Release notes
nevisAdapt 1.16.6.0 - 15.05.2024
Changes and new features
- ADDED: Added the option for using Apache HTTP5 default hostname verifier.
- FIXED: IP Blackisting
- FIXED: fix commercial IP2Location initialization.
Upgrading from nevisDetect 1.16.5.6 - 1.16.6.0
Step 1: Installation
Install the following packages with version 1.16.6.0 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.16.5.6 - 24.04.2024
Changes and new features
- FIXED: commercial IP2LOCATION setup
Upgrading from nevisDetect 1.16.4.4 - 1.16.5.6
Step 1: Installation
Install the following packages with version 1.16.5.6 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.16.4.4 - 21.02.2024
Changes and new features
- CHANGED: Dependencies updated.
Upgrading from nevisAdapt 1.16.3.9 - 1.16.4.4
Step 1: Installation
Install the following packages with version 1.16.4.4 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.16.3.9 - 15.11.2023
Changes and new features
- NEW: Device cookie name is customizable in the authstates.
- NEW: Aggregate view for observation counts per user:
VACAC_USER_OBSERVATION_AGGREGATE_COUNT
. - NEW: New risk levels introduced for overall risk score: INCOMPLETE, UNTRAINED.
- CHANGED: Dependencies updated.
- FIXED: Geolocation file lookup + update.
- FIXED: Feedback links no longer require login.
- FIXED: nevisAdapt AuthState initialization.
- FIXED: Device cookies and remember-me tokens no longer contain special characters.
Upgrading from nevisAdapt 1.16.x.x - 1.16.3.9
Step 1: Installation
Install the following packages with version 1.16.3.9 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.16.3.9
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.16.2.7 - 25.09.2023
Changes and new features
- FIXED: API - user observation pagination
- FIXED: notification of nevisAuth and nevisProxy about terminated sessions
- CHANGED: API - distrustSession renamed to applyFeedback
Upgrading from nevisAdapt 1.16.1.x - 1.16.2.7
Step 1: Installation
Install the following packages with version 1.16.2.7 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No changes required.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.16.1.2 - 05.09.2023
Changes and new features
- CHANGED: Several ERROR logs were replaced with DEBUG.
- CHANGED: Properties that define the feedback feature (JWE key, auth/proxy URI) became completely optional.
- FIXED: Replaced wrap-up AuthState with finisher method for approving sessions as trusted.
- FIXED: We refactored database queries to use less resource.
- FIXED: The nevisAdapt Remember Me authentication flow can now expect nevisAdapt service to return.
- FIXED: In case of Kubernetes deployment, the original caller IP address is used in "X-Original-Forwarded-For".
- UPGRADED: We upgraded dependencies to remove OWASP warnings.
Upgrading from nevisAdapt 1.14.x - 1.16.1.2
Step 1: Installation
Install the following packages with version 1.16.1.2 on your servers:
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No changes required.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.14.2.1 - 24.02.2023
Changes and new features
- FIXED: We fixed various issues with the RememberMe functionality.
Upgrading from nevisAdapt 1.13.0.x - 1.14.2.1
Step 1: Installation
Install the following packages with version 1.14.2.1 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
nevisadapt.properties
:
- Make sure that the configuration for the nevisAdapt database version is up-to-date:
nevisadapt.database.version=V8__Risk_Events.sql
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.14.2.1
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.14.0.3 - 15.02.2023
Breaking changes
- CHANGED: nevisAdapt AuthStates now uses the new HttpClient from nevisAuth. This is a breaking change in terms of AuthState configuration, visit Appendix H for more details.
Changes and new features
- NEW: We introduced Pass-through Mode - it doesn't interfere with the authentication flow, fit for data collection only.
- NEW: We store risk event history for sessions in the database (TACAC_RISK_EVENT) for reporting and model building.
- NEW: We extended Reporting API with risk flags.
