1. Home
  2. LogonBox SSPR
  3. Product News
  4. LogonBox SSPR 2.3.13 Released

LogonBox SSPR 2.3.13 Released

Can't find what you're looking for?
Request Supporthere

admin 18 February, 2022

LogonBox SSPR 2.3.13 has been released

 

Changes in this release

Features:

  • Added support for importing images from Active Directory's thumbnailPhoto attribute for displaying as the LogonBox user's profile image.
  • User Selective 2FA no longer prompts you to select an authentication module if you only have one available.
  • Added an option in Sessions->Session Options->Websocket to add allowed origins for any WebSocket communication.
  • Added an option in System Configuration->Security to enable X-Forwarded-For headers.
  • Added Referrer-Policy and Permissions-Policy attributes to HTTP headers.
  • Changed the default AD fields a user has access to in their profile from Editable to View only.
  • Added an option in Authentication Flows->Authentication Options->Security to require the current password for Change Password. Turning this off will allow password changes on Azure if you have Azure MFA configured.


Bugs:

  • Fixed a persistent XSS in a user's Custom Questions page.
  • Fixed a persistent XSS in a user's My Profile page.
  • Fixed a couple of XSS issues in JSON responses.
  • Anti-CSRF tokens added to a small number of pages that had them missing.
  • Accounts requested using the Create Account feature now correctly write the user's email address to the user directory.
  • It is now possible to delete a Security Question that already has existing answers set by users.
  • Top 5 Operating Systems, Top 5 Browsers, Top 5 Users and Top 10 Resources graphs are now available to display again in the admin dashboard.
  • Checks for profile completion now accurately calculate a complete profile for users when Assigned Flow module is in use.
  • The synchronize button is now visible again for admins on a non-system realm.
  • Profile history graph displays in the same chronological order as the other graphs.
  • LDAP user directory option is now visible again in Configure User Database.
  • Added some performance changes to the database to reduce table locks when sending emails.
  • More than two authentication factors are now working as expected for User Login.

 

Thanks,
The LogonBox team.