Release Notes

AuthControl Sentry 4.2.4 (7269)

Released: September 2025

Release notes PDF.

Security and Compliance

• Push Messaging Credentials Added - New Firebase configuration is required for the latest mobile app published (push notifications). This is a critical update for environments using push-based authentication. Impact: Environments must update android settings and deploy the new credentials file. Additionally, a new APN transport must be configured for the updated app. If legacy and new apps are to coexist, users must be segmented into distinct user groups and mapped to the appropriate APN transport. This only affects push-based provisioning — other authentication and enrolment flows remain unaffected.

• RADIUS Vulnerability Fix - CVE-2024-3596 - This update mitigates a critical vulnerability by improving protection against man-in-the-middle attacks in RADIUS communications. Impact: Addresses CVE-2024-3596 by enforcing message authentication in RADIUS responses. This ensures integrity validation and protects against spoofed Access-Accept/Reject messages. Environments relying on unauthenticated RADIUS traffic may require configuration changes or updates to the client to remain compatible. This is a security-critical update and must be applied in all exposed environments.

• License Reader Fix - Fixes failure to read legacy license keys caused by an internal format change. The system now works with previously valid licenses. Impact: Prevents license activation failures in production and test environments using previously issued keys — avoiding downtime or blocked upgrades due to license rejection. Also resolves issues for systems without online access to the license key server (LKS).

Email and notification reliability

• SMTP Logging Loop Fixed - Prevents error cascades when SMTP logging is enabled without a valid destination. Impact: Ensures system stability by automatically suppressing email logging when recipient fields are left empty, avoiding recursive error logging and potential log flooding.

• Modern Authentication Support for SMTP - Enables compatibility with SMTP providers’ new security requirements by supporting non-basic SMTP authentication methods. Impact: Customers using Gmail SMTP must switch to OAuth2 to continue sending emails due to the deprecation of basic authentication.

• Non-Blocking Audit Emails - Improves reliability and responsiveness by preventing audit email failures from slowing down the system. Impact: This resolves performance issues observed during peak hours when audit email delivery previously caused server bottlenecks.

Bug fixes and stability improvements

• Policy Checker Thread Safety - Eliminates risk of shared errors/warnings in concurrent policy checks by isolating instance state. Impact: This change enhances the integrity of authentication policy evaluations, especially in environments with parallel user activity or integrations.

• Invalid Characters in Log Viewer Resolved - Sanitizes legacy exceptions to avoid breaking the log viewer. Impact: This fix improves diagnostic reliability and prevents operational blind spots caused by log corruption.

• PINpad No Longer Breaks on Unknown User - Provides a dummy session when a non-existent user is queried in the admin panel. Impact: This ensures a stable and user-friendly experience for administrators, especially during support or diagnostic tasks.

• Agent Matching Fixed for Auth via Source - Fixes incorrect agent selection when login sources are passed through by proxies. Impact: This ensures that the correct agent is identified in environments with overlapping IP ranges or proxies — restoring support for secure multi-agent deployments.

• Token Assigned to Wrong User - Corrects an issue where tokens could be mistakenly assigned to the wrong account. Impact: Prevents incorrect token assignments due to UI/user resolution bugs, especially in cases involving usernames with special characters.

• Startup Failure Due to Empty Database - Fixes a critical startup issue caused by an exception when an empty database was incorrectly loaded instead of a valid user store. Impact: Prevented the appliance from starting correctly in misconfigured or edge-case environments.

• Exception in DCMessage Fixed - Fixes a crash when a null session is passed to DCMessage. Impact: Prevents server errors and potential service disruption by enhanced validations. This resolves issues observed when invalid session parameters are passed to DCMessage.

User management improvements

• Provisioning Honors Rights - Aligns API and UI behavior when provisioning users without mobile app rights. Impact: This eliminates confusion, avoids partial or invalid provisioning attempts, and ensures provisioning logic respects intended security configurations.

• Reprovisioning Support Added - Allows existing users to be reprovisioned without first deleting credentials. Impact: Enables administrators to reassign mobile apps or reissue credentials without removing the user’s existing identity — especially useful when users switch devices or encounter corrupted provisioning.

• Session-Level PINless Control - Prevents unintended behavior by checking PINless status per session. Impact: Resolves authentication failures where PINless users were incorrectly shown a limited TURing frame (4-digit) in sessions requiring a PIN.

