- IP based filters now accept client IPs with port numbers in HTTP forward header
- Sysadmins can grant access for the user manager and audit log to normal admins
- Attachments and thumbnails in the Service Desk Portal views are now accessible without 2FA
- Version 184.108.40.206 • Released 2018-12-17 • Supported By syracom AG • Paid via Atlassian • Commercial
- Version 220.127.116.11 • Released 2018-10-12 • Supported By syracom AG • Paid via Atlassian • Commercial
- Support for users without email address from external user directories
- Fix for user manager showing not more than 50 users
- Version 18.104.22.168 • Released 2018-08-31 • Supported By syracom AG • Paid via Atlassian • Commercial
- The audit log can now be activated or deactivated.
- If the audit log is activated, the hold period for the log entries can be defined
- A time-controlled job deletes the outdated log entries every eight hours
- The Secure Login profiles of deleted users are deleted every 8 hours.
- Revised IPv4 and IPv6 support in the IP white/blacklists
- Small error corrections and stability improvements
- Renaming the admin menu entries for better selection in the global search context
- Version 22.214.171.124 • Released 2018-06-27 • Supported By syracom AG • Paid via Atlassian • Commercial
This security hotfix contains the fix for two not yet published vulnerabilities:
- Unauthorized deactivation of Secure Login through REST API access
- Unauthorized access to the 2FA secret of a user through URL manipulation
Both vulnerabilities presuppose the potential attacker got access to the login credentials of a user upfront.
Please upgrade your Secure Login installation immediately to fix this vulnerability. See the corresponding security advisory for more details.