Release Notes for Imprivata Privileged Access Management
Release 2.3.202411101557 (November 10, 2024)
- Added support to display Account Updated in the Job History Report for password reset jobs executed on Remote Worker nodes
- Added support to display Account Updated in the Job History Report for key rotation jobs
- Improved handling of Task processing when scheduled tasks are deleted
- Updated WEB Container to version 9.0.96 for new deployments. Existing deployments require an update of the Web Container
- Updated application Framework to version 21.0.5 for new deployments. Existing deployments require an update of the Framework
- Improved security with updated libraries in the Federated Sign In Module v6.5.5.3 20241029. Existing deployments require an update of the Federated Sign In Module
back to top
Release 2.3.202410271550 (October 27, 2024)
- Added support to display the Account Update column in Job History Report for password reset jobs on Records with User/Password. Upcoming releases will include jobs executed on Remote worker and User/Key rotation jobs
- Fixed the issue where users with Record Control: Viewer or Unlock were unable to join sessions after having their request approved
- Fixed the issue with processing approval results when using certain punctuation marks in the email approval keyword list
back to top
Release 2.3.202410131511 (October 13, 2024)
- Added support for number matching in Proxy sessions and MFA-required workflows when integrating with OneSign Confirm ID 24.1 (Xena) with Number Matching enabled
- Fixed ordering of rows on Users report when pagination set to 100 items per page
- Resolved deadlock issues during the concurrent scheduling of multiple task execution jobs
back to top
Release 2.3.202409291532 (September 29, 2024)
- Added capability to enable JMX monitoring on the PAM web container
- Fixed login issue with OneSign Confirm Id 24.1 (Xena) integration when Number Matching is enabled. This change applies for new deployments. Existing deployments require update of Federated Sign in component to version 6.5.5.3 or higher
back to top
Release 2.3.202409151525 (September 15, 2024)
- Fixed the issue with overwriting cas.authn.ldap.dnFormat value after changing the domain controller via the UI
- Improved performance of the Queue Service process during job execution
- Fixed the issue with cut and paste operations between different containers
- Updated WEB Container to version 9.0.93 for new deployments. Existing deployments require an update of the Web Container
back to top
Release 2.3.202409011531 (September 01, 2024)
- Added support for securing and managing Autologon Domain Accounts (Windows Kiosk mode)
- Fixed the issue with custom date format on the Application Nodes and Database settings page
- Improved debug logging during task execution
- Fixed the issue with application updates on Windows Server 2016 and 2019 installations
- Improved security for the execution of the Password Set Remote Windows Task
back to top
Release 2.3.202408181516 (August 18, 2024)
- Added PAM Centralized Deployment Manager (CDM), an Ansible-based toolset, to help automate PAM deployment on Linux. The tool will deploy and manage multi-master PAM farms with remote nodes. Guide to use the tool can be found at https://help.xtontech.com/content/installation/linux-installation-guide/centralized-deployment-manager.htm
- Removed Database event category from the Session Event overlay in recorded video playback
- Improved security for SSH connections during task execution when using SSHD connectors
- Fixed the issue when the PAM SSH Proxy tunnel loses connection during file downloads
- Fixed the issue when exporting Requests Report with deleted records
back to top
Release 2.3.202408041538 (August 04, 2024)
- Added display of Approved By or Rejected By to the Email notifications
- Fixed the issue with Requests Report not displaying deleted records
- Fixed the issue with applying custom date format for My Alerts and Request For Approval reports
- Updated WEB Container to version 9.0.91 for new deployments. Existing deployments require an update of the Web Container
- Updated application Framework to version 21.0.4 for new deployments. Existing deployments require an update of the Framework
back to top
Release 2.3.202407211647 (July 21, 2024)
- Added functionality to delete files from temp locations used by PAM. The frequency with which the delete process is scheduled is controlled through a new parameter "Temp Folder Retention"
- Fixed the issue with executing tasks using custom scripts requiring dynamic account name
- Fixed the issue with displaying Dual Account Audit Log Report when Dual Account parameter is set to Disabled
- Updated Apache log4j v2 to the latest version 2.23. Note that PAM is shipped with log4j1 and the migration to log4j2 has to be done manually
back to top
Release 2.3.202407071600 (July 07, 2024)
- Added a filter box to simplify searching on Workflow Bindings page
- Added validation during move operations (cut/paste) of new records to ensure that target container allows only record types based on its defined Vault(s)
- Fixed the issue with missing Requested Date on the My Requests report
- Fixed the issue with incorrect date format for Requested Date in email notifications and exported My Requests report
back to top
Release 2.3.202406231542 (June 23, 2024)
- Added new Properties option for containers (folders and vaults)to display container metadata
- Added support for native Azure token authentication for MSI Accounts. This will allow Azure MSI accounts to authenticate into PAM via API calls
- Added a filter box to simplify searching on Local Users, Local Groups, Discovery, Workflows, Command Control, Behavior Profiles pages
- Added support for specifying LDAP server and optional port in ADSReplicate and ADSReplication commands, enabling SSL connections where specified
- Improved performance of Access Report
- Improved security of REST API designed for password formula validation
- Improved security when PAM is integrated with Enterprise Access Management (formerly OneSign) v24.1 for second factor authentication with number matching enabled.
It is recommended to disable the EAM Number Matching feature to retain Push notification support using PAM. This change applies for new deployments. Existing deployments require update of Federated Sign in component to version 6.5.5.2
back to top
Release 2.3.202406091757 (June 09, 2024)
- Added Dual Account Management for High Business Continuity Scenarios. Information regarding business purpose and configuration can be found at https://help.xtontech.com/content/administrators-and-power-users/tasks/additional-topics/dual-account-control.htm
- Added filter box to simplify searching on Global Permissions and Global Roles pages
- Redesigned export process to write temporary files to the $PAM_HOME/content/tmp folder instead of the Export location
- Improved message in the Audit Log report when modifying fields for record types
back to top
Release 2.3.202405261528 (May 26, 2024)
- Fixed the issue with Windows uninstaller where some files were not deleted post uninstall
- Added improved logging during CSV and XLSX report generation
- Updated WEB Session Manager components to the latest version 1.5.5 including FreeRDP 2.11.7. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Labs - Added Dual Account option with possibility to update status of Task Execution Delay to Active or Inactive
back to top
Release 2.3.202405121544 (May 12, 2024)
- Fixed the issue with failure to copy folders with assigned Workflows
- Optimized queries to Active Directory when pulling data for Users Report
- Fixed the issue with tunneled connections using SSH Proxy
- Fixed the issue with displaying Type field for deleted records in CSV or PDF downloads for Sessions Report
- Fixed the issue with error message after attempting to add AzureAD user to the local group
back to top
Release 2.3.202404281526 (April 28, 2024)
- Added capability to prevent malicious commands from being executed using the password reset functionality. An administrator can blacklist certain string or regex expressions through a parameter "User Input Validation" under Administration>Settings>Parameters
- Added a new parameter "Record Cache TTL" under Administration>Settings>Parameters to improve performance when retrieving frequently accessed records
- Fixed the issue with truncated record details displayed on the Quick view page
- Added checks to ensure user has Unlock+ permissions on a record referenced through Dynamic search when accessed through the PAM browser extension plugin
- Updated WEB Container to version 9.0.88 for new deployments. Existing deployments require an update of the Web Container
- Updated application Framework to version 21.0.3 for new deployments. Existing deployments require an update of the Framework
back to top
Release 2.3.202404141615 (April 14, 2024)
- Added description column to the Record Type summary page
- Fixed the issue where changes to syslog settings via UI updates log4j2.pam.xml when PAM instance is configured with log4j2
- Fixed the issue with MFA grace period when cas.authn.mfa.globalProviderId is set in catalina.properties
- Fixed the issue with failed connections to Unix Host with Protected key records when using PuTTY generated key in ppk format as private key and converting to Openssh format public key
- Updated SSHD core libraries with improved features and security for SSH connections
back to top
Release 2.3.202403311616 (March 31, 2024)
- Added support for Pass-through and Dynamic Login to the PAM browser extension . Published extension version is 1.49 on Chrome, Edge and Firefox
- Enhanced SSH key generation algorithms to improve key rotations and connections
- Improved stability of WEB SSH sessions when connecting with SSH keys
- Improved stability of remote job execution with SSH connections
- Added pre-defined Field ID mapping to the Web Extension for the Imprivata Enterprise Access Management web portal
- Fixed the issue with JWT signing key generation for new deployments with Federated Sign-In version 6.5
- Fixed the issue with restoring credentials from Record Change History when underlying record type name has been updated
- Updated WEB Container to version 9.0.87 for new deployments. Existing deployments require an update of the Web Container
- Updated application Framework to version 21.0.2 for new deployments. Existing deployments require an update of the Framework
back to top
Release 2.3.202403171516 (March 17, 2024)
- Added the option to jump to a specific session event on the session recording video playback
- Added validation on the updateField API
- Improved security with updates to PostgreSQL libraries in Federated Sign-in module
back to top
Release 2.3.202403101505 (March 10, 2024)
- Optimized performance when copying large volume of records into another container
- Fixed the issue with Web session logging out a user while they have an active session in another tab or window
back to top
Release 2.3.202403031540 (March 03, 2024)
- Added the option to search by Record Name for deleted records in Sessions and Session Events report
- Improved handling of Federated Sign-In version in the Windows Powershell Installer
- Labs - Added Pass-through and Dynamic Login support to Browser Extension
back to top
Release 2.3.202402251536 (February 25, 2024)
- Improved reliability of database import for large datasets
back to top
Release 2.3.202402181543 (February 18, 2024)
- Updated Federated Sign-In component version to 6.5. Migration instructions from existing version to the latest are provided at https://help.xtontech.com/content/installation/federated-sign-in-module/federated-sign-in-v6.5-migration.htm
Note: DUO will be standardizing on their new Universal prompt from Mar 30, 2024. DUO MFA customers will need to update to latest Federated Sign-In version and reconfigure their PAM integration as per updates on https://help.xtontech.com/content/installation/integrations/duo-security.htm prior to this March 30, 2024 deadline to minimize disruption
- Updated Windows and Linux installers to provide option of Federated Sign-In version for new deployments. It is our recommendation to use this latest 6.5 version for new PAM instances and existing PAM instances should match their current deployed major version
back to top
Release 2.3.202402111528 (February 11, 2024)
- Updated SSHD connector as the default for SSH connector type parameter for new deployments.The SSHD Connector provider includes extended cryptography algorithms to support job executions on different sets of devices
- Updated Imprivata PAM browser extension on Firefox to Manifest V3 which is the latest version of the extensions platform for Safari, Firefox, and Chromium-based browsers
back to top
Release 2.3.202402041456 (February 04, 2024)
- Added support for session event masking conditions to include Clipboard text event type
back to top
Release 2.3.202401281558 (January 28, 2024)
- Fixed the issue with searching by ID for Inventory report
- Fixed the issue with remote job execution for AD and LDAP user records
- Improved stability of the import process for cases with broken data in the export file
back to top
Release 2.3.202401211516 (January 21, 2024)
- Added option to disable auto import of LDAP certificates in PAM by setting properties xtam.ldap.cert.auto-import=false and xtam.web.cert.auto-import=false in $PAM/web/conf/catalina.properties. These properties are set to true by default
- Added the option to search by ID for Requests, Inventory, and Users reports
- Fixed the issue with concurrent LDAP certificate imports
- Fixed the issue with case-sensitive search for Task column in Job History report
- Fixed the issue with Database import operation due to constraint violation in certain cases
back to top
Release 2.3.202401141447 (January 14, 2024)
- Updated Copyright year to 2024 in the Federated Sign-In login page for new deployments
- Added ability to perform case-insensitive search on reports
- Fixed the issue with password cache for AD users
- Improved performance on Shared with me page
- Fixed the issue with performing cut and link operation on hidden record types in vaults
back to top
Release 2.3.202401071515 (January 07, 2024)
- Updated Copyright year to 2024 in the application installers
- Fixed the issue with performing cut and paste operation on hidden record types in vaults
- Fixed the issue with displaying long text in Session Events Keyframes
- Fixed a typo in the script for the Windows PowerShell installer
- Fixed the issue with autofill for certain websites on PAM browser extension plugin for Chrome and Edge
back to top
Release 2.3.202312311512 (December 31, 2023)
- Improved user experience to the Session recording video playback by bringing in color coded keyframes to the timeline representing each type of session event (key sequences, file activity, clipboard, database, In-Session)
- Added integration with Shibboleth IdP V4
- Added the option to include the workflow rejected reason with a {{request.reject.reason}} placeholder in a custom email template
- Updated WEB Container to version 9.0.84 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202312241507 (December 24, 2023)
- Improved performance on Proximity Groups page
- Fixed the issue with incorrect time displayed in the ACL column on Inventory Report
- Improved application startup error handling when SSH proxy fails to start
- Updated Session Manager to version 1.5.3-20231215 including FreeRDP to 2.11.2. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Labs - Updated Copyright year to 2024 in the login page of the Federated Sign In module for the new deployments
- Labs - Updated Copyright year to 2024 in the application installers
- Labs - Updated WEB Container to version 9.0.84 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202312171531 (December 17, 2023)
- Improved spacing between UI components in the Mass operation log window
- Fixed the issue with Database import operation in certain cases
- Labs - Updated WEB Container to version 9.0.84 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202312101524 (December 10, 2023)
- Added the option to Request Access for actions on Users report
- Added additional logging for troubleshooting Azure AD issues
- Fixed the issue when editing Record type icons
- Fixed the issue with breadcrumbs on Workflow Instance page
back to top
Release 2.3.202312031538 (December 03, 2023)
- Implemented System Log archival on Remote Worker Nodes based on System Logs Retention property
- Added the unit of time measure label for parameters on Application Nodes page
- Fixed the issue with rare cases of remote job executions on slow Windows endpoints
- Fixed the issue with the failed access to API documentation
- Fixed the issue with breadcrumbs on the Reindexed Record Types page in the German language
- Fixed the issue with resetting GAUTH MFA for installations integrated with MS SQL database in case sensitive mode
- Updated WEB Container to version 9.0.83 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202311261510 (November 26, 2023)
- Added the option to search Session Event report using IP address criteria
- Added the option for the Cron Expression Builder to edit existing cron expression in addition to creation of new ones
- Fixed the issue when authentication to rdp proxy fails for certain passwords
back to top
Release 2.3.202311191534 (November 19, 2023)
- Added Instant Video Playback accessed Audit Log Event to the Audit Log report
- Fixed the issue for retrieval of Distinguished Name for shadow account when executing LDAP User password Reset task
- Fixed log4j dependency issues with uploading Public Key Authentication for SSH Clients from My profile > Preferences page
- Labs - Updated WEB Container to version 9.0.83 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202311121512 (November 12, 2023)
- Added support for Azure AD federated with cloud or on-premise AD with ADFS
- Updated the audit log message for token-based authentication
- Added support for remote app with SQLDeveloper 23.1 version
- Fixed the issue with displaying parameter "Password Reset LDAP Validation" on My Profile>Preferences page
- Fixed the issue with foreign key constraint error during DB import when vault level workflow template is added to a vault
- Fixed issue with ssh proxy connection for a double hop proxy configuration
- Labs - Added capability to authenticate with Azure managed identity
back to top
Release 2.3.202311051457 (November 05, 2023)
- Fixed the issue when user input was allowed too soon for SQLDeveloper Remote App Launcher record
- Labs - Fixed the issue with MFA for installation with Framework 21.0.1 and Federated Sign In 6.5
back to top
Release 2.3.202310291429 (October 29, 2023)
- Fixed the issue with MFA grace period for installations integrated with MS SQL database
- Added a server-side check to prevent task execution on the Main node if record permissions include a user that belongs to a group with a service global role
- Fixed the issue with creating a record with hidden record type in a container
- Updated application Framework to version 21.0.1 for new deployments. Existing deployments require update of the Framework
- Updated WEB Container to version 9.0.82 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202310221524 (October 22, 2023)
- Added an Audit Log Event when accessing a Session Event report from the Report Center
- Fixed the issue when exporting Sessions report on all levels with selected columns
- Labs - Updated application Framework to version 21.0.1 for new deployments. Existing deployments require update of the Framework
- Labs - Updated WEB Container to version 9.0.82 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202310151502 (October 15, 2023)
- Added WEB Session manager version to About page
- Updated favicon with new Imprivata logo for browsers extensions
- Improved overall processing of folder copy and paste operations
- Updated PAM core libraries for Windows, Linux x86 and Linux arm platforms
back to top
Release 2.3.202310081525 (October 08, 2023)
- Improved performance of search for Active Directory Users or Groups
- Improved performance of applying permissions to Active Directory Users or Groups
- Fixed the issue with Relay node updates in certain cases
- Labs - Improved overall processing of folder copy and paste operations
- Labs - Updated favicon with new Imprivata logo for browsers extensions
back to top
Release 2.3.202310011524 (October 01, 2023)
- Added a sample report with Record ID Filter under Custom Queries
- Added Test button for the Content Location, Export Location and Temporary Location global parameters to validate that provided location exists and the PAM service can read/write from this location
- Added validation during CSV file import to only import record types allowed within the Vault
- Fixed the issue with the remote node hanging during the update
back to top
Release 2.3.202309241514 (September 24, 2023)
- Added validation to ensure records of configured record types for a vault can be copied via the Copy Links action
- Updated WEB Session Manager components to the latest version 1.5.3 including FreeRDP 2.11.1. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Fixed an issue with Record level Session Events report not rendering data
- Fixed an issue with displaying correct Type in Import logs when there is a failure during CSV Import
back to top
Release 2.3.202309171539 (September 17, 2023)
- Added support for exporting and importing JWT signing key history during database Import/Export operation
- Updated favicon with new Imprivata logo
- Added logging when pasting a record into a vault where the associated record type is not allowed
- Added support for exporting all reports fields in CSV, XLSX, PDF formats for all levels reports
- Fixed the issue with cut and paste a record into a vault where the associated record type is not allowed
Release 2.3.202309101528 (September 10, 2023)
- Added a configurable Grace Period option for proxies and workflows requiring MFA authorizations
- Fixed the issue with Relay session not completing if master node Temporary Location is not valid
- Labs - Added support for arguments based Password Reset for AutoLogon Account with Shadow Account
- Labs - Updated WEB Session Manager components to the latest version 1.5.3 including FreeRDP 2.11.1. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
back to top
Release 2.3.202309031638 (September 03, 2023)
- Added Vault selector option to only allow a Record Type to be visible within the defined Vault(s) for record creation
- Fixed the issue with updating the password for the referenced record while the Reset Password job is being executed on Remote Worker
- Fixed the issue with the Periodic Password Reset task execution
- Fixed the issue with database import operation
- Labs - Updated WEB Container to version 9.0.80 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202308271538 (August 27, 2023)
- Added new Record Type Microsoft Entra ID to support password reset of Entra ID (Azure AD) user accounts
- Fixed the issue with Minutes after unlock task policy having a max value of 356
- Updated WEB Container to version 9.0.79 for new deployments. Existing deployments require update of the Web Container
- Updated versions of client side libraries in the Federated Sign-In module
back to top
Release 2.3.202308201618 (August 20, 2023)
- Added SSO JWT Signing key history page with restore options
- Fixed the issue with new relay node configuration
- Updated WEB Session Manager components to the latest version 1.5.3. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Labs - Updated WEB Container to version 9.0.79 for new deployments. Existing deployments require update of the Web Container
- Labs - Added the option to add the record type to the specific vault on Edit record type page
back to top
Release 2.3.202308131130 (August 13, 2023)
- Added support for arguments based Password Reset Remote Windows PowerShell scripts. Current tasks should be reconfigured to use new scripts if needed. Otherwise, current tasks will remain the same.