Upgrading from nevisAdapt 1.13.0.x - 1.14.0.3
Step 1: Installation
Install the following packages with version 1.14.0.3 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
nevisadapt.properties
:
- Make sure that the configuration for the nevisAdapt database version is up-to-date:
nevisadapt.database.version=V8__Risk_Events.sql
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.14.0.3
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.11.1.0 - 17.02.2023
Changes and new features
- FIXED: We fixed Flyway upgrade scripts for Oracle.
Upgrading from nevisAdapt 1.10.0.* - 1.11.1.0
Step 1: Installation
Install the following packages with version 1.11.1.0 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
env.conf
:
- In case of Oracle DB: Make sure that the path configuration (-Dloader.path) for the Oracle JDBC Driver is present.
- Also make sure that the JDBC driver is found at the given path.
Example:
JAVA_OPTS="-Xms2012m -Xmx8048m -Dloader.path=/var/opt/nevisadapt/libs/ -Dlogging.config=/var/opt/nevisadapt/conf/logback.xml -Dspring.profiles.active=embedded_container"
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.11.1.0
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.10.1.2 - 17.02.2023
Changes and new features
- FIXED: We applied the changes that allow loading of Oracle JDBC driver from v1.11.
- FIXED: We fixed Flyway upgrade scripts for Oracle.
Upgrading from nevisAdapt 1.10.0.* - 1.10.1.2
Step 1: Installation
Install the following packages with version 1.10.1.2 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
env.conf
:
- In case of Oracle DB: Make sure that the path configuration (-Dloader.path) for the Oracle JDBC Driver is present.
- Also make sure that the JDBC driver is found at the given path.
Example:
JAVA_OPTS="-Xms2012m -Xmx8048m -Dloader.path=/var/opt/nevisadapt/libs/ -Dlogging.config=/var/opt/nevisadapt/conf/logback.xml -Dspring.profiles.active=embedded_container"
Step 3: Database
No changes required, if V3 and V4 have already been installed (for example in 1.9.1.0).
Otherwise:
Execute the following commands on the server where the RPM nevisadapt-1.10.1.2
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.9.1.0 - 17.02.2023
Changes and new features
- FIXED: We fixed Flyway upgrade scripts for Oracle.
Upgrading from nevisAdapt 1.8.* - 1.9.1.0
Step 1: Installation
Install the following packages with version 1.9.1.0 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
env.conf
:
- In case of Oracle DB: Make sure that the path configuration (-Dloader.path) for the Oracle JDBC Driver is present.
- Also make sure that the JDBC driver is found at the given path.
Example:
JAVA_OPTS="-Xms2012m -Xmx8048m -Dloader.path=/var/opt/nevisadapt/libs/ -Dlogging.config=/var/opt/nevisadapt/conf/logback.xml -Dspring.profiles.active=embedded_container"
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.9.1.0
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.13.0.1 - 16.11.2022
Changes and new features
- NEW: We added the Remember Me functionality for direct integration.
- FIXED: We fixed the inconsistent behavior of event-based authentication step decision.
- SECURITY: We upgraded critical vulnerable dependencies:
- Spring Security: CVE-2022-22976, CVE-2022-22978, CVE-2022-31690, CVE-2022-31692
Upgrading from nevisAdapt 1.12.1.x - 1.13.0.1
Step 1: Installation
Install the following packages with version 1.13.0.1 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.13.0.1
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.12.1.0 - 31.08.2022
Changes and new features
- UPGRADE: We upgraded the dependencies.
Upgrading from nevisAdapt 1.11.0.x - 1.12.1.0
Step 1: Installation
Install the following packages with version 1.12.1.0 on your servers:
nevisdetect
nevisadapt
nevisdetectcl
Step 2: Configuration files
No changes required.
Step 3: Database
No changes required.
Step 4: Start
Start the nevisDetect components.
nevisAdapt 1.12.0.6 - 17.08.2022
Changes and new features
- UPGRADE: We upgraded User Agent Parser to v1.5.3.
- NEW: We added a new session attribute to track adapt presence during authentication.
- NEW: If configured, a redirect URL is returned after handling feedback.
