Skip to main content

Version 2.9.12 (Build No. 2.9.12.29)

Release|2026-02-27

Notice on FaceStation F2 v1.x.x Firmware Support Discontinuation

Starting with BioStar 2 v2.9.7, we have enhanced synchronization performance by modifying the process to transmit templates exclusively when synchronizing a user's visual face to the device.

Given the differences in visual face algorithms, FaceStation F2 v1.x.x won't sync well with the new BioStar 2. Therefore, we've decided to end support for FaceStation F2 v1.x.x from BioStar 2 v2.9.7 onward.

If you are currently using FaceStation F2 v1.x.x firmware, kindly upgrade your FaceStation F2 to the latest firmware to utilize BioStar 2 v2.9.7.

The latest firmware can be downloaded from the Suprema Download Center.

New Features and Improvements

  1. Supports a new devices.

    • BioStation 3 Max

    • XPass Q2

  2. Support for deleting device event logs in BioStar 2.

  3. Updated to correctly display new event logs when using devices with BioStar X supported firmware in BioStar 2.

  4. Support for Remote Access.

  5. Security improvements for Time & Attendance

    • Fixed a security vulnerability regarding URL exposure and unauthorized access during PDF export.

    • Updated the Minimist library to address security vulnerabilities.

    • Removed hardcoded test credentials from JavaScript files.

    • Enhanced the database password encryption method.

  6. Updated Open JDK version.

  7. Improved system security vulnerabilities

    • Application of HTTP security headers for the web server

    • Enhancement of the encryption method for database connection passwords

    • Update of internal libraries regarding Java server security vulnerabilities

    • Enhancement of password security on the Directory Integration page

    • Improved access permissions on the User List page

    • Improved SQL Injection vulnerabilities

  8. Added a popup message recommending the deletion of unnecessary Redis for enhanced security when upgrading to version 2.9.8 or higher.

  9. Improved the upgrade process from v2.9.8 or earlier to automatically apply the 'Exclude from Synchronization' setting to existing users during the first synchronization.

Bug Fixes

  1. Time & Attendance reports not generating correctly due to authentication log synchronization failure. Affects version2.8.9

  2. Fixed an issue where non-admin users could access other users' report filters via the API. Affects version2.4.1

  3. Fixed an issue where database migration failed when enabling or disabling the Encrypt Personal Data On DataBase option. Affects version2.2.0

  4. Fixed an issue where the anti-passback feature did not function properly when the same device was configured for both Muster zone and Global Hard APB. Affects version2.8.10

  5. Fixed an issue where the Visual Face Migration result was displayed as 0 even when valid data existed. Affects version2.0.0

    • Added a popup message to prevent unnecessary processing when there are no valid data for Visual Face Migration.

  6. Device title displayed incorrectly on the detail page when the device name contains <<< or >>> characters. Affects version2.9.11

  7. Long-term non-access users remaining on the list even after successful authentication with specific credentials (e.g., Mobile Card). Affects version2.8.16

  8. Server shutdown occurring during the synchronization of certain Visual Face. Affects version2.8.6

  9. Error occurring when importing event log files exported via USB from BioStation 2a. Affects version2.9.4

  10. Server memory usage increasing and not decreasing after transferring a large number of users to devices via the Transfer To Device feature. Affects version2.9.7

  11. Server failing to start due to a database out-of-memory error during data validation when a large volume of Audit Logs is present. Affects version2.9.7

  12. Mask Check Mode failing to switch to Check before authentication automatically when changing Use (Deny access when wearing mask) in Mask Detection settings. Affects version2.9.8

  13. Fixed an issue where Visual Face extraction failed after a server restart due to memory constraints or initialization errors. Affects version2.7.14

  14. Certain floors not appearing in the search filter list on the Floor Status page of the MONITORING menu. Affects version2.0.0

  15. CoreStation device detail page failing to save changes to Tamper and AC Fail input settings. Affects version2.9.10

  16. Unintended deletion of door groups with similar names when deleting a group that includes an underscore (_). Affects version2.0.0

  17. Fixed an issue where all users were synchronized from Microsoft Entra ID even when only specific user groups were selected for synchronization. Affects version2.9.10

  18. Fixed an issue where users were not synchronized when the User Group mapping field was set to 'None' and only specific groups were selected. Affects version2.9.10

  19. Server error occurring when saving settings on the detail page of a Wiegand Reader device with a negative ID. Affects version2.9.11

  20. Improved the Active Directory synchronization logic to support both uppercase and lowercase keys (e.g., ou, dc) in the Base Domain Name. Affects version2.9.10

  21. User registration failure during Active Directory synchronization when the sAMAccountName contains non-standard characters. Affects version2.9.10

  22. Failure to retrieve group lists or synchronize data from Microsoft Entra ID when the number of user groups exceeds 100. Affects version2.9.10

  23. Improved the USB Device Agent installer by including the latest DE-620 drivers to ensure compatibility with Windows 11 security updates. Affects version2.0.0

  24. User profile photos not displaying and users missing from reports due to decryption failures after enabling Encrypt Personal Data on Database. Affects version2.9.12

  25. Visual Face counts enrolled to users not displaying in the AC Report. Affects version2.9.3