- Improved performance of loading and searching for Users report
- Optimized the process of alerts generation and added more logging for troubleshooting purposes
- Labs - Updated WEB Session Manager components to the latest version 1.5.3. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
back to top
Release 2.3.202308061134 (August 06, 2023)
- Updated WinRM protocol for script executions on remote Windows Hosts to support future extensions
- Updated application Framework to version 17.0.8 for new deployments. Existing deployments require update of the Framework
- Updated WEB Container to version 9.0.78 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202307301105 (July 30, 2023)
- Added full breadcrumb path to the record on Create record page
- Optimized performance of copying and pasting objects with large folder structure
- Labs - Fixed the issue with vulnerability for new deployments that include Federated Sign-In 6.5 module
back to top
Release 2.3.202307231143 (July 23, 2023)
- Added new parameter to manage pre execution of the Password reset LDAP script
- Added the option for custom queries to filter by secured IDs using '=', 'in' and 'like' operators with specific values and by ':search' property
- Fixed the issue with supporting passwords longer than 16 characters for RDP proxy sessions with enabled MFA Confirm ID for the user authentication
- Fixed the issue with Periodic Password Reset task execution
- Fixed the issue with errors after clicking the button View Objects for AD users on Users report
- Fixed the description of Manage permission on Grant Access page for Global Permissions
- Improved server side permissions check on Tasks page for users without Owner or Manager permissions
- Labs - Updated application Framework to version 17.0.8 for new deployments. Existing deployments require update of the Framework
back to top
Release 2.3.202307161125 (July 16, 2023)
- Added reporting of Session Connected and Session Disconnected events to integrated ServiceNow tenants
- Added the option to configure After Create task execution policy for new deployments
- Labs - Improved security around API authentication when application is configured to use non-standard ports for installations with Federated Sign In 6.5
- Labs - Updated WEB Container to version 9.0.78 for new deployments. Existing deployments require update of the Web Container
- Labs - Added three new scripts for Password Reset Scripts allowing to pass passwords through the script parameters
back to top
Release 2.3.202307091122 (July 09, 2023)
- Added vertical scroll bar for Mass Operations Log page
- Updated WEB Session Manager components to the latest version 1.5.2. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
back to top
Release 2.3.202307021107 (July 02, 2023)
- Removed record type hyperlink from a Record inherited Task List screen for users other than System Administrators
- Labs - Updated WEB Session Manager components to the latest version 1.5.2. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Labs - Deleted groovyScript MFA provider for installation with Federated Sign In 6.5
- Labs - Fixed the issue with SAML Single Logout for installations with Federated Sign In 6.5
back to top
Release 2.3.202306251223 (June 25, 2023)
- Fixed the issue with auto archival of Audit Logs
- Updated WEB Container to version 9.0.76 for new deployments. Existing deployments require update of the Web Container
- Labs - Fixed the issue with an incorrect error message after SwitchCASVersion command execution for migration to Federated Sign in 6.5
back to top
Release 2.3.202306181226 (June 18, 2023)
- Fixed the issue with displaying incorrect PUSH notification for approved Azure AD MFA required workflow action
- Fixed the issue with activation of Azure AD B2C Guest User in user profile
- Fixed the issue with establishing SSH, RDP Proxy connections as well as for Workflow Requests requiring MFA for Azure AD B2C guest users
- Labs - Updated WEB Container to version 9.0.76 for new deployments. Existing deployments require update of the Web Container
- Labs - Fixed the issue with displaying empty SSO field on About page for Federated Sign In 6.5
back to top
Release 2.3.202306111146 (June 11, 2023)
- Implemented new welcome message for SSH proxy session initiated through the relay node
- Improved reliability of application updates
- Added an option to limit script viewing
- Fixed the issue with incorrect SSH proxy prompt for the master node
- Fixed the issue with application updates for relay node
- Labs - Added the option to reset Google Authenticator MFA token for Federated Sign In 6.5
back to top
Release 2.3.202306041250 (June 04, 2023)
- Optimized SSH Proxy session establishment performance through the relay node
- Fixed the issue with remote users displaying for SSH Proxy sessions through the relay node
- Fixed the issue with selecting MFA provider without user for MFA page
- Fixed the issue with displaying Subscribe button on Search screen
- Fixed the issue with creating session objects on master node for repeated connections from SSH Proxy internal shell through the relay node
- Fixed the issue with German, Russian and Portuguese languages translation on Job Summary report for time selector
- Fixed the issue with German, Russian and Portuguese languages translation on Cron expression builder page for Hours, Day and Month tabs
back to top
Release 2.3.202305281231 (May 28, 2023)
- Added support for RDP proxy sessions through the Relay Node
- Fixed the issue with German, Russian and Portuguese languages translation on Parameters page for the recently added parameters
- Fixed the issue with German, Russian and Portuguese languages translation on Parameters page for the groups of parameters
- Updated WEB Container to version 9.0.75 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202305211122 (May 21, 2023)
- Added support for Microsoft Azure AD MFA with Number Matching for Access Requests that require MFA confirmation
- Added support for Microsoft Azure AD MFA with Number Matching for SSH Proxy sessions
- Fixed the issue with permissions assigning to temporary record for relayed sessions
- Fixed the issue with Time Selector on Session Events report
- Fixed the issue with Time Selector for all Saved Reports
- Fixed the issue with German language translation on Parameters page for help buttons
- Fixed the issue with German language translation on Job History report for State column
- Added system log messages to troubleshoot deletion of temporary session recordings
- Labs - Added support for RDP proxy sessions through the Relay Node
- Labs - Updated WEB Container to version 9.0.75 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202305141310 (May 14, 2023)
- Fixed the issue with failure to execute jobs for a record with granted permission to a groups that includes a locked local service account
- Fixed the issue with German language translation on Reports filters
- Optimized RDP Proxy Remote App Launch Stability in certain situations
- Fixed the issue with the links to Job History and Job Summary reports on Report Center page
back to top
Release 2.3.202305071136 (May 07, 2023)
- Fixed the issue with PAM browser extension for certain Websites that do not recognize values set in User and Password fields for Chrome, Edge and Firefox Browser extensions. The update is pending approval from browser extension stores
- Fixed the issue with German language translation on Job History report
- Fixed the issue with German language translation on Report Center page for reports names, links and descriptions
- Fixed the issue with exporting Job History report with All Jobs filter selected
- Improved Server side permission checks for Sessions Report
- Fixed the issue when PAM is not reflecting changes made to user name in AD configuration in situations when a service account DNs that contain comma
back to top
Release 2.3.202304301105 (April 30, 2023)
- Added Checkout and MFA as selectable columns to the Workflows report
- Fixed AD integration issue with AD user/manager having names with comma
- Improved security on active sessions launched through relay nodes
- Updated application Framework to version 17.0.7 for new deployments. Existing deployments require update of the Framework
- Updated WEB Container to version 9.0.74 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202304231130 (April 23, 2023)
- Added support for blacklisting ciphers used for RDP Proxy sessions
- Improved Server side permission checks for access to Recorded Sessions in all formats
- Labs - Updated application Framework to version 17.0.7 for new deployments. Existing deployments require update of the Framework
- Labs - Updated WEB Container to version 9.0.74 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202304161253 (April 16, 2023)
- Added the option to configure Relay Node to be displayed for specific containers or records based on Proximity Groups selector
- Added support for rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519 Host Key Algorithms; diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges to WEB SSH sessions. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Added ability to change Azure AD Users password from the My Profile page
- Added display of warning and error messages on Database export UI page
- Fixed the issue with the breadcrumbs on folder level Workflow Bindings Report page
- Fixed the issue with sorting by Record field on Tasks Report page
- Fixed issue with certain special characters in User and Password fields for Chrome and Edge Browser extensions. Published extension version with the fix is 1.45
- Fixed the issue with German language translation on Command Control page
- Fixed the issue with view records when using SSH Proxy Shell with Relay node
- Updated WEB Session Manager component to the version 1.5.0 including FreeRDP 2.10, libssh2 1.10. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Improved security for API authentication with tokens for deployments with two Duo Security MFA configurations enabled. This change applies for new deployments. Existing deployments will require update of Federated Sign In module
- Labs - Added support for blacklisting ciphers used for RDP Proxy sessions
- Labs - Improved server side permission checks for Record Sessions report
back to top
Release 2.3.202304091157 (April 09, 2023)
- Added a visual indicator in the record list for records with active sessions
- Fixed the issue with Web session service restart on some Linux installations when there is an active session
- Labs - Fixed issue with certain special characters in User/password fields for Chrome and Edge Browser extensions
- Labs - Updated WEB Session Manager component to the version 1.5.0 including FreeRDP 2.10, OpenSSL 3.0.2, libssh2 1.10. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
- Labs - Added support for rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519 Host Key Algorithms; diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges to WEB SSH sessions. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
back to top
Release 2.3.202304021148 (April 02, 2023)
- Added interactive shell support for SSH Proxy sessions through the Relay node
- Fixed the issue with the tooltip location for the button File Browser in Web sessions with enabled German language
- Fixed the issue with incorrect displaying user permissions in Access Report
- Fixed the issue with missing Session Control option on Grant Access page
- Fixed the issue with displaying record name in the session column of the Session Events report for the events related to currently deleted records
- Fixed the issue with the quick playback option for the recordings of the deleted records
- Fixed the spelling mistake on the Clipboard button tooltip on the WEB Session GUI toolbar
- Labs - Improved security for API authentication with tokens for deployments with two Duo Security MFA configurations enabled. This change applies for new deployments. Existing deployments will require update of Federated Sign In module
back to top
Release 2.3.202303261146 (March 26, 2023)
- Fixed issue with Launch SSH Client button displayed on Relay Connect dialog for non-ssh records
- Fixed issues with missing German language translations
- Updated WEB Container to version 9.0.73 for new deployments. Existing deployments require update of the Web Container
- Improved security around API authentication when MFA is enabled. This change applies for new deployments. Existing deployments will require update of Federated Sign In module
- Improved security around API authentication when application is configured to use non-standard ports. This change applies for new deployments. Existing deployments require update of Federated Sign In module
- Labs - Fixed the issue with TOTP enforcement during access request workflow for CAS 6.5 deployments
- Labs - Fixed the issue with logout after expiration of authentication tokens for deployments with CAS 6.5
back to top
Release 2.3.202303191222 (March 19, 2023)
- Added support for German language on the application GUI
- Added ability to launch sessions using SSH clients, such as putty, and route traffic through the Relay Node instead of a Master Node
- Added Relay Connect dialog on the Record View page to provide connection options and information through the Relay Node
- Implemented automatic retrieval of email address for users configured on Azure AD to be used for PAM alerts and notifications
- Fixed the issue with the broken search for objects with unique permissions
- Labs - Fixed the issue with enforcing MFA for API authentication using username and password with enabled Federated Sign In
back to top
Release 2.3.202303121214 (March 12, 2023)
- Added the option to the record list page to identify checked out records
- Updated the rule description for the Session Score Violation Behavior Profile
- Fixed the issue with sorting by Date column for Jobs Summary Report
- Labs - Fixed the issue when first ssh proxy connection with recording on the freshly started system fails to complete because ADS connection is interrupted
- Labs - Fixed the issue with system logging support for Federated Sign In version 6.5 on Windows deployments
- Labs - Added support for enabling SSH Proxy using catalina.properties parameters
- Labs - Added popup for Relay Connect to view and copy connection string for Relay node
- Labs - Updated WEB Container to version 9.0.73 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202303051145 (March 05, 2023)
- Fixed issue where Alerts were not sent to group members who subscribed for notifications
- Fixed display of timestamp on Date column in Job Summary report
- Fixed issue when there is a trailing space in URL for Directory Service API calls
- Labs: Added support for SSH proxy connection through relay node
- Labs: Updated WEB Container to version 9.0.72 for new deployments. Existing deployments require update of the Web Container
back to top
Release 2.3.202302261036 (February 26, 2023)
- Added the option to mass Cancel multiple selected jobs on the system and record level Job History report
- Fixed the issue with sorting by Date column for Jobs Summary Report
- Improved Server side permission checks for Session Recordings and Session Events
- Labs: Updated WEB Session Manager components to the latest version 1.5.0 including FreeRDP version 2.10.0
back to top
Release 2.3.202302190914 (February 19, 2023)
- Added support to display alternate date formats for downloaded versions of Reports which can be configured from Administration > Settings
- Fixed the issue with occasional 404 error in Inventory report page
back to top
Release 2.3.202302120707 (February 12, 2023)
- Added support to display alternate date formats in Reports which can be configured from Administration > Settings
- Fixed the issue during CSV export of objects from the Root Folder
- Removed warning migration message from all Reports pages
- Fixed the issue with search by unique permissions not returning some folders
- Labs - Added the ability to display alternate date formats on downloaded versions of the Reports which can be configured from Administration > Settings
back to top
Release 2.3.202302050754 (February 05, 2023)
- Added support for Workflow Session Termination for sessions initiated via a Relay Node
- Fixed the issue with displaying event user instead of subscribed user on My Alerts list
- Fixed the issue with displaying password on the Record Quick View screen in case the password contains special characters
- Updated WEB Container to version 9.0.71 for new deployments. Existing deployments require update of the Web Container
- Updated application Framework to version 17.0.6 for new deployments. Existing deployments require update of the Framework
back to top
Release 2.3.202301290932 (January 29, 2023)
- Added support for Remote App execution through a Relay Node
- Added Session Event Report Masking option
- Added context help balloons to the global parameter Password Detection Entropy
- Added help article link to the Record Change History page
- Added support to display Windows Key in the Session Events report
- Fixed the issue with the breadcrumbs path on Personal Vault and Workflow Bindings Report pages
- Fixed the issue with the titles for Permissions pages on Vault, Folder, Record Levels
- Fixed the issue with the titles for Tasks pages on Record Type and Record Levels
- Added debug logging based on connection id to both Master and Relay Nodes to improve connection troubleshooting
back to top
Release 2.3.202301220959 (January 22, 2023)
- Added the option to specify a group with service account member to designate a record for remote job execution
- Fixed the issue with the breadcrumbs path on Command Control, Record Type Formula, Record Type Tasks pages
- Fixed the issue with the titles for all pages under the Administration Left Menu
- Labs - Added logging message about deleting old database tables when switching to a new version of CAS
- Labs - Improved the logic of deleting old database tables when switching to a new version of CAS
back to top
Release 2.3.202301151100 (January 15, 2023)
- Added the option to resolve dynamic and pass-through credentials in the user field when connecting through Relay Node
- Added the option to resolve dynamic credentials in the user field when connecting through Relay Node using Private Key authentication (Unix Host with Key and Unix Host with Private Key record types)
- Added messages for created records and folders in the object import log to match the messages about updated and skipped objects
- Externalized import log messages for multi-language support
- Fixed the error message after trying to add AzureAD user to Local Groups
- Added performance optimization for re-indexing records during reference record update
- Fixed the issue with dry run for CSV export for records with references
- Fixed the issue with Parents drop down control overlapping with left side menu on the Record Type editing screen
back to top
Release 2.3.202301081053 (January 08, 2023)
- Added options to ignore or update existing records when importing records to a vault
- Implemented tunnel authorization for Web Sessions with disabled Web Sockets parameter
- Improved Server side permission checks for Instant Session Recording playback
back to top
Release 2.3.202301011045 (January 01, 2023)
- Removed Reports Tab from the Left Tab Menu in favor of accessing reports using Report Center
- Updated Copyright year to 2023 in the application GUI and command ine utility
- Updated Copyright year to 2023 and a link to EULA in the application installers
- Updated Copyright year to 2023 in the login page of the Federated Sign In module for the new deployments
- Added support to highlight Report Center in the Left Tab Menu in case user opened a Report
- Fixed the issue with the breadcrumbs path on Import Records page
- Fixed the issue with empty dropdown menu in case editing MFA configuration and choosing MFA Deny provider on MFA page
- Fixed the issue with the links to the custom queries highlights in the left side menu
- Updated WEB Session Manager components to the latest version 1.4.0 including FreeRDP version 2.9
back to top
Release 2.3.202212250957 (December 25, 2022)
- Added Session Relay node component to create separation of the session traffic from the control planes in geographically distributed PAM deployments
- Added entropy-based algorithm for password detection to enable future extensions
- Fixed the issue with importing records from PuTTY(.reg) file
- Fixed the issue with errors in the browser console as well as incorrectly displayed Dry Run checkbox after refreshing the Import screen
- Fixed the breadcrumb for Edit Custom Query page
- Fixed the issue with the application performance after executing password reset jobs for records referenced from large number of records
- Labs - Added support to check Permissions and Workflows during the redirection to the relay node
- Labs - Changed Copyright for installations with Federated Sign in
- Labs - JWT token expiration set to 1 minute on master node, expiration check added to relay node
- Labs - Fixed the issue with caching connections from Relay nodes to the Master node
- Labs - Added context help to the global parameter enabling relay node
- Labs - Added the options to ignore existing records and to update existing records when importing records to a vault
- Labs - Fixed the issue with context menu labels for the connection options through relay node
back to top
Release 2.3.202212181031 (December 18, 2022)
- Updated WEB Container to version 9.0.70 for new deployments. Existing deployments require update of the Web Container
- Updated example custom queries for discovered administrators and services by adding search option to filter discovered artifacts by the artifact, host and the discovery query
- Fixed the issue with accessing external Internet servers to cache GUI fonts in new deployments of Federated Sign-In module
- Fixed issue with empty mfa provider drop down value when user edits existing Deny Login provider
- Fixed the issue with displaying session event details report for the sessions of the deleted records
- Fixed the issue with handling of internal data model auto-corrections
- Fixed the issue with attempting to automatically import LDAP certificate during establishing connection to LDAP servers using non-secure channels
- Fixed the issue with blanket periodic system log message about worker engine on the main node bypassing job executions scheduled for the remote nodes by moving the message to the debug level
- Fixed reports description translations in Russian and Portuguese
- Fixed the issue with errors generated during session rendering error processing for the sessions of the deleted records
- Added support for JWT token validation on session relay node
- Improved visual appearance of the screen to redirect sessions to relay node
- Updated copyright year as well as the link to the EULA in Windows executable, Windows PowerShell and Linux installers
back to top
Release 2.3.202212111009 (December 11, 2022)
- Added Deny Login capability to globally deny a principal login to PAM
- Added an example of a custom query to display a list of administrators discovered on remote computers when running a discovery query
- Added an example of a custom query to display a list of user owned services discovered on remote computers when running a discovery query
- Added CSV Export help article to the CSV Export page
- Added description to Bindings, Local Group Membership and Access reports
- Fixed login issues for Azure AD Guest users to PAM
- Fixed the issue with breadcrumb links to Report Center when user navigates back from queries or saved reports
- Updated WEB Container to version 9.0.70
back to top
Release 2.3.202212041016 (December 04, 2022)
- Improved security of REST API functions designed for communications between internal services
- Added the option to build folder level custom queries for queries that contain group by clause
- Added context help to Filter field of the Remote App Host type on the record creation and editing screens
- Added the option to specify $account placeholder in the User field of a record to use the account portion of the current user login without domain as a user part of pass-through credentials when connecting to the endpoint servers
- Added the option to specify PAMACCOUNT placeholder in the job execution script to use the account portion of the current user login without domain when executing jobs on the endpoint servers
- Added the option to specify PAMACCOUNT placeholder in the command template to execute when connecting to the endpoint servers to use the account portion of the current user login without domain
- Fixed the issue with selecting a referenced record on the record creation and editing screens included records for which the current user had only Viewer permissions
- Fixed the issue with including root folder to the Export to CVS function when exporting objects from the root folder
- Fixes the issue with personal vault root folder appearing in the CSV export file causing problems during import
- Labs - Added support for session relay to lookup proximity group configuration on master node controlled by config parameter
- Labs - Added automatic redirect to the relay node. Added Redirect button to show in 5 seconds after failure to automatically redirect to the relay node
- Labs - Fixed the issue when relayed session not marked as "Recording..." while recording in progress
- Labs - Fixed the issue when unsuccessfull relayed records are not removed from relay
- Labs - Renamed backend database table for relayed sessions metadata to RSESSION_V3 to resolve the foreign keys conflict issues preventing creation of these foreign keys
- Labs - Updated WEB Session Manager components to the latest version including FreeRDP version 2.9
- Labs - Updated application Web Container to version 9.0.68 for new deployments. Existing deployments require update of the Web Container
- Labs - Fixed the issue with deny-login option when global MFA is disabled
back to top
Release 2.3.202211270943 (November 27, 2022)
- Added Export to CSV capability that can be used on individual or bulk objects (record and container) to generate a secure, encrypted CSV file
- Updated WEB Session Manager components to the latest version including FreeRDP version 2.8.1
- Implemented quick Download RDP File link on the record list screen to simplify access to the RDP File
- Added up- (for connected nodes) and down-arrow (for disconnected nodes) icons for the node status of the node on the Settings / Application Nodes screen to augment color-based indicators
- Added a lock icon to the session manager port on the Settings / Proximity Groups screen for the session managers with SSL protected traffic to augment color based indicator of the session manager connection status
- Added the actual Special Characters as well as Forbid Using User Name (checkbox) fields into the custom formula report example
- Fixed the issue with deleting a record type that includes or included in the past Command Control Policies
- Labs - Added support for relayed sessions termination
