multiOTP Enterprise =================== multiOTP Enterprise is a strong two-factor authentication device multiOTP Enterprise is based on the OATH certified Pro edition multiOTP Enterprise includes additional features like HA and REST API (c) 2010-2022 SysCo systemes de communication sa https://www.multiOTP.com/ Current build: 5.9.0.3 (2022-05-26) Table of contents * What's new in this release * Wishlist for future releases * Change Log of released versions WHAT'S NEW IN THIS 5.9.x RELEASE ================================ - New Hyper-V and OVA appliances available (version 011, based on Debian 11) - Enhanced special ISO characters support (included octal encoded) - {MultiotpUserAccount} tag can be used in templates - {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates RASPBERRY PI DISTRIBUTION ========================= Please note that an optimized Raspberry Pi binary image is available for any multiOTP Enterprise appliance customer. CHANGE LOG OF RELEASED VERSIONS =============================== 2022-05-26 5.9.0.3 FIX: User account containing octal encoded ISO characters are now also converted to UTF FIX: {MultiOtpVersion} is now correctly replaced in scratchtemplate.html ENH: {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates 2022-05-18 5.9.0.0 FIX: User account containing special ISO characters are now also converted to UTF ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11) ENH: {MultiotpUserAccount} tag can be used in templates 2022-04-28 5.8.7.0 ENH: Enhanced log information for refused connection ENH: Code cleaning to support next appliance release 2022-04-14 5.8.6.1 FIX: Token "Without2FA" where not working all time with LDAP users ENH: Telnyx SMS provider support ENH: AD/LDAP synced user with "Without2FA" token don't need any licence ENH: Email token is now supported for multiOTP Credential Provider ENH: multiOTP Credential Provider: if username doesn't exist, the domain name is shortened step by step 2022-02-10 5.8.5.5 FIX: Upgrade process issue 2022-01-20 5.8.5.2 FIX: Device defined with 0.0.0.0/0 is now supported for multiOTP Credential Provider connection FIX: Better mail server compatibility 2022-01-14 5.8.5.1 ENH: Enhanced multiOTP Credential Provider support ENH: New Hyper-V file with full VM distribution 2021-11-18 5.8.3.2 ENH: Enhanced multiOTP Credential Provider support 2021-09-14 5.8.3.0 ENH: New OVA file with full VM distribution ENH: Removed multicast support on the network card 2021-08-19 5.8.2.9 ENH: Added compatibility with new multiOTP Credential Provider (5.8.2 and further) ENH: Additional log messages 2021-04-08 5.8.2.1 ENH: eDirectory LDAP server support 2021-03-25 5.8.1.9 FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances ENH: Weak SSL ciphers disabled 2021-03-21 5.8.1.2 ENH: Up to 7 days log entries available in the embedded log viewer ENH: Storage free space information on dashboard 2021-03-14 5.8.1.1 FIX: In some cases, the HOTP/TOTP was not well computed 2021-02-12 5.8.1.0 FIX: Better unicode handling ENH: Flexible licence support with demo licences 2020-12-11 5.8.0.6 FIX: Backend database optimization 2020-11-16 5.8.0.4 FIX: Cleaning orphans users on slave devices 2020-09-20 5.8.0.2 ENH: New Sync Delete Retention Days option in order to purge inexistent AD/LDAP users (default retention value : 30 days) 2020-08-31 5.8.0.0 FIX: Clean automatically the log before the last 100 days FIX: Too many ReadConfigData loop during initialization FIX: Backend configuration access optimized FIX: Better unicode handling ENH: Cookies with HTTPOnly and Secure flag ENH: Raspberry Pi 4B support ENH: Smaller size for binary firmware files ENH: Better custom Fortinet / ZyXEL support 2019-10-23 5.6.1.4 FIX: HA Configuration storage and synchronization ENH: Generic web based SMS provider support 2019-10-22 5.6.1.3 ENH: Out of sync detection with specific error message ENH: New 64 bits OVA file with full VM distribution