Configuration and usability

• Reports Respect Time Format Settings - Reports now follow appliance time format (12/24-hour) instead of being hardcoded. Impact: Ensures that generated reports align with regional or organizational preferences, improving clarity and consistency in audit logs and scheduled report output for global teams.

• Push Mode Added to Authentication Settings - Removes confusion by treating Push as a valid mode without needing the “Enable Push” toggle. Impact: Simplifies the configuration process and avoids agent errors when Push is selected as the sole authentication method, improving reliability for integrations using Dual Channel mode.

• Configurable App Links in Email Templates - Mobile app download URLs are now driven by appliance settings. Impact: Prevents outdated links from appearing in user provisioning emails.

• Scheduled Jobs Show Appliance Time Notice - Clarifies that job timing is based on the server clock, not local user time. Impact: Prevents confusion when scheduling maintenance or auditing tasks, especially in geographically distributed teams, by clearly communicating that all times are interpreted using the appliance’s system time, not the user’s local time zone.

• Improved Password Generator - Randomly generated passwords now exclude symbols known to cause issues in HTTP requests and XML parsing. Impact: The password generator now restricts output to a safe set of symbols to avoid compatibility problems, especially when provisioning credentials via links or API requests.

Performance enhancements

• Improved User Sync - Improves user sync performance by batching reads and reducing DB operations. Impact: In large-scale environments (e.g., syncing 10,000+ users from Active Directory), the new approach in this version significantly reduces sync duration by processing users in bulk instead of incrementally.

• JDBC Connection Pooling Parameters Set - Prevents connection pool exhaustion by explicitly configuring max connections. Impact: Ensures JDBC logging does not exhaust the database connection pool under high load by introducing explicit limits. This prevents cascading failures due to logging errors consuming all available connections, particularly important in environments with sustained or burst traffic.

• Legacy Syslog Format Option Added - Supports customers still relying on pre-4.2.0 log formatting. Impact: Restores support for legacy log parsing tools and monitoring systems by reintroducing the classic log layout. This prevents disruption for environments where Syslog consumers depend on fixed message formats.

• Multiple Syslog Entries Supported - Fixes limitation that prevented using more than one syslog config. Impact: Allows administrators to define and manage multiple syslog targets without conflicts — enabling more flexible log routing and improved observability across environments.

• Optionally Cache Repository Password - Where an integration uses the repository password, for example Active Directory, or AD Agent for cloud instances, it is now possible to request that the password is cached locally. This means that after the first successful authentication, the password is cached securely (using a one-way hash). Subsequent authentication attempts will use this cached password. Optionally, it is possible to specify that the password is checked remotely after a specified number of local checks, or after a specific time. This option is configured under Policy -> Password.

Miscellaneous Updates

• Changes to Agent Password Checking - Previously for Server > Agent entries, there was the boolean option to ‘Check Password with Repository’ Yes or No. This has now been rephrased and replaced by a new setting ‘Password checking’ with ‘Sentry’ or ‘Repository’ as the selectable option. If ‘Sentry’ is selected it will check the user password set on the Administration console under User Administration (if the user has one set). If ‘Repository’ is selected it will check the user password against the user’s source repository (e.g. XML, Active Directory etc). The old settings translate to the new settings as follows:

  • “Check Password with Repository: Yes” is now “Password Checking: Repository”

  • “Check Password with Repository: No” is now “Password Checking: Sentry”

• License Count Enhancement - Supports a specific use case for user existence during SSO logins. Impact: Supports the ability to add licences for users who need to participate in SSO logins, but who do not use Sentry authentication.

• Path Simplification in Configuration - Removes full class paths in admin UI, enabling cleaner and more maintainable setups.

• Option to Disable Full-Text Indexing for Database Logs - We have observed that full-text indexing of logs in the database can take up a lot of disk space. The workaround is to disable full-text indexing. This results in slower search times in the log viewer, but saves a lot of disk space.This feature cannot be enabled in the normal administration settings: if required, you need to contact supportdesk@swivelsecure.com to make the necessary changes.

AuthControl Sentry 4.2.3 (7199)

Released: September 2024

• Added support for OAuth2 authentication for GMail client.

AuthControl Sentry 4.2.3 (7136)

Released: May 2024

Bug Fixes

• Fixed where “locked” users did not receive security strings if “Only warn do not lock” is enabled.

AuthControl Sentry 4.2.3 (7120)

Released: May 2024

Bug Fixes

• Fixed the requirement for host name in LDAPS connections. You can now specify the IP address with LDAPS, provided the option to allow self-signed certificates is enabled.

