LogonBox SSPR 2.3.20 Now Out And Ready

Posted on by Lee Painter
Windows two-factor authentication

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.3.20.
This release includes the ability to force AD schema versions and changes to email batching, amongst other features.

Email batching changes

Some regular emails that the system sends out where the server could generate many emails were queued up and then processed by a separate email batching system. Other emails were sent immediately (password change etc.).

Password Expired and Password Expiring bulk emails now send immediately after the daily password expiry checks have finished.

AD schema checking changes

LogonBox needs to check the AD schema when using Active Directory so we know what features to support.
There have been some cases where these checks were unsuccessful, which resulted in the service not supporting Password History checks.

LogonBox will now automatically traverse up the AD DN chain to try to find the schema if it’s not found.

We have also added a setting to override this schema setting manually.
To change this setting manually, navigate to User Directory->Configure User Database->Advanced and look for the Schema Version setting.

Check if users can change passwords before prompted to do so

If you have proactive password checking turned on, LogonBox will now check that the user has permission to change their password before prompting a password change.

LDAP user directory reads more attributes

The LDAP user directory now pulls in the user’s email address and description attributes if they exist.

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

https://docs.logonbox.com/app/manpage/en/article/6172513

Our support team will upgrade Cloud customers over the coming week.

Changes

Here is a summary of the changes in this release.

Features

  • Expiring/Expired password emails now send immediately.
  • New option added to force AD schema versions, plus automatic domain traversal to attempt to find the schema automatically.
  • Check a user can change a password before prompting to change on proactive password checking.
  • LDAP reads in email and description attributes on a sync.

Bugs

    • Cloudflare proxying no longer results in a 520 error when a client uses IPv6.
    • AD connections over SecureNode sometimes hung on close; this has been resolved.
    • LDAP now writes changes back to the directory after editing a user.
    • Vulnerability: Fixed an issue where it was possible to determine a valid username by a bad response to using a fake principal.
    • Fixed justification of login widget on Password Reset and Account Unlock pages when a Logon Banner is set.