- Labs - Added support for migrating users from Active Directory to Azure AD via command line
back to top
Release 2.3.202211200918 (November 20, 2022)
- Added support for Azure AD Guest user logins to PAM
- Added support to display all sessions as a default option for the record-level session report to allow auditors to quickly review the history of the record access
- Added custom query example to report unique password formula including formula parameters to demonstrate custom query grouping, aggregation, joining, metadata enhancement, record linking options as well as technique to retrieve record policies
- Added Report Center button on Record list page for quick access
- Labs - Fixed the issue with Azure AD guest user password check
- Labs - Added support for MFA Deny Login to avoid enabled MFA bypass
- Labs - Fixed Login message in case enabled MFA-Deny Login for Oracle clients after Oracle proxy session
- Labs - Fixed the issue with CSV export of objects with complex structures
back to top
Release 2.3.202211131043 (November 13, 2022)
- Updated application framework to version 17.0.5 for new deployments. Existing deployments require update of the Framework
- Updated application Web Container to version 9.0.68 for new deployments. Existing deployments require update of the Web Container
- Labs - Fixed the issue with random reference record assignment during the csv file importing
- Labs - Fixed the issue with Deny login error message displaying for WEB logins
- Labs - Added support Radius mfa providers for CAS 6.5
- Labs - Enhancement to Azure AD integration by adding support for external users identities
back to top
Release 2.3.202211061015 (November 06, 2022)
- Added support to preserve session recordings after deleting a record for new deployments. Existing deployments might enable this feature by making field CSESSION.record_id NULL-able in the back end database (no service restart is required)
- Added quick Download RDP File link to the Record View screen to simplify RDP Proxy access to the remote Windows servers
- Added custom query prefix to the custom query name in breadcrumbs for Custom Query reports
- Removed custom query prefix from breadcrumbs where it is not needed
- Labs - Added support for exporting metadata of Folders in CSV format
- Labs - Fixed the issue with completing relayed session with recording when recording does not get saved
- Labs - Fixed the issue with the missing Reference record during CSV Export
- Labs - Fixed typo in the Audit Log message for MFA-Deny Event after SSH proxy login
- Labs - Fixed incorrect displaying of username in the Audit Log message for MFA-Deny Event after SSH proxy login using WinScp
- Labs - Unified the Audit log message for MFA Deny Event after proxy sessions
- Labs - Added support for session relay connect from records list view and record view when the user has connected with recording only permissions
- Labs - Fixed the issue with keystrokes events timestamp for relayed sessions
- Labs - Fixed the issue with relay node checkin correctly updating node endpoint
back to top
Release 2.3.202210301144 (October 30, 2022)
- Added system log messages to troubleshoot connections from remote to master nodes
- Updated default behavior for new deployments to enable dynamic reference from local groups to external LDAP members thereby allowing entry reorganization in the external user directory without breaking local groups membership. The property xtam.ad.members.search=true in $PAM/web/conf/catalina.properties is set for new deployments
- Added support of various initial indexes (0 or 1) for AzureAD entries in configuration file
- Removed requirement of using a service account for Azure AD integrations
- Labs - Added WEB Session Relay node for the option to route WEB Session traffic through faster network segments
- Labs - Added support for Imprivata ID authentication for CAS 6.5
- Labs - Updated Apache Commons Text library in CAS 6.5 to the version 1.10 to resolve discovered library vulnerability
- Labs - Updated the label on the Multi-factor Authentication page for mfa drop down to "Deny login" instead of "MFA-deny"
- Labs - Added audit log message for deny login event for RDP proxy sessions
- Labs - Added audit log message for deny login event for SSH proxy sessions using WinSCP
- Labs - Added parameter to control session relay support for web sessions
- Labs - Fixed errors during CSV export of large amount of records
back to top
Release 2.3.202210231056 (October 23, 2022)
- Added native integration with Azure AD cloud directory for user authorization, search and add AD users to local groups
- Added support for Oracle 19+ versions for new PAM deployments with Federated Sign-In module
- Added support to search for record name having a colon character by enclosing in double quotes
- Fixed the issue with unsuccessful CSV Import where the reference record name has colon character
- Fixed the issue with re-indexing record type records with non-indexed or secure User field should reset User display on the Inventory report
back to top
Release 2.3.202210161126 (October 16, 2022)
- Updated application framework to version 17.0.4.1 for new deployments. Existing deployments require update of the Framework
- Fixed the issue with Bulk Archive and Bulk Restore terminology in the Audit Log following bulk archive and restore operations
- Fixed the issue with the visual indicator for a hidden session toolbar controller for WEB sessions visible when in session participants list, file browser or clipboard controllers are visible on the screen
- Fixed the issue with Interactive and Delegated Approval templates can be saved without approvers and used as an Automatic template
- Labs - Fixed the issue with missing CIDRA_PAP protocol for radius integrations in the Federated Sign-In module
back to top
Release 2.3.202210091138 (October 09, 2022)
- Added a visual indicator to enable easy access of toolbar menu for WEB sessions
- Fixed the issue with password reset task execution for LDAP Server record type using Remote Worker
- Labs - Fixed the issue with incorrect display of user name for Local User on PAM Edit Local Group page
- Labs - Added MFA deny support for RDP and SQL proxy sessions
- Labs - Fixed incorrect message for MFA deny feature for SSH proxy connections using WinScp
back to top
Release 2.3.202210021124 (October 02, 2022)
- Added the option to block and to unblock SSH Public Key to the Edit Local User screen
- Added tooltip for the Delete SSH Public Key button to the Edit Local User screen
- Updated WEB Session Manager for Windows platform including FreeRDP version 2.8
- Fixed the issue where cut and paste of objects to same container creates orphaned objects
- Fixed the issue with the narrow context help box describing SSH Public Key generation controls on the Edit Local User screen
- Fixed the issue with Record/Folder owner permissions were not respected in the Permissions Management page when the Auditor role has been granted to a user
- Added the option to improve performance for large integrated User Directory domains by the allowing to specify several small directory branches for the role search instead of connecting to the large ambient directory tree. To enable multiple connection to user directory role trees, the option allows to specify the following parameters in addition or instead of the regular role search connection points: ldap.roleBase.1, ldap.roleBase.2, ldap[1].roleBase.1, ldap[2].roleBase.2, etc
- Launch Report Center article in a new tab when clicked from the link on report pages
- Labs - Added the option to Export selected objects as CSV file
- Labs - Added warning message for csv export modal window in case no items where selected
- Labs - Fixed the issue with mfa-deny which appears when user connects through ssh proxy
- Labs - Added translation for the Export button in Manage menu
back to top
Release 2.3.202209251205 (September 25, 2022)
- Added the option for system administrators or vault owners to manage ssh public keys of the local users under their management
- Added local users ssh public key management REST API for automation of the application to application access
- Updated help article links on the Discovery, Global permissions and Behavior profile screens
- Labs - Added audit logs for CSV Export
- Labs - Added log4j configuration for Cas6.5
- Labs - Fixed form filler extension for Chrome and Edge browsers on manifest v3
- Labs - Updated WEB Session Manager for Windows platform including FreeRDP version 2.8
back to top
Release 2.3.202209181150 (September 18, 2022)
- Added restriction to limit a number of search query criteria that can be added in GUI
- Fixed the issue with unnecessary checkboxes on the Local Groups screen
- Fixed the issue with error during PAM setup on Linux if the script is run not from the installation directory
- Fixed the issue with vault container get converted into a folder container when using copy and paste action into the root folder
- Fixed the issue with applying script placeholders to Public Key Update Remote SSH script for tasks execution
- Labs - Added Request Export button for users with Service Administrator Global Role in case there is a Workflow Binding applied with enabled Administration actions
- Labs - Added new Federated Sign-In module plugin to implement MFA deny feature
- Labs - Fixed the issue with slow startup time of Federated Sign-In module cause by the loading fonts from Google hosts in the deployments without Internet access
back to top
Release 2.3.202209111221 (September 11, 2022)
- Added description to downloaded versions of the following reports: system level Subscriptions (Alerts) and Subscriptions (Reports), record level Audit Log and Job History
- Added click-able link to a Report Center help article
- Updated WEB Session Manager for Windows platform including FreeRDP version 2.6.2
- Fixed the issue with the password is displayed as email for the passwords with @ character on the record quick view screen
- Fixed the issue with using regular font when displaying non-password secure fields on the record quick view screen
- Fixed the issue with displaying informational message about the Report Center on folder and record level reports
- Fixed the issue with displaying informational message about the Report Center for My Sessions report
- Fixed the issue with pre-creating keys folder on the file system during the application start up to simplify configuration of SSO logins
- Fixed the issue with reporting WEB Sessions that failed to connect as successfully created sessions in the session report
- Added trace level system logging to troubleshoot reporting about establishing of WEB session
- Labs - Fixed the issue with confirmation message after re-enabling RDP access for AzureAD user with incorrect password
- Labs - Fixed the description for Azure AD properties
- Labs - Updated extension for Chrome and Edge browsers to manifest v3
- Labs - Added the option to display mfa-deny on the MFA configuration screen
- Labs - Added mfa-deny support for SSH Proxy
back to top
Release 2.3.202209041201 (September 04, 2022)
- Added the option to disable a server in a proximity group so it would not accept new sessions to broker to facilitate update for remote session managers deployed in high availability configuration
- Updated WEB Container to version 9.0.65
- Updated WEB Session Manager for Linux platforms (x86 and arm) including ssh library 1.10 to enable new modern ciphers and FreeRDP version 2.8
- Fixed the issue with Palo Alto Networks records failing to connect to the destination using WEB SSH Session because of enabled file transfer which is typically disabled on the end point devices. Note that the update affects only new deployments. Existing deployments should create a record type level field FileTransferDisabled (Field Type: Checkbox, Display name: File Transfer Disabled) and check it Enabled in the corresponding record.
- Labs - Added the option to integrate with Azure AD as a user directory provider directly without the requirement to integration with its synchronized Active Directory
back to top
Release 2.3.202208281233 (August 28, 2022)
- Added the option to disable proximity groups to help in building and troubleshooting routing of sessions network traffic
- Added a link to a help page describing script variables and placeholders to the script editing screen
- Added a description to all files generated during subscription or export to pdf, csv, txt , xlsx for all system reports
- Added a warning message on the reports accessed using left side menu prompting users to use Report Center to access report in favor of deprecating left side menu
- Labs - Updated WEB Session Manager for Linux platforms (x86 and arm) including ssh library 1.10 to enable new modern ciphers and FreeRDP version 2.8
- Labs - Updated WEB Session Manager for Windows platform including FreeRDP version 2.6.2
back to top
Release 2.3.202208210859 (August 21, 2022)
- Added the option to search Session Events report by multiple comma separated keywords. Enclose the search condition in the double quotes for precise search criteria
- Added default description to Record level Audit Log report
- Fixed the issue with incorrect name of the report on Records List screen in Reports drop down menu
- Labs - Fixed the issue with resetting TOTP and Yubikey MFA in the deployments with Fededated Sign-In module version 6.x
- Labs - Fixed the issue with failed CSV import of a vault that contains records into a folder
- Labs - Updated WEB Container to version 9.0.65
back to top
Release 2.3.202208141254 (August 14, 2022)
- Added the Single Logout Option to automatically logout a browser session from the OneSign Identity provider when logging out from the WEB Application. The option is configured by the system parameter to the configuration file $PAM/web/conf/catalina.properties
cas.authn.pac4j.saml[0].autoSlo=true
Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter
- Added Description field for the default reports on the report center
- Removed the option to publish and unpublish reports on Report Center page for Personal Vaults
- Removed the option to publish and unpublish reports on Report Center page for Personal Vaults using the Bulk action option
- Removed create option for Custom Queries Tab for Folder level Report Center
- Added extended system logging information about failing to access Federated Sign-In module backend structures to troubleshoot module deployments when run under debug mode enabled by log4j.logger.com.pam.bl=DEBUG parameter in $PAM/web/conf/log4j.pam.properties logging configuration file.
Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter
- Fixed the issue with cleaning legacy files after the application update for the deployments switched to logging version 2
- Labs - Fixed the issue with disabling initialization of Federated Sign-In module version 6.x when disabling open mode using Command Line Utility
- Labs - Fixed the issue with initializing new Federated Sign-In configuration when switching database in the existing deployment using Federated Sign-In module version 6.x
- Labs - Fixed the issue with switching CAS 6.x based deployment to PostgreSQL database
- Labs - Fixed the issue with initial deployment with or switching existing deployments to Federated Sign-In module version 6.x with Oracle backend database
- Labs - Fixed the issue with enforcing TOTP and Yubikey MFA for RDP and SSH Proxy as well as access request workflow operations in deployments using Federated Sign-In version 6.x
- Internal - Changed the method of accessing certificate issuer and subject in Command Line Utility
back to top
Release 2.3.202208071235 (August 07, 2022)
- Added support for ephemeral accounts with key authentication on Linux devices for the Shadow record authentication using key
- Fixed the issue with displaying errors for users with Auditor Global Role on Custom Reports tab for folder level Report Center
- Fixed the issue with missing some Custom Queries on Custom Reports tab of Report Center
- Fixed the issue with incorrectly using private key based connection when executing SSH jobs in case Certificate data exist in the record metadata but not in the record type
- Labs: Fixed the issue with the browser extension filled read-only fields (pending application approval in the browser store)
- Labs: Added the option for the browser extension to only fill user field on the form in case it is present on the record type (pending application approval in the browser store)
- Labs: Fixed the issue with the browser extension filled browser custom fields that are absent in the record type definition (pending application approval in the browser store)
back to top
Release 2.3.202207311144 (July 31, 2022)
- Added support for ephemeral accounts with key authentication on Linux devices for the Shadow record authentication using protected key
- Added the option for users with Owner permissions to view folder level Custom Queries on folder level Report Center
- Added support for multi-byte characters in the user passwords for the new deployments configured with basic authentication
- Added the option to encrypt ticketing systems integration service account password in the configuration file
- Added the option to specify ticket number in the dedicated Ticket Information field instead of the Reason field on the access request form to reference an integrated external service management system ticket
- Added the option to interactively specify a password using dash value for the administrator password parameter in the Command Line Utility Set Directory Administrator Password command
- Added the option to interactively specify a password using dash value for the local user password parameter in the Command Line Utility Create User command
- Updated search help link on the search center on the record list screen
- Fixed the issue with displaying errors on Users Audit Log report after page refresh
- Fixed the issue with deleting ephemeral accounts with running processes on Linux hosts
- Labs - Fixed the issue with the browser extension filled read-only fields
- Labs - Added the option for the browser extension to only fill user field on the form in case it is present on the record type
- Labs - Fixed the issue with the browser extension filled browser custom fields that are absent in the record type definition
back to top
Release 2.3.202207250858 (July 25, 2022)
- Fixed the issue with deploying new system with external database
Release 2.3.202207241157 (July 24, 2022)
- Added support for ephemeral accounts with key authentication on Linux devices. Added new record type Linux Host Ephemeral Account with Key
- Added support for configurable buffer size for RDP Proxy sessions recording to optimize performance of RPD Proxy sessions with recording enabled. To specify custom buffer size add the following parameter to the configuration file $PAM/web/conf/catalina.properties file
xtam.rdp.proxy.recording.buffer_size=1024000
Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter
- Fixed the issue of displaying incorrect search results after searching on the Report Center page
- Fixed the issue with missing letter in the Jobs Summary report label on the Report Center page
- Fixed the issue with the search label on custom queries tab on the report center page to show the number of results
- Fixed the issue with the system report links on the Report Center screen
- Fixed the issue with the report name update button on the Report Center screen
- Fixed the issue with not functional check-boxes on the custom queries tab on the Report Center screen
- Fixed the issue with not functional check-boxes on the global custom queries screen
- Labs: Added the option to bulk export selected containers and records to CSV spreadsheet with encrypted data
- Labs: Added the option to import containers and records to the system vault from encrypted CSV spreadsheet
- Labs: Fixed the issue with incorrect MySQL dialect detected after Windows installation with Federated Sign-In module 6.5
- Labs: Fixed the issue with incorrect TOTP database storage parameters detected after Windows installation with Federated Sign-In module 6.5
- Labs: Fixed the issue with DBConnect CLI command for the Windows MySQL deployments with Federated Sign-In module 6.5 correctly defining database dialect and TOTP database parameters
back to top
Release 2.3.202207171244 (July 17, 2022)
- Added the option for a remote worker node to connect to the master node over the transparent perimeter forward tunnel established by the same node
- Added the option for a remote worker node to connect to multiple master nodes over the transparent perimeter forward tunnels established by the same node
- Labs - Fixed the issue with switching to different database after updating to CAS 6.5
back to top
Release 2.3.202207101204 (July 10, 2022)
- Added Custom Queries area to the Report Center
- Moved references to Saved Reports from Reports tab on global level and from dropdown Reports menu on folder level to the Report Center
- Renamed Reports / Custom Queries menu item to reflect the nature of queries as user defined entity-relationship querying capabilities
- Fixed the issue when search returning out of the box reports in search results on the Report Center
- Fixed the issue with the bread-crumbs links on the Report Center
- Fixed the issue with search results label on the Report Center
- Labs - Updated Federated Sign-In (CAS) Module to the version 6.5
- Labs - Fixed the issue with TOTP MFA after upgrading or downgrading Federated Sign-In (CAS) Module to the version 6.5
back to top
Release 2.3.202207031222 (July 03, 2022)
- Added support for session events recording for file transfers over drive redirection events during RDP Proxy connections
- Added the option for the remote application records to only use application hosts located in the same vault as the record itself to simplify remote application hosts configuration for multi-tenant deployments. The option is enabled by the system parameter xtam.apphost.crossvault.disable=true in $PAM/web/conf/catalina.properties configuration file
- Added title and context help to the Administration / Settings / Mail Server screen
- Added the option to execute scripts right after establishing Switch User session on Unix endpoints
- Fixed the issue with system import using automation scripts when including volume index in the name of the imported export archive
- Fixed the issue with too excessive audit logging for the event of accessing session event report
back to top
Release 2.3.202206261142 (June 26, 2022)
- Added Report Center to consolidate out of the box and saved reports simplifying reports access and management for the system administrations and folder owners
- Added audit log event for accessing Session Events Report for a selected session. Session type, date and operator are mentioned in the audit message along with the user accessing the reports, time of access and the record. Note that accessing cross-sessions Session Events report does not create an audit log record
- Added the option to verify Active Directory user password expiration date over non-secure connection to Active Directory Domain Controller
- Fixed the issue with importing system data using automation scripts when including volume index in the name of the imported export archive
- Labs - Added report center link to the breadcrumbs
- Labs - Fixed the issue of the textarea resize for Description field on Save Report form
- Labs - Added margin to Save and Cancel buttons on Rename and Edit description forms on reports
- Labs - Added generation of audit events to bulk Delete action on Report Center
- Labs - Added support for PostgreSQL database to the migration routine to CAS 6.5
back to top
Release 2.3.202206191318 (June 19, 2022)
- Added support for ephemeral accounts with password authentication on Linux devices
- Added OAuth 2.0 authentication support for IMAP and SMTP protocols to receive email request approvals and to send notifications using Office 365 mail server
- Added support for Use sudo option when executing jobs on Unix endpoints using Switch User mechanism through sudo privilege elevation
- Added the option for the record owners to copy JSON representation of record fields to the system clipboard using JSON option on the record view screen
- Fixed the issue with executing jobs for the Unix Host records that include artifacts of the previous record versions created before switching record type to the one that does not contain these fields anymore
- Fixed the issue with detecting maximum password age in certain configurations of Active Directory policies
- Labs - Added initialization of Federated Sign-In Service for CAS 6.5 version
- Labs - Added the automatic switch to CAS 6.5 properties in case CAS 6.5 is included in the installation package
- Labs - Added automatic detection of CAS version during the registry initialization routine to improve the detection of CAS version by the presence of certain tables in the database
- Labs - Added time to live, time to kill and init schema parameters to the migration routine to CAS 6.5
- Labs - Fixed the issue with pre-populating correct location of Groovy script for selective MFA for deployments with CAS 6.5
- Labs - Added audit log events in case saved report becomes visible through the Report Center
- Labs - Added 65 version to SwitchCASVersion parameter of the command line utility
- Labs - Added init service registry conversion property to the migration routine to CAS 6.5
- Labs - Added routine to disable Federated Sign-In module registry initialization after the first application startup for CAS 6.5 version
- Labs - Renamed the mass publish and mass unpublish buttons on the Report Center Page to publish and unpublish
- Labs - Removed link to custom queries page from Report Center page
back to top
Release 2.3.202206121224 (June 12, 2022)
- Added the option to use dynamic and pass-through credentials for remote application launchers run over WEB RDP or RDP Proxy sessions
- Improved reliability of creating new SSH Proxy sessions through next hop remote session manager
- Fixed the issue with executing After Approval jobs by remote nodes executing jobs in the remote data-center
- Fixed the issue with executing After Session jobs by remote nodes executing jobs in the remote data-center
- Labs - Fixed the issue with the option to Rename, Edit description, Delete Published Reports for non-Owners of the reports on Report Center page
- Labs - Added the option to Publish and Unpublish reports from Bulk Actions menu on Report Center page
- Labs - Added the option to edit report name and report description using a single form on the Report Center page
- Labs - Added handling of Federated Sign-In Inactivity timeout and alternative client IP address header to the migration routing to and from version 6.x
back to top
Release 2.3.202206051257 (June 05, 2022)
- Added the option to automatically logout a user from the application when the user has the browser disconnected from the server by the network transport (such as VPN) or does not have the application open in the browser tab.