• Dual Channel Security Strings are now correctly invalidated, and a new string sent, after successful authentication

• Zipped log files no longer cause Sentry to hang on startup

• Updated APNS (Push) certificates included

AuthControl Sentry 4.2.3 (7074)

Released: March 2024

Warning

Important Notice for Active Directory Repositories: As well as updating the Core software, we have also updated the Java version. Unfortunately, this means that there are stricter controls on LDAPS connections. This means that it is no longer possible to connect to the domain controller using an IP address, unless the TLS certificate on the domain controller contains a Subject Alternate Name for the IP address. The simpler alternative is to use the hostname in preference to the IP address. This may require changes to the DNS settings for the appliance, if it does not recognise the host name.

New Features

• Added the latest Apple Push certificates

Bug Fixes

• Fixed authentication issues when using mobile app for PINless users

• Only send one message when users are locked/unlocked using the API

• Better detection of invalid characters when writing API errors to the logs

• Fixed password authentication for users not known to Sentry, if permitted

AuthControl Sentry 4.2.3 (7040)

Released: January 2024

Bug Fixes

• Fixed issue with authenticating when using mobile app with a password

• Updated version of ActiveMQ due to reported vulnerability

AuthControl Sentry 4.2.3 (6939)

Overview

This release includes several bug fixes and enhancements to improve the functionality and stability of AuthControl Sentry. Below, you will find details about the resolved issues and improvements in this version.

Bug Fixes

SMTP Changes Apply Without Tomcat Restart (Bug)

• Description: In the previous version, SMTP configuration changes did not take effect until Tomcat was restarted. This issue has been resolved, and SMTP changes now apply immediately without requiring a Tomcat restart.

• Resolution: The software now dynamically applies SMTP configuration changes.

Date Filters in Log Viewer (Bug)

• Description: Date filters in the log viewer were not functioning as expected. This issue has been fixed, and date filters now accurately filter log entries.

• Resolution: Date filters in the log viewer have been corrected.

SMTP Logging Issue (Bug)

• Description: SMTP logging was not functioning correctly, leading to a lack of log records. This issue has been addressed, and SMTP logging now works as intended.

• Resolution: SMTP logging has been fixed to record all relevant events.

Disabling XML Logging (Bug)

• Description: Disabling XML logging also disabled other log types, which was not the intended behavior. This issue has been rectified, and disabling XML logging now affects only XML logs.

• Resolution: XML logging can now be disabled without affecting other log types.

PINless Users in ACD with PINless TURing (Bug)

• Description: PINless users were able to log into ACD with PINless TURing, which was not intended. This security concern has been addressed, and PINless users can no longer access ACD without proper authentication.

• Resolution: Security measures have been implemented to prevent unauthorized access.

Append PIN to OATH Fails in RADIUS (Bug)

• Description: The process of appending a PIN to OATH tokens in RADIUS was failing. This issue has been resolved, and the PIN append functionality now works correctly.

• Resolution: PIN appending to OATH tokens in RADIUS is functioning as expected.

Circular Definition in XSL (Bug)

• Description: A circular definition issue in XSL has been identified and fixed. XSL definitions no longer result in circular references.

• Resolution: Circular definitions in XSL have been eliminated.

ConcurrentModificationException in ActiveMQManager (Bug)

• Description: An issue causing ConcurrentModificationException in ActiveMQManager when accessing statistics for all transport queues has been addressed. The software now handles concurrent access without errors.

• Resolution: ConcurrentModificationException in ActiveMQManager has been resolved.

ActiveMQ Failure - “Timer Already Cancelled” (Bug)

• Description: An issue related to “Timer already cancelled” failures in ActiveMQ has been fixed. These errors no longer occur.

• Resolution: The “Timer already cancelled” issue in ActiveMQ has been resolved.

Configuration Sync Group Names Display (Bug)

• Description: Configuration sync group names were not displayed in the Status page, making it challenging to track configuration changes. This issue has been resolved, and sync group names are now visible.

• Resolution: Configuration sync group names are now shown on the Status page.

SMTP to SMSGateway Start TLS (Bug)

• Description: The SMTP to SMSGateway transport did not allow the use of Start TLS for secure communication. This limitation has been removed, and Start TLS is now supported.

• Resolution: Start TLS is now available for SMTP to SMSGateway transport.

Reprovision OATH Token in Mobile App (Bug)

• Description: Users encountered difficulties when attempting to reprovision OATH tokens in the mobile app. This issue has been fixed, and token reprovisioning is now seamless.

