Release June 22nd 2022
New Features & Functionality
- Security improvements:
- Users who log into Tehama with an email address and password will have a maximum number of 5 failed attempts before experiencing a temporary lockout period. This lockout, which prevents accounts from being compromised by brute force attack, will expire automatically after a 30 minute period or manually when an Admin or Manager resets the user’s password.
- A similar mechanism has been implemented at the MFA Code entry stage. This too expires after a 30 minute period or when an Admin or Manager resets the user’s MFA Code.
- The minimum required password length has been increased from 8 characters to 12, to meet the guidelines set by the National Institute of Standards and Technology.
- Our password hashing algorithm has been upgraded to SHA-256, which achieves a higher password encryption standard.
- Validation for Google single sign-on authentication has been improved.
Improvements & Fixes
- Custom Image management:
- The Review and Edit stages of the desktop template creation flow have been updated to include Operating System and Image specifications, to raise awareness of image usage and provide key information all in one place.
- Labeling in the desktop template creation flow drop-down menu has been updated for consistency throughout the platform: the menu is now labeled “Image” and sub-headers are labeled “Custom” and “Base”.
- Custom Roles and Permissions:
- The Users report now displays custom roles using the specific names given to those custom roles. This ensures that accurate role information can be efficiently accessed to understand role distribution and facilitate user management.
- Activity Stream performance:
- The average response rate has been improved, with initial tests showing a 5x improvement in query performance. This will positively impact responsiveness and performance of Activity Stream searching and filtering.
- We have resolved a scenario where extra whitespace in a desktop template name could lead to difficulty with desktop/template deletion.
- We have addressed an issue where archiving a room could prevent seamless offboarding of a user from the organization.