Fudo Enterprise 5.5.9

Date: April 2025

This is a minor Fudo release, introducing a range of improvements and new fixes.

NEW FEATURES

• The new TDS Kerberos Delegation feature enables Windows Authentication using Kerberos. Users obtain a Ticket-Granting Ticket (TGT) upon domain login, which is then used to authenticate MSSQL server connections.
• Integration with Fudo ShareAccess: We’ve introduced a new tab that seamlessly integrates Fudo Enterprise with Fudo ShareAccess, a platform enabling instant collaboration between enterprises and third parties. New Fudo ShareAccess Tab allows pairing Fudo Enterprise instances with Fudo ShareAccess and managing resource access through this platform. You can read more about the Fudo ShareAccess in the documentation.

BUG FIXES

• Fixed an issue where manually modifying an LDAP-synced user to use DUO with External Authentication as a second factor caused LDAP synchronization to fail. The logs now include detailed information about the affected user and the conflicting changes to assist administrators in troubleshooting.
• Fixed an issue where filtering accounts or listeners in the 'Selected' tab of the 'Manage accounts' or 'Manage listeners' window, accessible from the safe editing form, was case-sensitive — unlike the 'All' tab. Filtering is now case-insensitive in both tabs for consistency.
• Fixed an issue in RDP sessions where text could not be pasted into the Login Reason field or appeared with incorrect encoding when using the clipboard.
• Fixed an issue in the User Access Gateway where the search field background appeared black, causing black text to be unreadable when searching for a server name for a selected account.
• Fixed an issue related to SNMP communication being resynchronized, where Zabbix connections failed after some time.

KNOWN ISSUES

• Installing the OVA image on Nutanix or VMware may result in an error that prevents successful deployment. A workaround is available; please contact Technical Support for detailed instructions.

DISCONTINUED FEATURES IN 5.5

• Fudo Enterprise 5.5 no longer supports the Fudo Officer 1.0 mobile application. Users relying on this integration must migrate to the Fudo Officer 2.0.
• Fudo Enterprise 5.5 no longer supports the Mobile Token authentication method used to bind the Fudo Officer mobile application to a User. You must unlink all Fudo Officer bindings from Users configuration before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.
• Fudo Enterprise 5.5 no longer supports the CyberArk Enterprise Password Vault external password repository. Users using this integration need to migrate to CyberArk Credential Provider external repository.
• Fudo Enterprise 5.5 no longer supports the Ticketing systems.
• The option to add unencrypted connections when configuring an external password repository has been disabled. All password repositories with url HTTP/LDAP have to be reconfigured to HTTPS/LDAPS before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.

ANNOUNCEMENTS FOR 5.5

• Fudo Enterprise 5.5 is the last version supporting transparent and gateway modes in the listeners configuration. Listeners using these modes must be reconfigured to use proxy and bastion modes before upgrading to the next release.
• Fudo Enterprise 5.5 is the last version supporting the Application to Application Password Manager. The AAPM will be replaced by the functionality of APIv2 in the next release.
• Fudo Enterprise 5.5 is the last version supporting the APIv1. The support will be removed in the next release. All scripts using APIv1 should be rewritten to use APIv2.
• Fudo Enterprise 5.5 is the final version to support DHCP, which will be removed in the next release.

BEFORE YOU UPGRADE

It is highly recommended to perform the 'Upgrade check' before the proper upgrade. The result of the failed check may contain information about configuration changes that needs to be done by a Fudo administrator to successfully upgrade Fudo.

There are a few things that need to be verified before this upgrade can be applied:

• Make sure your Fudo instance isn’t undergoing any system-wide process, such as storage rebuild, or the system isn’t under full-load.
• In a cluster configuration, make sure all nodes are synchronized and upgrade the slave node first.
• Make sure you have an active Premium or Standard Support maintenance contract.

MIB Definition Update

Domain Name Forwarding in RADIUS

Mobile Token

To unlink the Fudo Officer mobile application, please edit the user configuration, then:

1. Go to the 'More' tab, and in the 'Fudo Officer' section, unlink the application using the 'Cancel binding' button.
2. Alternatively, go to the 'Settings' tab, in the 'Authentication' section find the 'Mobile token' method and remove it using the 'Delete' button.