• Resolution: Reprovisioning OATH tokens in the mobile app is functioning correctly.

Assigning Tokens to Users with \ in Their Names (Bug)

• Description: Assigning tokens to users with backslashes \ in their names resulted in errors. This issue has been resolved, and tokens can now be assigned to users with special characters in their names.

• Resolution: Token assignment now supports users with special characters in their names.

OATH Tokens Page for Helpdesk Users (Bug)

• Description: Helpdesk users were unable to access the OATH tokens page. This issue has been addressed, and the OATH tokens page is now accessible to helpdesk users.

• Resolution: Helpdesk users can now view the OATH tokens page.

Conclusion

We believe that these bug fixes and improvements will enhance your experience with AuthControl Sentry. Please feel free to reach out to our support team if you have any questions or need further assistance.

Thank you for your continued trust in our software.

AuthControl Sentry 4.2.2 (6854)

Released: June 2023

New Features

• Log4j Update

  • The update of log4j to version 2.19.0 in this release is an important and necessary step in ensuring the security and stability of our software. With the recent discovery of vulnerabilities in log4j version 2, it is imperative to take measures and mitigate any potential risks. Updating log4j is not only a matter of addressing security concerns but also to ensure that the software remains up-to-date and compatible with other systems or dependencies. In addition, the update done stores logs directly in a database, making the stand-alone logviewer obsolete, and making log searching much faster.

• Spring Framework Update

  • This release features an important update to the Spring Framework, which addresses vulnerabilities present in previous versions. The Spring Framework is a widely-used Java-based framework that provides developers with an extensive set of tools and features for building enterprise-grade applications. This update ensures that the software remains secure and stable, providing customers with greater peace of mind. By mitigating these vulnerabilities, the update protects the application and ensures the integrity of customer systems. The update also ensures that the software remains compatible with other systems and technologies, providing a seamless experience for customers. Overall, this update to the Spring Framework represents a significant step in the commitment to providing secure and reliable software solutions.

• New transport integration with SaudiAlert

  • This release features an exciting new integration with Saudialert, a leading cloud-based SMS gateway provider based in Saudi Arabia. This integration enables Middle East customers to leverage Saudialert’s reliable SMS infrastructure directly from the software, allowing them to send SMS alerts and notifications with ease. This integration also offers greater flexibility and customization options for customers in the Middle East, allowing them to tailor their SMS messages to specific regions and languages. Overall, the integration with Saudialert SMS gateway provider provides a powerful and efficient SMS solution for Middle East customers to enhance their communication efforts.

• New Reports Available

  • This release includes the addition of new reports in Sentry, following several customer requests. These reports provide customers with valuable insights and analytics on their data, allowing them to make more informed decisions. The new reports cover a range of topics and have been designed to be user-friendly and intuitive. Customers can customize and filter the reports to meet their specific needs, and can easily export the data for further analysis. This new feature is a valuable addition to the application and demonstrates the commitment to meeting customer needs and providing a superior user experience.

• Appliance Identification

  • This release includes an important new feature for customers using the high-availability architecture of the product. The feature enhances the ability to identify whether writing to a shared database is being done by the primary or standby appliance. This is accomplished through the identification of the appliance in logs whenever a write occurs. In addition, the feature includes the ability to set different default configurations for scheduled jobs where required. This provides customers with greater visibility and control over their high-availability architecture, enabling them to monitor and manage the appliances more effectively.

Improvements

• Enhanced Authentication Error Messages

  • This release includes an important improvement to authentication error messages. Authentication errors are now more explicit and informative, providing administrators with a clearer understanding of the reason for the failed authentication. This feature provides system administrators with greater visibility into the cause of authentication failures, enabling them to more effectively manage user accounts and ensure the security of the system.

• Enhanced SCPinPad parameter handling

  • This release includes an enhancement in the SCPinPad API’s parameter handling. The padno parameter, which was originally intended to distinguish between multiple requests for the same username, has been updated to support a new behavior. These updates will provide improved flexibility and usability for integrations using the SCPinPad API.

Bug Fixes

• User Exist API fix

  • The User Existence API has been fixed to address an issue where it would check all user attributes, leading to inconsistencies or false positives. With this update, the API will only check for the username or altusername attribute, ensuring accurate results and reducing the potential for errors. It will also check any attributes defined as alternative usernames for the Agent making the request. This fix improves the reliability and accuracy of the User Existence API.

