multiOTP Enterprise
===================
multiOTP Enterprise is a strong two-factor authentication device
multiOTP Enterprise is based on the OATH certified Pro edition
multiOTP Enterprise includes additional features like master-slave HA and REST API

(c) 2010-2025 SysCo systemes de communication sa
https://www.multiOTP.com/

Current build: 5.10.0.4 (2025-11-04)

Table of contents
 * What's new in this release
 * Wishlist for future releases
 * Change Log of released versions


WHAT'S NEW IN THIS 5.10.x RELEASE
================================
- New Proxmox, OVA and Hyper-V appliances available (version 013, based on Debian 13)
- Push support with the multiOTP token App, available for free with Enterprise subscription

RASPBERRY PI DISTRIBUTION
=========================
Please note that an optimized Raspberry Pi binary image is
available for any multiOTP Enterprise appliance customer.


MULTIOTP CREDENTIAL PROVIDER
============================
multiOTP Credential Provider is a compatible open source Credential Provider
for Windows 7/8/8.1/10/11/2012(R2)/2016/2019/2022 in 64 bits, with caching
support option (for offline connection), RDP only 2FA, and some other options.
To download it: https://github.com/multiOTP/multiOTPCredentialProvider


CHANGE LOG OF RELEASED VERSIONS
===============================
2025-11-04 5.10.0.4 ENH: Option to disable sending radius groups for a specific device
                    ENH: Option to disable automatic activation/deactivation of user during LDAP synchronisation
2025-10-31 5.10.0.1 ENH: New Proxmox, OVA and Hyper-V appliances available (version 013, based on Debian 13)
                    ENH: Initial Push support with the multiOTP token App, available for free with Enterprise subscription
                    ENH: multiOTP Credential Provider enhanced support
2025-01-20 5.9.9.1 FIX: Case sensitive issue has been fixed with MSCHAPv2 authentication (thanks Alexey)
                   ENH: Created users are trimmed to avoid bad space prefix/suffix during copy/paste
                   ENH: multiOTP Credential Provider enhanced support
                   INF: This is the last available version for old appliances (010 and older)
2025-01-10 5.9.8.3 FIX: {MultiotpUserDisplayName} tag usage in templates (was not replaced in the QRcode)
                   ENH: New Message-Authenticator requirement support for FortiGate v7.2.10+, v7.4.5+ and v7.6.1+
2024-08-26 5.9.8.0 ENH: Spryng SMS provider support
                   ENH: Device with description containing "Fortinet" will send two additional RADIUS attributes
                        (ATTRIBUTE Fortinet-Group-Name 1 string, ATTRIBUTE Fortinet-Access-Profile 6 string)
                   ENH: Device with description containing "ZyXEL" will send one additional RADIUS attribute
                        (ATTRIBUTE User-type 1 string admin/limited-admin/user/guest)
2024-05-03 5.9.7.2 FIX: without2fa token can be now correctly converted to TOTP with default 30 seconds time interval
                   FIX: Without2fa tokens with prefix pin where not working with CHAP/MSCHAP/MSCHAPv2
2023-11-23 5.9.7.0 ENH: New Raspberry Pi distribution binary (for Enteprise appliance only)
                   ENH: Upgrade of internal tools
2023-10-12 5.9.6.9 FIX: Dashboard new firmware information is available again
2023-09-22 5.9.6.7 ENH: Without2FA tokens cannot be used for multi_account connection
2023-08-09 5.9.6.6 FIX: Prefix PIN information was sometimes missing on the provisioning info
                   ENH: New Raspberry Pi distribution binary (for Enterprise appliance only)
2023-07-07 5.9.6.5 FIX: Better Raspberry Pi support
2023-05-10 5.9.6.1 FIX: Template updated to display correct information for "Without2FA" tokens
                   FIX: Enhanced backup process, some configuration may be missing in the backup depending the initial firmware version
                   ENH: Template updated to print bigger QRcode for "MOTP-XML" tokens
                   ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider
                   ENH: Better warning messages when ADP/LDAP password failed
2023-01-19 5.9.5.5 FIX: Challenge/response RADIUS was not always working correctly since version 5.9.3.1
2022-11-11 5.9.5.0 ENH: It's now possible to define a special AD/LDAP group to attribute "Without2FA" token to specific users
2022-11-04 5.9.4.0 ENH: Enhanced multiOTP Credential Provider (for Windows)
2022-10-21 5.9.3.1 FIX: Better special characters support in username and password
                   FIX: Better special characters support for RADIUS secret
                   ENH: The locked accounts list now also list the temporary delayed accounts
                   ENH: Accounts with Without2FA tokens can now also be stored in cache
2022-08-10 5.9.2.1 ENH: Enhanced Without2FA support, bypassing the 2FA in Credential Provider (for Windows)
2022-06-17 5.9.1.0 FIX: Scratch list was empty in some cases
                   ENH: Enhanced multiOTP Credential Provider (for Windows)
2022-05-26 5.9.0.3 FIX: User account containing octal encoded ISO characters are now also converted to UTF
                   FIX: {MultiOtpVersion} is now correctly replaced in scratchtemplate.html
                   ENH: {MultiotpUserDisplayName} tag (AD/LDAP DisplayName) can be used in templates
