Fudo Enterprise 5.3.1-82343

This is a minor Fudo release introducing following bug fixes:

• Fix for an issue with sorting and displaying server addresses list for Native Client in the Access Gateway.
• Fix for an issue with sorting and displaying names of Servers connected to the chosen Pool for Web Client in the Access Gateway.
• Resolved .pdf formatting issue with long configuration object names causing tables to extend off the page.
• Fixed visibility issue of the Server search field within the Pool in the Access Gateway.
• Fixed issue with cyclical LDAP resynchronization of domain users causing unintended deletions and session disconnections.
• Fixed issue with SNMP encryption field missing in the configuration of User with the Service role.
• Fixed Thycotic External Password Repository malfunction after upgrading to Fudo 5.3.
• Fixed issue with failing to establish a connection using server DNS name instead of the IP address in the bastion login string.
• Resolved the problem of rendered HTTPS Listeners periodically ceasing to function.

DOWNLOAD

Download Fudo Enterprise 5.3.1-82343

Fudo Enterprise 5.3.1-82316

This is a minor Fudo release introducing following improvements and bug fixes:

IMPROVEMENTS

• Performance improvements related to passwddmodule and logs handling.
• Added support for creating backup over SFTP protocol.

BUG FIXES

• Fix for an issue related to configuration of a backup using S3 as a target.
• A hotfix has been implemented to allow users to provide either a server name or an account name on the login screen.

DOWNLOAD

Download Fudo Enterprise 5.3.1-82316

Fudo Enterprise 5.3.1-82268

This is a minor Fudo release introducing following bug fixes:

• Fix for issues related to dbsendbigdand dbsendd occasional crashes.
• Fix for an issue with incorrect handling of users from nested groups during LDAP synchronization.
• Fix for uniqueness recognition problem when connecting via <fudo_user>#<target_server>
• Fixed issue with VNC connection failure after upgrade to 5.3.1 version.
• Fix related to authentication issues while establishing RDP connection using Kerberos.
• Fix for upgrade failure caused by no possibility to delete system objects with reference remaining in the fudo_session
• Fix for an issue related to TGT generation based on lowercase domain names and case sensitivity of realm names in Kerberos.
• Fix for an issue related to errors while establishing RDP session for bastion listener with fudo-server-name string.

DOWNLOAD

Download Fudo Enterprise 5.3.1-82268

Fudo Enterprise 5.3.1-81888

This is a minor Fudo release introducing:

• APIv2 enhancement including adding possibility to change Account parameters like password checkout time limit, password change on check in or after session end and password recovery option.
• a bug fix for an error occurring while establishing a RDP session for bastion listener with fudo-server-name

DOWNLOAD

Download Fudo Enterprise 5.3.1-81888

Fudo Enterprise 5.3.1-81747

This is a minor Fudo release introducing following bug fixes:

• Fix for an issue related to Active Directory password changing procedure behavior while required configuration is missing.
• Fix for an issue with NLA related assertion in HTTP listeners.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81747

Fudo Enterprise 5.3.1-81709

This is a minor Fudo release introducing following improvements and bug fixes:

IMPROVEMENTS

• Restored ability to target selection in login string by server's name or account's name. Please be noted that this feature will work only if there is a single account pointing at a server and the server has an address with full mask.
• Restored ability for RDP client to show NLA login window. Please be noted that NLA authentication on the client side of connection is not supported.
• Added possibility to assign password change policy to account using APIv2.

BUG FIXES

• Modified Remote Application API for object property and object type.
• Fix for an issue with not respecting routing tables while establishing connection to a destination server.
• Fix for an issue with establishing HTTP rendered session.
• Fix for an issue with SMS and OATH authentication during login to User Portal.
• Fix for an issue with saving server while option blockedis cleared.
• Fix for an issue with saving RDP server with CA Certificate manually pasted or with server certificate.
• Fixed issue related to ldapsyncdtool causing errors while adding and removing connections between Users and Safes.
• Fix for an issue with sending access request to a server due to Webclient Listener error message.
• Fix for an issue with no possibility to establish a session according to license verification problem.
• Fix for an issue with no possibility to establish RDP connection with STD security.
• Fix for an issue related to filtering users with Operator and Admin roles in the Permission tab.
• Fixed issue with missing translation of information provided to the user into the currently selected language.
• Fixed issue related to server's Bind IP field containing deprecated label records.
• Fixed issue with no possibility to add configuration for remote application without filling the arguments.
• Fixed issue with ignoring newline characters in messages displaying during login to Admin Panel and User Portal.
• Fix for snapshot removal issue during the upgrade.
• Fix for issue with no possibility to save a filter for sessions records list.
• Fixed issue with Microsoft Windows RDP Client connection interruption caused by not respecting resolution settings configured in the Safe.
• Fixed issue with no possibility to login to Admin Panel with empty password set up.
• Fix for an issue with errors appearing in reports logs.
• Added case sensitivity to variable declarations.
• Fixed problem with filtering accounts using serveror protocol filter in Accounts tab during Safe editing.
• Fixed issue with no possibility to edit and delete a comment or reply to it in the session player.
• Fixed issue with no possibility to select the checkbox for blocking server option twice without reloading the page.
• Fixed issue with crash after creating an account with OCR session option selected and no language specified.
• Fix related to validation issue while creating Listener on default HTTPS port with IP label.
• Fixed issue with not displaying error message details while login into User Portal fails.
• Removed django cache usage by converterd, healthcheckapid, ldapsyncdand websocket
• Fixed issue with incorrect session name display in Web Client.
• Fixed issue related to an error while changing account authentication method from password option to ssh-key
• Fixed issue of inability to insert account record after running scanner.
• Fix related to an issue with adding Server with VNC protocol.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81709

