if configured to stores these in flat files. Change in UserProfileEngineFile to replace the backslashes with hyphens (this is not an issue for SQL-based user profiles).
  2. Including "uid" in global HD type-ahead search filter for Domino and SunOne LDAP types.
  3. Allowing HD Regions to have a blank Base DN (also required a change in PG_Config).
  4. Fix for SMSGlobal (3rd party messaging provider) that was requesting cert-based authentication for all HTTP requests. Now specifying WINHTTP_NO_CLIENT_CERT_CONTEXT in all requests from our HTTP client.

2019-06-07 - v6.2.2.1 (PG_IdP.dll)

  1. Fix to restore "DOMAIN\" prefix to username in IdPAgentFederatedSSO when Domino LDAP is the attribute store. We were treating it as a NetBIOS AD domain and were removing it automatically.

2019-05-21 - v6.2.2.0 (PG.dll)

  1. Fix for Day of Week bug in CBA 2.0 "new browser" email notifications. UTC time was being used for DoW instead of local time.
  2. Patch in AD PSO reading of msDS-MinimumPasswordAge value to IGNORE any values less than 1440 and treat them as 0.
  3. Support for FIDO2 / Web Authentication ("WebAuthn") as a 2nd factor

2019-05-21 - v6.2.2.0 (PG_IdP.dll)

  1. Fix for bug that OAuth configurations could not have the same client_id but different callback URLs (stored as Ids in our configs). Now filtering multiple configuration matches using redirect_uri/callback after initial lookup on client_id. NOTE: This code only runs when "Allow Duplicate IDs" is enabled in the General IdP Settings. Otherwise, the first match is used!

2019-05-02 - v6.2.1.0 (PG.dll)

  1. Version that has undergone annual Manual Penetration Testing by Veracode
  2. Fix to support backup phone indexes for back-end 2FA API
  3. Additional boundary checks based on Veracode static scanning
  4. Checking for a ".wav" extension as part of file validation in AgentAcctVoiceIt::handleRequest()

2019-04-02 - v6.2.0.5 (PG.dll)

  1. Returning details to the UI for all 6 server-side pw quality rules to potentially display all rules:
        a. AD complexity
        b. Minimum age
        c. PW History
        d. PW Dictionary
        e. PW Similarity
        f. RegEx
  2. Fix for positive time zone offsets when dealing with blank/NULL dates in reporting
  3. Extra boundary checking in checkChallengeAnswers to prevent crashes

2019-03-25 - v6.2.0.5 (PG_IdP.dll)

  1. For Forms SSO, replacing double-quote literal (") with HTML-encoded version of "

2019-02-28 - v6.2.0.2 (PG_IdP.dll)

  1. Fix to prevent PG server init crashes when <OIDSigningCert> value is blank in _PG_IdP_Config.xml (resulted from IdP_Config.exe v6.2.0.0, fixed in v6.2.0.1)

2019-01-27 - v6.2.0.1 (PG_IdP.dll)

  1. Fixes for properly outputting exponent, modulus and thumbprint in jwks.json (for OIDC)

2019-01-21 - v6.2.0.3 (PG.dll)

  1. Fix for properly handling PG-POST-File parameter during new user self-registration.

2019-01-15 - v6.2.0.2 (PG.dll)

  1. Added "Reset failed logon attempts count after X mins" setting to Security Policies.
  2. Support for directly leveraging Active Directory "Password Setting Objects" (PSO) settings instead of duplicating the configuration in Security Policies: Password Complexity, Expiration & Account Lockout Settings

2018-12-28 - v6.2.0.1 (PG.dll)

  1. Fixes for handling import of HOTP token seed values if they contain embedded NUL characters.

2018-12-28 - v6.2.0.1 (UI)

  1. Additional changes to multiple InetPub\PortalGuard files related to WCAG 2.0 conformance.

2018-12-17 - v6.2.0.0 (PG_IdP.dll)

  1. Support for OAuth v2.0.
  2. Support for OpenID Connection v1.0.
  3. CAS fix for using the URL's full path if no query string arguments are provided in the request. This can fix errors related to the CAS logout action.

2018-12-17 - v6.2.0.0 (PG.dll)

  1. Support for use of Google reCAPTCHA on main PG login form.
  2. New setting to prevent end-users from changing any YubiKey enrollment (they can only be batch imported when enabled).

