Skip to content

Current version

Release Notes
Description of changes See Release Notes section for major changes and Changelog for a detailed report of minor improvements and bug fixes.
Environment See Platform Specs document
Installation / Running Instructions See Platform Specs and Installation Guide documents
Issues See Troubleshooting guide for common issues during deployment and at runtime.

Release Notes

.NET Core 6.0 App
v3.0

In this version Sequel Security's platform specs have been migrated from .NET Core 3.1 to .NET Core 6.0. Also, EntityFramework has been updated from 3.1.13 to 6.0 and IdentityServer4 has been upgraded to Duende IdentityServer v6.

.NET Core 3.1 App
v2.0

In this version Sequel Security's platform specs have been migrated from .NET Core 2.1 to .NET Core 3.1. Also, EntityFramework has been updated from 2.0 to 3.1.13.

Role-level authorization sync with Active Directory
v1.40

For a large enterprise using Sequel's applications and Windows Active Directory (AD), managing Authentication (AuthN) and Authorization (AuthZ) directly from AD instead of through the Sequel application would reduce a lot of extra work. While AuthN is already supported; AuthZ is not. The new feature helps to reduce the manual administration required to manage authorization in the system. The solution is based on two main functionalities: User synchronization from Windows Authentication to Sequel Security Services and synchronization of Windows User Groups (AD groups) to Sequel's Security Memberships, using the new membershipset model. More information can be found at the product's handbook.

Health Check Endpoint
v1.36, v1.38

Security services expose HTTP endpoints for reporting the health of app infrastructure components. Different levels of information are provided based on permissions. More information on the troubleshooting guide.

Breaking Changes notes

This section will include breaking changes introduced.

v3.125.23080.1

As part of PBI 483843 (Remove requirement of Hash Routing on URL) the URL Rewrite module is required for IIS. Please review the platform specs for further information.

v3.0

Since v3 the NET6 runtime is required. Please review the platform specs to make sure the environment is using the latest recommended version of the .NET Core 6. Please note that the testing performed for this upgrade was made from a v2.x version to a v3.x version.

v2.0

  • All of Sequel Security applications have been migrated to use .NET Core 3.1 and EntityFramework 3.1.13. Due to this we highly recommended doing the following when updating to v2.0 of Security:
    • Backup the current Security database
    • Export the current configuration with the sequel-security tool
    • Review the platform specs to make sure the environment is using the latest recommended version of the .NET Core 3.1.
    • Begin with the update of the databases with the Deployment Manager first, as there are a lot of schema changes that need to be done first before updating the applications.

v1.46.20072.01

  • The administration user created by Deployment Manager is part of the database installation. This will break compatibilities with previous environment.json files used to install the application.

Changelog

3.129.23132.1 - 12 May 2023

Bug fixes
  • 493455 - EKS deployment generates a wrong URL
  • 492854 - User import is not removing item collections not defined on the import file
  • 494385 - Azure AD Sync - All users are made inactive after synchronization

3.127.23115.1 - 25 April 2023

Improvements
  • 479794 Invalid CORS detection
  • 481567 Username should support standard UPN lengths when integrated with Azure
  • 491173 Username should support standard UPN lengths when integrated with Okta
  • 491174 Username should support standard UPN lengths when integrated with Jumpcloud
  • 483353 Define Issuer on discovery endpoint as defined on RFC
  • 485138 Data Archiving - Logs, Traces and metrics
  • 487756 Okta AuthN - Allow to match by Okta User Name
Bug fixes
  • 487185 Admin - Entities freezes after failing and is unable to recover
  • 490055 Changes when an user is disabled as part of AzureAD Sync are not being notified
  • 490112 Release for AWS ECS creates wrong secrets
  • 491974 Generated ZIP from Security tool uses backslash separators (not Linux friendly)
  • 491495 Admin - List of users is not refreshed when creating a new user
  • 492590 sequel-security tool shouldn't apply application filtering to memberships and user types when importing ALL users
  • 489214 jaeger storage memory issue: do not track healthcheck calls