2022-05-18 5.9.0.0 FIX: User account containing special ISO characters are now also converted to UTF
                   ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11)
                   ENH: {MultiotpUserAccount} tag  can be used in templates
2022-04-28 5.8.7.0 ENH: Enhanced log information for refused connection
                   ENH: Code cleaning to support next appliance release
2022-04-14 5.8.6.1 FIX: Token "Without2FA" where not working all time with LDAP users
                   ENH: Telnyx SMS provider support
                   ENH: AD/LDAP synced user with "Without2FA" token don't need any licence
                   ENH: Email token is now supported for multiOTP Credential Provider (for Windows)
                   ENH: multiOTP Credential Provider: if username doesn't exist, the domain name is shortened step by step
2022-02-10 5.8.5.5 FIX: Upgrade process issue
2022-01-20 5.8.5.2 FIX: Device defined with 0.0.0.0/0 is now supported for multiOTP Credential Provider connection
                   FIX: Better mail server compatibility
2022-01-14 5.8.5.1 ENH: Enhanced multiOTP Credential Provider support
                   ENH: New Hyper-V file with full VM distribution
2021-11-18 5.8.3.2 ENH: Enhanced multiOTP Credential Provider support
2021-09-14 5.8.3.0 ENH: New OVA file with full VM distribution
                   ENH: Removed multicast support on the network card
2021-08-19 5.8.2.9 ENH: Added compatibility with new multiOTP Credential Provider (5.8.2 and further)
                   ENH: Additional log messages
2021-04-08 5.8.2.1 ENH: eDirectory LDAP server support
2021-03-25 5.8.1.9 FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances
                   ENH: Weak SSL ciphers disabled
2021-03-21 5.8.1.2 ENH: Up to 7 days log entries available in the embedded log viewer
                   ENH: Storage free space information on dashboard
2021-03-14 5.8.1.1 FIX: In some cases, the HOTP/TOTP was not well computed
2021-02-12 5.8.1.0 FIX: Better unicode handling
                   ENH: Flexible licence support with demo licences
2020-12-11 5.8.0.6 FIX: Backend database optimization
2020-11-16 5.8.0.4 FIX: Cleaning orphans users on slave devices
2020-09-20 5.8.0.2 ENH: New Sync Delete Retention Days option in order to purge
                        inexistent AD/LDAP users (default retention value : 30 days)
2020-08-31 5.8.0.0 FIX: Clean automatically the log before the last 100 days
                   FIX: Too many ReadConfigData loop during initialization
                   FIX: Backend configuration access optimized
                   FIX: Better unicode handling
                   ENH: Cookies with HTTPOnly and Secure flag
                   ENH: Raspberry Pi 4B support
                   ENH: Smaller size for binary firmware files
                   ENH: Better custom Fortinet / ZyXEL support
2019-10-23 5.6.1.4 FIX: HA Configuration storage and synchronization
                   ENH: Generic web based SMS provider support
2019-10-22 5.6.1.3 ENH: Out of sync detection with specific error message
                   ENH: New 64 bits OVA file with full VM distribution
                   ENH: Enhanced custom SMS providers support
                   ENH: Active support date on dashboard
2019-07-17 5.5.0.1 FIX: Devices submask calculation error
2019-03-25 5.4.1.8 ENH: Enhanced error messages, more log information
                   ENH: New QRcode library
                   ENH: Added specific vendor device expert setup
2019-01-18 5.4.1.6 FIX: Update process for previous VM distribution
2019-01-18 5.4.1.5 ENH: New OVA file with full VM distribution
2019-01-18 5.4.1.4 FIX: Better IP address change handling
                   ENH: If any, clean specific NTP DHCP option at every reboot
2019-01-07 5.4.1.1 FIX: Fix some without2FA algorithm issues
                   FIX: Enhanced AD/LDAP process for Enterprise Edition
                   FIX: Fix some RADIUS challenge/response issues
                   ENH: Additional web based SMS providers support
                        (Swisscom LA REST, Afilnet, Clickatell2, eCall, Nexmo, NowSMS, SMSEagle)
                   ENH: New binary images available (version 008) for Raspberry Pi and Virtual Appliances
                   ENH: Official Raspberry Pi 3B+ support
                   ENH: Optimized size for Raspberry Pi binary image
                   ENH: Better information on the dashboard
2018-08-22 5.3.0.1 FIX: On master side, re-create a clean displayable list of slave devices each time a device is updated
                   FIX: Additional information and refresh rate in the CLI console
                   FIX: The Master mode was always displayed as disabled the first time the System tab is displayed
                   FIX: Additional users licence is now better synchronized with slave(s)
                   ENH: Multiple semicolon separated "Users DN" now supported for AD/LDAP synchronization
                   ENH: Additional info on both master and slave sides during synchronization process
2018-07-16 5.2.0.2 ENH: Active Directory nested groups support
                        (user1 in groupA, groupA in groupB, setting the OTP groups to "groupB" will add user1)
                   ENH: Enhanced AD/LDAP support for huge Microsoft Active Directory (much faster)
