Skip to main content

Access Server 2.11 versions

Notice

Release date: Jan 26, 2023

  • Fixed a regression with handling "user data" metadata on new instance launch on Amazon AWS.

Notice

Release date: Jan 17, 2023

  • Fixed bugs on User Permissions page that affected pagination and could cause unintended changes.

  • Fixed a bug where changing a setting on SAML authentication would inadvertently disable it.

  • Fixed a bug where a SAML configuration mistake could cause all authentication methods to fail.

  • Fixed a bug where an admin user in a non-admin group would not have configured static IP applied.

  • Fixed a bug where the real IP of a failed VPN authentication attempt would not be logged.

  • Fixed a bug where sacli actions would show in log with an incorrect timestamp.

  • Fixed a bug where web session expiration would not work correctly when custom ports were used.

  • Added configuration option to increase allowed amount of SQLalchemy connections.

  • Added handling to block attempts to login via SAML or PAS only when combined with embedded MFA.

  • Added warning on admin UI when administrator tries to configure SAML or PAS only with embedded MFA.

  • Improved error handling for incorrect SAML and RADIUS authentication method configuration.

Notice

Release date: Oct 20, 2022

  • Added support for Red Hat 9.

  • Added support for SAML AuthNContext parameter.

  • Added support for SAML AuthNForce parameter.

  • Added support for SAML group to Access Server group mapping using post_auth scripting.

  • Added PAS only authentication method to incorporate custom authentication in post_auth better.

  • Added TOTP MFA settings to User and Group Permissions pages in the Admin UI.

  • Added sacli support command for easier gathering of log and diagnostic data.

  • Fixed a security issue with custom post_auth authentication by implementing PAS only authentication.

  • Fixed a security issue with init.log permissions on upgrades.

  • Improved upgrade case when External PKI is in use, to ensure TLS Crypt v2 keys are present.

  • Improved upgrade case to solve inter-node communication problems when upgrading cluster directly from v2.7.5.

  • Improved upgrade case where bootstrap users not listed in User Permissions couldn't login after upgrade.

  • Improved user handling in sacli when using TOTP command line functions.

  • Improved end-user experience with SAML authentication completed page.

  • Improved handling of CAs that use an invalid (negative) serial number.

  • Improved status reporting of authentication methods on User and Group Permissions pages in Admin UI.

  • Fixed a regression where TLS setting for clients would not be inherited from the server side setting.

  • Fixed a regression where exceeding max-clients could crash OpenVPN server daemon.

  • Fixed a regression where Disable NetBIOS setting was pushing incorrect parameter.

  • Fixed a bug with the SAML on/off toggle in the Authentication settings.

  • Fixed a bug where changing autologin permission could reset TOTP MFA.

  • Fixed a bug where Token URL import with custom port and service forwarding disabled would fail.

  • Fixed a bug with missing dependencies requirements for certain Python3 packages.

  • Fixed a bug where SAML and PAS Only authentication methods were not passed to post_auth script.

  • Fixed a bug where LDAP reverification for autologin users could cause MFA to be required.

  • Fixed a bug where OpenVPN daemon job queue size warning would mention wrong config key.

  • Fixed a bug where the most recent event from Log Reports page was not present in CSV file.

  • Released bundled clients package v26 with Connect v3.4.0.4506 for macOS.

  • Released bundled clients package v27 with Connect v3.4.1.4522 for macOS.

Notice

Release date: Jun 29, 2022

New features:

  • Added SAML authentication support.

  • Added openvpn:// URI connection profile import method.

  • Added support for Ubuntu 22.04 LTS (Jammy Jellyfish).

  • Added multiple thread support for LDAP authentication.

  • Added option to use scrypt for local user password hashes.

Bug fixes and improvements:

  • Fixed weak PRNG security issue CVE-2022-33738 on the web interface. Thanks to Aliz Hammond of WatchTowr.

  • Fixed init.log file permission security issue CVE-2022-33737 for new installs. Thanks to Aliz Hammond of WatchTowr.

  • Fixed the amplification attack security issue CVE-2021-4234 in OpenVPN.

  • Updated OpenVPN2 core to 2.6_as11.

  • Changed Google Authenticator terminology to TOTP MFA.

  • Changed cluster admin_c bootstrap PAM user to local user.

  • Fixed a bug where OMI communication with OpenVPN daemons could stall.

  • Improved logging to include client version details.

  • Improved AWS licensing to use RSA 2048-bit certificates.

  • Improved compatibility with operating systems running in FIPS restricted mode.

  • Removed Get1, Get5, AutoGenerate, and AutoGenerateOnBehalfOf from CLI/API.

Important notes:

  • The Get1, Get5, AutoGenerate, and AutoGenerateOnBehalfOf CLI/API functions were deprecated/removed. Automation script may need to be updated.

  • For MFA on SAML accounts, please use the SAML IDP's MFA settings. The built-in MFA of Access Server is not supported on SAML accounts.

  • When upgrading from version 2.7.5 in a cluster, please reset admin_c password manually. Only applies to upgrades from version 2.7.5 specifically.

  • Cluster admin_c bootstrap user was changed from a PAM user to a local user. We recommend to clean up the PAM user account admin_c after upgrade.

  • SAML requires OpenVPN Connect v3.3 or a very recent open source OpenVPN client supporting web authentication.

  • On AS 2.11.0, AUTH_NULL custom post_auth authentication system doesn't work in cluster mode. This will be restored in a later release.

  • On direct upgrades from version 2.7.5 in a cluster, inter-cluster communication breaks down. This can be solved by resetting admin_c user password manually. Only applies to upgrades from version 2.7.5 specifically.