Auth0 Appliance Release Notes

Get the latest updates in Auth0

See old releases

2018-08-17: Auth0 16793.128

Fixed

  • Appliance

    Removed the Update from Package feature from the configuration API and screens.

  • Appliance

    Reduced the amount of data that is fetched from the Configuration API.

  • Appliance

    Changed the way we calculate usage statistics to count by tenant.

  • Appliance

    Fixed an issue Window Live connection preventing users from selecting a different account.

  • Appliance

    Updated the puppet configuration process to pull packages over HTTPS instead of HTTP.


2018-08-17: Auth0 16257.132

Fixed

  • Appliance

    Removed the Update from Package feature from the configuration API and screens.

  • Appliance

    Reduced the amount of data that is fetched from the Configuration API.

  • Appliance

    Changed the way we calculate usage statistics to count by tenant.

  • Appliance

    Fixed an issue Window Live connection preventing users from selecting a different account.

  • Appliance

    Updated the puppet configuration process to pull packages over HTTPS instead of HTTP.

  • Appliance

    Updated the GeoIP database with the latest version.

  • Appliance

    Fixed the Grafana and Instrumentation UI preventing users from logging in.

  • Appliance

    Removed restriction of login-dev as a tenant name.

  • Appliance

    Fixed a bug in the Elasticsearch preventing nodes from being removed.

  • Appliance

    Fixed a bug preventing refresh tokens from being used with 3rd party clients.


2018-08-09: Auth0 16793.125

Fixed

  • Appliance

    Fixed a bug that caused an issue with the dashboard loosing the refresh token grant when using 3rd party clients.

  • Appliance

    GeoIP database updated.

  • Appliance

    Webtasks Modules updated to its latest version.

  • Appliance

    The import users worker now supports the ability to set a partial configuration and use its own defaults.


2018-07-19: Auth0 16257.104

Fixed

  • Appliance

    Modified the setup scripts for adding an application node to the cluster so that it does not depend soley on a0-1.

  • Appliance

    Prevents root access to the node through the TTY interface (VMWare only).

  • Appliance

    Updating Docker to include latest patches and fixes.

  • Appliance

    Remove client secret from URL to prevent information exposure through server log files.

  • Appliance

    Fix a bug that makes session fail to keep the list of clients involved on a transaction.


2018-07-02: Auth0 16257.94

Fixed

  • Appliance

    Fix a bug that cause some enviroments to fail when webtask domains are not defined.


2018-06-26: Auth0 16257.92

Feature

  • Appliance

    Adds the ability of enable/disable features through Feature Flags on the configuration page.

Fixed

  • Appliance

    Fixes a a bug that prevent users to properly configure user import limits.

  • Appliance

    Fixes a possible SSRF vulnerability when using federated clients.


2018-06-08: Auth0 16257.89

Fixed

  • Appliance

    Fixes an SSO issue with account linking where the session context may be set to the wrong user during the transaction and subsequent transactions will fail, typically with a login required error or ‘Unable to construct sso user’.


2018-05-31: Auth0 16257.88

New

  • Appliance

    Updates Auth0 public services to Node 6 and 8 following EOL of Node 4.

  • Appliance

    Auth0 extensibility points will now support Node 8. After updating, existing appliance Hooks, Rules, Webtasks, and Database Action Scripts must be reviewed to ensure they are compatible with node 8

  • Appliance

    The login page is shown when the user associated with a session is not found.


2018-07-19: Auth0 15838.105

Fixed

  • Appliance

    Remove client secret from URL to prevent information exposure through server log files.

  • Appliance

    Updating Docker to include latest patches and fixes.

  • Appliance

    Fix an issue that exposes an SSRF vulnerability from our metrics dashboard.

  • Appliance

    Prevents root access to the node through the TTY interface (VMWare only).

  • Appliance

    Modified the setup scripts for adding an application node to the cluster so that it does not depend soley on a0-1.


2018-07-02: Auth0 15838.97

Fixed

  • Appliance

    Fixes a possible SSRF vulnerability when using federated clients.


2018-05-24: Auth0 15838.85

Fixed

  • Appliance

    Fixes an SSRF issue with the instrumentation dashboard endpoints.

  • Appliance

    Fixes problem with usage collection job that fails to terminate properly.


2018-05-18: Auth0 15838.75

Fixed

  • Appliance

    Includes successful cross-origin authentication logins to be included in the log count.


2018-05-10: Auth0 15838.43

Fixed

  • Appliance

    Fixes an issue for connections with multiple realms where requests are not handled properly if they do not map directly to a connection name.

  • Appliance

    Fixes the following issues in the dashboard:

    • creation of impersonation audits
    • enrolling MFA devices for the dashboard administrators
    • removing a user from the dashboard admin list
    • cleaning up resources when a tenant is removed

  • Appliance

    Fixes an XSS vulnerability found in the oauth2orize-fprm package used during /authorize transaction.

  • Appliance

    Fixes an issue with the device enrollment api and custom domains. This will use the alphabetically first configured domain for the public url returned.


2018-04-30: Auth0 15838.36

Fixed

  • Appliance

    Removes a section from logs that, in some scenarios, would result in tenant keys appearing in logs.

  • Appliance

    Added missing default flag that prevents users from changing passwords in appliance. This flag was intended to prevent the use of a new change password flow that should not be enabled in appliance.

  • Appliance

    Removes a call used in the webtask node 8 migrations that would lead to one failure an hour per tenant. This call would attempt to contact a node 8 cluster and was unable to do so, possibly resulting in that request encountering an authentication failure.


2018-04-24: Auth0 15838.35

Fixed

  • Appliance

    Fixes login for non-db connection on federated clients. This allows extensions to work with SAML identities.


2018-04-13: Auth0 15838.31

Fixed

  • Appliance

    Changed webtask healthcheck endpoint to /health/local for faster healthcheck resolution after configuration or update.

  • Appliance

    Remove mouseflow javascript from loading in the manage UI.

  • Appliance

    Docker network range can be configured at the db level to avoid conflict with environmental network ranges. This does not currently have a UI so would need to be configured by Auth0 support staff.

  • Appliance

    Unblock user links no longer produces a 404 as it now includes appropriate data for the link.

  • Appliance

    Manage status page is now disabled in appliance. This page was unused.

  • Appliance

    Added issuer for auth0-server in mfa api.

  • Appliance

    SANDBOX_TIMEOUT_IN_SECONDS is properly configured from the UI to the sandbox.

  • Appliance

    As part of Legacy Deprecation many controls were put in place to limit access to some APIs from the Hosted Pages. This fix uses the appliance-specific custom domains list to better support the new endpoints and custom domains.

New

  • Appliance

    A cron job has been added to periodically clean up orphaned docker volumes to avoid running volumes out of disk space.

  • Appliance

    Patches are now surfaced as point releases in the UI as of this release. New patched releases (<build_number>.<patch_number) are displayed on /configuration/#update page. This allows a number of changes to be applied in a similar fashion to regular releases. There may still some patches that require manual application.

  • Appliance

    Access to aws metadata from webtasks is disabled.

  • Appliance

    Active users calculation has been updated to match the approaches used in the cloud.

  • Appliance

    Added the ability to configure trusted proxies to support downstream trusted proxies in front of the appliance. This can be a set of ip addresses or ranges configured from the settings page.