                   ENH: "Base DN" and "Users DN" are now two different parameters ("Users DN" is optional)
2018-01-03 5.1.0.1 FIX: A user is sometime created automatically (AD/LDAP sync) with a leading backslash
                   ENH: Algorithm selection for automatic AD/LDAP creation
                   ENH: Expired AD/LDAP password support
                   ENH: multiOTP Credential Provider (for Windows) improvements
                        (login@domain.name UPN support, default domain name supported and displayed, SMS request link)
2017-10-24 5.0.5.4 FIX: Depending of the configuration and the AD/LDAP cache feature, empty prefix AD/LDAP password may be accepted
2017-09-29 5.0.5.3 ENH: The proposed mOTP generator for Android/iOS is now OTP Authenticator
                        New QRCode provisioning format for mOTP (compatible with OTP Authenticator)
2017-09-08 5.0.5.0 FIX: Fixed too much detailed information in the log when trying
                        to detect a token serial number for self-registration
2017-05-16 5.0.4.4 ENH: VM plateform version displayed on the console
2017-05-12 5.0.4.3 ENH: Web GUI enhanced performance for the hardware device edition
2017-05-11 5.0.4.2 FIX: PDF provisioning pages were not generated through Web API for VM plateform version 005
2017-05-10 5.0.4.1 FIX: PDF provisioning pages were not always generated
2017-05-10 5.0.4.0 FIX: A user cannot be created anymore with a leading backslash
                   ENH: Additional Web API function GetAccountProvisioningPdf
                   ENH: Additional Web API function MasterSlaveFullResync
                   ENH: Additional Web API function GetAccountInfo
                   ENH: Web API function DisableAccount replaces the DesactivateAccount
                   ENH: A replay during 60 seconds of the previous refused password is rejected,
                        but the error counter is not incremented
                   ENH: Group names are now always trimed to avoid blank spaces
                   ENH: Slave synchronisation can now be done with or without system configuration
                   ENH: Additional authentication options parameters for fine tuning
2017-01-26 5.0.3.4 FIX: Better Eastern European languages support
                   ENH: UTC added in the list of time zones
                   ENH: Huge AD/LDAP synchronization optimization
                   ENH: Optimized Raspberry Pi binary image available on demand for any Enterprise appliance customer
                   ENH: In the template, the proposed TOTP/HOTP generator for Android/iOS is now FreeOTP Authenticator
                   ENH: New "Local admin account" attribute for any user, which allows to log-in as
                        an admin, using their username and their prefix (if any) and OTP password.
                   ENH: An invalid login attempt on the console will sent an alert to the Admin contact (if defined)
                   ENH: Multiple purpose tokens provisioning format PSKCV10,
                        like Gemalto e3050cL and t1050 tokens, is now supported.
                   ENH: SOAP service available (compatible with OpenOTP SOAP service)
                   ENH: Multiple groups per user can be enabled (not all devices support multiple groups)
                   ENH: Using AD/LDAP password instead of PIN code can be overwritten or not for all synchronized users
2016-11-14 5.0.3.0 FIX: New customized templates were not always used or synchronized by the system
                   ENH: Syslog process improved
                   ENH: Log messages better categorized and ordered
                   ENH: RC4 removed from available SSL ciphers
2016-11-04 5.0.2.6 ENH: Process optimization for high volume AD/LDAP synchronization with enabled HA
                   ENH: External packages update
2016-10-16 5.0.2.5 ENH: Performance optimization
2016-10-03 5.0.2.3 FIX: SSL connection was not working well due to security upgrade
2016-10-03 5.0.2.2 FIX: Fix some configuration backup/restore issue
                   ENH: Accounts can now be created based on other record than the UserId (like the Mail attribute)
                   ENH: Additional Web API functions
                   ENH: Easier master/slave handling
                   ENH: Automated licence sharing between the master and the slave appliance
2016-08-06 5.0.1.5 FIX: Better enhanced characters support in customized templates
                   ENH: Better restore handling from the Pro edition
                   ENH: A try on the previous password is rejected, but the error counter is not incremented
                   ENH: It's now possible to check an account from the dashboard
2016-08-02 5.0.1.4 FIX: SSL AD/LDAP connection was not always working with Windows 2008R2
2016-07-29 5.0.1.3 FIX: Special AD/LDAP chars support enhanced (as described in RFC4515)
                   ENH: Documented Web API to automate various tasks
                   ENH: Unified configuration backup and restore format for all editions
                   ENH: User documents language can be based on the user preferred language (synced with AD/LDAP)
                   ENH: Simplified HA (master-slave) configuration process
2016-05-03 4.3.4.0 First internal release