3.125.23080.1 - 21 March 2023

Improvements
  • As part of the Database deployment with EF Migrations:
  • 411073 Phase 1 - All schemas w/o audit triggers
  • 483867 Phase 2 - Add audit triggers to Sequel's schemas
  • 483868 Phase 3 - Add audit triggers to IdentityServer's schema
  • 483869 Phase 4 - Deployment: new and upgrades
  • 476459 Improve appsettings read mechanism in Kubernetes
  • 477132 AD Sync with Azure AD MsGraph - Frontend
  • 478985 Expose at Admin site the Import/Export Memberships(Set)
  • 483843 Remove requirement of Hash Routing on URL
  • 483870 Configuration deployment on EKS
  • 483962 Single tenant deployment (self)
  • 484038 Azure AD Sync - Ability to select users by group's display name too
  • 485711 Refactor all forms in Administration
Bug fixes
  • 483919 Email validation is only done by the front-end (ZD136062)
  • 484208 Membership Sets - 'SyncMatchById' & 'SyncMatchByDisplayName' fields are not exported in config
  • 484209 Synchronization - Improvement in the recovery of Azure AD when incorporating incorrect mappings

3.122.23026.1 - 26 January 2023

Improvements
  • 471850 Vulnerability detection & SCA pipelines
  • 479733 Vulnerability checks - Triage and win-win fixes
  • 476499 Expose message bus public contracts on a NuGet package
  • 476605 QA - Update to the latest stable version of Selenium
  • 477667 Endpoint with groups that belong an user
  • 472649 QA - API tests to cover AuthZ cache
  • 468153 Tech Upgrade - Security Services - IdentityServer License management - Basic
  • 468168 Tech Upgrade - Security Services - IdentityServer License management - UI
  • 412341 Tech Upgrade - Security sync service in AWS Serverless

As part of EKS work made for UW:

  • 471540 Conflict when performing a release
  • 472728 UW Integration - Independent deployment of Workflow (based on EKS) - Security Deployment
Bug Fixes
  • 479803 Admin UI - Redirect URIs and Post-logout URIs are not stored
  • 471491 Admin UI - Console Error when access to Reset Email Template
  • 473826 Admin UI - Entities - Unable to assign or unassign a membership to a user
  • 473979 Admin UI - Import/Export - Blank page when accessing Repoint clients
  • 476170 Authentication - Start-up fails if 'IdentityServerLicenseSettings' setting is not found

3.116.22322.1 - 18 November 2022

Improvements
  • 412283 Ability to import/export security configuration table
  • 460610 Create users based on existing users
  • 432684 Jumpcloud integration
  • 464472 Add Telemetry settings to Release
Bug fixes
  • 467223 Azure - Find user with empty MatchingFields

3.115.22300.1 - 27 October 2022

Improvements
  • 354565 Okta integration
Bug fixes
  • Bug 464527: SEC - Replayable Password Reset Code
  • Updated AWS Dynatrace tags for use with Sequel HUB due to Bug 466151: HUB - Cloudformation fails with current tags for dyna

3.114.22279.1 - 6 October 2022

Please, review breaking changes section.

Features
  • 376755 Security upgrade: NET6 & IdentityServer v6
Improvements
  • 455891 Telemetry and Logs enhancements
  • 460611 Create clients based on existing clients
Bug fixes
  • 463105 User creation with spaces on start or end " username "
  • 462677 Email validation prevent users emails addresses like name.surname@company.XXXXX (5 digit extensions)

2.109.22223.1 - 11 August 2022

Improvements
  • 265031 Clients - Improve validations in Admin UI
Bug fixes
  • 455264 Unexpected error when publishing ConfigurationChangedMessage for synchronization

2.108.22208.1 - 27 July 2022

Improvements
  • 453118 Improve validations on import command
  • 365062 sequel-security tool detects duplicate entries when importing configuration
  • 403802 Node v16
  • Upgraded Sequel.Core.MessageBus and Sequel.Core.AppBuilder to latest versions due to Bug 443541: BUS - Different scopes do not allow to debug consumers
  • Upgraded Sequel.Core.Logging to latest versions and added ability to write logs to Console (e.g. can be used in AWS CloudWatch) or MsSql Product Backlog Item 411104: LOG - Stop using database for logging on AWS environments
Bug fixes
  • 445063 Security upgrade does not migrate ApiResourceScopes
  • 440911 sequel-security tool import fails with closed connection

2.104.22143.1 - 23 May 2022

Improvements
  • 431820 Add support to Authentication for Microsoft + DUO
  • 430882 Extract sequel-security tool into independent artifact
Bug fixes
  • 436990 Admin - Configuration - Auth Fed GWY - Customers are not deleted
  • 437061 Reset Password - Email field does not show entire email address

