No release notes.
Version history
2.6.2.10Bamboo Server 6.2.1 - 9.2.12019-08-28BugFix Release 2.6.2.9Bamboo Server 6.2.1 - 6.9.22019-08-15Bugfix Release - Users can be searched by fullname
2.6.2.8Bamboo Server 6.2.1 - 6.9.22019-07-31Feature Release - Brute Force Protection
- Token Mode
- Bugfixes
2.5.2.7Bamboo Server 6.0.0 - 6.9.22019-05-24Feature Release - support of hardware token as alternative to a mobile authenticator
2.4.2.5Bamboo Server 6.0.0 - 6.8.32018-12-17Feature Release - New user picker in the user manager and audit log
- IP based filters now accept client IPs with port numbers in HTTP forward header
2.3.2.4Bamboo Server 5.14.0 - 6.6.32018-10-12Bugfix release - Support for users without email address from external user directories
- Fix for user manager showing not more than 50 users
2.3.2.3Bamboo Server 5.14.0 - 6.6.32018-08-31Feature Release - The audit log can now be activated or deactivated.
- If the audit log is activated, the hold period for the log entries can be defined.
- A time-controlled job deletes the outdated log entries every eight hours.
- The Secure Login profiles of deleted users are deleted every 8 hours.
- Revised IPv4 and IPv6 support in the IP white/blacklists.
- Small error corrections and stability improvements
- Renaming the admin menu entries for better selection in the global search context
2.2.2.2Bamboo Server 5.13.2 - 6.4.22018-06-27Security Hotfix This security hotfix contains the fix for two not yet published vulnerabilities:
- Unauthorized deactivation of Secure Login through REST API access
- Unauthorized access to the 2FA secret of a user through URL manipulation
Both vulnerabilities presuppose the potential attacker got access to the login credentials of a user upfront.
Please upgrade your Secure Login installation immediately to fix this vulnerability. See the corresponding security advisor for more details.