Access Server 2.10 versions

Improved debug logging output for OpenVPN daemons.

Improved logging by redacting MySQL password from upgrade log output.

Fixed a regression where a RADIUS healthcheck function would prevent RADIUS from functioning correctly.

Fixed a regression where the web interface would endlessly redirect.

Fixed a bug where newly registered users on external authentication would not inherit prop_deny flag.

Fixed a bug where autologin profile would be removed if permission was revoked on user but still present on group.

Fixed a bug that could occur on upgrades when LDAP account validity check was explicitly enabled.

Released bundled clients package v25 with Connect v3.3.6.4368 for macOS.

Dropped support for CentOS 8 due to end-of-life of platform.

Fixed security issue where empty or no host header could reveal internal IP of server.

Fixed a regression where web server name defaulted to internal Twisted version.

Fixed a regression where /robots.txt was malformed.

Fixed a regression that prevented profile download in combination with Duo post_auth script.

Fixed a regression that prevented concurrent authentication requests with default settings.

Fixed a regression where RADIUS accounting start packet was not sent upon VPN connection.

Fixed a regression where local user could not change password if local is not the default auth method.

Fixed a regression where data channel cipher was upgraded unintentionally for specific old configurations.

Fixed a bug in the additional LDAP account validity check for autologin users.

Fixed a bug where LDAP/RADIUS could inadvertently end up being disabled in the Admin UI.

Updated Admin UI authentication section and related settings.

Improved error handling of trying to set local password on non-local account.

Added status of authentication methods in sacli command line tool.

Added upgrade debug information by default.

Released bundled clients package v23 with Connect v3.3.6.2752 for Windows.

Released bundled clients package v24 with Connect v3.3.5.4310 for macOS.

Fixed an open redirect security issue with the referrer HTTP header.

Fixed an assertion failed crash in the OpenVPN2 core.

Fixed a bug where MFA enrollment could be bypassed by an administrative user.

Fixed a bug where FIPS mode on RedHat, CentOS, and Amazon Linux, would prevent Access Server from working.

Fixed a bug where the Client Web UI didn't work if XML-RPC and web service forwarding were both turned off.

Fixed a bug where the Change Password button was visible for externally authenticated users.

Fixed a bug where unlisted externally authenticated users were added with the 'deny' flag set on them.

Fixed a bug where session IP lock was still applied in a specific case while this was deprecated.

Fixed a bug where ovpn-init summary showed wrong username when a custom username was specified.

Fixed a bug where certain upgrade steps would not run as expected.

Fixed a bug where configurations using ns external certificate types would no longer work.

Fixed a bug where TLS security level would not be correctly set to TLS 1.2 in some cases.

Fixed a bug where a restart notification would not appear on a cluster after configuring RADIUS.

Updated hashing method for new local user passwords from unsalted SHA256 to salted PBKDF2.

Improved Admin Web UI by greying out authentication options that are not enabled.

Improved error handling for the upload function for offline activation.

Added sacli to path so it can be called from anywhere.

Added ConfigReplace function to sacli for text-file based configuration dumping and loading.

Released bundled clients package v22 with Connect v3.3.4.2600 for Windows and Connect v3.3.3.4163 for macOS.