2.101.22111.1 - 21 April 2022

Improvements
  • 393213 UserSessionAvatar - SQ.sso cookie validation
  • 413309 Allow to install Security Sync and LDAP Sync on the same Windows Server
  • 415627 Rebranding Verisk - App
Bug fixes
  • 397927 AD Sync - User Sync - Ldap sync enabling for a user's membership is not working
  • 417490 Redeployment locks the admin account

2.84.21224.01 - 12 August 2021

Bug fixes
  • 382659 id_token contains multiple audiences

2.81.21189.01 - 8 July 2021

Features
  • 345136 UI - Enhancements
    • Migrate to react-md v2
    • Refactor components to support new validations mechanism
    • Include Sequel Security documentation directly in Security Admin UI
Improvements
  • Updated Sequel.Core.MessageBus to v2.3.21154.1 due to Product Backlog Item 366373: Improved performance registering IMessageBusPublisher as singleton
Bug fixes
  • 352201 SSO Cookie performance issue on encryption
  • 367301 Admin UI - First client secret is always the one that is deleted/updated

2.78.21145.01 - 25 May 2021

Features
  • 333157 Upgrade to .NET Core 3.1
Improvements
  • 354227 Use diagnostic health in Swagger
  • 341762 Include ReturnUrl parameter on ResetPassword link when redirected from an application
  • Sequel.Core.HealthCheck updated due to work done in Bug 352048: HEALTH - MessageBus not registered properly in .NET Core app
Known Issues
  • There is a known issue in this version of Security that affects the ability of 3rd party apps (like Workflow, Product Builder, etc.) to keep their session alive by refreshing the access token automatically after it has expired. Instead, when the access token has expired, even if the refresh token hasn't, the current session is simply closed. This is resolved in v2.81.21186.01.
Bug fixes
  • 343720 Admin - Not able to access Clients section when the user only has permissions for Clients and Applications
  • 353641 DM - Error deploying new Sec DB when Data Loss flag is set to true

1.72.21057.01 - 26 February 2021

Improvements
  • 345406 ClaimSearch Authentication is not refreshing session where flow is auth_code
  • 342317 Improve HealthChecks to reduce a potential DoS attack on diagnostic mode

1.71.21043.01 - 12 February 2021

Improvements
  • 276173 Route all errors from stdout to logs database

1.70.21028.01 - 28 January 2021

Improvements
  • 330937 Manager access to Absence Indicator
Bug fixes
  • 331146 Admin UI - Wrong redirection when discarding password reset email template changes

1.69.21012.01 - 12 January 2021

Bug fixes
  • 331183 "Show More" button not working in Users tab
  • 329953 Identity events are not logged using the underlying EventType and always logged as Information

1.67.20350.01 - 15 December 2020

Improvements
  • 316936 Force clients to require their secrets when asking for a token
  • 315620 Assign default actioner user to a client
  • 306413 Apostrophes in group names & Security sync process timeout
  • 267574 Manage EmailTemplate from AdminUI
Bug fixes
  • 319872 SecurityAPI (AuthN section) Swagger is not loading correctly
  • 315461 "Invalid Client" error using a client created using Admin
  • 313092 Dot added to Security Domain setting in DM
  • 312443 Administration - Absence indicator is editable on user creation
  • 307536 Admin UI - "\" char can't be used in user search

1.61.20275.01 - 01 October 2020

Improvements
  • 264697 Manage PersistedGrant housekeeping from UI
  • 305097 Security Username / Email restrictions
  • 290994 Reset Password navigation back to caller application
  • 302681 Deploy security configuration independently from the schema deployment
  • 296131 SaaS - Add endpoint to "restart" a service for an instance
Bug fixes
  • 303513 Unable to logout due to samesite none cookie
  • 305583 Timeout importing users
  • 289960 Two sessions can be opened in the same browser
  • Upgraded AppBuilder to v0.2.20241.1 and MessageBus to v2.1.20244.1 as part of 290735 BUS - StopRabbitMqConsumers doesn't stop consumers
  • Upgraded user session web component as part of 286576 Web Component - Prevent negative time
  • 285251 Inconsistency at groups validation in sequel-security tool
  • 287887 Import failure of not having the application.json of an app is not handled