The following timeout parameters can be configured in the $PAM/web/conf/catalina.properties file
cas.ticket.tgt.maxTimeToLiveInSeconds=3600
cas.ticket.tgt.timeToKillInSeconds=3600
PamManagement / pammanager service would need to be restarted after adding or modifying these parameters.
- Fixed the issue with detecting maximum password age in certain configurations of Active Directory policies
- Fixed the issue with Re-indexing record type records completed even after failing to perform one of the re-indexing activities on one of the records
- Labs - Fixed the issue when users with Auditor role cannot Publish their own reports in Report Center on folder level
- Labs - Fixed the issue when users with the Auditor Role cannot Delete their own reports via Bulk Actions menu on Report Center page on Folder level
back to top
Release 2.3.202205291316 (May 29, 2022)
- Improved performance of RDP Proxy sessions established with video recording enabled. The option is disabled by default. The option could be be enabled by system parameter xtam.rdp.proxy.compression=true set in the $PAM/conf/catalina.properties file
- Improved performance of Web sessions established with enabled Session Idle Activity Timeout parameter
- Improved performance of SSH Proxy sessions established over the Transparent Perimeter deployment tunnel by disabling tunnel buffering using the following parameters in the $PAM/conf/catalina.properties file: xtam.reverse.tunnel[N].pty=true or xtam.forward.tunnel[N].pty=true
- Added the option to disable audit log collection to the WEB GUI authentication events for the deployments without this option enabled in the Federated Sign-In module by defining system property xtam.cas.audit.auth=false set in the $PAM/conf/catalina.properties file
- Added supporting information about subject and issuer into the error message about failed XSRF token verification to improve troubleshooting of system deployments
- Fixed the issue with displaying errors on Sessions Report page opened from the Request Access form
- Fixed the issue with connecting to AS/400 endpoints with the user name on record as long as the maximum possible length supported by the destination system. Introduced system parameter xtam.driver.as400.user.length to define the maximum user name length for AS/400 endpoints
- Labs - Fixed the issue when users with Owner permissions were able to delete Public Reports from the Report Center using Bulk actions
- Labs - Fixed the issue when users with Owner permissions were not able to delete their own Saved Reports from the Report Center using the button Delete
- Labs - Fixed the issue when users with Owner permissions and Auditor role were not able to delete their own Saved Reports from the Report Center using Bulk Actions menu
- Labs - Fixed the issue with displaying private and public reports for users with Owner permission on Folder level Report Center
- Labs - Added possibility to Publish report on folder level Report Center for users with Owner permissions
back to top
Release 2.3.202205221232 (May 22, 2022)
- Added connection restriction to SSH Proxy sessions for the expired local users using SSH private key to connect
- Added user friendly message in case administrator removing themselves from a Global Role
- Fixed the issue with visual appearance of disabled Revoke Permissions and Remove buttons on the permissions and global roles management screens
- Fixed the issue with enabled revoke global roles button when no global role selected
- Changed the button style for Enter password to encrypt report popup to disabled button by default
- Labs - Added TOTP and Yubikey crypto parameters to the CAS 6.3 migration routine in PAM CLI Utility
- Labs - Updated Logout Follow Service Redirect parameter in the CAS 6.3 migration routine in PAM CLI Utility
- Labs - Added Owner column that shows the owner of the public saved report for Report Center
- Labs - Added Public indicator column to the Report Center
- Labs - Fixed the redirection issue to the custom reports from Report Center
- Labs - Added possibility to view the Report Center on Folder level for the users with Owner permissions
back to top
Release 2.3.202205151203 (May 15, 2022)
- Added support to handle server side keep-alive messages during SSH Proxy sessions
- Added token based authentication support for access request approvals performed using replies to notification email to improve security of email approvals
- Fixed the issue with the same access request requirement for Mailbox and Parameters tabs of system settings screen
- Fixed parameter name translation on parameter update information and error messages
- Fixed the issue with the creating a named index for saved report database table in the existing deployments
- Fixed context help for global parameter Session Idle Timeout to indicate its deprecation
- Labs - Added the option to Publish private report on Report Center screen
- Labs - Added Owner attribute for Custom Reports
- Labs - Fixed the issue with ability to save empty description for saved report
- Labs - Fixed the issue with report management actions available to the users not permitted to use them on the Report Center screen
- Labs - Fixed the issue with system-only level reports available on the folder level Report Center screen
- Labs - Fixed the issue with bread-crumbs on the folder level Report Center screen
back to top
Release 2.3.202205081204 (May 08, 2022)
- Added connection restriction to RDP and SSH Proxy sessions for the expired local users
- Improved performance of RDP Proxy sessions with video recordings
- Updated application framework to version 17.0.3 for new deployments. Existing deployments require update of the Framework
- Announced EOL support for Internet Explorer. Starting July 17, 2022, the Internet Explorer browser will no longer be supported. We recommend IE users transition to using the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox with Imprivata PAM
- Fixed the issue with Active Directory configuration update using WEB GUI or CLI Utility breaking advanced or custom Active Directory configuration
- Fixed the issue with Active Directory configuration update using WEB GUI or CLI Utility incorrectly replacing values commented out in the configuration file to preserve old values with the new values
- Fixed the issue with resizing WEB sessions when changing browser window size
- Labs - Fixed the issue with processing email reply for request mail approve using Office 365 mailbox
- Labs - Added support for sub-folders when processing email reply for request mail approve using Office 365 mailbox
- Labs - Updated WEB GUI to configure request mail approve using Office 365 mailbox
back to top
Release 2.3.202205011211 (May 01, 2022)
- Added the option to disable Enable Mode authentication for CISCO devices when connected through SSH Proxy by using -1 value in the Enable Level field
- Added support for remote node connection to the master farm load balanced with the cookie based session affinity using user and password authentication
- Added the option to control processing of login events using global parameter
- Added description to saved reports exports
- Fixed the issue with too many Login events in the Audit Log when remote node uses multi-master node configuration
- Fixed the issue with updating cookie expiration time during remote node communications with the master farm load balanced with cookie based session affinity
- Fixed the issue with triple system logging about remote node connection to the master node in case of multi-master node configuration
- Labs - Added Graph API implementation for 365 Mailbox processing
- Labs - Updated application framework to version 17.0.3
- Labs - Added default System Reports to Report Center page
- Labs - Changed order of the reports on Report Center to match the order of reports on the left panel
back to top
Release 2.3.202204241153 (April 24, 2022)
- Fixed the issue with user password visible in the system log during user login using CIDRA Password + ID modality for new deployments. Existing deployments require update of Federated Sign In module or re-configuration of logging system.
- Updated components of Federated Sign-In module for new deployments. Existing deployments require update of Federated Sign In module.
- Added Federated Sign-In module version if present to the application About screen
- Fixed the issue with system imports from certain export files breaking the option to create new records
- Fixed the issue with Search Filter displaying in GUI for saved Users report
- Fixed the issue with logout from GUI in certain conditions
- Improved the logic for a remote node connectivity to a master node by refactoring Salt transfer routine introduced in February, 2022 out of remote node connection function
- Improved the logic for a remote node connectivity to a master node by using packaged cookie parsing library
- Added the index name to saved report database table to simplify troubleshooting
- Fixed the issue with missing Search criteria in the reports export files
- Fixed the issue with Browser Extension displaying records when user has Viewer permission and Plugin Level is set to Viewer
- Labs: Updated application framework to version 17.0.3 addressing Psychic Signatures in Java implementation of ECDSE vulnerability, compatibility with Windows Server 2022 detection and other scheduled framework fixes and extensions
- Labs: Added the option to edit report description to the Report Center screen
- Labs: Added Refresh option for Report Center screen
- Internal: Refactored JWT token verification method
back to top
Release 2.3.202204171248 (April 17, 2022)
- Added support for remote node connection to the master farm load balanced with the cookie based session affinity
- Fixed the issue with HTTP Secure Headers update to support filter asynchronous mode
- Optimized system performance when handling session events and audit log reporting by building additional indexes on the corresponding database tables
- Added the option to include a description to saved reports
- Fixed the issue with remote node connection to the master farm in presence of cookies with previously unsupported attributes
- Fixed the occasional issue with remote node connection to the master node caused by incorrectly formatted system cookie
- Fixed the issue with saving reports without name
- Labs: Added extended version information to the Federated Sign-In module
- Labs: Added description to Saved Reports on Report Center page
- Labs: Fixed the issue with renaming reports on Report Center page
- Labs: Updated layout of the Report Center to reorganize selection checkboxes
- Labs: Fixed the issue with migration utility from Federated Sign In module version 5.2.x to version 6.x handling JPA database configuration for TOTP MFA
back to top
Release 2.3.202204101246 (April 10, 2022)
- Unified bread-crumbs navigation for system and folder level reports
- Updated WEB Container to version 9.0.62
- Fixed the issue with incorrect displaying of folder level Custom reports
- Fixed the issue with logging out of the application configured with basic authentication for the user that does not have permissions to any resource
- Optimized performance of the application GUI and REST API for the local users by short-time caching (10 minutes) of the local user expiration date
- Added system logging to troubleshoot remote node connectivity issues
- Labs: Added version information to the Federated Sign-In module
- Labs: Fixed the issue with user password visible in the system log during user login using CIDRA Password + ID modality
- Labs: Fixed Spring4Shell vulnerability in the Federated Sign-In module
back to top
Release 2.3.202204031338 (April 03, 2022)
- Added Automation global role to enable special configuration (such as throttling and quality of service) for machine to machine communications through PAM Server
- Improved response time to block expired local users to use WEB GUI
- Fixed the issue with incorrect label on Password Formula page for local users
- Added system logging message to reflect errors accessing password expiration date of an Active Directory user
- Fixed the issue with errors detecting an Active Directory user password expiration in case of lack or permissions to access or missing some of the attributes required for this detection
- Labs: Fixed the issue with Bulk delete on Report Center for Auditor Global role
back to top
Release 2.3.202203271414 (March 27, 2022)
- Added support for high trust remote session access with optional recording for OneSign Administration Console using Remote Application technology
- Added support for high trust remote session access with optional recording for OneSign Appliance Console using Remote Application technology
- Added HTTP Security headers to the WEB Container configuration during application update and installation (requires one server restart after application update to enable)
- Removed stack trace and server version logging visible in the WEB Browser and REST API calls after server errors (requires one server restart after application update to enable)
- Fixed the issue with state selector on Job History report page for saved reports with state parameter
- Labs: Fixed the issue with Delete Report button label on report center screen
- Labs: Fixed the issue with folder id displaying on Requests report page
- Labs: Fixed the issue with links to folder level saved reports on Report Center screen
- Labs: Fixed the issue with click-able links to out-of-the-box reports on Report Center screen
- Labs: Fixed the issue with links on folder level report center bread-crumbs correctly redirecting to the parent folder
- Internal: Unified Folder ID parameter for all report screens
back to top
Release 2.3.202203201230 (March 20, 2022)
- Updated context help for Administration / Database management screen
- Updated components of Federated Sign-In module
- Fixed the issue with saving a composite proximity group with incorrectly specified IP addresses
- Fixed the issue with failure to establish WEB Session in case of one of the proximity groups defined with incorrect IP addresses
- Labs: Added initially commented out restart computer command to Password Reset for AutoLogon Account with Shadow Account script in case of successful command execution
- Labs: Added out of the box reports to the Report Center
- Labs: Added folder level Report Center component
- Labs: Added HTTP Security headers to the WEB Container configuration during application update and installation
- Labs: Fixed the issue with false successful execution of Kiosk Auto-logon password reset script in case of incorrect initial password
back to top
Release 2.3.202203131245 (March 13, 2022)
- Added support for RDP and SSH Proxy connection through remote session manager tunneled through master node loopback interface to simplify Transparent Perimeter deployments
- Fixed the issue with URL redirection for non-existing application endpoints
- Fixed the issue with executing jobs for Active Directory Users record type
- Fixed the issue with RDP and SSH Proxy connections to IPv6 endpoints through the remote session manager
- Fixed the issue with displaying incorrect time-frame criteria in reports exports for custom selected time ranges
- Fixed the issue with adding a user to a folder level group after approved workflow request
- Fixed the issue with closing system export feedback screen after failed export
- Fixed the issue with product maintenance in various operating environments
- Labs: Added support for OneSign Administration Console as a Remote Application
- Labs: Added support for OneSign Appliance Console as a Remote Application
- Labs: Added mass delete logs when bulk deleting saved reports from the Report Center
- Labs: Added action button with the list of actions for the saved reports in the Report Center
back to top
Release 2.3.202203061120 (March 06, 2022)
- Added quick access option to Shadow Record from the records and record types task lists
- Added quick access option to Reference Record from the record editing screen
- Added the error message for Folder Level Templates management screen when adding a user from another level
- Fixed the issue with Virtual TOTP and Virtual SMS fields tasks executed from the record Quick View screen resulted in the dialog hidden under the quick view screen
- Fixed the issue with the blanket errors in the browser WEB Console when entering invalid number of hours and minutes to the custom time range selector on the reports screens
- Fixed the issue with the folder level group member approving access requests for the objects in different container
- Labs: Added mass actions option to the Report Center screen
back to top
Release 2.3.202202271219 (February 27, 2022)
- Added Access Request Scope Connect option as a global parameter to enable browser extension to fill login forms following approved connect action for HTTP Proxy sessions
- Added Copy to Clipboard button on Virtual MFA dialog
- Added Workflow Template option to wave notifications sent to requester for automatically approved requests
- Updated WEB Container to version 9.0.58
- Fixed the issue with remote worker node connectivity to the master node
- Fixed the issue with conflict executing several jobs originating from different records or shadow records simultaneously on the same host
- Fixed the issue with blanket error message about folder level reports identification in the browser console when accessing Favorites and Archive screens
- Fixed the issue with the pointer shape of the cursor when hovering over the URL on record on the record list screen
- Labs: Added Report Center screen
Release 2.3.202202201302 (February 20, 2022)
- Added the option to manage workflow templates at folder level to facilitate delegation of administration functions to vault owners
- Added Audit log message for Install, Update and Restart operations
- Added re-branded Application to Okta store for SSO integration
- Fixed the issue with tab-nabbing adding special option when opening new window or tab
- Fixed the issue with cutting multiple records located in different folders from the Search results
- Fixed the issue with preserving Workflow Binding MFA Required setting when copying folders
- Fixed the issue with preserving Workflow Binding Checkout Required and MFA Required settings when breaking bindings inheritance
- Optimized the logic of font loading for exporting reports to MS Excel format
Release 2.3.202202131330 (February 13, 2022)
- Added the option to save folder level Inventory report columns, options and filter configuration for quick access
- Added Period timeframe filter display for Reports generated during Email and Folder subscriptions
- Added the option to control Mail Server updating using Workflow Bindings with Administration actions
- Fixed the issue with limiting access control to some global parameters
- Addressed a potential script injection vulnerability
- Fixed the issue with timeframe filter displaying in the Email subscription on reports
- Fixed the issue with updating Saved Report name that includes slashes
- Fixed the issue for Email subscription on Reports for users with Owner permissions
- Fixed the issue for Email subscription on Reports for users with Auditor Global Role
back to top
Release 2.3.202202061116 (February 06, 2022)
- Added support for dynamic port forwarding channel for SSH Proxy tunnel sessions build by native clients with -D option
- Added the option to save folder level Requests report columns, options and filter configuration for quick access
- Added the option to save folder level Job History report columns, options and filter configuration for quick access
- Added the column indicating deleted users for exports of the Users report
- Updated WEB Session Manager components to the latest version
- Fixed the issue with decrypted system export available for for system administrators to require full master password for verification
- Fixed the issue with incorrect options displaying for Manage button for Personal Vaults
- Fixed the issue with missed filter for saved versions of Job History report
- Fixed the issue with incorrect displaying Manage button for Auditor Global Role
- Fixed the issue with periodic health check report attempting to check the status of HTTP Proxy with HTTP Proxy license disabled
- Fixed the issue with renaming a local group that contains parenthesis with the new valid name
- Fixed the issue with allowing local users and groups to have colon characters in the login names
- Fixed the issue with empty state selector Any on saved reports
- Labs: Added back-end part of folder level Workflow templates functionality
back to top
Release 2.3.202201301141 (January 30, 2022)
- Added the option to save folder level Sessions report columns, options and filter configuration for quick access
- Added the option to save folder level Session Events report columns, options and filter configuration for quick access
- Added the Express Export option to exclude historical data from the system export to support quick migration
- Fixed the issue with incorrect options displaying for Manage button on root folder level
- Fixed the issue with non search-able fields on Tokens page
- Fixed the issue with SQL Proxy JDBC version 21 connectivity to Oracle server version 21
back to top
Release 2.3.202201231112 (January 23, 2022)
- Added support for Imprivata ID authentication modality that supports Password and Push MFA for Proxy sessions and MFA required Workflows
- Fixed the issue with missed Search Filter for pdf, xlsx or csv exports of MFA report
- Fixed the issue with missed State Filter for pdf, xlsx or csv exports of Job History, Job summary reports
- Fixed the issue with Search Filter on Authentication Tokens Page
- Fixed the issue with occasional failure to perform an action after providing 2nd factor authentication required by configured workflow binding
- Updated WEB Session Manager to version 1.4.0. Updated WEB Session Manager components to the latest version including updated FreeRDP component to version 2.5.0
back to top
Release 2.3.202201161118 (January 16, 2022)
- Added out of the box system logging configuration for Oracle SQL Proxy to simplify troubleshooting logging when needed
- Added Scope and State filters for Email subscriptions on Sessions and My Sessions Reports
- Updated Copyright year to 2022 in the application installer for Windows
- Updated context help in the managed path configuration for SSO integrations in the application installer for Windows
- Updated Copyright year to 2022 in the login page of the Federated Sign In module
- Updated Apache log4j library in the Federated Sign In module to the latest version for the new deployments. Note that existing deployments could be updated using the previously recommended patch.