• API Improved Error Response

  • This issue was related to an API that previously would not provide a clear and descriptive error response when the request structure was incorrect. Instead, logs would print a Java error due to the lack of XML content in the response. With the bug fix, the API now provides an XML response that is more user-friendly and that indicates the reason for the error, making it easier to diagnose and address any issues.

• Database Pooled Connection Error

  • This bug fix addresses an issue where the application logs were throwing an error due to a null pointer exception caused by a missing object in a specific scenario. The fix corrects the code to properly handle the missing object and prevent the error message.

• Fixed User Sync Crashing due to license limit

  • Previous Sentry versions would crash the user sync service when the user license limit was reached. However, this issue has been resolved in the current version, and the user sync service will no longer crash when the user license limit is reached.

• Append PIN option not copied to TOTP on upgrade

  • In the previous version, the Append PIN option for OATH policies was only copied to HOTP on upgrade and not to TOTP. This led to inconsistencies in policy settings and configuration issues. With the latest bug fix this is properly copied to both HOTP and TOTP during upgrades, ensuring consistent policy settings for both types of OATH policies.

• Fixed incorrect message sent to user upon undelete or un-disable

  • In previous versions, when a user was undeleted or un-disabled, an incorrect message stating that the user was “unlocked” was sent. This has now been fixed, and the proper message is now sent to the user. This ensures that users receive accurate and appropriate messages, improving the overall user experience.

• Fixed issue with OATH and MobileApp

  • Previously, if a user with an OATH token entered a mobile app code, the OATH would fail and the logic would assume that the mobile app code was not applied. This issue has been fixed, and users with OATH tokens can now enter mobile app codes without any issues.

• Issues after switching from Shipping Database

  • A fix has been implemented for an issue related to switching from shipping database mode. The issue was caused by new flags in the database which required a tomcat restart. The issue has now been resolved and switch from shipping database mode will not cause previous issue.

• API locked policy

  • In Sentry last version, AdminAPI status flags had changes and “locked” attribute was no longer valid. Instead, the attribute “lockedByAdmin” should be used. For backward compatibility, both attributes will be accepted.

AuthControl Sentry 4.2.1 (6751)

Released: January 2023

New Features

• OATH code visibiity (past, present and future) in User strings

  • Administrators can have a pick in the past OTCs and futures OTCs. This feature is helpful to fully understand the policies applied to OATH and possible issues that could be resolved with policies.

• Customization and logs insertion for new modules and features in Sentry logs

  • New availability to add logs to Sentry; tailor made solutions will have even more information added to the logs

• Addition of dedicated policies for TOTP and HOTP token

  • New customization for specific types of token configured. Dedicated policies helps administrators to setup and define configuratio of token types

• MDM available in AuthControl Sentry to control AuthControl Desktop in domained workstations

  • Similar to user synchronisation, this new module allows Sentry to sync computers in domain to remotely install AuthControl Desktop, manage availability of MFA on workstations, enable and disable agent remotely along with a dedicated Dashboard related to workstations authentication activities

• Tomcat update to version 9.0.68

  • Upgrading to version Sentry 4.2.1 updates Tomcat to version 9.0.68 which have important security updates. Please refer to release notes of Tomcat 9.0.68

• PIN expiry management

  • Ancillary application to help on PIN expiry-renewal process using Sentry APIs 2.2

Bug Fixes

• Last OTP sessions synchronisation fix

  • Correction to SyncXML so that Last OTP replicates on standby appliance

• User lock flag adjustments

  • Fix on previous update which marks deleted users as locked instead of deleted

• Appliances with zipped logs boot fix

  • Fixed issue that happened in some cases starting the appliance when there are too many zipped log

• OATH authentication fix for users with PINless policy

  • Issue fixed for users using PINless and OATH privileges

• Database upgrade fixes (NAME_ID_FORMAT)

  • Database upgrade script in some cases would not add the required column which is now fixed in this version

• Fail logins message adjustments

  • Messages adjustments to properly identify the reason why authentication has failed

• Mobile app policies initialisation fixes

  • Duplicated entries in Mobile App policies fix

• Fix for password field not displayed for admin login after logout

  • Password field was not coming to display after admin logout the web application

• Fix logs with LOCK_USER messages

  • Fixed logs being filled with unnecessary information of LOCK_USER

• Fix for Helpdesk policy on users creation

  • Helpdesk policy fix to allow helpdesk user to create users

• New dispatcher-servlet.xml to fix deployment of appliance web apps

  • File update to fix some cases that SSO Portal would not start properly

• Fix characters display of appliance web apps

  • Special characters adjustments

• Session start fix to point to imageserver

  • Fix for session start that was pointing to pinsafe server instead of image server