- NEW: We added an API call to collect trusted observations.
- CHANGED: From now on, distrusting with feedback token means removal.
- CHANGED: We added
USER_ID
to theTACAC_DEVICE
table. - CHANGED: We fixed several Oracle upgrade scripts (V4, V5) retroactively, new databases no longer encounter issues during migration. Warning: Repairing an already existing database may inherently cause data loss. The main impact (without backup) is that users have to train their devices again.
- CHANGED: We extended API calls to collect active sessions with optional parameter for
deviceId
. - CHANGED: We added a success log entry for updating IP blacklist.
- CHANGED: We removed an unnecessary update for IP blacklists if URL is explicitly unset.
Upgrading from nevisAdapt 1.0.10.x - 1.12.0.6
Step 1: Installation
Install the packages with version 1.12.0.6 (nevisadapt
and nevisdetectcl
) on the server(s).
Step 2: Configuration files
nevisadapt.properties
:
- Make sure that the configuration for the nevisAdapt database version is up-to-date:
nevisadapt.database.version=V6__User_Device.sql
- Add a new URL entry for redirect on distrust feedback (if required):
feedback.redirect.url=<redirectUrl>
- To avoid automated IP Reputation updates, set the property empty:
nevisadapt.ipReputation.update.url=
For more details, see the chapter nevisAdapt service - Description in the nevisAdapt reference guide.
Step 3: Database
Execute the following commands on the server where the RPM nevisadapt-1.12.0.6
is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.11.0.1 - 18.05.2022
Changes and new features
- NEW: We added the feedback in the email function, with the ability to distrust sessions, devices, or all observations using a link sent with the notification email.
- NEW: We added a new table (TACAC_DEVICE) which combines references for cookies, browser, and fingerprint to make data maintenance easier.
- NEW: We introduced compatibility with Flyway Teams Edition.
- NEW: We introduced compatibility with FingerprintJS v3. FPJS v2 is still available.
- NEW: We added the logout flow pattern configuration in nevisAdmin 4.
- CHANGED: Risk score is set to high if observations are missing.
- CHANGED: First login now continues with 2FA by default.
- CHANGED: Smart cleanup - If the identical observations of a user exceed a threshold, housekeeping deletes all but the latest ones, to stay within limit.
- CHANGED: We implemented Log4j migration for AuthStates.
- FIXED: We fixed the incorrect Oracle script from v1.10.
- FIXED: We fixed the REST API result paging.
- FIXED: Oracle JDBC driver was not loaded. The issue is now fixed.
Upgrading from nevisAdapt 1.0.10.x - 1.11.0.1
Step 1: Installation
Install the packages with version 1.11.0.1 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
No changes required.
For more details, see the chapter nevisAdapt service - Description in the nevisAdapt reference guide.Step 3: Database
No schema changes.
Step 3: Start
Start the nevisAdapt component.
nevisAdapt 1.10.0.3 - 16.02.2022
Changes and new features
- NEW: Support for MaxMind GeoCity Database.
- NEW: Made the nevisadapt-api jar available to support integration.
- NEW: Set a default session end date based on the maximum session lifetime.
- FIXED: The bug that caused observations not to be marked as trusted at the end of the authentication flow.
- FIXED: The name of the log files in case of log rotation.
- FIXED: The possibility to select a follow-up step in case second factor authentication failed.
- IMPROVEMENT: Improved the help texts for the event configurations in the Patterns.
- IMPROVEMENT: Improved the handling of timeouts / errors in nevisAdapt.
- IMPROVEMENT: In case of risk profiles being used, either High or Medium risk configuration also has to be provided.
- UPGRADED: Angular is upgraded to v13.
- UPGRADED: Spring is upgraded to v5.3.
Upgrading from nevisAdapt 1.0.9.x - 1.10.0.3
Step 1: Installation
Install the packages with version 1.10.0.3 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
No changes required.
For more details, see the chapter nevisAdapt service - Description in the nevisAdapt reference guide.Step 3: Database
No schema changes.