Reconfiguring External Password Repository to HTTPS/LDAPS

As Fudo Enterprise 5.5 and later versions no longer support unencrypted connections for external password repositories, all repositories using HTTP/LDAP URLs must be reconfigured to HTTPS/LDAPS prior to the upgrade.

Steps to resolve:

1. Navigate to 'Settings > External passwords repositories'.
2. Edit every configured external password repositories URL to use HTTPS/LDAPS.

RECOMMENDED UPGRADE PATH

Before proceeding with the upgrade, please verify the version number of your Fudo Enterprise instance. Depending on the version number, you will need to follow a specific upgrade path. To learn more, please refer to the Fudo Enterprise Product Upgrade Path article.

HOW TO UPGRADE YOUR FUDO

1. Login to your Fudo Admin Panel.
2. Select 'Settings > System' from the main menu on the left-hand side and go to the 'Upgrade' tab.

1. Select 'Upload' from the top right side and upload the previously downloaded and unzipped upgrade package file.
2. Select 'Run Check' to determine if your upgrade file is correct and can be applied to the existing Fudo configuration. Refresh your browser window to see 'Upgrade check' current progress.
3. Upon a successful 'Run Check' result, upgrade your Fudo by using the 'Upgrade' button. Upon system restart, all active sessions will be terminated.

HOW TO IMPORT SYSTEM CONFIGURATION

1. Login to your Fudo Admin Panel.
2. Select 'Settings > System' from the main menu on the left-hand side, then go to the user menu in the upper right corner.
3. Select 'Import configuration' from the user menu.
4. Upload the 'Master key' file and 'Configuration file' exported from another Fudo instance and click 'Confirm' to proceed with the import.

THE ROLLBACK PROCEDURE

If you are experiencing issues with the newly installed version, you have an option to roll back to the previous version of Fudo running on this machine. To do so, click the user menu on the top right, select 'Restart', and select previous system revision from the drop-down list.

DOWNLOAD

Download Fudo Enterprise 5.5.9

Download PDF version of this Release Note.

Fudo Enterprise 5.5.8

This is a minor Fudo release, introducing a range of improvements and new fixes.

HOTFIX REQUIRED FOR THIS VERSION

NEW FEATURES

• Added support for changing local account passwords using a domain account via the WinRM password changer.
• Added forwarding of the Active Directory domain name in RADIUS external authentication method. If the AD Domain field in the user configuration is populated, the AD domain value is appended to the username in the User-Name field, formatted as: {name}@{ad_domain}. This change may affect the behavior of RADIUS external authentication for users synchronized with LDAP or those with the AD Domain field manually filled in.
• Added OCR alphabet support for selected languages in the CIS, APAC, and South Asia regions, including Armenian, Georgian, Azerbaijani, Kazakh, Kyrgyz, Malayalam, Bengali, and Vietnamese.
• Administrators can now predefine the keyboard layout globally for the User Access Gateway. This setting can be configured in the Resources tab.

IMPROVEMENTS

• Adjusted the log export order to follow chronological sorting, displaying logs from oldest to newest.
• Changed the position of status notifications to the lower right corner to reduce interference with key actions.
• Enhanced security by ensuring the password is now masked when entering it during certificate upload to a listener.

BUG FIXES

• Implemented a fix to automatically trim leading and trailing whitespaces from the Login field when creating an account, ensuring a valid login string.
• Blocked the ability to save objects like Accounts, Servers, Safes, or Users with leading and trailing whitespaces in their names.
• Fixed random HTTP session drops caused by unexpected TigerVNC messages that NoVNC couldn’t handle correctly.
• Resolved the log message issue related to the Django session key in API requests.
• Fixed incorrect UI message about the Call Home feature status in the user editing form.
• Resolved an issue where the accounts list occasionally did not load in the User Access Gateway until the page was refreshed.
• Fixed an issue where a machine rebooted during initial replication could become unbootable.
• Restricted account configuration without login details when a domain is provided.
• Fixed an SNMP issue where smartHealth returned an incorrect value and updated the MIB definition in FUDO-SECURITY-COMMON-MIB.txt, now supporting only ok (1) and failed (2).
• Fixed an issue where the login reason was incorrectly requested during password checkout after refreshing the User Access Gateway, despite an active checkout session.
• Fixed an issue preventing the upgrade due to a remaining external authentication server certificate.
• Fixed improper handling of spaces in node names, which caused issues such as unavailable reports.
• Resolved an issue preventing safes and listeners from loading in the ‘Manage Accounts’ window during account onboarding.
• Fixed an issue with the default selection and value handling of the ‘Common Configuration’ checkbox when enabling RDP functionalities in Safe configuration.
• Fixed an issue where email notifications were not sent after a user used the checkout functionality when ‘Session awaiting approval’ notifications were enabled in a safe.
• Fixed an issue where the uploaded HTTPS certificate did not take effect immediately in the Admin Panel.
• Fixed missing Kazakh translations in recently revised tabs.
• Fixed an SSH connection error caused by a hotfix for forward authentication, affecting configurations with a forward account, bastion listener, and the ‘Authentication against server option’ enabled.
• Resolved an issue in clustered Fudo Enterprise environments where adding a profile to Fudo Officer failed on one of the nodes, displaying an error during QR code scanning. A Fudo Officer update will follow to fully address this fix.

