Skip to content

Release Notes 4.8.0

Overview

This document outlines the updates, improvements, and fixes introduced between versions 4.7.1 (released on Mar 03 2025) and 4.8.0 (released on Mar 31 2025) of the Excalibur v4 software.

New Features

Added audit logs for Tokens

  • Whenever a token is updated, created, or deleted, the changes are automatically recorded in the audit logs. You can easily verify these changes by navigating to the token table, selecting a token, and viewing the details.
  • Alternatively, you can access the logs through the Action table. Simply choose the relevant action associated with the token, click on it, and then select the token name. This method is especially useful when checking logs for deleted tokens.
  • If an admin deletes a token, the modifiedBy field will appear as null. To capture this information, consider deleting the token using a non-admin.
  • The Token Audit Logs feature includes an Export button for downloading the logs. After clicking the button, a dialog box appears, allowing you to set various filters:
    • Language: Choose the desired language for the export
    • User Name: Specify the name associated with the actions
    • Action Type: Select the type of actions to include
    • Date/Time Range: Define the period for the logs

Once the filters are set and confirmed, the export process begins, and a file is downloaded.

image

Figure 1. Token Audit Logs

image

Figure 2. Accessing Tokens Audit Logs from the Action section

Added role switcher

  • The User Preferences page now includes a Role Picker, designed to function similarly to the Language Picker.
  • When switching roles, if logging out and logging back in is required, a confirmation dialog will appear – similar to the one shown when changing tenants. This ensures a smooth and consistent user experience during role changes.

image

Figure 3. Role Picker in User Preferences

Performance Improvements

  • Faster dynamic tenant provisioning

Mobile Application

Improved handling for missing Tokens

  • Starting from version 4.3.1, we’ve introduced a better way to handle cases when a token is not found on the backend.

image

Figure 4. Warning message in the mobile phone app

  • Detailed View: If you choose to view the details, a warning banner appears, offering the option to remove the entire deployment.

image

Figure 5. Warning banner in the mobile phone app

  • Persistent Warning Indicators: If the user decides not to remove the deployment immediately, warning triangles will remain visible throughout the app, making it easy to identify the issue later on.
  • This update ensures a clearer and more user-friendly way to handle missing tokens.

Integration of Play Integrity API

  • To ensure compliance with Google’s updated security standards effective from May 2025, we are integrating the new Play Integrity API into our Token App. This integration will help maintain app security and adhere to Google’s requirements, safeguarding the app against unauthorized use and manipulation.

Added mocked location detection

  • To enhance security even more, our Token App will now detect mocked locations on both iOS and Android platforms. This improvement ensures that users cannot bypass location-based security measures by using fake GPS apps or other spoofing methods.
  • By identifying and blocking mocked locations, we uphold the integrity of our multi-factor authentication process and significantly strengthen overall security.

Usability Improvements

User-friendly PAM search warning

  • The Full-Text Search page now includes validation for search terms. To ensure accurate results, the search term must be a word with a minimum of 3 characters.

image

Figure 6. Search term validation in Full-Text Search

…and more minor fixes and improvements