********************************************************************************
 Product brand:  Secomea

 Version:        11.5.625381019

 Release type:   Release
********************************************************************************

================================================================================
 Most Important Changes
================================================================================
--------------------------------------------------
 New features and enhancements:
--------------------------------------------------

RD-7421: Update Secomea General Terms and Conditions PDF file.
   GateManager now includes the latest version of Secomea's General Terms and
   Conditions (GTC 2.1 2024-11-01).
   Only new users will have to approve the updated terms on first login.

--------------------------------------------------
 Bug fixes:
--------------------------------------------------

-

--------------------------------------------------
 Security advisories:
--------------------------------------------------

-


================================================================================
 GateManager 8250 Server
================================================================================
--------------------------------------------------
 New features and enhancements:
--------------------------------------------------

RD-369:  2-factor authentication in GateManager using email / OTP.
   Added option to send Multi Factor Authentication code via email.
   Dropdown with MFA mode selection is added to account settings in
   administrator view.
   Certain type names and values across system are changed from containing "SMS"
   to "MFA" string where applicable for new feature.
   CRM interface is updated to accommodate new "mfa_type" field.
   CRM functions are updated to handle  "mfa_type" value during account creation
   and update.
   Introduce new audit texts.
   Modify existing and add new message templates.

RD-3019: GM servers should have a default robots.txt file to block web crawlers.
   A default robots.txt has been added, to block web crawlers

RD-6616: Reduce risk of slowing the entire system at high loads of In-browser
         GTA use.
   New server configuration option has been added: Dimensions -> Max In-Browser
   sessions.
   It limits number of concurrent Guacamole-based GTA sessions. Value of 0 means
   infinite.

RD-6736: CRM API updates for domain RFA.
   Domain RFA functionality wasn't available in CRM API. This has been fixed.

RD-7112: Improve password strength calculation algorithm.
   Password strength estimator requires now at least 8 characters.

RD-7114: Terminate active GM session(s) on password change.
   Changing users password leads to invalidating all other active sessions
   belonging to this user.

RD-7206: Add parameters Heartbeat Interval and Grant Access Account to CRM API
         endpoint /crm/configure/domain.
   CRM endpoint crm/configure/domain has been extended with Heartbeat and Grant
   Access fields

RD-7207: Extend crm/get/domain endpoint with domain settings/configuration
         parameters.
   CRM endpoint crm/get/domain has been extended with Domain Settings fields
   that reflects the crm/configure/domain fields

RD-7215: Add CRM API endpoint to trigger database compact operation.
   CRM API has been extended with new /crm/compact/database endpoint to trigger
   a database compact operation

RD-7227: Separate emails for certificate and password upon GM user creation.
   Delivering autogenerated password is now separated from certificate message.
   Templates gatemanager-pass-mail.txt for various languages are updated.

RD-7271: Enforce username validation rules on user creation in GM.
   Enforce username validation rules on user creation in GM. Account name shall
   not contain any of : ; , < > ' " [ ] nor any non-printable character nor any
   whitespace.

RD-7283: Add UI element to show count of total connections in "Usage" tab.
   Count of presented elements has been added to the footer of the table showing
   information in usage tab.

RD-7292: Create new CRM API endpoint to set a specified password for an account.
   CRM API has been extended with crm/setpass/account endpoint to allow for user
   password change.

RD-7323: Remove domain field from CRM API endpoints
         /crm/delete|join|unjoin/account.
   The crm_openapi.yaml's description of CRM API endpoints
   /crm/delete|join|unjoin/account mentioned irrelevant field domain. This has
   been fixed.

RD-7416: Add audit log entry for "Open Customer/Distributor Domain".
   Server admin viewing customer-type or distributor-type domain, causes new
   audit log entry.

RD-7421: Update Secomea General Terms and Conditions PDF file.
   GateManager now includes the latest version of Secomea's General Terms and
   Conditions (GTC 2.1 2024-11-01).
   Only new users will have to approve the updated terms on first login.