DISCONTINUED FEATURES

• Fudo Enterprise 5.5 no longer supports the Fudo Officer 1.0mobile application. Users relying on this integration must migrate to the Fudo Officer 2.0.
• Fudo Enterprise 5.5 no longer supports the Mobile Token authentication method used to bind the Fudo Officer mobile application to a User. You must unlink all Fudo Officer bindingsfrom Users configuration before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.
• Fudo Enterprise 5.5 no longer supports the CyberArk Enterprise Password Vaultexternal password repository. Users using this integration need to migrate to CyberArk Credential Provider external repository.
• Fudo Enterprise 5.5 no longer supports theTicketing systems.
• The option to add unencrypted connectionswhen configuring an external password repository has been disabled. All password repositories with url HTTP/LDAP have to be reconfigured to HTTPS/LDAPS before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.

ANNOUNCEMENTS

• Fudo Enterprise 5.5 is thelast version supporting transparent and gateway modes in the listeners configuration. Listeners using these modes must be reconfigured to use proxy and bastion modes before upgrading to the next release.
• Fudo Enterprise 5.5 is thelast version supporting the Application to Application Password Manager. The AAPM will be replaced by the functionality of APIv2 in the next release.
• Fudo Enterprise 5.5 is thelast version supporting the APIv1. The support will be removed in the next release. All scripts using APIv1 should be rewritten to use APIv2.
• Fudo Enterprise 5.5 is the final version to support DHCP, which will be removed in the next release.

BEFORE YOU UPGRADE

It is highly recommended to perform the “Upgrade check” before the proper upgrade. The result of the failed check may contain information about configuration changes that needs to be done by a Fudo administrator to successfully upgrade Fudo.

There are a few things that need to be verified before this upgrade can be applied:

• Make sure your Fudo instance isn’t undergoing any system-wide process, such as storage rebuild, or the system isn’t under full-load.
• In a cluster configuration, make sure all nodes are synchronized and upgrade the slave node first.
• Make sure you have an active Premium or Standard Support maintenance contract.

MIB Definition Update

Domain Name Forwarding in RADIUS

Mobile Token

To unlink the Fudo Officer mobile application, please edit the user configuration, then:

1. Go to the 'More' tab, and in the 'Fudo Officer' section, unlink the application using the 'Cancel binding' button.
2. Alternatively, go to the 'Settings' tab, in the 'Authentication' section find the 'Mobile token' method and remove it using the 'Delete' button.

Reconfiguring External Password Repository to HTTPS/LDAPS

As Fudo Enterprise 5.5 no longer supports unencrypted connections for external password repositories, all repositories using HTTP/LDAP URLs must be reconfigured to HTTPS/LDAPS prior to the upgrade.

Steps to resolve:

1. Navigate to 'Settings > External passwords repositories'.
2. Edit every configured external password repositories URL to use HTTPS/LDAPS.

RECOMMENDED UPGRADE PATH

Before proceeding with the upgrade, please verify the version number of your Fudo Enterprise instance. Depending on the version number, you will need to follow a specific upgrade path. To learn more, please refer to the Fudo Enterprise Product Upgrade Path article.