• Account unlocked audit message uses wrong subject fix

  • Mailing fix to set subject properly for accounts unlocked

• Refactoring of libraries

  • Duplicated libraries and old version libraries refactor

AuthControl Sentry 4.2.0 (6612)

Released: 1st June 2022

Sentry Core:

• Push notification authentication can now be configured using reverse proxy

• Database migration process from older appliances is improved

• Database migration process from older MSSQL databases is improved

• Login sessions now sync via database

• IP addresses reserved for user VPN account can be sent via RADIUS and retrieved from AD

• Reporting now includes source IP and authentication method used by the user

• Group display order is now consistent across all screens

• Policy for account lockout time

• AD password management in User Portal

• Account ‘claim code’ feature for users with no email or telephone in repository

• Self management: users can now change their PIN with account locked

• Self management: users can now unlock the account with Reset PIN or Change PIN option

AuthControl Single Sing-On Portal:

• Local applications can be defined in SSO portal with new PAM method / user known credential storage

• Local applications can be defined in SSO portal with new P2AM method / user will never know credentials

• Web applications supporting OAUTH2 can be integrated in SSO portal

• Web applications supporting OpenID can be integrated in SSO portal

Bug Fixes:

• Log4J updated to 2.17.1 and necessary maintenance undertaken to make this compatible

• Name ID format now available in SAML SSO integrations

• PINless policy and PINpad implementation caused duplicated digits to be displayed, now handled

• Handling of special non UTF-8 digits in passwords to avoid invalid characters logging

• Reset password option was ignored unless policy indicated that password is required. Fixed option by resetting password irrespective of whether password required policy is set / not set.

• User groups with . character in the name were not being assigned to repository on first sync

• Connectivity loss during User Sync now results in aborted sync

• Latest ActiveMQ libraries updated to fix vulnerabilities

• App provision issues for usernames containing spaces rectified by URL decode fix

• Fixed reported behaviour conflict of timed lock-out policy with other policies

Recommendation:

• Any reports that reference the policy flags table, PINSAFEC, will not work with Sentry version 4.2 or later, and must reference the new status flags table, PINSAFES.

AuthControl Sentry 4.1.3 (6442)

Released: 1st October 2021

Sentry Core:

• Active Directory Agent for multiple endpoints

• Support for authentication with multiple repository servers

• PINpad and PICpad added to Sentry login page

• Security improvements : Tomcat 9.0.48

• Improved Push notification with Firebase for Mobile applications.

• Random password generation for selected repositories

• Improved transport for HTTP GET and SOAP

• Syslog improvement for remote server logging

• Offline strings remaining count for WCP

• Addition of Purge users options as a scheduled service

• Voice transport and Push transport view in User Administration

• Improvements to SMS transport

• User history with authentication method information

• Improvements on welcome page in User Portal

• Push notification with Biometrics, Confirmation or a combination of both

• RADIUS Push notification improvement

• SMTP service unified for SSL and TLS protocols

• Upgrade of the security in provision codes

AuthControl Mobile Applications:

• Improved Push notification with Biometrics option

• Security Compliance improvement for different devices using AndroidOS

• Push platform upgrade

• Bug Fixes

AuthControl Sentry 4.1.2 (6358)

Released: 7th April 2021

Sentry Core:

• RADIUS NAS entries can now specify a range of IP addresses, using CIDR notation.

• It is possible to specify how many re-uses of an OATH OTP are allowed. Our latest release 4.1.1, removed re-use altogether, but this causes problems where the OTP is specified correctly but authentication fails for other reasons.

• An error is shown on the User Administration page when attempting to reprovision a user that has an OATH token allocated. It is not permitted to have both an OATH token and an OATHbased mobile app, but previously this error was logged silently and reprovision appeared to have failed.

• A bug has been fixed whereby transports were not shown in the user administration in certain circumstances.

• The API call to initiate user sync has now been fixed.

• More improvements to session replication

• Password checking for Simple LDAP repository has been fixed.

• An option has been added to generate a random password for new users per repository.

• The RADIUS server is no longer restarted when certain irrelevant configuration changes are made.

• Sending security strings by email has been fixed.

• Line breaks in the FoxBox transport have been fixed.

• Timeout options have been added to more transports that previously would hang indefinitely.

