A Collection of DSA Distribution Files.

All notable changes to this project will be documented here.

The format is based on Keep a Changelog.

• Improvements for Auth0 SSO integration.
• Update server from URL action.

• Simplified password requirements management for the server. The only default requirement is password length should be 8 characters. The following settings are available now in server.json:
  • Set required password length.
  • Require numbers.
  • Require upper and lower case characters.
  • Require special symbols.
• Added reset 2FA function on a user node.
• Enabled rotation for DSLink log files.
• Added user authentication details logging, including timestamp, IP address, username, success/failure. To enable use loginAudit parameter in server.json.

• Changed timeout to 5 min when loading larger files by the frontend application.
• Removed old brand names from the server outputs. The server will keep only one web application folder, dglux5.
• Disallowed special characters in user names.
• Removed passwords in audit logs when creating a user, forcing a password reset, and changing a password.
• Disabled DGLux server verbose error messages when not in debug mode.
• DGLux updated to version 1.1.9443.

• Fixed session issue when the server is working in the SSO mode.
• Fixed an issue when not all user tokens were removed from JSON files when deleting a user.
• Fixed an issue when a broker is using two tokens at the same time for the upstream connection.
• Fixed a problem when an internal error was shown when manually log out using /logout URI.
• Fixed an issue when installing dslink using the Javascript SDK wasn't correctly reported.
• Fixed several issues when invoking SDK functions. New records were not always added or correctly reported back while creating users and tokens under certain conditions.
• Fixed issue when uptime manager was failing when using a proxy.

• OpenID Connect: "Back-Channel Logout" support.
• When using OpenID Connect authentication, server stores page URL in browser on logout. Later user returns to the same project when logs back in.

• Updated dsbroker dependency to 1.1.3.

• Improved large file handling on the server-side to prevent timeout on a slow connection.
• Improved Azure AD B2C authentication over OpenID Connect.

• Fixed a directory traversal vulnerability within the REST API component. The vulnerability impacts DGLux Server builds 1494 and prior. It can be exploited by an authenticated, remote attacker with sufficient privileges to access the file upload, move, and copy features of the server. Unauthenticated, and default user level privileges are insufficient to exploit the issue. This issue only impacts installations configured to utilize the DGLux Server, no other configurations are impacted.
  • DGLux Server, also known as DSA Server is one of multiple backends that can be configured to support the DGLux5 web application. This issue only impacts installations configured to utilize the DGLux Server, no other configurations are impacted.
  • The extended impact of the vulnerability will depend on the particular installation that was performed. Best practices advise to install DGLux Server under a limited service account. However, there are no technical controls to prevent the product from being installed under a privileged account such as root. An attacker who successfully exploits the vulnerability could upload, and then move or copy an arbitrary file to any location that the DGLux Server account can access. If this is a privileged account the attacker may be able to write to any arbitrary directory on the system.
  • DGLux Server can be configured to perform up and downstream configuration management to similar DGLux Server instances. The vulnerable REST API methods are limited to impacting the local file system of an impacted server and cannot be utilized to impact associated server instances.

• Fixed issue with dslink name not accepting dash "-".

• DGLux updated to version 1.1.9238.
• Dataflow DSLink updated to version 1.1.9238.

• Fixed issues with the server-side dataflow.

• DGLux updated to version 1.1.9235.

• New set of all-purpose gauges for the standard widgets Dashboard library.

• Added "defaultLocale" parameter to server.json config. This parameter sets the default language for the designer.

• DGLux updated to version 1.1.9198.
• Security updates.
• Improved OpenID Connect authentication.
• Exposed "formatDg5" config parameter under /sys/config node to change it in run-time.

• Fixed minor UI issue with 2FA authentication on mobile.
• Fixed a memory leak when working with large files, like PDF or video formats.
• Fixed an issue with some mobile browsers not accepted as supporting TLS 1.2.

• Minor UI fixes.

• DGLux updated to verions 1.1.9012.

• DGLux updated to version 1.1.8997.

• Added accepting the full well-known/openidConfiguration as issuer for OpenID Connect.

• Updated Dart DSLink SDK to 1.0.3.
• DGLux now requires browser that supports TLS 1.2.
• DGLux updated to version 1.1.8992.
• Minor improvements.

• Fixed the issue when couldn't find OpenSSL on C:\ and correctly joined path for Windows.
• When creating a project from a template, the new project saves category from the template.

• Extracted KeyCloak roles (realm and client) to "dsaGroups" to expose on the front end.
• Added 256-bit encryption to "server.json" for proxy and SSL certificate passwords at rest.
• Checking for login loop with OpenID Connect logins. Prevent DGSession from getting expiry date with OpenID Connect.
• Added check for null client roles config.
• Added missing logging statements.

• Removed heap limit of the watcher process.
• Removed pathlib.normalize.

• Prevented guest sessions from LDAP.
• Fixed issues with checking permissions.
• Fixed logging statement that would fail if a response was already closed.

• Updated DGLux to version 1.1.8750.