HOW TO UPGRADE YOUR FUDO

1. Login to your Fudo Admin Panel.
2. Select ‘Settings > System’ from the main menu on the left-hand side and go to the ‘Upgrade’ tab.
3. If your Fudo is running in a cluster, start the upgrade on the Slave node, and only when the upgrade finishes successfully start upgrading the Master node. When both systems are running the same Fudo version cluster communication will be restored.
4. Select “Upload” from the top right side and upload the previously downloaded and unzipped upgrade package file.
5. Select “Run Check” to determine if your upgrade file is correct and can be applied to the existing Fudo configuration. Refresh your browser window to see “Upgrade check” current progress.
6. Upon a successful “Run Check” result, upgrade your Fudo by using the “Upgrade” button. Upon system restart, all active sessions will be terminate

HOW TO IMPORT SYSTEM CONFIGURATION

1. Login to your Fudo Admin Panel.
2. Select 'Settings > System'from the main menu on the left-hand side, then go to the user menu in the upper right corner.
3. Select 'Import configuration'from the user menu.
4. Upload the'Master key' file and 'Configuration file' exported from another Fudo instance and click 'Confirm' to proceed with the import.

DOWNLOAD

Download Fudo Enterprise 5.5.8

Download PDF version of this Release Note.

Fudo Enterprise 5.5.6

This is a minor Fudo release, introducing a range of improvements and new fixes.

NEW FEATURES

• Extended the Timeout feature to full functionality, enabling separate timeout settings for the Admin Panel and User Access Gateway.

IMPROVEMENTS

• Restricted the creation of accounts with the 'noraw' recording type for server types where it is not applicable, such as MSSQL, Modbus, TCP, and MySQL.
• Unified the display of labeled IP addresses for password changers and verifiers in the 'Password Changers' sub-tab within the Accounts tab to ensure consistency with other areas of the application.
• Improved filtering functionality and visibility of applied filters when no logs are available for display.
• Added the option to disable recording of nested sessions within SSH connections.
• Added a column displaying the Fudo domain in the Users list for improved clarity.

BUG FIXES

• Resolved an issue causing comments to disappear in the player.
• Resolved an issue where names of password changers and verifiers were not visible in the 'Password Changers' sub-tab within the Accounts tab during configuration.
• Resolved an issue affecting Telnet 3270 and Telnet 5250 connections, where sessions were not displayed, and no information about the established connection was visible.
• Resolved an issue where incorrect values in the 'search' field persisted after closing and reopening a pop-up, displaying an incorrect list of elements.
• Resolved an issue where saving a pool was not possible, even when at least one server was selected.
• Resolved a problem where saving changes to a pool was not possible while editing assigned servers, despite having at least one server selected.
• Resolved an issue where long path values for remote applications were not displayed properly in the 'Remote Applications' sub-tab within the Accounts tab during configuration.
• Resolved an issue where the domain was not forwarded when credentials were left blank in account configuration.
• Resolved a layout issue in the User Portal causing sorting buttons to overlap adjacent columns.
• Resolved an issue where changes to the External Password Repository configuration could not be saved during editing.
• Fixed missing cluster node role information on the 'Node' widget in the Dashboard tab.
• Resolved an issue with incomplete SSH session exports.
• Fixed MSTSC-related issues on Windows 11 24H2 ARM64 causing screen lag and blocking artifacts in Native Client RDP sessions.
• Fixed a problem with dropdowns not loading all entries for datasets with over 1,000 records.
• Fixed a problem with establishing SSH and RDP sessions due to slow SQL query execution.
• Fixed a problem with filtering users in the safe configuration user management window.
• Addressed a problem leading to OpenID Connect crashes due to improper configuration.
• Restored the VNC basic authentication method for client-side connections.
• Resolved problems with SSO login and logout functionality in the User Access Gateway.
• Addressed an issue where the 'Selected' section failed to show all accounts assigned to safe if their total exceeded 1,000.
• Restored the 'Last Login' filter in the Users tab.
• Addressed a problem that blocked playback of timestamped sessions.
• Resolved an issue where setting an empty password was not possible during account editing.
• Resolved a 500 Internal Server Error when changing LDAP sync configuration with conflicting user data.
• Fixed inconsistent behavior in the filter window of the Accounts tab.
• Addressed an issue with search suggestions for server addresses in the User Access Gateway.
• Introduced validation for CA certificates during upload to prevent saving incorrectly encoded files that could cause errors when creating a server.
• Enabled operators with the necessary permissions to view and download files from the "Downloads" tab.
• Resolved an issue where users with the Session Viewer role were unable to play sessions.
• Adjusted server response handling to reinforce safety measures.
• Fixed a time sync issue with ntpdate during boot on systems with a LAGG interface.
• Resolved critical assertions occurring when sending files using the SCP file transfer.