1.53.20168.01 - 16 June 2020

Features
  • 260912 Security Services Farm - SaaS
Improvements
  • 282755 Integration to update the SSO cookie when using only Bearer Authentication
  • 267555 Repoint clients commands (tool and admin)
  • 281329 Resolve HIGH risk vulnerabilities caused by ForgotPassword page
Bugs fixed
  • 280857 Admin - Bad request when signing in after lockout
  • 279887 Ampersand not being accepted as non-alphanumeric char for passwords
  • 279476 PenTest - Buffer overflow in ForgotPassword
  • 282799 Show more users does not work first time if a filter is applied
  • 281706 sequel-security command line tool fails when importing a big amount of users
  • 278767 Deployment of security configuration is not rerunnable
  • 278957 Handle duplicates entries at client collections: secrets, URIs and origins
  • 282326 security-saas-create-database READ_COMMITTED_SNAPSHOT OFF

1.50.20126.01 - 5 May 2020

Improvements
  • 269940 SIU - User Sync
  • 274828 Support Reverse Proxies/Load Balancers on K8S and AWS

1.49.20115.01 - 24 April 2020

Improvements
  • 274718 Health - Enable Non-intrusive and diagnostic modes

1.49.20112.01 - 21 April 2020

Improvements
  • 270334 Scale-out DataProtection using database
  • 267989 Scale-out DataProtection using AWS SSM Data Protection Provider
  • 244144 Issues with backslashes in API parameters when hosted in IIS
  • 265033 SaaS Support Security in containers Docker
  • 265036 SaaS Reverse proxy
  • 268335 Added documentation of maintenance and logging
Bugs fixed
  • 273214 PersistedGrant is not deleting by token type

1.47.20093.01 - 2 April 2020

Improvements
  • 265030 Data protection scale-out in AWS based on AWS System Manager (beta version)
Bugs fixed
  • 269991 sequel-security tool sync command validates wrongly the legacy database

1.47.20086.01 - 26 March 2020

Improvements
  • 253311 Security Admin Logos replacement with new SVG and tweaks
Bugs fixed
  • 267173 Create ADMIN user creation in DatabaseMetadata at Deployment Manager
  • 264004 Security API fails during start-up due to error in healths checking databases

1.46.20072.01 - 12 March 2020

Improvements
  • 246349 Administration UI - Improve error page message
  • 243211 Client management
  • 256557 Housekeeping on Authentication.PersistedGrant table
  • 256553 Improve database access during login process for getting ApiScope configuration
Bugs fixed
  • 256550 Many refresh token created during login process (Integration NuGet Package)
  • 260273 Admin UI - Configuration panel resizes after opening card in Monitoring tab

1.44.20031.01 - 31 January 2020

Epic 173720 Security - User Info Web Component - Common

This new epic offers a shared web component for all of Sequel's applications for displaying information of the current user and for managing it's session.

This new web component gives us a more consistent user experience across our applications and also solves some technical debt with the current session management providing a web component package available in our npm repository that can be easily integrated by registering this component in our applications.

It contains UI (user info and a close session option) and also some logic (single-sign-out event detection and inactive session detection).

Improvements

  • 245895 User screen Organise information in cards

  • 238262 UserWebComponent - Configure Session management

  • 237969 UserWebComponent - Integration in Security Administration
  • 237972 UserWebComponent - Integration in Security Authentication
Bugs fixed

  • 255402 Password Reset - Server error during password reset procedure

  • 240089 Session with two different users can be opened in the same browser using SEC ADMIN app

1.43.20021.01 - 21 January 2020

Bugs fixed
  • 250550 Administration site stuck into an infinite loop
  • 246803 Unable to delete audit processes when synchronization is disabled

1.40.19346.01 - 12 December 2019

Epic: Security - Role-level authorization sync with Active Directory

Feature 204397 Sync Users from AD

  • 232137 AD Sync - Extract: The AD Sync Service
  • 232138 AD Sync - Transform & Load: LdapSync Endpoints
  • 232140 AD Sync - Configuration and Monitoring
Improvements
  • 212278 Performance - Reduce calls number when token is renegotiated
  • 214478 Use AuthorizationCode flow instead of Implicit flow. Security recommendation of OpenId Foundation and IdentityServer.
  • 242539 HealthCheck - Change memory check output to not give info on OS.
Bugs fixed
  • 238427 Security API & AuthZ Swagger configured to internal Auth URL instead of public
  • 238436 Wrong error handling when SecurityApiSettings.AuthenticationApiKey is wrongly configured.
  • 238865 Admin UI - Deleting/Editing memberships depends on order they are saved
  • 245888 Unclear message in MyAccount page

