Fudo 4.3-62664 Release Notes

This is a major Fudo, introducing new features, improvements and bug fixes.

NEW:

  • VMware Tools included in the system image.
  • New external authentication methods have been added: SMS and DUO
  • Added 2FA support for target server authentication within SSH protocol.
  • New functionality: account secret check out and check in is shown as a virtual session that starts with secret check out and ends with secret check in. Account secret checkout can be configured to require administrator confirmation.
  • Password changer can be triggered after the session terminates.
  • Added support for a Certificate Revocation List (CRL) in WinRM password changer.

IMPROVEMENTS:

  • New disk management method has been implemented: the mapping is removed; it replaced with the partition labels that are based on initial disk numbers.
  • Added Azure authentication method for rendered HTTP-based servers.
  • Added support for HTTP Basic Authentication.
  • Fudo now allows to manually select rendered HTTP sessions for OCR.
  • ‘SSH Agent forwarding’ functionality has been added for the servers with SSH type and for all account types. This allows using own keys for connecting to the target server via Fudo.
  • Portal users connecting to an HTTP listener don’t have to provide credentials in an HTTP login page but are presented an already authenticated session based on the fact they’re already authenticated to a portal.
  • MIB definition in FUDO-SECURITY-MIB.txt was splited into two files:
    • FUDO-SECURITY-COMMON-MIB.txt
    • FUDO-SECURITY-COMMON-FUDO.txt
  • Scalar values returned by the SNMP agent running on Fudo PAM will now have a ‘.0’ suffix.
  • Added a limit for Session time for Safes.
  • Added a limit for Session inactivity time for Safes – sessions will be disconnected after the given period.

GUI CHANGES:

  • ‘Server’ column, which represents a destination address of the session has changed its title into ‘Dst Address’.
  • IP and port number of the account using the listener are now visible Safe management section.
  • Added filtering option to include deleted servers in a ‘Sessions’ list.
  • Added upload and download functions for Password changers and verifiers.
  • Improved readability of certificate fingerprint.
  • Improved state of progress bar while system upgrading.
  • Fudo allow displaying QR code for OATH authentication method secret, even if the method isn’t saved.
  • Changed the button colors in User Access Gateway (portal) when connecting to a server for better readability.

API FIXES:

  • Fixed “Internal server error” showing in API while creating Account with “regular” type.
  • Fixed a problem with using API to remove/modify/add public_key from the server.
  • Added external authentication methods for Rest API users.
  • Enabled returning a Safes list per user_id, listener_id and account_id in API. 
  • Enabled returning an Accounts list for a specific server_id.
  • Fixed an error showing up while sending GET with parameter search in /safes/<id>/users.
  • Fixed a bug with the inability to delete the last listener from account_listener association in Safes.

PLAYER FIXES:

  • Fixed a bug with black screen showing up after opening recorded sessions on Firefox ESR version.
  • Improved opening session playback: the details and search box was seen just after opening. Now they are visible after clicking the “Details” button.
  • Time display was changed between connection and relative time on the right side of the bar. Now time displays are similar on both sides. 

GUI FIXES:

  • Admins were unable to block users having ‘Account validity’ property set. This has been fixed.
  • Corrected logging when saving Users’ properties without any changes.
  • Fixed a situation when a HTTP transparent or gateway listener with “Render session” checked cannot be saved.
  • Fixed a bug with not saving value of  “Blocked” checkbox within ‘Users Safes’ section.
  • Fixed problem when modifying daily time access policy from the User detail view.
  • improved readability of RemoteApp list in Servers Management section.
  • Improved OCR filter for ‘Sessions’ list: the results contain only graphical sessions.
  • Added ‘sending diagnostics’ functionality for System settings within ‘Maintenance and supervision’ section.

BUG FIXES:

  • A mechanism checking for correct system configuration during the upgrade (script UPG000292) has been improved.
  • Fixed LDAP incompatibility with Cyrillic letters.
  • Users couldn’t download the files bigger than 1 MB, using WinSCP to connect to the SFTP server. The problem is now fixed.
  • Fixed calculation of ‘Number of servers in use’ within the System Settings section.
  • Fixed a bug with connection via VNC when an Account’s password field is empty.
  • Fixed a problem with database replication to be working for all configurations.
  • FUDO was unable to correctly login to MySQL database. It’s logging in properly now.
  • Fixed a bug when the user wasn’t able to authenticate with a SSH key when logging in using bastion mode listener.
  • Fixed a bug when OCR was started but at some point in the session was stopped. Now the whole session will be indexed by the OCR process.
  • Fixed a bug when Fudo couldn’t OCR a session that has been terminated.
  • Some reports were generated but never sent. This problem has been fixed.

Upgrade package download instructions:
Please contact us at support@fudosecurity.com to receive a proper upgrade package for your Fudo current software version.

BEFORE YOU UPGRADE
There are a few things that need to be verified before this upgrade can be applied.
Make sure your Fudo instance isn’t undergoing any system-wide process, such as storage rebuild, or the system isn’t under full-load.
In a cluster configuration, make sure all nodes are synchronized and upgrade the slave node first.
Make sure you have an active Premium or Standard Support maintenance contract.

How to upgrade your Fudo:

Login to your Fudo and from the menu on the left-hand side select ‘System’, then the ‘Upgrade’ tab.
If your Fudo is running in a cluster, start the upgrade from the Slave node, then move onto upgrading the Master node. When both systems are on the same Fudo version cluster communication will be restored.
Select “Upload” from the top left side and upload the previously downloaded and unzipped upgrade package file.
Select “Run Check” to determine if your upgrade file is correct and can be applied to the existing Fudo configuration. Refresh your browser window to see “Upgrade check” current progress.
Upon a successful “Run Check” result, upgrade your Fudo by using the “Upgrade” button. Upon system restart, all active sessions will be terminated.
In case of an unsuccessful check do not upgrade your system, double check your upgrade file checksum. If you encounter any problems, get in touch with us and we will assist you.

Rollback:

If you are experiencing issues with the newly installed version, you have an option to roll back to the previous version of Fudo system previously running on this machine. To do so, click the user menu on the top, select ‘Restart’ and select previous system revision from the drop-down list.
Please keep in mind any session recordings performed on never version will be lost upon upgrade rollback execution.

If you have questions or concerns, please get in touch at support@fudosecurity.com
or by phone: +48 22 100 67 09.

Sincerely,
Fudo Security Team.