BEFORE YOU UPGRADE

Please refer to the following sections under the 5.5.4 major release at the end of this page for important information about the upgrading procedure:

• "Before You Upgrade,"
• "Recommended Upgrade Path,"
• "How to Upgrade Your Fudo,"
• "How to Import System Configuration,"
• "The Rollback Procedure."

DOWNLOAD

Download Fudo Enterprise 5.5.6

Download PDF version of this Release Note.

Fudo Enterprise 5.5.5

This is a minor Fudo release, introducing a range of improvements and new fixes.

NEW FEATURES

• Redesigned and enhanced Fudo Officer 2.0, now supporting the Just In Time feature, available on both Android and iOS.
• Added new RDP functionality in the Safe configuration, allowing custom content to be added to the generated RDP file.
• Introduced a beta feature to set timeouts for both the Admin and User panels. The upcoming release will support separate timeout settings for the Admin Panel and Access Gateway.

IMPROVEMENTS

• Implemented security patches for the following vulnerabilities: CVE-2024-43102, CVE-2024-45287, and CVE-2024-45288.
• Implemented general improvements and fixes to the sorting functionality across various lists, including Users, Servers, Listeners, and Accounts tabs, among others:Added ‘Search’ field and alphabetic sorting for servers and accounts in the drop-down menu in the Password Changers tab.
  • Added ‘Search’ field and alphabetic sorting for 'Add remote app' drop-down menu in the Accounts tab.
  • Restored the missing 'Password Changer' filter on the Accounts tab.
  • Fixed an issue where default settings for some filters were cleared when using filters with drop-down lists.
• Updated missing translations across the interface.
• Added a notification that timestamping requires RAW dump recording while recording mode for the account is set to 'none'or 'noraw' .

API CHANGES

• Updated the 'Status' endpoint to report all three load average values: 1, 5, and 15 minutes.

BUG FIXES

• Fixed the issue with the "Missing X-CSRFToken" error, which was causing problems with certain requests.
• Fixed an issue where users with access to a large number of records were unable to view the accounts list in the Access Gateway.
• Resolved various filtering issues, including handling of special characters and incorrect values in search fields.
• Fixed an issue with the UCARP service script using an improper pattern to search for running processes.
• Resolved an issue with Kerberos authentication for large tickets.
• Addressed an issue causing SSO login failures and portal unavailability due to a stalled whlkerb
• Provided a fix for the CWE-79 vulnerability, which could potentially lead to cross-site scripting (XSS) attacks.
• Fixed an issue where an operator could access sessions without proper read or live session access permissions.
• Addresses an issue causing SSO login failures and portal unavailability due to a stalled whlkerb process.
• Optimized the timeout period for Fudo Enterprise to declare a KDC server as unreachable.
• Restored the missing 'pool' label in the accounts list to distinguish assigned pools from servers.
• Resolved an issue where, upon session expiration, users were caught in a refresh loop instead of being properly logged out.
• Addressed an issue where Fudo Enterprise was generating an excessive volume of unnecessary DNS PTR record requests.
• Resolved an issue that prevented all accounts from being displayed in the drop-down list for the "Replace secret with: Other Account" option.
• Fixed an issue with improper form refreshing when creating multiple external authentication configurations.
• Fixed an issue where editing the IP address of an existing server with a subnet mask other than 32 would default to 32 after saving.
• Resolved an issue with LDAP sync where password changes via Access Gateway failed for users with Active Directory external authentication when the User Principal Name (UPN) differed from the domain name.
• Fixed an issue where tooltips were not hiding properly and failing to display the full text.
• Fixed an issue with synchronizing time with the NTP server after boot.
• Fixed an issue where refreshing the list of connections in Access Gateway always redirected to the first page.
• Fixed an issue where clicking links to Account and Server from the Session tab caused Fudo to freeze.
• Fixed an issue in Access Gateway where the password checkout time limit was not displayed or enforced correctly.
• Fixed an issue where LDAP-synchronized users could be incorrectly added to safes from the Safes tab.
• Fixed an issue where no message was displayed when attempting to save an account linked to a deleted server.
• Fixed inconsistencies in displaying available bind addresses across different forms in the Fudo Enterprise.
• Fixed an issue where the 'SSH Key' method was incorrectly available for all server types, instead of being limited to SSH servers.
• Fixed an issue where the admin user could not download sessions if the connection was established using the web client.
• Fixed the misalignment of the menu header bar with the interface color.
• Fixed an issue requiring OTP tokens to be re-initialized for LDAP-synced users already synced from a different AD group.