OTHER PROJECTS USED BY MULTIOTP ENTERPRISE
==========================================

barcode (MIT License)
Kreative Software
https://github.com/kreativekorp/barcode

CryptoJS (BSD New)
This product contains software provided by Jeff Mott.
https://code.google.com/p/crypto-js/

FreeRADIUS (BSD)
This product contains software provided by FreeRADIUS team and its contributors.
http://freeradius.org/

md5 JavaScript 2010 algorithm (BSD)
Joseph Myers, Paul Johnston, Greg Holt, Will Bond
http://www.myersdaily.org/joseph/javascript/md5-text.html

Nginx (BSD)
This product contains software provided by Nginx, Inc. and its contributors.
http://nginx.org/

NuSOAP - PHP Web Services Toolkit (LGPLv2.1)
NuSphere Corporation
http://sourceforge.net/projects/nusoap/

phpseclib (MIT License)
MMVI Jim Wigginton
http://phpseclib.sourceforge.net/

PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY (LGPLv2.1)
Scott Barnett - enhanced by SysCo
http://adldap.sourceforge.net/

QRcode image PHP scripts (FREE "AS IS")
Y. Swetake
http://www.swetake.com/qr/index-e.html

Sencha Ext JS (GPLv3)
Sencha Inc.
http://cdn.sencha.com/ext/gpl/4.2.1/

TCPDF (LGPLv3)
Nicola Asuni
https://tcpdf.org/

XML Parser Class (LGPLv3)
Adam A. Flynn - enhanced by SysCo
http://www.criticaldevelopment.net/xml/

XPertMailer package (LGPLv2.1)
Tanase Laurentiu Iulian
http://xpertmailer.sourceforge.net/


The source files of the core of multiOTP can be downloaded at
https://download.multiOTP.net/