Fudo Enterprise 5.3.1-81460

This is a minor Fudo release, introducing a bug fix for an issue with verifying license containing a line starting with a # sign.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81460

Fudo Enterprise 5.3.1-81435

This is a minor Fudo release introducing following bug fixes:

• Fix for an issue with license verification after uploading a new license.
• Fix for running encoderd and healthcheckapid tools.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81435

Fudo Enterprise 5.3.1-81397

This is a minor Fudo release introducing following improvements and bug fixes:

IMPROVEMENTS

• PVSCSI driver integration.

BUG FIXES

• Fix for migration of Server certificate during upgrade to Fudo 5.3.1.
• Fixed handling of IP packet sizes.
• Fix for issue related to automatic user authentication during use of Forward Account.
• Fix for issue related to not deleting rows from database by retention function.
• Fix an issue with assigning forward type of accounts to the servers and server pools.
• Fix for no possibility to select Pool/Server for a Discovery Scanner.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81397

Fudo Enterprise 5.3.1-81281

This is a minor Fudo release, introducing a bug fix for an issue with assigning forward type of accounts to the servers and server pools.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81281

Fudo Enterprise 5.3.1-81264

This is a minor Fudo release, introducing a bug fix for an issue with executing password changers.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81264

Fudo Enterprise 5.3.1-81238

This is a major Fudo release, introducing improvements and bug fixes.

IMPROVEMENTS

• The Remote Applications support has been restored and its configuration became global and separated from the Server More on this improvement is at the Remote Application topic of the Fudo Enterprise Documentation.
• Preferred languages for the users now can be selected while purchasing the license.

BUG FIXES

• Fix for RDP connections via Webclient.
• Fixed player websocket.
• Fixed establishing connection through proxy listeners when the account is accessible through more than one safe.

DOWNLOAD

Download Fudo Enterprise 5.3.1-81238

Fudo Enterprise 5.3.0-80931

This is a minor Fudo release, introducing a bug fix for an issue that prevented executing upgrade from the version 2.2 and older.

DOWNLOAD

Download Fudo Enterprise 5.3.0-80931

Fudo Enterprise 5.3.0-80908

This is a major Fudo release, introducing improvements and bug fixes.

IMPROVEMENTS

• Enabled legacy ciphers algorithms for all password changers.
• Improved backup and restoring processes for the sessions.
• Enhanced video quality of converted session recordings.

BUG FIXES

• Fix for users’ mapping synchronization according to the actual LDAP group membership.
• Corrected filtering options in the Events log.
• Fixed process of establishing SSH sessions via Webclient when the regulartype of account doesn’t have credentials filled.
• Fixed establishing of an SSH session via Webclient when the Login Reasonand the Require Approval options enabled.
• Added missing message about the request is waiting for approval while establishing the SSH session via Webclient.
• Fix for onboarding process by the Discovery feature.
• Fixed internal server error that appeared while copying a user.
• Fix for sending message requests to the User with the filled email
• Fix faulty behavior while trying to set transport_bind_ipin password changer configuration for an account.

DOWNLOAD

Download Fudo Enterprise 5.3.0-80908

Fudo Enterprise 5.3.0-80470

This is a major Fudo release, introducing improvements, bug fixes, and Access Gateway changes.