1.38.19325.01 - 22 November 2019

Bugs fixed
  • 237827 Update health check NuGet with a version following new version number format

1.38.19317.01 - 13 November 2019

Improvements
  • 207140 Configure TTL for EffectivePermissions message
  • 236116 Variable names in environmentConfig
Bugs fixed
  • 232515 Health check error handling for message bus & databases
  • 233802 Unable to edit T&C
  • 235532 Admin UI - Wrong message when removing permissions
  • 239949 Unable to authenticate from Admin UI in AWS
Epic 204375 Security - Role-level authorization sync with Active Directory

Feature 204398 MembershipSets:

  • 232102 MembershipSets API
  • 232103 MembershipSets UI
  • 232105 MembershipSets Import/Export

1.36.19293.02 - 20 October 2019

Improvements
  • 215544 Improved HealthCheck Integration
  • 182022 Improve error handling when reading appsettings from security services
  • 214481 Protect "Sync" button with securable when user has no permissions
  • 230329 Improve Show more User UX
  • 230338 Disable autocomplete in search
  • 230355 Review confirmation popup in Admin
  • 220867 Security API authentication failure caused by invalid ClientRedirectUri entries
  • 227179 Set default DB settings for isolation level
  • 223731 Security Tool is returning "import completed" message when the App imported doesn't exist
  • 227571 Ability to configure Windows Authentication in Release
Bugs fixed
  • 208444 SSO failing when multiple tabs are open
  • 213511 EffectivePermissionMessages are not being triggered when creating securables
  • 213845 Authentication between Origin/Claims and Supporting Apps timeout in some random scenarios
  • 225815 Session with two different users can be opened in the same browser using SEC ADMIN app
  • 227581 UI issue in login with external auth provider
  • 229860 Remove ENTITYUSERS help from sequel-security
Known Issues
  • Bug 239949 Unable to authenticate from Admin UI in AWS, fixed in 1.38.19317.01
1.0.19241.01 - 29 August 2019
Improvements
  • 207180 Use authentication data for managing AllowedCorsOriginsCurrent
  • 210509 User filter of an entity shouldn't be case sensitive
  • 211443 Reset password email subject configurable
  • 216237 Azure AD Authentication when application is registered only for users in the same organisation (single tenant)
Bugs fixed

  • 196188 Session is being saved when we are in a different URL

  • 212082 Failed login attempts counter keeps growing after a user gets locked out

  • 212947 PasswordPolicySettings not being used

  • 213511 EffectivePermissionMessages are not being triggered when creating securables

1.0.19218.01 - 6 August 2019
Improvements
  • 206442 Prevent Security API access to [master] database
  • 206415 Forgot email - Ability to configure SSL mode-> AWS deployment only
  • 206421 Add ApplicationKey header to all messages
  • 200128 Add permissions descriptions to Vanilla config
  • 208295 Use substrings for quick search filter in Security Admin
  • 211443 Reset password email subject configurable
  • 188755 Terms & Conditions - Improve WYSIWYG editor
  • 187846 LoggingTermsAndConditions isn't found when a new environment is deployed
  • 206092 Ensure all EffectivePermissions consumers receive the message
  • 203290 RE - WF - PB Update Verisk Favicon in all Supporting Apps applications
Bugs fixed
  • 205672 Incomplete error message when introducing incorrect credentials in login
  • 209908:Security tokens are generating activity in WF/PB/RE
  • 205581 Security tool create admin when already exist throw and error
  • 201514 Security administration site hangs after idle for some time
  • 197632 Authorization cache not invalidating for no application key when roles permissions are changed
  • 205161 Blocked user is able to login
  • 200025 Ensure all consumers are configured as "BindMessageExchanges": true
  • 195820 Inactive user login with Microsoft Account
  • 190470 Error when importing an App with permissions for a global securable

Note 1: new Sequel Bus version being used as per 198481:BUS - Automatically configuration of shared & independent consumers

Note 2: new Sequel Logging version being used as per 113299:LOG - Log Table optimizations

1.0.19128.01 - 8 May 2019
Improvements
  • 175445 Ability to synchronize information from MS Accounts with Sequel Users using Microsoft Graph
  • 186123 Investigate performance issue reported by Api GWY - Part 2
  • 189309 New logo in header