• Home
• Release Notes
• Version 4.9.1

Version 4.9.1 Cloud

---

Improvements:

• C100 Token Sync functionality has been improved.
• The issue where adding a custom capability to a new role mistakenly saved it to the parent role has now been fixed.

Bug Fixes:

• The issue with Yubikey authentication as an MFA method for RADIUS clients has now been fixed.
• The issue concerning the JWT app response for external SSO URLs has now been fixed.
• The problem where SSO usage reports did not show data when the admin's email differed from their username has now been fixed.
• The issue where security codes appeared for download even when disabled has now been fixed; they are now correctly available only when explicitly enabled.
• The unnecessary Redirect URL validation that prevented editing the Desktop Application has now been fixed.
• Proper error messaging when a user and application were in different groups has now been restored (the previous incorrect messaging issue is fixed).
• The issue for LDAP directory connections, where the bind-account password was temporarily saved and the Cancel button did not function correctly, has now been fixed.
• The problem with fetching user groups for usernames/emails from external IdPs that weren't lowercase has now been fixed.
• The error that occurred when sorting the “Last Logged In” column due to an incorrect request parameter has now been fixed.
• The issue where the custom miniOrange SMS gateway was not being applied as the default gateway has now been fixed.
• Login to TACACS devices with expired passwords has now been prevented, and the deletion of custom privileges (which was previously broken) has now been fixed/restored.
• The issue causing a double QR code display in the Push notification inline registration flow has now been fixed.

Vulnerabilities:

• A WS-Fed vulnerability, where the realm wasn't validated potentially allowing responses to be posted to unverified endpoints, has now been fixed.