- Fixed the issue with duplicated report name in downloaded versions of Sessions Report
- Fixed the issue with missed search filter data for several system level reports: Subscriptions (Alerts), Subscriptions (Reports), Tasks, Users, Workflows, Access, Local Group Membership, Discovery Hosts, Tokens , Alerts, Requests as well as customized saved versions of Inventory and Users reports
- Fixed the issue with missed search filter data for several record level reports: Audit log, Jobs History
- Fixed the issue with allowing local users to have underscore characters in the login names
- Fixed the issue with displaying error verbose message in system and audit logs for unsuccessful Web Session connections for Windows deployments
- Fixed the issue with Re-Enable RDP Proxy option to enable Pass-Through access for users logged in using SAML SSO option
- Fixed the issue with incorrect tooltip displayed for scope filter for My Sessions Report
- Fixed the issue with timeframe displaying after Email subscription on Tasks and Local Membership Reports
- Fixed the issue with incorrect Search Query Type selected on the Record List page for users, who changed Initial Query Type preference
- Fixed the issue with missed Status Filter for pdf, xlsx or csv exports of Discovery Hosts reports
- Fixed the issue with incorrect column name Record in Audit Log and Job History reports displaying instead of Record Name
- Fixed the issue with continuous background radius messages sent by the Federated Sign In module to the Imprivata CIDRA server in case the end user not confirming push request. Note that in addition to the module update the following parameter should be updated as well in $HOME/web/conf/catalina.properties file from existing PAP to new CIDRA_PAP value: cas.authn.mfa.radius.server.protocol=CIDRA_PAP
back to top
Release 2.3.202201091122 (January 09, 2022)
- Added selectors, filter, folder and record information to reports subscriptions and exports as well as to the email notification with the attached report
- Added digital signature to PowerShell installer changed after copyright year update
- Improved session manager load balancing performance
- Fixed the issue with calculation formula for Last Month time selector in reports filters
- Fixed the issue with missing columns for Sessions report saved in PDF format
- Fixed the issue with state selector on Job Summary report displaying state id instead of user-friendly label
- Fixed the issue with state selector on Job Summary report displaying default selector value
- Fixed the issue with state filter applicability when generating pdf, xlsx or csv exports of Job Summary report
- Fixed the issue with exceptions when generating Inventory report subscription in certain situations
- Fixed the issue with copyright year and holder for Linux setup license agreement
- Fixed the issue with load balancing session managers that include localhost inside the same proximity group
- Labs: Fixed the issue with too much Radius traffic created by the Federated Sign-In module after timeout user acknowledging CIDRA push notification
back to top
Release 2.3.20220102110 (January 02, 2022)
- Fixed the issue with the ability to approve or reject non-active workflow using email approval process
- Fixed the connection issue to Web Portals with MFA required Workflow without asking the authentication token
- Fixed the issue with login to the application after successful logout in certain configurations deployed with custom branded Federated Sign In module
- Labs: Added command line utility option SwitchCASVersion to support migration to CAS version 6.3
- Labs: Updated Copyright year to 2022 in the application footer, about screen, Linux and PowerShell installers, command line utility and CAS login page
- Labs: Updated log4j library to 2.17.1 version for new deployments that include Federated Sign-In module. Fixed CVE-2021-44832 vulnerability
back to top
Release 2.3.202112261102 (December 26, 2021)
- Added the option to save folder level Audit Log report column, options and filter configuration for quick access
- Added the option to transfer files in WEB RDP session using SFTP Server configured on the remote Windows Server authenticating with user and password on record. The option is managed by the record type Choice field SFTP with the potential values Enabled,Disabled
- Added a placeholder with INFO level for SSH Proxy log level configuration to the out of the box log configuration file
- Added hidden legacy message to the application health check page to enable backward compatibility with the existing load balancers checking the status of the application. Note that if the load balancer monitor is using page title to detect the health status the new title had been updated to _PAM Health Check Page_
- Optimized memory consumption while generating alerts from session events to avoid Out of Memory issues when processing session events that contain large amount of data
- Fixed the issue with the Risk column name matching GUI and exported Sessions reports
- Fixed the issue with log4j library could be reconfigured to enable vulnerable modules
- Fixed the issue with check-box selectors on the Job History report available to Auditors
- Fixed the issue with displaying error message about saving reports
- Fixed the issue with allowing local users to have @ characters in the login names
- Labs: Updated log4j version to 2.17.0 in the Federated Sign In module
- Labs: Updated log4j version to 2.17.0 in the log4jv2 migration package
- Internal: Disabled HTTP Proxy module in a non-activated product
Release 2.3.202112191110 (December 19, 2021)
- Added the option to save Requests report columns, options and filter configuration for quick access
- Addressed a potential Angular Template injection vulnerability
- Fixed message branding on the system health-check page
- Fixed the issue with cross-out columns display on the Reports Subscriptions report
- Fixed the issue with transferring very large (2Gb+) files using scp over SSH Proxy
- Fixed the issue with login to the application after successful logout in certain configurations deployed with new branded Federated Sign In module
- Fixed issue with incorrect number of sessions count on Sessions report
- Fixed the issue with Action button is missing for Auditors in the saved Job History report
- Labs: Updated log4j version to 2.16.0 in the Federated Sign In module
- Labs: Updated log4j version to 2.16.0 in the log4jv2 migration package
back to top
Release 2.3.202112121126 (December 12, 2021)
- Added the option to save Job History report columns, options and filter configuration for quick access
- Updated application framework to version 17.0.1
- Fixed the issue with log4v2 vulnerability for new deployments that include Federated Sign-In module
- Fixed the issue with the descriptive error message when creating a local user or a local group with special characters in the login name. Added validation to allow only alphanumeric and $, -, (. ), and . characters
- Fixed the issue with details and false positive error reporting of the scheduled tasks password update in the Windows Remote Reset Dependent Services script
- Fixed the issue with the manual software registration
- Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications from RDP Proxy
- Fixed the issue with Management menu area availability for users without global roles accessing not activated system
- Fixed the issue with re-branding of the anonymous link viewer
- Labs: Fixed issue with Push button for ConfirmID MFA in Internet Explorer browser
- Labs: Fixed issue with incorrect message after selecting Log in with an empty token field for ConfirmID MFA
back to top
Release 2.3.202112051108 (December 05, 2021)
- Added the option to save Sessions report columns, options and filter configuration for quick access
- Added the option to save Session Events report columns, options and filter configuration for quick access
- Added re-branding for default TOTP, Yubikey, Duo MFA provider names
- Added re-branding for generated self-signed certificate subject name
- Addressed a potential script injection vulnerability
- Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications from RDP Proxy
- Fixed the issue with moving (cutting and pasting) an object from search screen
- Fixed the issue with mass moving the objects from search, favorites and archive screen
- Fixed the issue with allowing to move objects linked to multiple folders from search, favorites and archive screens
- Fixed the issue with exporting legacy saved reports
- Fixed the issue with incorrectly located Subscribe to Alerts button on the Shared With Me screen
- Fixed the issue with Management menu area availability for users without global roles accessing not activated system
- Fixed the issue with processing checkbox fields when importing records from CSV file
back to top
Release 2.3.202111281108 (November 28, 2021)
- Added Oracle RDBMS server version 21 authentication protocol support for SQL Proxy connections made using native JDBC clients
- Added account management support for F5 BIG-IP network devices including check status as well as direct and shadow password reset script
- Added titles to saved versions of Audit Log, Users, Inventory reports
- Fixed the issue with columns displaying after Email or Folder subscriptions
back to top
Release 2.3.202111211106 (November 21, 2021)
- Added Oracle RDBMS version 10 authentication protocol support for SQL Proxy connections made using native clients
- Added support for Microsoft Azure AD MFA for Workflow actions and Proxy authentication including push and OTP support for the deployments configured with UserPrincipalName property for user identification (user@domain.com)
- Added the option to save Audit Log report column, options and filter configuration for quick access
- Fixed the issue with Cancel button on New Record Type and Edit record type pages
- Fixed issue with archived objects retention policy scheduled execution to remove all the expired objects once a day
- Fixed the issue with exposing unnecessary details about the software license to regular users through the network traffic
back to top
Release 2.3.202111141103 (November 14, 2021)
- Added user preference Search Scope enabling the option for the Browser Extension to exclude records found in the other users vaults for system administrators and auditors
Release 2.3.202111071128 (November 07, 2021)
- Fixed errors during reports export to Excel format
- Fixed the issue with the option to create a local account with the name of the previously deleted account to avoid confusion with the legacy data associated with the old deleted account
- Fixed the issue with large Add Record, Add Folder and Import buttons available on the empty Favorites and Archived pages
- Fixed the issue with Subscribe, Add to Favorites and Save Search buttons available on the empty Favorites and Archived pages
- Fixed the issue with NATO Alphabet button when accessing the application using Internet Explorer browser
- Labs: Prepared update of application framework to version 17.0.1
- Labs: Added cache control mechanism for CAS layout page
back to top
Release 2.3.202110311252 (October 31, 2021)
- Added Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO / SPNEGOEx) authentication support to RDP Proxy connections
- Added the option to search Result column in system, folder or record-level Job History report
- Added Non-Owner Personal Vault Unlock message to the Unlock Audit Log event for the events when a user other than the personal vault owner unlocks a record
- Added support for order by clauses to folder level custom reports
- Updated WEB Container to version 9.0.54
- Fixed the issue with displaying Push Sent message immediately after the first push request
- Fixed the issue with HTML script in the error pop-up after selecting Automatic Registration with an empty Activation Code field
- Fixed the issue with the default report subscription email template subject duplicating words that come from custom report title
- Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications
- Optimized performance of AzureAD MFA OTP
- Optimized performance of Matrix export of Inventory report
- Fixed the issue with misspelled error about Unknown user during Proxy connections
- Internal: Added hidden script to reset auto-logon account on Windows Kiosk computers using domain shadow account
back to top
Release 2.3.2.3.202110241205 (October, 24)
- Added support for Microsoft Azure AD MFA for Workflow actions and Proxy authentication including push and OTP support
- Added Task Execution Policy for After Create events that triggers jobs only when record is created
- Re-branded subject and body of email notifications sent by the PAM server
- Added report title {{report.title}} and timestamp {{now}} placeholders to the default email template for report subscriptions
- Added ${host.short} placeholder to Discovery Query Name Pattern for simple host name without domain qualification
- Fixed the issue with updating CSV-based discovery queries
- Fixed the issue with assigning main host record as a shadow for dependent local accounts when auto-importing records after discovery process
- Fixed the issue with changes to the Report email template are not read until service is restarted
- Fixed the issue with report email does not read the Subject value defined in the template
- Fixed the issue with blanket system log message about archiving audit logs with long retention period
- Fixed the issue with extracting referenced records in break glass scenario for multi-volume archives
- Fixed the issue with blanket system message about accessing non-existing console session object
- Fixed occasional issue with auto-importing records from discovery process
- Fixed the issue with internal formatting of Mass Operations Log page
- Internal: Added element IDs to a number of the WEB application pages to support test automation tools
back to top
Release 2.3.202110171149 (October 17, 2021)
- Added the option to save Users report column and filter configuration for quick access
- Added support to display default port on record on the screen that allows user to select connection parameters when connecting to records with empty host
- Added the option to resolve dynamic credentials ($search:CRITERIA) in the user field when connecting or executing jobs for SSH remote hosts using Private Key authentication (Unix Host with Key and Unix Host with Private Key record types)
- Added tool-tips for Save Report, Refresh, Select Columns, Select ACL, Subscribe, Refresh buttons for Users, Inventory reports.
- Added tool-tip for Refresh button on the Record List page
- Added the option for the auditors to subscribe to system reports
- Added the option to define custom name patterns for records imported from discovery queries
- Submitted re-branded versions of the Browser Extension and Broker Browser Extension into the Chrome, FireFox and Edge WEB stores for approval
- Fixed the issue with the form prompting users to overwrite host and credential information during the record connection conflict with the browser auto-complete feature
- Fixed the issue with Orphaned Objects search type in the application search center and the Search REST API
- Fixed the issue with access requester notifications sent about approval or rejection actions of already approved, rejected or completed request
- Fixed the issue with the Custom Page Title not used for Instant Video Playback
- Fixed the issue with default re-branding for WEB application window title
- Fixed the issue with system event logs for authentication key updates should be sent on the DEBUG level
back to top
Release 2.3.202110111449 (October 11, 2021)
- Fixed the issue with accessing Inventory report using Internet Explorer browser
back to top
Release 2.3.202110102227 (October 10, 2021)
- Added the option to save Inventory report column and filter configuration for quick access
- Added audit log events for WEB Session connection errors
- Added system parameter xtam.proxy.port.rdp for RDP Proxy port for native clients to connect if different from configured with global parameter when re-mapped using load balancer
- Improved system performance when service multiple sessions by changing database lock mechanism to in-memory when updating session heartbeats
- Fixed the issue with simultaneous job execution of different jobs scheduled for the same record
- Fixed issue with deleting referenced archived records by Archives records retention policy
- Fixed the issue with browser field auto-fillers interfere with Discovery Editing form
- Fixed the issue with resolving ${host} placeholder for the user accounts when auto-importing discovered data
- Internal: Re-branded browser extensions to Imprivata theme - pending approvals from browser stores
back to top
Release 2.3.202110032253 (October 3, 2021)
- Added WEB Sessions message banner option for users to acknowledge before starting the session
- Added Archived Objects Retention policy that deletes objects archived before specified number of days
- Added the option to adjust database primary key sequence during application startup using system parameter xtam.sequence.adjust
- Updated license expiration and activation message to new branding
- Updated application Windows and PowerShell installers to new branding
- Updated Windows installer to include metadata in the file properties details screen
- Updated Federated Sign-In module to new branding
- Fixed the issue with Oracle SQL Proxy connectivity for the uses that changed their passwords in the corresponding user directories
- Fixed the issue with first failed execution of password reset job on Windows record results in the successful last action reporting on the record view screen
- Fixed the issue with simultaneous job execution on the same remote host using different accounts
- Fixed the issue with the audit log message missing the record parent information when deleting records from Archived area
- Fixed the issue with the process that approves access requests by email could potentially block system to send email notifications
back to top
Release 2.3.202109262210 (September 26, 2021)
- Added Archive area to display archived records with the option to restore them at the original location, to delete or to bulk delete from the system
- Added Password option to custom form field when scheduling interactive jobs
- Added new branding to the WEB Application, Proxies, CLI Utility, Linux and PowerShell Installers
- Added Open Source Attribution Report distributed in a text format in the application folder templates
- Fixed the issue with SSH Shell CIDRA MFA prompting Push (1) or OTP (2) methods to authenticate
- Fixed the issue with copy and cut actions on Favorites screen
back to top
Release 2.3.202109192223 (September 19, 2021)
- Added Dry Run option when importing objects from CSV, KeePass, PuTTY or Remote Desktop Connection Manager files
- Added the option to spell passwords on the screen using NATO Phonetic Alphabet
- Added the option to override Session Manager configuration for SQL Proxy connections for individual records
- Added the option to specify SSL ciphers for the WEB Session Manager listening port using command line or configuration file argument
- Added the option to query specific WEB Session Manager version to confirm the currently deployed build
- Fixed the issue with displaying approver name on the TRACE level logging of the approve by email logic
- Fixed the issue with server redirect for Oracle SQL Proxy for the case when tns data comes with redirect packet instead of the data packet
- Fixed the issue when routing traffic through next hop session manager when detecting server version request for Oracle Proxy connections
- Improved detection of approver in the auto-approving process when approvers use Outlook email clients
- Internal: Added registration API function to the licensing manager to register new user account if it does not yet exist and then add a license for this account
- Internal: Added Account field to the system license including editing, viewing, searching and including the account information into the activation registration record
back to top
Release 2.3.202109131006 (September 13, 2021)
- Fixed the issue with exec command execution disabled by default if there is no command policy attached affecting such functions as scp
back to top
Release 2.3.202109122307 (September 12, 2021)
- Added support for SQL Proxy to connect to end point servers in isolated networks through remote session managers
- Added the option to restrict channels available through SSH Proxy connection
- Added PAM CLI function to retrieve database password in exchange to provided master password
- Added the option for system administrators to clear pending alerts and notifications queue as a part of system maintenance for deployments with external backend databases
- Fixed the issue with email request approval process failure to process too long reasons for rejection
- Fixed the issue with too short email approval process execution timeout by increasing it from 5 to 50 minutes
- Fixed the issue with certificate bundle deployment during silent installation on Linux platforms
- Fixed the issue with certificate bundle deployment during interactive installation on Windows platforms using PowerShell script
- Fixed the issue with certificate bundle deployment during silent installation on Windows platforms using PowerShell script
- Added the option for system administrators to clear pending session event alerts queue as a part of system maintenance as part of the other notifications reset
- Fixed the issue with SQL Proxy connections to the database scheme with the password expiring soon
- Fixed the issue with the displaying XKCD password complexity formula on the On Demand password reset
- Added debug level system logging to troubleshoot notification process
back to top
Release 2.3.202109052240 (September 5, 2021)
- Added Search Center GUI as well as REST API option to use OR criteria in search
- Added Audit Log message when user types forbidden command for SSH Proxy sessions with enabled Command Control
- Added extra logging information in the audit log to get more insight into the dynamic credentials resolution
- Improved error processing when using custom XKCD dictionaries
- Improved detection of approver in the auto-approving process when approvers use Lotus email clients
- Added /ctrl-c and /ctrl-d meta-commands to send special sequences to Command Control SSH Proxy sessions
- Added monospace font for displaying and editing unlocked secured fields for better visibility of characters that look alike
- Added requirement to provide the Master Password to perform decrypted system export
- Fixed the issue with detecting Approver in the default First-name Last-name (login) template format during auto-approval process using email
- Fixed incorrect displaying of groups instead of users in Principals column for extended ACL matrix version of inventory report
- Fixed the issue with enforcing Command Control configuration for SSH PRoxy execute channel
- Labs: Added the option to specify SSL ciphers for the WEB Session Manager listening port using command line or configuration file argument
- Labs: Added the option to query specific WEB Session Manager version to confirm the currently deployed build
back to top
Release 2.3.202108292314 (August 29, 2021)
- Added command filtering support for SSH Proxy sessions established using native clients
- Added the option to specify ticket types with mandatory values in the workflow binding configuration
- Added context help for XKCD password generator on the password complexity formula editing screen
- Fixed the issue with the colon sign in the file names of the scheduled reports
- Fixed product specific names in the GUI and server side messages as well as in report names, tab and window titles, and minimized left side menu
- Fixed the issue with certain cases of using custom xkcd dictionaries
back to top
Release 2.3.202108222254 (August 22, 2021)
- Added integration with Imprivata OneSign® Identity Provider
- Added the option to cancel formula editing operation
- Added the option to provide custom dictionary for XKCD password complexity formula
- Added spinning wheel animation during report export operations to indicate the progress
- Updated MS SQL Driver to 9.2.1 for new installations
- Added EnableNonOpenMode command to the command line utility to restrict the redirect URL during authentication to the system using Federated Sign-in component
- Fixed the issue with error message wording when validating passwords using XKCD complexity formula
- Fixed the issue with dynamic credentials resolving for pass-through records when connecting through SSH Proxy
- Fixed the issue with applying default formula validation rule to xkcd password validation
- Fixed the issue with on demand password generation respecting task Target Record (self, referenced or shadow) specification when selecting password complexity formula
- Fixed the issue with the blanket error message when converting non-secured IDs to Long-Secure IDs on the record view screen
back to top
Release 2.3.202108152240 (August 15, 2021)
- Added XKCD generator option to password formula constructing passwords from several dictionary words separated with the provided delimiter
- Added the option to use shadow account to reset passwords for credential reconciliation using AS/400 job execution strategy
- Fixed the issue with the session cookie restrictions to support SSO authentication
back to top
Release 2.3.202108082228 (August 8, 2021)
- Added the option to search records by record ID
- Added the option to search records by record ID
- Added the option for password reset scripts to transfer encoded passwords to the remote computer
- Added password reset scripts for remote windows devices that conceal plain text passwords in the script code
- Added the option to click on record type name or on parent record type name in the record types list to navigate to the record type editing screen
- Added the option to Alt-, Ctrl-, Apple- click on the record type name in the record types list to open record type editing screen in a new window or tab
- Added the option to Alt-, Ctrl- or Apple-click on the record type name on the record view screen to open record type editing screen in a new window or tab
- Added color shading to Inventory Matrix report to indicate rows related to the same object
- Updated WEB Sessions connectivity error message to include the possibility that the account is locked
- Added audit log message about rejecting WEB or SSH Proxy Session connection caused by violation of allowed hosts constraint