IMPROVEMENTS

• Implemented Server Pools: those are objects that serve grouping purposes of the servers. A Server Pool can be assigned to an Account so that many servers are managed as one. The upgrading process will execute the following actions on the existing servers:
  • Servers will be grouped into pools in 3 conditions: 1) a server has more than 1 address defined; 2) a server has RemoteApp* configured, or 3) a server is used in the scanner configuration.
  • Server objects with duplicated server addresses will be removed, and unique server definitions will be left only.
• Upgraded Fudo PAM’s AI module:
  • If any suspicious action is detected, the system executes a pre-defined policy configuration and notifies an administrator about the possible security breach.
  • Implemented a brand new section with AI models that reflects statistics about their training quality.
  • The upgrading process removes the configuration of existing AI models and adds new models which need to be manually enabled. More on AI topic is in the Fudo PAM 5.3 Documentation.
• Added the possibility to define a second factor(OATH, DUO, or SMS) for the external authentication methods (AD, LDAP, Radius, and Cerb).
• Implemented Changes in the OATH authentication method:
  • now it is possible to define default settings that would be added to the user’s definition automatically,
  • implemented the initialization process with the QR code, which is available to scan during the first connection,
  • in AD/LDAP synchronization, when OATH is chosen as a second authentication factor, OATH will be automatically configured for the newly synchronized users. Refer to the Fudo PAM 5.3 Documentation page for more on OATH subject.
• Added support for multiple OpenID Connect Identity Providers using configuration from well-known URI.
• Added Kerberos authentication method between Fudo PAM and the RDP server.
• Has been changed target definition, used for bastion type of connections: the system now is expecting a username, a server login and target server address to be included within the connection string. More on this change is at the Fudo PAM 5.3 Documentation.
• New version of Fudo PAM’s API for Admin Panel has flattened tables and optimized attributes of the endpoints. Majority of the endpoints in the previous API are replaced with new API v2 endpoints. Look at the updated Fudo PAM 5.3 API Documentation.
• The Root store certificates are now used by default to verify certificates presented by HTTP servers.
• Dynamic servers will be available only if the number of servers in the license is set to “unlimited”.
• Access Gateway now saves tabs with recent connections established via the Web client. Sessions that were left in the opened tabs are saved and can be reconnected by a user after logging back in to the Access Gateway.
• Access Gateway allows selecting time when sending a scheduledtype of the Just-in-Time access request.
• Access Gateway now enables filtering out the servers by the Server Description

STOPPED SUPPORTING

• Fudo PAM no longer supports Oracle and Citrix / ICA protocols.
• Fudo PAM no longer supports Hitachi ID HiPAM and Lieberman Enterprise Random Password Manager integration.
• Removed a widget within a Server object definition that allowed an administrator to add multiple hosts from a predefined IP range.
• Fudo PAM no longer supports NLA protocol in RDP listeners but is still supported in server definitions.
• *RemoteApp support for an RDP server will be suspended in the 5.3 version. It will be reactivated in future releases.

BEFORE YOU UPGRADE

Due to the significant changes in the database, the upgrading process to the 5.3 version might take more time than usual.

It is highly recommended to perform the “Upgrade check” before the proper upgrade. The result of the failed check may contain information about configuration changes that needs to be done by a Fudo administrator to successfully upgrade Fudo,

• As of Fudo PAM 5.3, Citrix, ICA, and Oracle protocols are no longer supported; it is required to remove the sessions (except those already exported) associated with these protocols.
• It is required to have the  "Use root store certificates" option enabled in every HTTP server configuration.
• "Hitachi ID Privileged Access Manager" and "Lieberman Enterprise Random Password" must be  removed from the External password repositories configuration.
• Users with names containing '#' or '%' chars must be removed or renamed.
• If there are multiple servers with the same address and port pair but different protocols, then only one of them can be left and the other must be removed.
• Remote app configuration must be removed from all the servers and accounts.
• In password changers configuration the server properties: "protocol", "secproto", "ssl_to_server",  "ssl_v2", "ssl_v3", "subnet" are no longer supported and must be removed.
• Port number 8888 is now reserved. Listeners using this port must be modified to use another port.
• Port numbers greater or equal 60000 are now reserved. Listeners using these ports must be modified to use other ports.

There are also a few things that need to be verified before this upgrade can be applied.

Make sure your Fudo instance isn’t undergoing any system-wide process, such as storage rebuild, or the system isn’t under full load.

In a cluster configuration, make sure all nodes are synchronized and upgrade the slave node first.

Make sure you have an active Premium or Standard Support maintenance contract.

RECOMMENDED UPGRADE PATH

Before proceeding with the upgrade, please verify the version number of your Fudo Enterprise instance. Depending on the version number, you will need to follow a specific upgrade path. To learn more, please refer to this article.

HOW TO UPGRADE YOUR FUDO

Login to your Fudo and from the menu on the left-hand side select ‘System’, then the ‘Upgrade’ tab.

If your Fudo is running in a cluster, start the upgrade on the Slave node, and only when the upgrade finishes successfully start upgrading the Master node. When both systems are running the same Fudo version, cluster communication will be restored.

Select “Upload” from the top-left side and upload the previously downloaded and unzipped upgrade package file.

Select “Run Check” to determine if your upgrade file is correct and can be applied to the existing Fudo configuration. Refresh your browser window to see the “Upgrade check” current progress.

Upon a successful “Run Check” result, upgrade your Fudo by using the “Upgrade” button. Upon system restart, all active sessions will be terminated.

In case of an unsuccessful check, do not upgrade your system, double-check your upgrade file checksum. If you encounter any problems, get in touch with us and we will assist you.

THE ROLLBACK PROCEDURE

If you are experiencing issues with the newly installed version, you have an option to roll back to the previous version of Fudo running on this machine. To do so, click the user menu on the top, select ‘Restart’, and select previous system revision from the drop-down list.

Please keep in mind, any session recordings performed on a newer version will be lost upon upgrade rollback execution.

DOWNLOAD

Download Fudo Enterprise 5.3.0-80470

CONTACT US

If you have questions or concerns, please get in touch at support@fudosecurity.com or by phone: +48 22 100 67 09.

Sincerely,
Fudo Security Team