2018-11-30 - v6.1.0.0 (PG.dll)

  1. FIDO U2F support.
  2. Support for voice biometrics OTP type through VoiceIt service provider. Had to add logic to prevent voice biometric phrases from being seen as potential YubiKey OTPs.
  3. Support for smart card-based logons to PG.
  4. Fix for creating PG SSO cookie after password change as well (was only being done on login, prior)
  5. Password Recovery Fix: HTML-encoding the <recovered_password> value to ensure XML processing doesn't break in PG.NET. Characters containing reserved XML characters (e.g. '&') were not displaying.
  6. Returning new <duo> element on AcctMgmt to indicate if Duo is enabled for any actions in the security policy.
  7. Fix for Verbal Authentication - Ensuring the HD user's groups and OUs are cleared before looking up the target user. Without the fix, this could result in the wrong security policy being applied to the target user.

2018-11-30 - v6.1.0.0 (PG_IdP.dll)

  1. Fix in CAS agent for using the full path if no query string is provided in the request
  2. In IP Blocking feature, not doing any blocking when the IP value is blank.
  3. Checking static white list before adding an entry to the dynamic IP blacklist. Prevents "new dynamic IP blocked" email when the IP is already white-listed.
  4. For easier log parsing, adding "X-MS-Forwarded-Client-IP={IP}" to the log line showing username when a WS-Sec auth fails.
  5. Support for static formatting around Group CNs for SAML/WS-Fed

2018-09-17 - v6.0.0.5 (PG.dll)

  1. Fix to enforce blocked access via CBA v2.0
  2. UI: Fix for phone type radio button selector javascript bug

2018-08-16 - v6.0.0.4 (PG.dll)

  1. Support for grouping Challenge Answers, Phone & Email enrollments and allowing a subset to satisfy the enrollment requirement (e.g. 1 of 2, 2 of 3).

2018-07-31 - v6.0.0.3 (PG.dll)

  1. Restored IP geolocation support in CBA v2.0

2018-07-30 - v6.0.0.3 (PG_IdP.dll)

  1. HTML encoding any double-quotes in RelayState so it doesn't break the POST
  2. For Banner 9 AppNav integration, changed the CAS "jsessionid" behavior to truncate EITHER or BOTH the "svc" value in the request and the value stored in SQL.

2018-07-24 - v6.0.0.2 (PG_IdP.dll)

  1. IP Lockout no longer blocking requests where X-MS-Forwarded-Client-IP request header is "blank".
  2. Critical section now being released in exception handlers if an exception occurs during SAML signing.

2018-07-19 - v6.0.0.2 (PG.dll)

  1. PW dictionary fix to lowercase the actual dictionary words as well during "contains" checking. If the words had any capital letters in the config, they weren't matching.

2018-07-12 - v6.0.0.1 (PG.dll)

  1. Fix for deadlock when performing update/sync when long running agents tried to filter event reporting.

2018-07-12 - v6.0.0.1 (PG_IdP.dll)

  1. Using shared reader lock approach on Bootstrap access from AgentBase, minimizes number of read locks IdP agents request.

2018-06-27 - v6.0.0.0 (PG.dll)

  1. Suppressing "unknown OTP type" error when Duo is available, but user failed validating with different type (e.g. phone).
  2. Support for report event filtering Fix for crashes when using KBA and reducing the number of challenge questions in the security policy. Now returns PGAPI_RC_CONFIG_ERROR/1122 which displays following error on Login page: The security policy is incorrectly configured - please contact the administrator
  3. Support for writing PGAS cookie to reflect authentication type for app-specific 2FA.

2018-06-28 - v6.0.0.0 (PG_IdP.dll)

  1. For NameID claims, only adding the "Format" attribute if the schema value is non-blank.
  2. Support for report event filtering.
  3. Support for SSO to legacy web applications.
  4. Support for app-specific 2FA.
  5. Support for IP blocking "whitelist".
  6. Support for "persistent" IP blocking for Office 365/WS-Security logins.
  7. Support for claim case conversion: UPPER(2), lower(1) or No Change(0).
  • 40
  • 28-Aug-2019
  • 388 Views