• Support has been added for Push feature in future mobile apps, and it has been made easier to update these for future support.

• Support has been added for future versions of the mobile app that allow multiple accounts.

User Portal:

• Added Japanese translation.

• Improved support for internationalisation.

• Fixed security hole that allowed users access to user portal without authentication in some circumstances.

AuthControl Sentry 4.1.1 (5560)

Released: 1th March 2021

Sentry Core:

• Improved Session Synchronisation Algorithm

• The ability to synchronise sessions with more than 1 other appliance

• Improved the usability of the automatic deprovision

• Security improvements : Tomcat build is now 9.0.37.

• Prevent OATH token OTPs being used more than once

• New helpdesk policy to disable editing user policy

• User Portal: Add description panel to PIN change

• User Portal: Disable mobile provisioning or show message if user not permitted

• Increment lock count if password is incorrect.

• Removed restriction on number of groups / attributes.

• Changes to the way “Check Password with Repository” works on RADIUS and Agents.

AuthControl Mobile:

• Increase the usability of apps.

• Optimize the mobile apps functionality and its relation with the high latency scenarios.

• Stability improvement.

• Resource Usage improvement

• Bug Fixes.

• Provisioning and deprovision flow review and improvement

Security improvements:

• Upgrade the security appliance with new OS.

• Upgrade the Java Version.

• Upgrade the DataBase engine.

• Encrypted management and structure with cloud

• On rest data also encrypted.

• Triple handshake in the Java Version.

• Enviroment upgrade with new appliance.

• Vulnerabilities removed due to analysis in:

• Improve the security in the admin remote Access.

• Delete the support on “not compliance or unsecure ” algoritms.

• Mitigation of SSH vulnerabilities.

AuthControl Sentry 4.1.0 (6095)

Released: 4th March 2020

Bug fixes:

• RADIUS repository password check was not working since build 6062. Now fixed.

• Whole CSV import failed if one user failed to import. Now logs single user failure but continues.

Security improvements:

• Tomcat 9.0.31

AuthControl Sentry 4.1.0 (6082)

Released: 23rd January 2020

Bug fixes:

• NAS identification fix in previous release was incomplete. Now fixed.

• PIN expiry no longer uses timed lockout: users are locked on PIN expiry until released by helpdesk.

Security improvements:

• Tomcat 9.0.30

AuthControl Sentry 4.1.0 (6074)

Released: 15th January 2020

Bug fixes:

• RADIUS NAS identification now checks both IP address and NAS Identifier

• Deleting repository groups or attributes no longer causes errors

AuthControl Sentry 4.1.0 (6062)

Released: 19th December 2019

New Features:

• Multi NAS RADIUS capability

• RADIUS VIP for HA environments

• Push and NEXMO-VOIP on the same core is now supported

• Disk Space Check before config operation

Bug fixes:

• Non ASCII characters on HTML messages (Japanese, Chinese, Arabic, Cyrilic)

• PIN change not requiring upper/lower case matching on userportal (now coherent with the core authentication)

• User Portal Confirmation code is now supported on non persistent sync (appliance sync)

• Auto reconnect on Repository Sync Job connection drop

Security improvements:

• Tomcat 9.0.29

• Customized error pages (information disclosure control)

AuthControl Sentry 4.1.0 (5995)

Released: 9th August 2019

Bug fixes:

• Fixed Android push error

• Fixed Provisioning URL in SMTP transport

AuthControl Sentry 4.1.0 (5974)

Released: 5th August 2019

Release notes.

NOTE: from version 4.1, the appliance database service is required for the user portal as well as Sentry SSO. If you are not using Sentry SSO and are using an external database for the Sentry Core, you will need to ensure that the appliance database service is running BEFORE updating.

AuthControl Sentry 4.0.5 (5560)

Released: 19th September 2018

Maintenance update:

• Renewed Apple push certificates

AuthControl Sentry 4.0.5 (5535)

Released: 29th August 2018

Bug Fixes:

• Fixed error using MSSQL Server and Oracle Databases regarding Attribute column size being to large

AuthControl Sentry 4.0.5

Released: 27th July 2018

Version 4.0.5 introduces new features and fixes others

New Features:

Windows Credential Provider (requires WCP v5.4.2.1):

• Biometric Fingerprint for Windows Credential Provider - Now WCP can enrol fingerprint and can identify users and be used to authenticate as 2FA. (Requires: Nitgen biometric reader or Windows 10 biometric authentication with integrated fingerprint reader)

• Windows Credential Provider is configurable as 2FA with Risk Based Authentication.