Step 3: Start
Start the nevisAdapt component.
nevisAdapt 1.9.0.4 - 17.11.2021
Changes and new features
- NEW: We introduced browser fingerprint similar to the device fingerprint with a configuration to create unique results.
- IMPROVEMENT: From now on, nevisAdapt uses the ISO 8601 date format in the notifications.
- FIXED: We fixed a bug causing empty notifications in case of event configurations.
- FIXED: We fixed a bug caused by the lack of configuration for the secTokenTrustStorein the nevisAdapt Instance pattern when own trust stores were used.
- NEW: Now you can delete a device of a user through the nevisAdapt REST API.
- NEW: From now on, you can get the list of trusted devices of the user from the nevisAdapt REST API.
- NEW: Now you can report the session history of a user in the nevisAdapt REST API.
- IMPROVEMENT: We support multiple notification types.
- IMPROVEMENT: From now on, the device sharing analyzer can also differentiate between shared and public devices.
- IMPROVEMENT: The health indicators are also checking the database version where applicable.
- IMPROVEMENT: You can use a flag to mark a device trusted.
- IMPROVEMENT: From now on, you can trigger the follow-up step in the authentication flow for events even if only a subset of the events were matching the response.
- IMPROVEMENT: You can use an own image for downloading the Geolocation database in the Kubernetes cron job.
Upgrading from nevisAdapt 1.0.8.x - 1.9.0.4
Step 1: Installation
Install the packages with version 1.9.0.4 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
No changes required.
For more details, see the chapter nevisAdapt service - Description in the nevisAdapt reference guide.Step 3: Database
In case of Kubernetes deployments before deploying the new version, the database has to be recreated or the flyway scheme table and renamed with the following command (there is no need to stop the application before):
ALTER TABLE FLYWAY_SCHEMA_HISTORY RENAME SCHEMA_VERSION;
Oracle/ MySQL
Execute the following commands on the server where the RPM nevisadapt-1.9.0.4 is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 3: Start
Start the nevisAdapt component.
nevisAdapt 1.8.0.4 - 18.08.2021
Changes and new features
- NEW: It is now possible to download and update the Geolocation database with a cron job and by using a shared location in a Kubernetes deployment.
- NEW: You can now configure the next authentication step based on actions, not only on risk scores, in the case of a nevisAuth direct integration.
- NEW: You can now use the REST API to get all observations from nevisAdapt.
- IMPROVEMENT: From now on, nevisAdapt marks trusted observations only at the end of the Authentication flow.
- IMPROVEMENT: From now on, you can configure the Bind Host for the nevisAdapt Instance pattern.
- FIXED: A NullPointerException was thrown when you uploaded a JDBC driver into the nevisAdapt/nevisDetect Database Connector patterns. This bug is now fixed.
- FIXED: The Flyway migration did not work for some URLs. This bug is now fixed.
- FIXED: The validation of the AttachmentProperty was not working correctly if the property was used as a variable in the nevisAdapt Instance pattern. This bug is now fixed.
Upgrading from nevisAdapt 1.0.7.x - 1.8.0.4
Step 1: Installation
Install the packages with version 1.8.0.4 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
No changes required.
For more details, see the chapter "nevisAdapt service - Description" in the nevisAdapt reference guide.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.7.0.5 - 19.05.2021
Changes and new features
- CHANGED: The observation cleanup period is now configurable.
Upgrading from nevisAdapt 1.0.6.x - 1.7.0.5
Step 1: Installation
Install the packages with version 1.7.0.5 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
Adapt the configuration file /var/opt/nevisadapt/conf/nevisadapt.properties as follows:
- Set the property nevisadapt.ipToLocation.service.class to "ipToLocationCsvService" or "ipToLocationBinService". Which value is correct depends on the geolocation database you use.
- Specify the automatic update/download of the geolocation database with the property nevisadapt.ipToLocation.update.cron.