- Added host and port information in the system error and audit log message about rejecting WEB or SSH Proxy Session connection caused by violation of allowed hosts constraint
- Added support for RDP Proxy CredSSP version 6 protocol to address the issue with RDP Proxy connectivity when the group policy CredSSP Encryption Oracle Remediation set to Force Update
- Added SameSite attribute for session related cookies
- Added WEB Container SSL/TLS server cipher suite preference enforcement for new deployments
- Fixed the issue with users with Unlock or Editor permission able to schedule interactive password reset jobs with user provided or visible password
- Fixed the issue with users bound by Unlock workflow access request able to schedule interactive password reset jobs with user provided or visible password on the password reset form
- Fixed the issue with incorrect label for Time column in Audit Log and Job History Reports
- Fixed the issue with WEB Session connection errors audit logging missed the error message detail for some classes of errors
- Fixed the issue with host name based (as opposed to IP-based for range and mask) enforcement of allowed hosts for SSH Proxy and WEB Sessions
- Fixed the issue with user unfriendly message when granting access without specifying the user on Grant Access form
- Fixed the issue with user unfriendly message when granting access by specifying the user in domain\user format on Grant Access form
- Fixed the issue with exporting Job History report to PDF format when the message data from the report contains unprintable characters
- Fixed the issue with column format of the PDF export of Job History report to accommodate for long values in the selected columns
- Fixed the issue with filtering archived records in the search results
- Fixed the issue with file name of the exported Inventory Matrix report
- Labs: Added support for Imprivata ConfirmID MFA for WEB Portal authentication, Workflow actions and Proxy authentication
back to top
Release 2.3.202108012233 (August 1, 2021)
- Added Matrix Inventory report to trace permissions grants across multiple objects
- Added the option to search Session Events report using record name
- Added the option for access requests enforcing MFA to use encrypted MFA configuration parameters in the external properties file using {cipher} mechanism
- Added Private Key Password global parameter for RDP, SQL, HTTP and Universal proxies for the option to use client-provided key pair instead of the generated one
- Added link to the page in the help system on the Local Groups Membership report screen
- Added Transparent Perimeter settings to maintain the channel using keep alive packages using reserve and forward tunnel settings aliveInterval and aliveCountMax
- Updated simple auxiliary encryption component to the latest version
- Added the option to control XSRF-TOKEN cookie SameSite attribute using system property xtam.api.xsrf-token.samesite=VALUE with VALUE is either none or strict or lax
- Added the option to control XSRF-TOKEN cookie Secure attribute using system property xtam.api.xsrf-token.secure=true
- Updated client side framework components in Federated Sign-In module in new installations (existing deployments require manual update)
- Fixed the issue with the Local Group Membership report title
- Fixed the issue with the Universal proxy starting in case the system property is disabled
- Fixed the issue when some services failed to stop on manual application update
- Fixed the issue with Duo Security Push verification when enforcing Access Request MFA
- Fixed the issue with column names in the visibility field of the system and personal Report Subscriptions reports
- Fixed the issue with breadcrumbs path and a title on the Local Groups Membership report screen
- Fixed the issue with access request enforcing MFA for additional Duo Security configurations
- Fixed the issue with Last Rotated column name on the exports of the Inventory report
- Fixed the issue with deleting an object enforcing MFA if configured on the workflow binding
- Fixed the issue with PDF Export from Session Events report formatting when displaying events with long preview
- Fixed the issue with listing user group membership even in case of error accessing some of the groups
back to top
Release 2.3.202107261630 (July 26, 2021)
- Fixed the issue with WEB RDP connectivity in certain network configurations
back to top
Release 2.3.202107252210 (July 25, 2021)
- Added Oracle SQL Proxy to provide zero-trust native client access to Oracle RDBMS
- Added Local Group Membership Report that shows local groups and all members of the groups on global and folder levels
- Added the option to subscribe to generation of the system reports to a shared folder
- Added support for custom column selection when exporting and subscribing to the system, folder and record level Sessions and Job History Reports
- Added support for custom column selection when exporting and subscribing to the system and folder level Inventory, Requests and Users Reports
- Added column visibility customization information to Subscriptions (reports) report and My Profile / Subscriptions(reports) pages
- Updated internal scripting engine and MFA detection component to the latest version
- Updated compression component to the latest version
- Updated Google core utility component to the latest version
- Fixed the issue with auto-sizing first column on the Excel exports of system reports
- Optimized performance of detection of MFA configuration for a user in case MFA configuration does not include groups references
- Fixed the issue with alerting the user and making an audit event when Instant Video player cannot locate the file to be played
- Added detailed report in the system log about fatal failure of resolving users while processing CAS audits
- Fixed English grammar and spelling issues in the context help balloons across the application GUI
- Fixed the issue with false positive response about some cases of failed password reset using SSH execution strategy by adding the option (xtam.ssh.exec.verify.feedback=true) to verify echo feedback in the verification routine
- Fixed the issue with password reset feedback processing for Cisco Switch 38xx series devices
- Labs: Fixed the issue with using 16-bytes passwords when connecting to Oracle RDBMS through SQL Proxy using JDBC-based native clients
- Labs: Added context help for Oracle SQL Proxy global parameters
back to top
Release 2.3.202107182259 (July 18, 2021)
- Added the option to mass reschedule selected jobs using Jobs History Report for the repeated execution
- Added the option to cancel or defer periodically scheduled jobs to retain the password of a checked out record
- Added support for forwarding both WEB and Native remote session manager traffic through the single Universal Proxy port with the option for client side authentication to remote WEB Session Manager
- Added support for forwarding HTTP Proxy traffic through the single Universal Proxy interface together with RDP and SQL Proxy
- Added support for custom column selection when exporting and subscribing to the system, folder and record level Audit Log report
- Updated database access component to the latest minor version
- Fixed the issue with possibility to save a task without script selected causing error condition in a browser screen
- Fixed the issue with default cell formatting of Excel export of system reports
- Fixed the issue with incorrect message in the audit log message about cancelled job
- Optimized performance of re-indexing of the folder hierarchy triggered only when adding new objects of changing parent folders for the existing objects
- Fixed the issue with user picture display on the user profile widget for Active Directory users when integration with the Active Directory is done through the Global Catalogue
- Fixed the issues with spelling and grammar of server side messages
- Fixed the issues with spelling and grammar of client side messages
- Fixed the issue with generating PDF export for the Audit Log report that contains unprintable characters in the message column for some rows
- Fixed the issue with video rendering continually attempting to process the file when it does not exist
- Fixed the issue with handling Restored records in the systems deployed with MySQL back-end database
- Fixed the issue with processing short-sized artificial Secure-ID identifiers
- Fixed the issue with generating PDF export for the Audit Log report that contains unprintable characters in the message column for some rows
back to top
Release 2.3.202107112243 (July 11, 2021)
- Added request access option to delete object operations
- Added the option to reference tickets from external ticketing systems for the purpose of ticket tracking when requesting access
- Added initially hidden column User to the Inventory report to display a user on record in case the User is defined as a non-secure indexed field
- Added initially hidden column Vault to the Inventory report to display active Vault link where the object is located
- Added support for Spnego backed authentication during RDP client authenticates in RDP proxy
- Added the option to specify default MFA service to use (using system property xtam.cas.mfa.default) in case of failure to detect user or group based MFA service (default is none for bypass)
- Fixed the issue with verification state of the successful password reset in AS400 password reset strategy
- Fixed the issue with error message spelling about Unknown user login attempt to RDP Proxy
- Fixed the issue with system logging of HTTP return code from the WEB Rest Service detecting an MFA service to use during user login
back to top
Release 2.3.202107042314 (July 4, 2021)
- Added Portuguese Brazil on screen keyboard for WEB sessions
- Added Approvers column to Access Requests report
- Added vertical scrolling support for long object drop down menu in the record list, search query type selection and Bulk Actions menu when WEB GUI is run on the small monitors or small browser space
- Added Enabled From, Enabled To, Action and Requested Time columns to the Access Requests report to improve report readability and enable sort option
- Added extended approver information (approval time, approver user directory, approval status, reject reason) as well as Request Time, Action, Enabled From and Enabled To columns to the exported Requests report
- Added multi-line row format for PDF export of Requests report
- Added support for replies from Notes email client when handling Approve by Mail process
- Added global parameter Workflow / Approve by Mail Filter to limit the scope of IMAP folder scanning when searching for emails with request approval or rejection
- Fixed the issue with blanket error message in the system log during application startup about WEB Container scanning of selected libraries
- Fixed the issue with Approve by Email message processing logic enabling combining detected parameters from different parts of a multi-part message
- Labs: Fixed the issue with Windows Session Manager build to support both Kubernetes and newly introduced keyboard layouts
- Labs: Fixed the issue with file transfer controls are available during WEB Kubernetes sessions
back to top
Release 2.3.202106272232 (June 27, 2021)
- Added SQL Proxy beta support to communicate with Oracle Real Application Clusters (RAC)
- Added WEB Sessions on-screen keyboards for Danish, Swiss German, English - Great Britain, Japanese, Norwegian, Swedish and Turkish languages
- Adder the option to Alt-, Ctrl-, or Command-click on a record or a folder link to open a screen in a new browser tab or a window
- Added text formatting to Excel exports of system reports: bold headers and italic metadata
- Updated on screen keyboard layout list in the WEB Sessions toolbar to display readable names
- Added Window Close Confirmation preference to enable the option to prompt a user before closing an application tab or a window
- Updated the following system components to the latest version: XML, JSON parser and data binding, time scheduler, JSON WEB Tokens JWT generation and management, inter-node communications, PDF export, several utility components
- Fixed the issue with the error message about deleting a folder that it used as an import folder in a discovery query
- Fixed the issue with self reset password of Active Directory user in the User Profile screen respecting AD password policies such as password complexity or password history
- Fixed the issue with column name and row flow for the Token column of the PDF export of the Tokens report
- Fixed the issue with missing and incorrectly named columns in the exports of the MFA report
- Fixed the issue with incorrectly named, missing columns and the column order in the exports of the Discovery Hosts and Requests reports
- Fixed the issue with missing folder information in the exports of the Custom report
- Fixed the issue with time restriction displayed on the Workflow Bindings list screen for all selected categories
- Fixed the issue with time restriction label display in the exports of the Workflows Bindings report
- Fixed the issue with double slash in managed path placeholders of the workflow templates preventing navigation from email to the appropriate WEB screen
- Changed the message about the job is deferred to another node to warning when executing the jobs on demand from the job history report
- Fixed the issue with navigating to a folder from Alert Subscription report
- Fixed the issue with navigating to a folder from Report Subscription report
- Fixed the issue with a thread leak during SSH Proxy communications caused by network transport or destination system failure
- Added system logging to troubleshoot threads leak during failed termination of SSH Proxy connections
back to top
Release 2.3.202106202233 (June 20, 2021)
- Added support for active link displayed in the records list view for WEB Portal URLs
- Extended permissions of the a request approver to analyze approved recorded sessions
- Added support for Slovenian keyboard
- Added the option to configure audio settings for WEB RDP Sessions using record-level field Audio (Choice: Enabled, Disabled)
- Added the option to configure glyph caching for WEB RDP Sessions using record-level field GlyphCaching (Choice: Enabled, Disabled) to improve connection performance when connecting to legacy Windows versions such as Windows Server 2008R2
- Added support for password reset for Unix Host account with SU and the key based primary account on record
- Added the option for the request approver to export or to subscribe to session events report generated for this session
- Added the option for the request approver with no Viewer permissions to start instant session playback for the approved session in My Sessions report
- Added the option for the request approver with no Viewer permissions to subscribe for the scheduled report delivery for the approved requests Sessions report
- Added the option for the request approver with no Viewer permissions to subscribe for the scheduled report delivery for the session events for the approved sessions
- Added Slovenian keyboard layout for WEB RDP sessions (requires WEB Session Manager update)
- Added the option for on-screen Slovenian keyboard in WEB sessions
- Updated versions of client side libraries in the Federated Sign-In module
- Fixed the issue with handling permissions granted to local groups with external user directory membership
- Fixed the issue with maintaining HTTP Proxy session following certain types of redirect during authentication
- Fixed the issue with authenticating users in WEB Portals accessed through HTTP Proxy using placeholders that contain special characters
- Fixed the issue with incorrect reporting of successful password reset for failed SSH reset with SU jobs
- Fixed the issue with preserving sufficient part of the error response of the failed SSH password reset strategy in job execution details
- Fixed the issue with double prompt to enter and then to select host from the list of hosts when connecting using native SSH clients through SSH Proxy to a record with Hosts field defining hosts selection list
- Fixed the issue with enforcing file transfer retention policy when failed to delete the transferred file should prevent removing the file transfer event from the database reports
- Fixed the issue with memory leak when recording HTTP Proxy sessions
- Fixed the issue with canceling active jobs in the job queue for the archived records
- Fixed the issue with too fast command restriction control communication with the remote server to accommodate for the slow devices
- Fixed the issue with using default fonts for Excel reports for both Windows and Linux deployments
back to top
Release 2.3.202106132252 (June 13, 2021)
- Added the option to export system reports to MS Excel format including support for scheduled report delivery
- Fixed the issue with thread leaks during establishing SSH Proxy communications caused by auto-repeated reconnecting
- Added information about SSH Proxy thread count in the performance log to troubleshoot operational characteristics
- Fixed the issue with SSH Proxy handling of the native client screen resize
- Fixed the issue with Granting access to a user bound by an automatic approval workflow
- Fixed the issue with remote PowerShell script execution with WinRM protocol injecting leading white spaces into HTTP headers
- Fixed the issue with RDP Proxy connections using native RDP clients trigger locks in the underlying user directories in case of failed login attempts
- Fixed the issue with database transactions during re-indexing of object hierarchy
- Fixed the issue with anchor links referenced from the right side menus in the help system to build from chapter name to stay permanent even after adding more menu topics to the page
back to top
Release 2.3.202106062305 (June 6, 2021)
- Added the option to select destination host from the configured list for SSH Proxy Sessions
- Added the option to restrict destination hosts and networks for WEB and Native SSH connections
- Added the option to explicitly specify one of the integrated user directory when assigning roles or permissions to a user
- Added explicit user directory qualification when selecting a users from the user search box
- Added server side enforcement of white listed domains when injecting credentials to WEB Portals accessed through HTTP Proxy
- Fixed the issue with detecting a blocked account for accounts that have the same name in different integrated user directories
- Fixed the issue with integrating additional Active Directories using UserPrincipalName field
- Labs: Added Kubernetes support to Windows Session Manager
back to top
Release 2.3.202105302246 (May 30, 2021)
- Added PKCS#8 private key format support for WEB and SSH Proxy sessions and to SSH job executor strategy
- Added SSL support for SQL Proxy beta connections
- Added Interactive SSH job execution strategy option to execute scripts using account with private key authentication
- Added SQL Proxy beta support to accept SSL connections from native Oracle clients
- Added SQL Proxy beta support to connect to destination Oracle RDBMS end-points using SSL connections
- Added test echo server to the Universal Proxy
- Added system parameter xtam.session.command.preinput.wait to control delay initiating the switch user command during Unix login with switch user
- Optimized performance of establishing SSH Proxy connections
- Added request reason to the session metadata in the caption of the video converted from the session recording
- Fixed the issue with SSH Proxy connection in some cases when multiple connections open at the same time from the same client
- Fixed the issue with legacy REST API record/find function limiting search to folder scope
- Fixed the issue with generic localhost reported as the session manager host in the session report for any node in the multi-node high availability deployments
- Fixed the issue with Add Folder and Add Record buttons missing in empty containers for Managers
- Reduced font size of the session recording metadata embedded into subtitles of the converted videos
- Fixed the issue in SQL Proxy beta with connecting to Oracle record using tree-type connection string and service name
- Fixed the issue with case sensitive parameter names for tree-type connection string in SQL Proxy beta
- Fixed the issue with reconnecting to the record with empty host resolved by the user during initial connect when initial connect fails
- Fixed the issue with SSH Proxy connections to the destination servers that only support weak legacy Key Exchange algorithms
- Fixed the issue with audit log event about failed proxy connection using native clients caused by the lack of permissions
- Fixed the issue with Record Type label in the embedded record metadata caption in the converted video recording format
back to top
Release 2.3.202105232307 (May 23, 2021)
- Added account-centered connect option for WEB Sessions including whitelisting of destination hosts
- Added the option to include session metadata and events as a Closed Caption stream into MOV or MP4 video recording
- Added Universal Proxy port listener to support RDP and SQL Proxy servers bound to the same port
- Added account management support for Brocade network devices
- Added the option for vault and folder Managers to import objects from external files
- Added the option to configure MFA enforcement for task executions from the WEB GUI
- Added the option for system administrators to clear pending alerts and notification as a part of system maintenance
- Optimized performance of establishing SSH Proxy connections
- Added job details note Executed by SSHD driver to differentiate JSCH and SSHD executions in SSH and Interactive SSH strategies
- Added SQL Proxy beta support to connect to load balanced Oracle RDBMS instances
- Added the option to disable periodic Health Check using Health Check Process global parameter
- Fixed the issue with user or group search performed by the folder owner when assigning users to workflow binding configuration
- Fixed the issue with cleanup of installation requests in the message queue causing the software to fail during startup because of attempted re-installation of the already missing binary update
- Fixed the issue with SSH Proxy shell connecting to the record excluding archived records from the search
- Fixed the issue with displaying endpoint host information on the WEB session toolbar when connecting to the records with empty of whitelisted hosts
- Fixed the issue with reporting permissions errors about the non-existing objects
- Removed aggregate statistic count about licensed users for the licenses with unlimited users to improve performance of daily summary aggregation for the deployments integrated with large active directories
- Fixed the issue with Interactive SSH job execution using SSHD driver over the high latency networks
- Improved database transaction processing during SSH Proxy session creation
- Fixed the issue with automatic collection of user fingerprint when browsing WEB GUI
- Fixed the issue with updating session recording video rendering script on Linux platforms with correct execute permissions
back to top
Release 2.3.202105162243 (May 16, 2021)
- Added the option to embed session metadata and events into AVI, MOV or MP4 video recording
- Added public beta for Oracle SQL Proxy
- Added the option to configure resolution and bit rate of AVI, MOV or MP4 video recordings
- Fixed the issue with overriding default SSH Proxy session idle timeout for remote native client session managers
- Fixed the issue with SSH Proxy connections to destination end-points with inconsistently configured Hos Key and Key Exchange algorithms
- Fixed the issue with RDP Proxy responses to the clients negotiating several protocol options
- Labs: Added Oracle SQL Proxy support for connection strings in the format host:port/service without leading double slash character
- Labs: Fixed the issue with connecting through Oracle SQL Proxy using records with alternative Oracle RDBMS configuration CommandUser and CommandPassword
- Labs: Added Kubernetes session manager type and initially hidden record type to establish WEB Sessions to Kubernetes orchestration engine. Note that Windows WEB session manager does not support this option yet
back to top
Release 2.3.202105092220 (May 9, 2021)
- Added random password generator screen accessible from any part of the WEB application
- Added the option for Yubikey OTP in Duo Security MFA in proxy servers and workflows
- Added port to the end point host column on the session report in case the port was overwritten by the user during connection to the record with the empty host
- Added Archive and Restore actions to the record dropdown menu in the record list
- Added the option to pass system user, user and password on record, and session identifier in SSH Proxy as well as in the WEB sessions to the endpoint SSH servers
- Added the option to display Connection field in the Session report to correlate the session with the endpoint auditing data passed through the Prologue mechanism
- Fixed the issue with the empty host set to record name when importing records from KeePass
- Fixed the issue with WEB session reconnection for the session with a user overwriting host and port information during initial connect to the records with the empty hosts
- Fixed the issue with non-numeric codes during Duo Security OTP MFA in proxy servers and workflows
- Fixed the issue with the title of Administration / Workflows / Binding page to indicate that the bindings are defined for the root folder
- Fixed the issue with Found a Number of Bindings message on the Administration / Workflows / Binding page screen
- Labs: Fixed the issue with Connect button on Oracle SQL Proxy records
back to top
Release 2.3.202105022207 (May 2, 2021)
- Added multiple Duo Security MFA providers support for Proxy Sessions
- Added support to exclude archived records from the search result
- Added support for an alternative SSH job execution provider using the extended cryptography framework
- Added the option to schedule tasks to execute for referenced and shadow accounts as an alternative to the main account on record
- Added search-able quick selection control to pick a script on the task editing screen
- Added search-able quick selection control to pick a workflow template on the workflow binding editing screen
- Added search-able quick selection control to pick a parent record type on the record type editing screen
- Added support to Extract record information during Break Glass procedure using capitalized Secure-ID
- Added Check Status MS SQL Server script to the out of the box script library