ENH: Enhanced custom SMS providers support ENH: Active support date on dashboard 2019-07-17 5.5.0.1 FIX: Devices submask calculation error 2019-03-25 5.4.1.8 ENH: Enhanced error messages, more log information ENH: New QRcode library ENH: Added specific vendor device expert setup 2019-01-18 5.4.1.6 FIX: Update process for previous VM distribution 2019-01-18 5.4.1.5 ENH: New OVA file with full VM distribution 2019-01-18 5.4.1.4 FIX: Better IP address change handling ENH: If any, clean specific NTP DHCP option at every reboot 2019-01-07 5.4.1.1 FIX: Fix some without2FA algorithm issues FIX: Enhanced AD/LDAP process for Enterprise Edition FIX: Fix some RADIUS challenge/response issues ENH: Additional web based SMS providers support (Swisscom LA REST, Afilnet, Clickatell2, eCall, Nexmo, NowSMS, SMSEagle) ENH: New binary images available (version 008) for Raspberry Pi and Virtual Appliances ENH: Official Raspberry Pi 3B+ support ENH: Optimized size for Raspberry Pi binary image ENH: Better information on the dashboard 2018-08-22 5.3.0.1 FIX: On master side, re-create a clean displayable list of slave devices each time a device is updated FIX: Additional information and refresh rate in the CLI console FIX: The Master mode was always displayed as disabled the first time the System tab is displayed FIX: Additional users licence is now better synchronized with slave(s) ENH: Multiple semicolon separated "Users DN" now supported for AD/LDAP synchronization ENH: Additional info on both master and slave sides during synchronization process 2018-07-16 5.2.0.2 ENH: Active Directory nested groups support (user1 in groupA, groupA in groupB, setting the OTP groups to "groupB" will add user1) ENH: Enhanced AD/LDAP support for huge Microsoft Active Directory (much faster) ENH: "Base DN" and "Users DN" are now two different parameters ("Users DN" is optional) 2018-01-03 5.1.0.1 FIX: A user is sometime created automatically (AD/LDAP sync) with a leading backslash ENH: Algorithm selection for automatic AD/LDAP creation ENH: Expired AD/LDAP password support ENH: multiOTP Credential Provider (for Windows) improvements (login@domain.name UPN support, default domain name supported and displayed, SMS request link) 2017-10-24 5.0.5.4 FIX: Depending of the configuration and the AD/LDAP cache feature, empty prefix AD/LDAP password may be accepted 2017-09-29 5.0.5.3 ENH: The proposed mOTP generator for Android/iOS is now OTP Authenticator New QRCode provisioning format for mOTP (compatible with OTP Authenticator) 2017-09-08 5.0.5.0 FIX: Fixed too much detailed information in the log when trying to detect a token serial number for self-registration 2017-05-16 5.0.4.4 ENH: VM plateform version displayed on the console 2017-05-12 5.0.4.3 ENH: Web GUI enhanced performance for the hardware device edition 2017-05-11 5.0.4.2 FIX: PDF provisioning pages were not generated through Web API for VM plateform version 005 2017-05-10 5.0.4.1 FIX: PDF provisioning pages were not always generated 2017-05-10 5.0.4.0 FIX: A user cannot be created anymore with a leading backslash ENH: Additional Web API function GetAccountProvisioningPdf ENH: Additional Web API function MasterSlaveFullResync ENH: Additional Web API function GetAccountInfo ENH: Web API function DisableAccount replaces the DesactivateAccount ENH: A replay during 60 seconds of the previous refused password is rejected, but the error counter is not incremented ENH: Group names are now always trimed to avoid blank spaces ENH: Slave synchronisation can now be done with or without system configuration ENH: Additional authentication options parameters for fine tuning 2017-01-26 5.0.3.4 FIX: Better Eastern European languages support ENH: UTC added in the list of time zones ENH: Huge AD/LDAP synchronization optimization ENH: Optimized Raspberry Pi binary image available on demand for any Enterprise appliance customer ENH: In the template, the proposed