ADDRESSED KNOWN ISSUES FROM VERSION 5.5.4

The following known issues from version 5.5.4 have been addressed in this release:

• Admin-type users cannot open the 'Downloads' tab.
• Missing 'Password changer' filter for 'Accounts' tab.
• Some translations may be missing in redesigned tabs.

BEFORE YOU UPGRADE

Please refer to the following sections under the 5.5.4 major release at the end of this page for important information about the upgrading procedure:

• "Before You Upgrade,"
• "Recommended Upgrade Path,"
• "How to Upgrade Your Fudo,"
• "How to Import System Configuration,"
• "The Rollback Procedure."

DOWNLOAD

Download Fudo Enterprise 5.5.5

Download PDF version of this Release Note.

Fudo Enterprise 5.5.4

This is a minor Fudo release, introducing a range of improvements and new fixes.

IMPROVEMENTS

• Added a new 'Session Viewer' role, allowing users to view sessions but restricting access to other tabs and functions. Dashboard information for this role is also limited to session-related widgets like'New Sessions', 'Concurrent Sessions', and 'Suspicious Sessions'.
• All tabs systematically updated to the new GUI now offer comprehensive API coverage, meaning users can perform configuration, search, and filter tasks programmatically via the API. This enhancement streamlines workflows, increases efficiency, and allows for better integration with other systems and automation tools.
• Optimized the interface for easier and faster configuring, searching, and filtering across multiple tabs, including: 
  • Accounts tab- refined display referring to the new interface style. The new clear filtering menu shows all possible filter options.
  • Safes tab- six new tabs helps to easier manage general Safe’s settings and functionality, but also assign Policies, Users, Accounts or permissions and notifications. New clear filtering menu shows all possible filters options. 
  • Password Changers tab- refined display referring to the new interface style. The new clear filtering menu shows all possible filter options.
  • Policies tab- refined display referring to the new interface style.
  • Artificial Intelligence tab- refined display referring to the new interface style.
  • Authentication tab - three new rearranged subtabs containing:
    • External authentication methods like Active Directory, LDAP, Cerb and Radius.
    • OpenID Connect tab to configure support for identity providers like EntraID or Okta.
    • Global tab for OATH, SMS, DUO, SSO, and Kerberos configuration.
  • External Password Repositories tab- refined display referring to the new interface style.
    • Added the ability to obtain a server certificate when configuring an External Password Repository.
  • Resources tab- refined display referring to the new interface style.
  • Backups and Retention tab- refined display referring to the new interface style.
  • Events Log tab- easier to manage and improved filtering features.
    • Introduced functionality to sort logs by time, enhancing the previous date-based sorting capability.
    • You can quickly select one of the commonly used date range filters, like 'Today', 'Last 24 hours', 'This Week', 'Last 1 hour', 'Last 1 year',
    • Filters 'From date'and 'To date' are now always visible and accessible directly from the tab.
    • The new clear filtering menu shows all possible filter options.
    • Individual columns can now be toggled for visibility. The available columns are: 'Timestamp', 'Log Level', 'Log Type', 'Message', and'Node'.
  • The default session recording typefor new accounts has been changed from 'all' to 'noraw'. This means that Fudo Enterprise will now, by default, record session data in a non-raw format, allowing it to be played back using the built-in session player.
  • Upgraded Access Gateway to Angular v.16 for improved performance and functionality.
  • Now Users receive information about the reason for the rejected Access Request in mail notifications.
  • PostgreSQL has been updated to version 16.2.
  • Updated RDP file naming to reflect connection details. Files created in Access Gateway for native client RDP connections are now named appropriately.
  • Implemented event logging for AI-detected threats.