Sentry Core:

• Generate random pin for Helpdesk in user management

• Mobile app settings were removed and are no longer used: “Allow user to choose how to extract OTC”, “Provision is numeric”, “VPN URL Scheme”

• Provision code will always be numeric

• New transport: ReachData SMS Transport, MEO SMS Gateway Transport, Rand and Rave (Rapide) SMS Transport

• Possibility to limit SC and DC String Requests by time, if many requests are done in a period of time, access will be denied

• Added Fingerprint remove option (User Management -> View -> Attributes)

• Added new vendor radius Sophos

• Improved HTTP requests with HSTS, CSRF and XSS security handling

• Tomcat 9.0.10 support

• Added Trademark Registration

• Added possibility to view current OATH token to User Administration (within View Strings)

User Portal changes:

• Login with Confirmation code to increased security. Needs to be enabled in .swivel/user-portal/settings.properties with “showconfirmationcode=true”

• Confirmation code blocked after too many attempts

• Change Pin now requires entering new pin twice and shows policy errors

Sentry SSO changes:

• Authentication before Applications list (configurable by admin)

• Now SSO can show Applications by user group

• Added logout button

• Password field is now configurable to show or not

• Windows Credential Provider integration (for RBA only)

• Azure AD Integration (without federation)

• Possibility to add custom SAML Attributes per application. For more details: https://kb.swivelsecure.com/w/index.php/Authcontrol_v4_Sentry_SSO_and_Adaptive_Authentication#Defining_Applications

• Added Trademark Registration

Bug Fixes / Enhancements to existing features:

• Fixed Session Sharing issues in HA

• User Portal: fixed visual issues in IE with compatibility mode, fixed issue with QR Code not working

• Fixed RADIUS with Push not working on some VPNs

• Fixed RADIUS change PIN not being able to change the length of the PIN

• Fixed Bulk Provisioning in Oracle database

• Fixed OATH tokens not being assigned on user sync from AD

• Fixed OATH tokens to remove existing allocations before assigning new token to user.

• Fixed Clickatell Transport not working due to API change

• Fixed PacketMedia Transport not working due to API change

• Fixed IPModem Transport crash if no response received from modem

AuthControl Sentry 4.0.4

Released: 27 March 2017

Version 4.0.4 introduces new features and fixes another

Note: A new licence key will be required to run the new features that have been rolled out in June 2016 To request a new licence key please go to https://supportdesk.swivelsecure.com and create a new ticket, quoting the name that your current licence is issued in.

New Features:

• Adaptive Authentication and Single Sign On: This is a means by which you can manage the way users access a range of on-premise and cloud applications. Specifically, if and how they need to authenticate in order to gain access to those services. For more details: https://kb2.swivelsecure.com/index.php/Sentry_User_Guide.

• New Branding, colours and logos on the Swivel Core have changed.

• New Name: “pinsafe” is now “sentry”.The main effect on existing users is that the context path for web URLs is now “sentry”, rather than “pinsafe”. When integrating with existing products, you will need to change the context from the default. As integration products are updated, the default context will be changed to fit with the new naming.

• AuthControl Mobile App is the new naming of the mobile app

• This version allows the Swivel Mobile App to be configured as an OATH token

• Default SMTP templates for Credentials and App Provisioning have been added. A new option on the menu has been added to allow customers to replace or add new images to the templates

• Defined default configuration for single instances

• A new policy has been included on Policy > Password that allows to hide the Reset Password button from Admin Console

• Admin and Helpdesk users can invalidate a user session from User Admin, View Strings screen. The sessions that can be invalidate are the single and on-demand dual channel ones

• Log Viewer Standalone version that automatically imports the logs from Swivel Core and stores them on a database

Bug Fixes/ Enhancements to Existing Features:

• Deleting Agents no longer causes errors

• Sending Message for Alternative Username

• Deleting users with repository doesn’t delete them from the Swivel Core when the policy Delete Users with repository is set to NO

• Allow expired passwords set to NO doesn’t allow authentication

• Positive ID is not supported anymore and it has been removed from Messaging Screens

• Removed Manual App Provisioning action

Updated terminology:

• Transports is now called Messaging

• OneTouch is now called Push

• Mobile Client is now Mobile App.

• Quick Provision is now App Provision

For more details, see the [[:File:404ReleaseNotes.pdf|Release Notes]].

There was a beta release 4.0.3 and updating it to 4.0.4 enhances it