For more details, visit chapter "nevisAdapt service - Description" in the nevisAdapt reference guide.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.0.6.6 - 17.02.2020
Changes and new features
- NEW: Experimental Docker images and nevisAdmin 4 patterns for Kubernetes deployment are now available.
- NEW: nevisAdapt now includes the binary version of the IP2Location Geolocation database.
- NEW: Support is now available for the automatic download and update of both the IP reputation database and the binary version of the IP2Location Geolocation database.
- NEW: It is now possible to change the log settings in the nevisAdapt Instance pattern in nevisAdmin 4.
- NEW: It is now possible to select the follow-up steps in nevisAdmin 4 in case of high and medium risks. Because of this, nevisAdmin 4 now also supports step-ups, not only notifications.
- FIXED: The bug where an incorrect configuration of the fingerprintJS integration caused issues with ModSecurity.
Upgrading from nevisAdapt 1.0.5.x - 1.0.6.6
Step 1: Installation
Install the packages with version 1.0.6.6 (nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
The following new configurations are required in the file /var/opt/nevisadapt/conf/nevisadapt.properties:
- Set the property nevisadapt.ipToLocation.service.class to "ipToLocationCsvService" or "ipToLocationBinService". Which value is correct depends on the geolocation database you use.
- Configure the property nevisadapt.ipToLocation.update.cron to set up the automatic update/download of the geolocation database.
For more details, visit chapter nevisAdapt service - Description]" of the nevisAdapt reference guide.
Step 3: Database
No schema changes.
Step 4: Start
Start the nevisAdapt component.
nevisAdapt 1.0.5.5 - 18.11.2020
Changes and new features
- NEW: New AuthStates to integrate the nevisAdapt service during authentication are now available (nevisAuth/nevisAdapt direct integration).
- NEW: This release of nevisAdapt provides three new analyzers:
- NEW: nevisAdapt now parses and sends the device information from the User-Agent in the FingerprintModule. This includes information such as device type, operating system and browser.
- NEW: An integrated nevisIDM REST service is now available, to send notifications from the NevisAdaptAuthState on suspicious login attempts.
- NEW: As of this release, the geolocation observation is extended with the country name, city, longitude and latitude.
- NEW: In case of integration with nevisAdmin4, the fingerprint calculation is now integrated automatically into the login renderer.
- NEW: As of this release, nevisAdapt offers a verified Oracle 19c compatibility.
- CHANGED: From now on, nevisAdapt not only delivers a risk score per module, but also per analyzer.
- CHANGED: As of this release, nevisAdapt uses a Hikari connection pool instead of Tomcat. Review and adjust all your connection pool configurations, if applicable.
Upgrading from nevisDetect 1.0.4.x - 1.0.5.5
Step 1: Installation
Install the packages with version 1.0.5.5 (nevisdetect, nevisadapt and nevisdetectcl) on the server(s).
Step 2: Configuration files
The following new configurations are required in the file /var/opt/nevisadapt/conf/nevisadapt.properties:
- Set the attribute nevisadapt.ipReputationFilePath to the location of the IP reputation database file.
- Specify the thresholds/configurations for the new analyzers. For more information, see the chapter "nevisAdapt service - Description" in the nevisAdapt Reference Guide.
- Replace the attribute spring.datasource.tomcat.maxActive with the attribute spring.datasource.hikari.maximumPoolSize. Then adjust the other connection pool settings in your configuration (if you have any) for both nevisadapt and nevisdetect-persistency. Find more information here: http://github.com/brettwooldridge/HikariCP.
Step 3: Database
Oracle/ MySQL Execute the following commands on the server where the RPMnevisadapt-1.0.5.5* is installed:
bash> /opt/nevisadapt/flyway/bin/flyway.sh migrate
Step 4: Start
Start the nevisDetect components.
Notes
- If you use the nevisAdapt/nevisAuth direct integration only, you do not need to install the nevisdetect package. In this case, you only need the packages nevisadapt and nevisdetectcl (which contains the AuthStates for both nevisAdapt and nevisDetect).