API CHANGES

• The transition to APIv2 continues, bringing numerous new endpoints designed to enhance functionality and streamline the process of rewriting tabs to the new API. Consequently, this update aims to significantly improve performance and expand overall capabilities.
• We have added numerous new attributes for the Account object and Session object. From now on, the configuration of all base objects, including Users, Servers, Accounts, Safes, and Listeners, is handled using the new API.
• We've added numerous new object specifications and endpoints, so you can now utilize APIv2 to manage:
  • password changers,
  • password changer policies,
  • policies and regular expressions,
  • assigning policies to safes,
  • OpenID Connect authentication,
  • logs,
  • session files,
  • account notes,
  • reports,
  • notification filters,
  • diagnostics,
  • backup targets.
• All attributes related to the Mobile Token authentication method were removed from the `user_authentication_method` object specification.

DISCONTINUED FEATURES

• Fudo Enterprise 5.5 no longer supports the Fudo Officer 1.0mobile application. Users relying on this integration must hold off on upgrading to version 5.5 until the new version of the app is released. The redesigned and enhanced Fudo Officer 2.0, supporting the Just In Time feature, will be available shortly in your respective app stores for Android and iOS. Stay tuned for its release.
• Fudo Enterprise 5.5 no longer supports the Mobile Token authentication method used to bind the Fudo Officer mobile application to a User. You must unlink all Fudo Officer bindingsfrom Users configuration before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.
• Fudo Enterprise 5.5 no longer supports the CyberArk Enterprise Password Vaultexternal password repository. Users using this integration need to migrate to CyberArk Credential Provider external repository.
• Fudo Enterprise 5.5 no longer supports theTicketing systems.
• The option to add unencrypted connectionswhen configuring an external password repository has been disabled. All password repositories with url HTTP/LDAP have to be reconfigured to HTTPS/LDAPS before the upgrade. For more details, please refer to the 'Before You Upgrade' section below.
  
  

ANNOUNCEMENTS

• Fudo Enterprise 5.5 is the last version supporting transparent and gateway modes in the listeners configuration. Listeners using these modes must be reconfigured to use proxy and bastion modes before upgrading to the next release.
• Fudo Enterprise 5.5 is the last version supporting the Application to Application Password Manager. The AAPM will be replaced by the functionality of APIv2 in the next release.
• Fudo Enterprise 5.5 is the last version supporting the APIv1. The support will be removed in the next release. All scripts using APIv1 should be rewritten to use APIv2.
• Fudo Enterprise 5.5 is the final version to support DHCP, which will be removed in the next release.

BUG FIXES

• Fixed the inability to configure 'transport_bind_ip'for the password changer to 'Any' bind address.
• Resolved issue preventing IP address input and selection for native client mode on Access Gateway.
• Fixed login issues for MGM and UAG with OATH enabled and 'Different password than current' setting active.
• Fixed issue where inactivity limit did not terminate sessions for rendered HTTP protocol due to noVNC client behavior.
• Fixed issue with AD Domain being incorrectly mapped and displayed during LDAP user synchronization.
• Fixed issue where group mapping in LDAP synchronization was saved in an incorrect format.
• Resolved issue with LDAP synchronization where users in the built-in AD group were not correctly mapped.
• Fixed login failure issue when connecting to MS SQL (TDS) using domain in the login field and listener 'proxy'
• Fixed issue where LDAP synchronization failed when adding external authentication to group mapping.
• Fixed problem with SSH Key authentication failing and prompting for a password when Fudo Domain was included in the connection string.
• Fixed issue causing crashes when running .rdp files for deleted remote apps.
• Re-fix: Fixed an issue causing double OTP prompts for redirected RDP connections in RDS, impacting users configured with the OATH authentication method.
• API: Resolved problem where attributes requiring another attribute with a default value were not automatically added during PATCH modifications.
• Resolved issue with the list being unsearchable and unsorted when choosing a password from 'Other account' during account creation.
• Resolved problem with Fudo requiring a passphrase for passwordless keyfiles, resulting in an error or incorrect acceptance of any string.

