ADSelfService Plus 6112 Hotfix Release
Hello everyone,
We are glad to announce the release of build 6112 with the following enhancements and issue fixes:
Enhancements :
- Mac Agent support has now been introduced for macOS Big Sur.
- Mobile app support to block specific email domains and mobile number formats during user enrollment has now been provided.
Security Issue Fixes :
- The SSRF vulnerability present in the High Availability module has now been fixed. [CVE-2021-37419]
- A
vulnerability in the Approval Workflow module which facilitated an
unauthenticated attacker to send emails to domain users has now been
fixed. [CVE-2021-37420]
- The possibility of a Boolean SQL injection attack during manual account linking for Oracle Database has been eliminated. [CVE-2021-37422]
- The security issue of account takeover via machine account creation has now been fixed. [CVE-2021-37424]
Issue Fixes :
- While using the mobile app to reset password/unlock account, the forced number of authentication factors were not verified. This issue has now been resolved.
- The issue in build 6111 with the MFA for VPN feature in which authentication was bypassed has now been resolved.
- The
password changes were not applied across all linked accounts when the
Force Password Synchronization option was enabled in build 6111. This
issue has now been fixed.
How to update?
New to ADSelfService Plus?