TOTP/HOTP generator for Android/iOS is now FreeOTP Authenticator ENH: New "Local admin account" attribute for any user, which allows to log-in as an admin, using their username and their prefix (if any) and OTP password. ENH: An invalid login attempt on the console will sent an alert to the Admin contact (if defined) ENH: Multiple purpose tokens provisioning format PSKCV10, like Gemalto e3050cL and t1050 tokens, is now supported. ENH: SOAP service available (compatible with OpenOTP SOAP service) ENH: Multiple groups per user can be enabled (not all devices support multiple groups) ENH: Using AD/LDAP password instead of PIN code can be overwritten or not for all synchronized users 2016-11-14 5.0.3.0 FIX: New customized templates were not always used or synchronized by the system ENH: Syslog process improved ENH: Log messages better categorized and ordered ENH: RC4 removed from available SSL ciphers 2016-11-04 5.0.2.6 ENH: Process optimization for high volume AD/LDAP synchronization with enabled HA ENH: External packages update 2016-10-16 5.0.2.5 ENH: Performance optimization 2016-10-03 5.0.2.3 FIX: SSL connection was not working well due to security upgrade 2016-10-03 5.0.2.2 FIX: Fix some configuration backup/restore issue ENH: Accounts can now be created based on other record than the UserId (like the Mail attribute) ENH: Additional Web API functions ENH: Easier master/slave handling ENH: Automated licence sharing between the master and the slave appliance 2016-08-06 5.0.1.5 FIX: Better enhanced characters support in customized templates ENH: Better restore handling from the Pro edition ENH: A try on the previous password is rejected, but the error counter is not incremented ENH: It's now possible to check an account from the dashboard 2016-08-02 5.0.1.4 FIX: SSL AD/LDAP connection was not always working with Windows 2008R2 2016-07-29 5.0.1.3 FIX: Special AD/LDAP chars support enhanced (as described in RFC4515) ENH: Documented Web API to automate various tasks ENH: Unified configuration backup and restore format for all editions ENH: User documents language can be based on the user preferred language (synced with AD/LDAP) ENH: Simplified HA (master-slave) configuration process 2016-05-03 4.3.4.0 First internal release OTHER PROJECTS USED BY MULTIOTP ENTERPRISE ========================================== barcode (MIT License) Kreative Software https://github.com/kreativekorp/barcode CryptoJS (BSD New) This product contains software provided by Jeff Mott. https://code.google.com/p/crypto-js/ FreeRADIUS (BSD) This product contains software provided by FreeRADIUS team and its contributors. http://freeradius.org/ md5 JavaScript 2010 algorithm (BSD) Joseph Myers, Paul Johnston, Greg Holt, Will Bond http://www.myersdaily.org/joseph/javascript/md5-text.html Nginx (BSD) This product contains software provided by Nginx, Inc. and its contributors. http://nginx.org/ NuSOAP - PHP Web Services Toolkit (LGPLv2.1) NuSphere Corporation http://sourceforge.net/projects/nusoap/ phpseclib (MIT License) MMVI Jim Wigginton http://phpseclib.sourceforge.net/ PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY (LGPLv2.1) Scott Barnett - enhanced by SysCo http://adldap.sourceforge.net/ QRcode image PHP scripts (FREE "AS IS") Y. Swetake http://www.swetake.com/qr/index-e.html Sencha Ext JS (GPLv3) Sencha Inc. http://cdn.sencha.com/ext/gpl/4.2.1/ TCPDF (LGPLv3) Nicola Asuni https://tcpdf.org/ XML Parser Class (LGPLv3) Adam A. Flynn - enhanced by SysCo http://www.criticaldevelopment.net/xml/ XPertMailer package (LGPLv2.1) Tanase Laurentiu Iulian http://xpertmailer.sourceforge.net/ The source files of the core of multiOTP can be downloaded at https://download.multiOTP.net/ ``` Hash verification for multiotp-enterprise-5.9.0.3.zip SHA256:ab14db6145bd86b3859d089b5dee470f052d99ee3f839cdc171621f9a5af6a5e SHA1:51035a121ef8cf8bcd3fee49058b07e6cbeb1fe7 MD5:f879e04d8d544b7aa1648ca6f2a8d17b ```