KNOWN ISSUES

• For a regular account with a password from another account via a URL, the HTTP connection cannot be established.
• There is no list for users who use a specific external authentication method.
• The domain is not forwarded correctly when credentials are left blank in the account.
• Admin-type users cannot open the 'Downloads' tab.
• Missing 'Password changer'filter for  'Accounts'
• Non-rendered HTTP sessions cannot be established.
• FudoPV (Application to Application Password Manager) is not functional.
• Some translations may be missing in redesigned tabs.
• Following the upgrade, the Artificial Intelligence tab may initially appear blank, with no visible model training, until the system fully loads after a brief period.

BEFORE YOU UPGRADE

It is highly recommended to perform the “Upgrade check” before the proper upgrade. The result of the failed check may contain information about configuration changes that needs to be done by a Fudo administrator to successfully upgrade Fudo.

There are a few things that need to be verified before this upgrade can be applied:

• Make sure your Fudo instance isn’t undergoing any system-wide process, such as storage rebuild, or the system isn’t under full-load.
• In a cluster configuration, make sure all nodes are synchronized and upgrade the slave node first.
• Make sure you have an active Premium or Standard Support maintenance contract.

Mobile Token

To unlink the Fudo Officer mobile application, please edit the user configuration, then:

1. Go to the 'More' tab, and in the 'Fudo Officer' section, unlink the application using the 'Cancel binding' button.
2. Alternatively, go to the 'Settings' tab, in the 'Authentication' section find the 'Mobile token' method and remove it using the 'Delete' button.

Single Sign On Configuration

The first authentication attempt using SSO after the upgrade may result in the error: "Failed to authenticate using the given method." To resolve this, you must log in using an alternative method configured for the superadmin account and reload the .keytab file.

Steps to resolve:

1. Navigate to 'Settings > Authentication'.
2. Go to the'Global'
3. In the 'SSO' section, click the'Upload' button next to the appropriate field—either 'Management SSO settings' or 'User access SSO settings'—depending on your configuration.
4. Select the appropriate .keytabfile and click 'Save'.
   
   

Reconfiguring External Password Repository to HTTPS/LDAPS

As Fudo Enterprise 5.5 no longer supports unencrypted connections for external password repositories, all repositories using HTTP/LDAP URLs must be reconfigured to HTTPS/LDAPS prior to the upgrade.

Steps to resolve:

1. Navigate to 'Settings > External passwords repositories'.
2. Edit every configured external password repositories URL to use HTTPS/LDAPS.

RECOMMENDED UPGRADE PATH

Before proceeding with the upgrade, please verify the version number of your Fudo Enterprise instance. Depending on the version number, you will need to follow a specific upgrade path. To learn more, please refer to the Fudo Enterprise Product Upgrade Path article.

HOW TO UPGRADE YOUR FUDO

1. Login to your Fudo Admin Panel.
2. Select ‘Settings > System’ from the main menu on the left-hand side and go to the ‘Upgrade’ tab.
3. If your Fudo is running in a cluster, start the upgrade on the Slave node, and only when the upgrade finishes successfully start upgrading the Master node. When both systems are running the same Fudo version cluster communication will be restored.
4. Select “Upload” from the top right side and upload the previously downloaded and unzipped upgrade package file.
5. Select “Run Check” to determine if your upgrade file is correct and can be applied to the existing Fudo configuration. Refresh your browser window to see “Upgrade check” current progress.
6. Upon a successful “Run Check” result, upgrade your Fudo by using the “Upgrade” button. Upon system restart, all active sessions will be terminated.

HOW TO IMPORT SYSTEM CONFIGURATION

1. Login to your Fudo Admin Panel.
2. Select 'Settings > System'from the main menu on the left-hand side, then go to the user menu in the upper right corner.
3. Select 'Import configuration'from the user menu.
4. Upload the'Master key' file and 'Configuration file' exported from another Fudo instance and click 'Confirm' to proceed with the import.

THE ROLLBACK PROCEDURE

If you are experiencing issues with the newly installed version, you have an option to roll back to the previous version of Fudo running on this machine. To do so, click the user menu on the top right, select ‘Restart’, and select previous system revision from the drop-down list.

DOWNLOAD

Download Fudo Enterprise 5.5.4

Download PDF version of this Release Note.

CONTACT US

If you have questions or concerns, please get in touch at support@fudosecurity.com or by phone: +48 22 100 67 09.

Sincerely,
Fudo Security Team