RD-7428: Create dynamic email template character for "Domain description".
   Domain description placeholder for account-related email templates added as
   $n.

RD-7429: Ensure that "domain description" field can be set via
         /crm/create/domain.
   Endpoint /crm/configure/domain has been extended with "descr" field that sets
   domain's description.

RD-7486: Adding support for Domain level Request for Access.
   -

--------------------------------------------------
 Bug fixes:
--------------------------------------------------

RD-6528: GateManager reports only shows data for 6 days when 1 week is selected.
   Fix multi-week periodic report to contain correct number of full days in
   report.

RD-6777: Missing cursor in tablet mode with Guac in-browser.
   There was a problem using touchscreen input for Guacamole based in-browser
   connections. This has been fixed.

RD-7148: GM will incorrectly identify security groups if Azure's SSO GRAPH_URL
         returns more than one response.
   GateManager incorrectly identified security groups if Azure's SSO GRAPH_URL
   returned more than one response. This has been fixed.

RD-7186: LinkManager can't launch external viewers.
   GateManager wasn't properly requesting the list of external viewers from
   LinkManager. This has been fixed.

RD-7442: Missing audit logs for /crm/configure/domain endpoint.
   Audit log entry for /crm/configure/domain endpoint was missing. This has been
   fixed.

RD-7467: GateManager's memory usage continuously grows during GTA session from
         bandwidth-limited client.
   During a GTA session from a client with limited bandwidth, GateManager memory
   usage steadily increased until the host memory was exhausted. This has been
   fixed.

RD-7492: HTTP response may contain incorrect (shortened) RFA grant ID if the ID
         is less than 8 hex digits long.
   The HTTP response from /crm/create/grant may contain incorrect RFA grant ID
   with missing leading 0s. This has been fixed.

RD-7500: Unable to delete cancelled/rejected and unexpired RFA record if
         requester is the responder or is member of the responding
         group.
   It was impossible to delete cancelled/rejected and unexpired RFA record if
   requester was the responder or was a member of the responding group. This has
   been fixed.

RD-7501: CRM API endpoint "/crm/configure/domain" setting "rfa_account" does
         not work with a group.
   Setting "RFA account" with CRM API endpoint "/crm/configure/domain" didn't
   work if "rfa_account" was in fact a group. This has been fixed.

RD-7502: Unable to delete a RFA record if responder group is empty.
   It was impossible to delete a RFA record if responder group was empty. This
   has been fixed.

RD-7521: GTA button doesn't work when pre-configured password contains a double
         quote.
   GTA button would not work if pre-configured password contained a double
   quote. This has been fixed.

RD-7522: GTA button doesn't work when agent name contains a double quote.
   GTA button would not work if agent's name contained a double quote. This has
   been fixed.

RD-7526: Allow configuring in-browser RDP agent's "security" parameter.
   It wasn't possible to configure "security" option relevant to in-browser RDP
   agents that was hardcoded to "any". This has been fixed.

RD-7532: Ensure "session code" is set when doing GTA with CRM API.
   An in-progress GTA session to a resource "guarded" with an RFA that has been
   started with CRM API would not be terminated if RFA was cancelled (by
   requester) or denied (by granter). This has been fixed.

RD-7542: Document that "service" is required in /crm/goto/agent|appliance and
         document "app" "novnc" option in crm_openapi.yaml.
   File crm_openapi.yaml didn't mention that "service" is required in
   "/crm/goto/agent" and "/crm/goto/appliance" and that for VNC agents
   "app":"novnc" can be used to choose "noVNC" viewer. This has been fixed.

--------------------------------------------------
 Security advisories:
--------------------------------------------------

-


--------------------------------------------------------------------------------
 Upgrade instructions can be found here:
 https://kb.secomea.com/docs/upgrade-gatemanager-firmware
--------------------------------------------------------------------------------

********************************************************************************
 End
********************************************************************************