- Added configuration parameters for SSH Proxy client-side keep alive interval and count with the option to disable keep alive mechanism
- Updated cryptography framework to improve TLS v1.3 support
- Added custom error pages for WEB Container errors in new deployments to minimize server information disclosure through the browser
- Improved support of RDP Proxy clients attempting to connect with legacy security protocols
- Fixed the issue with triggering After Update job when mass updating records
- Fixed the error message about violating password formula Whitespace rule when generating password on-demand
- Fixed the issue with Discovery auto-import with empty Use Provided Account option imports record with connected account instead
- Fixed the issue with scheduling multiple After-Update tasks after record update
- Fixed the issue with inappropriate log level during user authentication for the Proxy connections
- Optimized performance of displaying record view screen for the system with large number of records
- Optimized performance of displaying task editing screen for the system with large number of records
- Optimized performance of displaying task list screen for the system with large number of records
- Fixed the issue with KeePass import process mapping a KeePass entry with existing User field to Secrets record type instead of WEB Portal one
- Fixed the issue with deleting records that have associated anonymous links
- Fixed the issue with Key Exchange algorithm negotiation when establishing SSH Proxy connection to SSH servers with restricted set of advertised algorithms
- Added special warning message when saving workflow bindings with Duration
- Labs: Added support for Oracle SQL Proxy Session Events recording
- Labs: Fixed the issue with handling cache for the remote server version packet in Oracle SQL Proxy
- Labs: Added system logging for Oracle SQL Proxy to troubleshoot unsupported connection string format
- Labs: Fixed the issue with handling encrypted stored user fingerprint when connecting to Oracle SQL Proxy
back to top
Release 2.3.202104252247 (April 25, 2021)
- Added the option to batch extract secret data for multiple records in the Break Glass procedure
- Optimized performance of establishing SSH Proxy connections
- Optimized application performance by caching root folder metadata to minimize database queries
- Optimized performance of MFA provider detection during user login to WEB GUI or Proxy servers
- Updated context help for SSH Proxy Ciphers, Key Exchange algorithms and MACs to include currently supported algorithms and the list of disabled but supported weak algorithms
- Added Pass-through Account option when auto-importing records from discovery queries
- Added context help balloon to describe possible options for the User field on the Record Editing screen
- Updated the list of weak ciphers, key exchange algorithms and MACs for initial deployments to exclude these algorithms from SSH Proxy server
- Fixed the issue with group name displaying on the Revoke User Permissions results screen
- Fixed the issue with Principal label representing both groups and users displaying on the Revoke User Permissions results screen
- Fixed the issue with non-English characters (extended Latin, Cyrillic) displayed in the Session Events report
- Added trace logging for com.pam.server.sshd package to troubleshoot performance of SSH Proxy connections for deployments with slow backend database
- Improved the error message about password failing Password Formula validation displayed on the On-Demand password reset job scheduling to be more readable
- Added more system logging messages on the trace level to troubleshoot unexpected RDP Proxy authentication mechanisms
- Labs: Fixed the issue with connecting to Oracle record when connection string does not include port
- Labs: Fixed the issue with connecting to service based Oracle RDBMS servers
- Labs: Fixed the issue with blanket error message about maintenance of RDBMS metadata cache table when connecting to Oracle RDBMS servers
back to top
Release 2.3.202104182214 (April 18, 2021)
- Added support for additional Ciphers, MACs, Key Exchange and Host Key Algorithms to SSH Proxy
- Added support for PEM/OpenSSH private key format for SSH Proxy and WEB SSH connections as well as for job execution
- Added the option to revoke user global and object permissions, global roles, and local group membership
- Added the option to delegate custom reports execution to folder owners
- Added system parameter xtam.updates.proxy for remote node WEB Proxy configuration
- Added the option to show principals deleted from their user directories crossed out in the Reports / Users Report when groups column is selected
- Added Import button to the empty folder screen in addition to Add Folder and Add Record buttons to emphasize the import option
- Added fallback processing for tasks scheduled for record create and update events to handle the case of initial password set for imported records that would otherwise remain without the password
- Optimized performance of folder level reports to take advantage of folder hierarchy index
- Optimized performance of system and folder level Workflow Bindings report for the system with large number of objects
- Improved handling of database transactions to make them shorter to reduce a chance of inter-thread lock conflicts in background Alerts generation and Discovery processes
- Fixed the issue with thread and lock object names for the background alert generation process to improve system troubleshooting
- Fixed the issue with the order of alerts generation to reduce the number of inter-thread lock conflicts
- Fixed the issue with number keys displayed as wrong graphical characters on the session events report
- Fixed the issue with non Latin symbols displayed as wrong graphical characters on the session events report
- Fixed the issue with failing Check Status and Password Reset jobs for Unix Hosts with SU with wrong second user password (su: incorrect password)
back to top
Release 2.3.202104112142 (April 11, 2021)
- Added full path display when selecting folder for auto-import on Discovery Query editing screen
- Added full path display when selecting Reference Record for Auto-Import on Discovery Query editing screen
- Added full path display when selecting referenced record on the record editing screen
- Added full path display when selecting shadow record on the tasks editing screen
- Added REST API option to specify the list of returned properties to limit or to extend the set of returned properties for object access functions
- Added session manager for Oracle Proxy and auto assigned it to Oracle record type to support future SQL Proxy option
- Updated the version of video conversion utility in Windows WEB Session Manager package to match options of Linux version
- Labs: Added the option to use legacy Oracle records that connected to RDBMS using Windows RDS or Linux Command execution for SQL Proxy
- Labs: Added support for Oracle SQL Proxy to authenticate in Oracle 11 database instances
back to top
Release 2.3.202104042252 (April 4, 2021)
- Added the option to mass archive and restore records
- Added the option to process non-numerical Radius MFA codes during SSH and RDP Proxy connections as well as workflows that require MFA
- Fixed the issue with system import processing data that include certain XML escape sequences
- Fixed the issue with running jobs with shadow account for the record with no user
- Added exception handling option to Windows Local Administrators Group Cleanup script
- Fixed the issue with Twilio and AWS STS types and scripts data updates
- Fixed the issue with SMS Push generating failed result for Radius Devices returning Access-Challenge responses even when successfully generating an SMS message
- Moved a blanked error about password decryption from audit log to system error log
- Fixed database transaction issues when scheduling after-approval jobs
- Fixed spelling mistake in Session terminated because the connection to the Session Manager was lost message
- Fixed the issue with possibility to connect using RDP Proxy to archived records
- Fixed the issue with enabling HTTP Proxy in Firefox Broker browser Add-on
- Fixed the issue with errors on the add-on console caused by the TABS access permissions in Firefox browser Add-ons
- Labs: Added support for automatic detection of Oracle v12 and v19 installed on Windows or Linux platforms for OCI and JDBC clients in SQL Proxy
- Labs: Fixed the issue with cached server capabilities after updating a record with Oracle server with new host
back to top
Release 2.3.202103282220 (March 28, 2021)
- Added support for Smart Card (X.509) authentication (for new deployments or requires Federated Sign-In module update)
- Added support for account management on Solaris OS
- Added support for account management on VMWare ESXi devices
- Added regular expressions and exception processing for Interactive SSH scripts
- Added Norwegian keyboard layout for WEB RDP and RDP Proxy sessions (requires WEB Session Manager update)
- Added Switch User option for Interactive SSH scripts
- Added support for regular expressions in Interactive SSH scripts to response on multiple possible prompt options
- Added support for exception processing in Interactive SSH scripts to terminate script execution in response to specified prompts
- Added the option to use custom record and shadow record fields in Interactive SSH scripts
- Added -certbundle CERTBUNDLE parameter in the silent Linux installer to specify location of certificate bundle file for the session manager
- Updated WEB Session Manager to include latest components for Windows, Linux x86 and Linux arm platforms
- Fixed the issue with displaying Global Parameters page in Internet Explorer browser
- Fixed the issue with shell code type display for Interactive SSH script execution strategy scripts on the script editing form
- Labs: Added MFA support for Oracle SQL Proxy authentication
- Labs: Added Oracle SQL Proxy support for RDBMS deployed on different operating systems
- Labs: Improved the protocol capabilities detection in Oracle SQL Proxy
- Labs: Fixed the issue with Linux deployment compatibility with OpenJDK 16
- Labs: Fixed the issue with enabling HTTP Proxy in Firefox Broker browser Add-on
back to top
Release 2.3.202103212230 (March 21, 2021)
- Added assume role support in AWS STS Temporary key generation
- Added support for HTTPS transport in remote PowerShell script execution
- Optimized search performance inside sub-folders
- Added the option to request return properties in REST API list and find functions to optimize performance of integrations
- Added the option to ignore certificate and trusted host check during remote PowerShell script executions using WinRM connections run over HTTPS channel controlled by TrustCertificate and TrustHost checkbox fields on record
- Added licensing enforcement for Advanced Scripting enabled by default for all existing licenses
- Fixed the issue with right click on the Windows menu button caused disconnect of RDP WEB Session in Windows deployments of WEB Session Manager
- Fixed the issue with visible global parameters related to disabled RDP Proxy, SSH Proxy, HTTP Proxy modules
- Fixed the issue with Launch SSH Client, Launch RDP Client, Download Remote Desktop File controls in the licenses with disabled RDP Proxy module
- Fixed the issue with displaying old, new, shadow and system passwords in the output of the Interactive SSH password reset strategy for certain scripts
- Fixed the issue with the values in custom folder's fields are not copied in pasted folder
- Fixed the issue with logging specific unsupported RDP protocol during failed RDP Proxy connections
- Fixed the issue with certificate subject name mismatch warning when connecting to LDAPS user directories with wildcard certificate
- Labs: Added global parameters to enable Oracle SQL Proxy based on the module licensing disabled by default
- Labs: Added support to create, complete and terminate Oracle SQL Proxy sessions
- Labs: Added error reporting from the server side connections to Oracle SQL Proxy
- Labs: fixed the issue with application compatibility with OpenJDK 16
- Labs: fixed the issue with CAS compatibility with OpenJDK 16
back to top
Release 2.3.202103142258 (March 14, 2021)
- Added custom fields support for vaults and folders
- Added Password Reset Remote Netapp Shadow script as an Interactive SSH strategy to manage Netapp account using a shadow record
- Added support to execute check status jobs for the account on record instead of the shadow accounts when using the Interactive SSH job execution strategy.
- Added Tasks menu item to the records drop down menu in the records list to access record task list
- Added licensing enforcement for SSH Proxy enabled by default for all existing licenses
- Added licensing enforcement for RDP Proxy enabled by default for all existing licenses
- Added licensing enforcement for direct use of HTTP Proxy enabled by default for all existing licenses (HTTP Proxy as a second traffic hop continues to work without special license)
- Updated application framework to version 15.0.2
- Updated WEB Container to version 9.0.43
- Fixed the issue with the folder search in certain sub-folders
- Improved the logic with handling error results as errors in Interactive SSH job execution strategy
- Fixed the issue with failed Unix password reset processed as successful for accounts with correct but expired passwords on record
- Labs: Added support for native OCI (sqlplus) and JDBC (SQL Developer, Squirrel) clients to connect through Oracle SQL Proxy using both administrators and regular accounts
- Labs: Added server error reporting to Oracle SQL Proxy
- Labs: Added support for Oracle connection strings in addition to the Oracle TNS Listener string to support connections through Oracle Proxy
- Labs: Fixed the issue with right click on Windows menu button disconnecting WEB RDP sessions
back to top
Release 2.3.202103072241 (March 7, 2021)
- Added support for escape sequences to Interactive SSH job execution strategy
- Added Personal Vault Role option to govern the initial role of the user for the newly provisioned personal vault
- Renamed Interactive SSH job execution strategy to indicate its application for a generic use case
- Added the option to configure multiple Duo Security MFA providers for different users or groups
- Fixed the issue with approver action (Approved or Rejected) reported in the audit log about workflow step approval could be confused with the workflow status (Approved, Rejected, Active, Completed)
- Fixed the issue with content search by a not system administrator user sensitivity to user login name capitalization
- Fixed the issue with the quick request approval and rejection forms launched from the request approval notification email forbid the access to the member of the approver group as opposed to the direct approver
- Fixed the issue with displaying groups on the workflow design fields on the quick approval forms
- Fixed the issue with configuration of the second integrated Active Directory server for direct authentication
- Fixed the issue with extra audit log event about zero-step request approval
- Fixed the issue with Active Directory password reset routine for the integrated Domain Controllers through global catalog applicable to both account management and self-password reset functions
- Added the option to automatically depress stuck ALT button in the WEB sessions
- Fixed the issue with not-functional script selection option on the Script Library screen
- Labs: Added OCI protocol support to Oracle SQL Proxy
back to top
Release 2.3.202102282307 (February 28, 2021)
- Extended Search Center WEB GUI visual interface to search by several combined criteria
- Added Browser Form Filler plugin option to populate non-credential fields based on the custom record field values
- Added Browser Extension Plugin option to auto-click login button on the authentication form when field PluginAutoSubmit field is present for a record with the name of the Login button control on HTML form
- Added support to enforce global and record level Exclusive Session policy for RDP and SSH Proxy
- Added Plugin for HTTP Proxy global parameter for browser extension broker plugin with two modes: Pass Through - Browser Extension Broker Plugin will fill user and password fields from the selected record associated with the open WEB Portal and Zero Trust - Browser Extension Broker Plugin will fill user and password fields from the user and password place-holders for portals configured for HTTP Proxy
- Added PluginForHTTPProxy record level choice field with the options Pass Through or Zero Trust to override global Pass Through value to make form filler to fill user and password fields with place-holders. Note that global value Zero Trust is not override-able to preserve backward compatibility for global option
- Added HTTP Proxy Connect Timeout and HTTP Proxy Idle Connection Timeout global parameters to configure HTTP Proxy timeout behavior
- Added on screen indicator in WEB Sessions when ALT key is pressed
- Added the option to search records using several conditions based on name, description, or indexed fields joined by AND predicate
- Added system properties xtam.session.web.rdp.drive.name and xtam.session.web.rdp.drive.letter to define the indication for the mapped shared drive in WEB RDP session
- Fixed the issue with accessing some WEB GUI fonts from the local WEB container
- Fixed the issue with processing AD groups that contain unbalanced parenthesis in the group name
- Fixed the issue with duplicated default cross button in Internet Explorer 10+ browsers in focused not empty search field
- Labs: Added more system logging for Oracle SQL Proxy troubleshooting
back to top
Release 2.3.202102212308 (February 21, 2021)
- Added multiple criteria search option based on several combined conditions
- Added integration with OneLogin IdP
- Added the option to use capitalized record IDs (ID-CAP) available on Record View and Quick View screens as an alternative to existing IDs to support native clients that capitalize connection parameters
- Added the option to update the logging module to improve integration with external SIEM
- Fixed the issue with local group membership detection of external user or group in case of failure to query local user directory
- Fixed the issue with defaulting application protocol to HTTP2 to avoid conflicts with unreliable network connections including connections using VPN transport
- Labs: Initial release of Oracle SQL Proxy
back to top
Release 2.3.202102150012 (February 15, 2021)
- Added status check and password reset scripts for NetApp devices
- Added status check and password reset scripts for Cisco Nexus devices
- Added support for Active Directory servers operating on a non-standard port
- Added the option to change location of intermediate mapped drive file transfer storage for WEB RDP sessions
- Added the option to disable mapped drive initiation during WEB RDP Sessions
- Added the option to override global Exclusive Session configuration on a record or record type level
- Added support to launch remote snap-in controls on the remote RDS server using RemoteApp, RemoteAppArgs and RemoteAppDir fields
- Improved WEB Session connectivity support to RDS Farms through RDP Load Balancer using record level field RDPLoadBalanceInfo with the load balancing information or cookie which should be provided to the connection broker
- Added user friendly messages for some errors appearing when changing Active Directory password in user profile
- Fixed the issue with shifted display of text on the request details form
- Fixed the issue with LDAP integration with user directories with cn attribute as a user identifier
- Fixed the issue with displaying requests to certain approvers that could not be found in the underlying user directory
- Fixed the issue with the WEB Session remained active after master node loosing connection with the session manager
- Fixed the issue with description for Exclusive Sessions parameter indicating that it is applicable for WEB sessions
back to top
Release 2.3.202102081004 (February 8, 2021)
- Fixed the issue with record view and quick view screen displaying records with referenced records for users with Viewer and Editor roles
back to top
Release 2.3.202102072302 (February 7, 2021)
- Added the option to display password expiration warning message for Active Directory users
- Added the option to add Virtual TOTP access field to any record for quick access to MFA code
- Added the option to add Virtual SMS access field to any record for quick access to MFA code
- Added the option to display ENTER key in the session events report
- Added support to display reference record on the record view screen for record managers
- Added REST API function to update one record field
- Added the option to specify multiple comma-separated host mask patterns in a host based proximity group to combine several groups with the same configuration into a single entry
- Improved transaction handling of the operation of mass approval of multiple requests
- Pending Release of Browser Extension: Added Plugin for HTTP Proxy global parameter for browser extension broker plugin with two modes: Pass Through - Browser Extension Broker Plugin will fill user and password fields from the selected record associated with the open WEB Portal and Zero Trust - Browser Extension Broker Plugin will fill user and password fields from the user and password place-holders for portals configured for HTTP Proxy
- Pending Release of Browser Extension: Added PluginForHTTPProxy record level choice field with the options Pass Through or Zero Trust to override global Pass Through value to make form filler to fill user and password fields with place-holders. Note that global value Zero Trust is not override-able to preserve backward compatibility for global option
- Pending Release of Browser Extension: Added the Browser Form Filler plugin option to populate non-credential fields based on the custom record field values
- Pending Release of Browser Extension: Added Browser Extension Plugin option to auto-click login button on the authentication form when field PluginAutoSubmit field is present for a record with the name of the Login button control on HTML form
back to top
Release 2.3.202101312309 (January 31, 2021)
- Added the option for Active Directory user to change their own password in Active Directory
- Added support for Delegated Approval workflow
- Added the option to specify $user placeholder in the records User field to make the system to use user name as the login of the current user while still using the password on record to connect
- Added support to schedule event-based jobs with already present scheduled periodic job to enable frequent event-driven password reset while scheduling long term periodic password resets at the same time
- Added the option to respect Minimum Password Age defined on the record level field MinPasswordAge by updating the scheduled password reset (but not password set) job date when executing password reset jobs directly without shadow or reconciliation account
- Added digital signature to Remote Applications Launcher Shell executable to improve its compatibility with end-point protection software
- Added {{request.template.type}} and {{request.template.name}} place-holders to the email notifications about request approvals
- Added the option to convert session recordings to MP4 format
- Enabled HTTP2 support for new installations to improve WEB browsing performance and increase the limit of simultaneous WEB Sessions
- Fixed the issue with audit log archival process for large number (more than a million) of audit log events
- Fixed the issue with incorrect display of Join and Terminate buttons on workflow details form when changing screen size
back to top
Release 2.3.202101242305 (January 24, 2021)
- Added dynamic permission support for request approvers to review, join and terminate sessions of this request
- Added the option to mass request unlock access and report request status by using wildcard at the end of the record name in SSH Proxy Shell
- Added global parameter Access / Window Title to customize page title prefix displayed in the browser window
- Added the option to identify a column as record_id in the custom report to make it to navigate to the appropriate record
- Added archival date to Record objects to use in custom reports
- Added the option to specify user name for VNC connections (requires Session Manager published after November, 6 2020)
- Improved security of the REST API function retrieving request instance by limiting the access to object owners, managers, requesters, actual and configured approvers
- Fixed the issue with Secured Host or URL value is displaying in the Record List view
- Fixed the issue with old version and signature of Uninstall.exe for PowerShell headless Windows installer
- Fixed the issue with initial data loading into request related sessions report
- Fixed the issue with incorrect error message when starting a session from the record list for a record restricted by bound workflow
- Fixed the issue with incorrect error message when sharing a record from the record list for a record restricted by bound workflow
- Improved failed SSH Proxy Shell request command feedback message to indicate the reason of the failure
back to top
Release 2.3.202101172323 (January 17, 2021)
- Added the option to mass request access by using wildcard at the end of the record name in SSH Proxy Shell
- Added the option to filter discovered local accounts during auto-import
- Added support for Unix, Windows and XTAM Groovy scripts to reference values from any record field
- Added support for zero-trust authentication to devices using Telnet protocol with non-standard authentication prompts
- Added support for correct completion of SSH proxy sessions caused by termination of intermediate network transport such as VPN disconnection by maintaining network level keep-alive communication between proxy and the client
- Added Password Set Remote Windows script to the Script Library as an example of script to set Windows account password without updating service dependencies
- Added the option for a task to trigger another task for the same record after successful completion
- Improved security of Password Reset Remote SSH using Shadow with Prompt script by removing unnecessary permissions from the temporary generated file
- Fixed the issue with RDP Proxy using session event based inactivity timeout replacing it with recently introduced protocol level inactivity timeout. Session events based timeout remains an option for SSH Proxy.
