We are pleased to announce the 9.1 release of Topicus KeyHub. This release fixes a security issue, brings several enhancements and addresses issues found in previous versions. It is recommended to update your KeyHub deployment.
TKH-493
TKH-494
TKH-585
Group managers can now manage the applications and linked systems for their groups. A group manager can decide the required security level for SSO or activation on the dashboard. KeyHub administrators no longer have access to secrets for OAuth applications unless explicitly shared by the group manager. The client identifier and secret can now be directly copied to the clipboard using a button. For linked systems, usage of a rotating password can be demanded for activation. All these settings can be found on the management page for 'My groups'. Click on an application or linked system and choose 'Details'.
TKH-574
Weak passwords are a major concern when it comes to securing accounts. Easy to guess passwords such as Password12345
or 987654321qwerty
meet most length and/or complexity requirements but should still be avoided. KeyHub now bans over 450k commonly used passwords. Users with a banned password will be required to change their password on their next login.
TKH-301
When a user's password has expired in the directory, KeyHub will now guide the user through the password wizard and force the user to change his/her password.
The following smaller improvements and bugfixes were made:
TKH-548
TKH-549
TKH-618
Code coverage from tests was increased substantially.TKH-567
Improved applications overview under account when empty.TKH-589
Improved error handling for AD provisioning.TKH-620
Added support for English names for deployment configurations.TKH-621
Fixed a race condition in session initialization that could trigger an error.TKH-622
Increased timeout for 2FA via the app to 30 minutes.TKH-623
Fixed an error with removing a former KeyHub Administrator account.TKH-624
Fixed an error with activating a group which was deleted.TKH-625
Fixed an error with reloading some pages after a session timeout.TKH-626
Users are no longer blocked in the password wizard after entering an invalid password for the vaults.TKH-631
Groups are now always deactivated when the timer expires.