- Fixed the issue with Unix Host with SU record with Use SUDO option using the first account password during WEB or Proxy connections
- Fixed the issue with special characters support in Password Reset Remote SSH using Shadow with Prompt script
- Fixed the issue when native client to RDP Proxy connection closed incorrectly during idle timeout routine
- Fixed the issue with incorrectly applied switch user operations when connecting to Unix Hosts records converted from Unix Host with SU records
- Fixed the issue with updating correct secret field on the record after password or certificate update for records with updated record type that include switch user, reconcile, certificate or private key fields before
- Fixed the issue with misplaced Auto-Import Name Check context help popup balloon on the discovery query editing form
- Fixed spelling error in Discovery Query Type for Accounts context help balloon
- Fixed the issue with the screen bread-crumbs navigation when adding or editing workflow binding
- Fixed the issue with the screen bread-crumbs navigation when selecting new password for the on demand password reset
- Fixed the issue with FAILED trigger in the script schedules another task in case of successful task completion
back to top
Release 2.3.202101102317 (January 10, 2021)
- Added inactivity timeout option to automatically terminate idle RDP Proxy sessions
- Added account management option for remote PostgreSQL and MS SQL Server application
- Added the option for the record owner to terminate sessions created for this record
- Added the option to aggregate remote PosgreSQL command execution on Unix Hosts with the password reset for database account on record
- Added the option to aggregate remote MS SQL Server command execution on Unix Hosts with the password reset for database account on record
- Added shortcut to Workflow configuration for objects drop-down menu in the records list
- Added audit log messages for events of failed password decryption during Pass-Through access activation
- Added MD5, SHA512 and PGP signatures for application components for users to verify integrity and authenticity of the downloaded binaries
- Fixed the issue with losing HTTP Proxy sessions recordings under certain conditions when completing sessions in multi-node deployments
- Fixed the issue with the blanket system log error message when RDP Proxy user disconnects after unsuccessful authentication
- Fixed the issue with the blanket system log error message when opening bulk access request form
- Fixed the issue with Frequently Used request reasons drop down selection displayed on the bulk access request form
- Fixed the issue with issuing access request for the Connect, Execute or Unlock actions a user does not have permissions to using bulk request form
- Fixed the issue with sample REST API access scripts compatibility with PowerShell Core 6+
- Fixed the issue with SSH Proxy keystroke event recordings for unrecognized character
- Fixed the issue with using the password from Re-Enable RDP Proxy storage in case of issues decrypting the user password obtained from the WEB login when resolving pass-through credentials
- Added system logging message about failure to resend packet from server to client in RDP Proxy for troubleshooting purposes
- Fixed the issue with bulk actions available after bulk selection option applied to an empty folder
- Fixed the issue with access request expiration terminating RDP Proxy sessions
back to top
Release 2.3.202101032321 (January 3, 2021)
- Added quick password reconciliation option for local shadow accounts on Unix hosts
- Added support for zero trust access to VMWare vSphere through HTTP Proxy
- Improved performance of RDP Proxy sessions with recordings for Windows Server 2012+
- Added information about total, free and usable hard drive space in bytes to the Performance section of the Management / About screen for system administrators
- Updated Copyright year for Linux, Windows and Windows PowerShell installer
- Updated Copyright year in the application page footer, About screen, Federated Sign-In Login form, and command line utility
- Fixed the issue with RDP Proxy session completion following fatal network errors such as disconnects of VPN or SSH Tunnel used to transport RDP traffic
- Fixed the issue with visual artifacts appearing when rendering Windows Server 2008 RDP Proxy session recording for quick play or convert to video format
- Fixed the issue with cursor rendering for Windows Server 2008 RDP Proxy session recording
- Fixed the issue with HTTP Proxy overwriting requests to set cookie by the upstream WEB Portal during redirect to another page
back to top
Release 2.3.202012272242 (December 27, 2020)
- Added the option to combine multiple email notifications into fewer emails
- Added information about total, maximum and free heap memory for the WEB container process to the application About screen
- Fixed the issue with recording artifacts for sessions to Windows Server 2008r2 made by several types of RDP clients
- Fixed the issue with excessive memory consumption during system export of very large tables
- Fixed the issue with quick play of conversion to video format of RDP Sessions recording
back to top
Release 2.3.202012202247 (December 20, 2020)
- Added the option for Remote Worker Nodes to service multiple Master Nodes
- Improved performance of system export
- Added the support to classify records imported from Keepass file as Secret in case they do not have URL field populated and file attached
- Added the option to customize LDAP integration user name attribute using ldap[2].userName parameter
- Added requested time and time range in the request approval audit log message
- Added Session ID along with the termination reason to the session termination audit log
- Added default user (username, email, user name, user, login, identifier) and password (password, passwd, authhash) fields to HTTP Proxy authentication header detection
- Added HTTP Proxy support for Zero Trust login to VMWare vSphere WEB Portal using Castle Authentication
- Added HTTP Proxy support for Zero Trust login using authhash authentication
- Fixed the issue with approving or expiring workflow terminate all sessions associated with the record related to this request
- Fixed the issue with the sessions report displaying only sessions of the current user after using custom filters
- Fixed the issue with user search in integrated LDAP servers with cn as a user name attribute
- Fixed the issue with displaying Top 10 records report that include deleted records
- Fixed the issue with handling threads in Events Service after application update
- Fixed the issue with importing records without Title from Keepass export taking the name from Notes field instead
- Fixed the issue with RDP Proxy connectivity to Windows Server 2008 computers without session recordings from multiple native RDP clients
back to top
Release 2.3.202012132324 (December 13, 2020)
- Added the option to save and reuse filters for My Access Requests report
- Added the option to control forwarding host and port combination when connecting to SSH tunnels built using SSH Proxy by limiting destination host:port available for the tunnel
- Added the option to specify {{PAMLOGIN}} placeholder to the command executed after login to the remote SSH session to pass current system user to the remote session
- Added Spanish Latin American, French Belgium and Hungarian keyboard layouts to WEB RDP Sessions
- Added Danish, German Swiss, Spanish Latin American, French Belgium and Hungarian keyboard layouts to RDP Proxy Sessions
- Improved appearance of PDF exports of Inventory and Session reports to display data in readable non-tabulated format
- Fixed the issue with private key authentication from native SSH clients in SSH Proxy for disabled Active Directory accounts
- Improved performance of mass access request approval operation
- Fixed the issue with jobs creating with service user instead of workflow requester for after-expire and after-approval tasks
- Added system logging to SSL handshake procedure during RDP Proxy connection for troubleshooting purposes
- Fixed the issue with clean connection termination to remote RDP servers without supported transport protocol using RDP Proxy
- Fixed the issue with missing context help for parameter Initial Query Type
- Fixed the issue with incorrect Certificate Subject Mismatch warning when integrating with LDAP or AD servers with certificates generated for full DN names
- Disabled Extended ACL calculations for large (1000+ objects) exports of Inventory report
back to top
Release 2.3.202012062257 (December 6, 2020)
- Added AWS CLI Proxy add-on to support zero trust connections for Amazon AWS command line tool
- Added the option to reset Unix password using shadow account that requires password prompt for sudo operation by using the script Password Reset Remote SSH using Shadow with Prompt
- Added the option to control forwarding host and forwarding port when connecting to SSH tunnels built using SSH Proxy by limiting destination hosts and ports available for the tunnel
- Added forward tunnel option to Transparent Perimeter deployment to limit all communications between remote and master node to the single SSH port
- Added the option to pass login name of the system user launching the remote application on the RDS server to the Auto-IT script launcher using Login_raw parameter
- Added Reason Selection Helper global parameter (disabled by default) in Workflow section to control type ahead and reason selection options on the Access Request form
- Fixed the issue with displaying new master password on the screen when implicitly set through interactive entry in XTAM CLI utility using dash parameter
- Fixed the issue with deleting folders with unique workflows that used to contain objects moved out of this folder
- Fixed the issue with failing Check Status and Password Reset jobs for Unix Hosts with SU with wrong second user password
- Removed type ahead prompt for request reason operations to resolve the issue of database table locking for some databases
- Fixed the issue with incorrect alert reason reported for subscription for events without filter
- Fixed the issue with duplicated record level alerts generated for global subscriptions
- Added extended system logging to troubleshoot RDP Proxy communications with RDS Farms
- Fixed the issue with premature session termination when communicating with RDS farms
back to top
Release 2.3.202012041907 (December 4, 2020)
- Fixed the issue with database transaction locks during approval of multiple requests at the same bulk operation
back to top
Release 2.3.202011292309 (November 29, 2020)
- Added the option to export record types configuration for audit review
- Added Yubikey MFA support for SSH Proxy and RDP Proxy connections
- Optimized user experience for Access Request submission
- Added account management support for Fortigate network devices
- Added account management support for Netscaler network devices
- Added the option for RDP Proxy to launch alternative shell when connecting to RDS server
- Added global parameter Session Clipboard Transfer to control clipboard transfer option to and from WEB Sessions
- Added system property flag xtam.web.version.disable (default false) to disable WEB GUI check for the latest version
- Added the option for a user to select one of top 10 previously used sentences for a reason on the request submission form
- Added type-ahead selection option for a user to enter a reason on the request submission form using previously provided reasons
- Added a global parameter for Default Requested Time to pre-populate access request screen
none
- Fixed the issue with extra system load when processing large number of system events and queued jobs in Fractional ID configuration
- Fixed the issue with mapped drive display name Access Manager in WEB RDP Sessions when connected through the updated WEB Session Manager
- Fixed the issue with deleting old system export based on the retention policies in case of the application home folder contains dash character
back to top
Release 2.3.202011222312 (November 22, 2020)
- Added support for RDS Farms access using native RDP clients through RDP Proxy
- Added Last Connected time as an initially hidden column to the Inventory report
- Fixed the issue with File Transfer Control Parameter does not prevent uploading files in remote Windows Host WEB sessions when using drag and drop method
- Fixed the issue with workflow steps breaking their order after deleting workflow actor from one of the steps
- Fixed the issue with in WEB Session File Browser detecting current user home directory for dynamic users on Unix Hosts
- Fixed the issue with exporting Inventory report in case of certain ACL configurations for some objects
- Fixed the issue with duplicate session termination message for SSH Proxy sessions initiated from Proxy Shell following automatic termination policy based on expired workflow requests, business analytics rules or inactivity timeouts
- Fixed the issue with closing quick view windows when navigating to application host for Remote Application records
- Fixed internal errors when scheduling Tasks Report with large number of records
- Fixed the issue with Blocked command events appear in the Audit Log with a broken hyperlink to the Object
- Fixed the issue with After Expire job triggered by workflow expiration scheduled using workflow initiator instead of the system service to enable using requester placeholder in the after-expire jobs
- Fixed the issue with incorrect link to documentation on Administration / Tokens screen
- Fixed the issue with incorrect link to documentation on Administration / Global Permissions / Grant screen
back to top
Release 2.3.202011152244 (November 15, 2020)
- Added Session Idle Activity Timeout option to terminate sessions with no recent session events
- Added the option for active-active multi-node deployment based on fractional primary key database replication
- Added support to add negative numbers to number fields when editing records
- Added support to establish sessions to Cisco devices with accounts that do not allow switch to enable mode
- Added WEB Session Timeout Audit Log WARN level message
- Added PublishedVersion command line utility command to verify the latest published version of the application by downloading it from the distribution repository
- Added Application Hosts information to the Quick View screen for the Remote Application records
- Fixed the issue with mismatched column titles in exported or scheduled reports
- Fixed the issue with error level reporting of issues of downloading last application version
- Fixed the issue with Incorrect article's link on Job Detail for Record Page
- Fixed the context help balloon for Session Idle Timeout to indicate it is related to WEB Sessions only
- Fixed the issue with duplicated audit log message about session termination because of workflow expiration
- Fixed the issue with double attempt to authenticate a user logging in with wrong credentials to SSH Proxy by disabling REST authentication fallback. The option could be enabled back using system parameter xtam.ssh.proxy.auth.rest=true
back to top
Release 2.3.202011082214 (November 8, 2020)
- Added Documentation and Help Center
- Added the option to search by session channel (RDP, SSHP:Shell, etc) and by session ID to the session report
- Added xtam.ssh.proxy.banner system property to override global system parameter
- Increased the maximum length of system parameters values and choice selection for new installations
- Updated FAQ links on pages title to navigate to the Documentation and Help Center
- Added RDP Proxy support for RDS Farms to FreeRDP-based clients
- Added support for domain accounts in permission elevation and de-elevations scripts: Windows Local Account Permission Elevation Pre(Post)-Access
- Added system property xtam.jobs.SelfCheckStatus as well as Record level Check box field SelfCheckStatus to overwrite system property for individual records to enforce execution of Check Status script by the account on record instead of the shadow account
- Updated application framework to version 15.0.1
- Updated WEB Session Manager and related components to the latest versions
- Fixed the issue with library compliance for PDF rendering
- Fixed the issue with navigation bread-crumbs for the record level Session Events report
- Fixed the issue with updating local user after abandoned attempt to modify the password
- Fixed the issue with incorrect audit log message created during item archiving and restoring preventing navigation from the audit log report to the related record
- Fixed the issue with automatic exports schedule for long running system export processes
- Fixed the issue with auto-detecting account fingerprint after updating node master key
- Fixed the issue with WEB RDP Session disconnecting when elevating privileges (Run as Administrator) using UAC prompt
- Internal: Change frequent periodic debug level logging to trace
- Labs: Added script Check Status Remote Windows by Shadow
back to top
Release 2.3.202011012311 (November 1, 2020)
- Added flexibility to ports and reverse jump hosts selection in complex distributed deployment scenarios
- Added the option to customize SSH Proxy banner
- Added user name based place-holders for dynamic credential resolution
- Added the option to define custom port for remote Native Session Manager in the proximity groups
- Added chained reverse tunnel option for Transparent Perimeter deployments
- Added the option to edit session manager in the proximity group
- Added confirmation message when saving a proximity group
- Fixed the issue with capturing and displaying correct characters from numeric keypad in the session events for WEB and RDP Proxy Sessions
- Fixed the issue with performance logging stop after error in logging
- Changed performance logging delay to 10 minutes
- Fixed the issue with too broad search criteria for switch user password injection limiting the output stream query to switch user and sudo commands prompt only
- Fixed the issue with selective MFA configuration applied to token-based API authentication
- Fixed the issue with specifying non-numeric ports on editing remote session manager in a proximity group
- Fixed the issue with Auditor role reviewing Global Permissions and Global Roles
back to top
Release 2.3.202010252237 (October 25, 2020)
- Added Transparent Perimeter deployment option providing access to closed isolated networks behind firewall based on the reverse tunnel architecture
- Added support for PostgreSQL database account management
- Added the option to specify custom prefix for exported or scheduled reports using global parameter Report Title Prefix
- Added the time-stamp of the data displayed on the Dashboard charts
- Increased the security level of initially generated WEB Session Manager certificate to SHA512 hash with X509v3 format
- Added Port information if overwritten by the user when connecting to remote server to the Create Session audit log message
- Added Host column to the Sessions report to display the host (on record or overwritten by the user) used to establish a session
- Fixed the issue with displaying deployment parameters when installing the application on Linux platforms using users with certain permissions
- Fixed the issue with pie charts on the system Dashboard to display last collected data
- Fixed the issue with different server and client time zones when displaying date labels on Dashboard charts
- Fixed the issue with data collection for Dashboard pie charts displaying top 5 users and records activity
- Fixed the issue with HTTP Proxy handling requests form non-browser clients that do not include HOST header in the HTTP request
- Improved error reporting about failed jobs on the failed jobs details screen to include more error details from nesting exceptions
- Improved error reporting about failed SQL jobs on the failed jobs details screen
- Improved error reporting from the application REST API and on the application WEB GUI to include more error details from nesting exceptions
- Fixed the issue with not System Administrator users to download and schedule email delivery for My Sessions report
- Fixed the issue with title and exported file name of Custom Reports to match the configured custom report name
- Internal: Added AWS CLI signature verification routine
back to top
Release 2.3.202010182206 (October 18, 2020)
- Added context metadata to exported and scheduled reports
- Added the option to export reports in encrypted ZIP format
- Added the the option to filter My Sessions report by sessions initiated by the current user (Scope: Sessions) or by records the current user can connect to (Scope: Records, default)
- Added daily and hourly summary collection execution time in the audit log message
- Added the link to XTAM generated proxy.pac file for the system parameter HTTP Proxy Domains
- Improved performance of su password injection into SSH Proxy stream by analyzing response from up-stream server
- Fixed the issue with records managers can perform bulk update of record types and referenced records for the selected records
- Fixed the issue with prematurely injecting su password into SSH Proxy session stream making it visible on the screen of slow system
- Fixed the issue with Chrome 80+ browsers displaying popup balloon on the 3rd party WEB sites opened through HTTP proxy
- Fixed the issue with position of the Dashboard link in the user profile dropdown menu
- Fixed the issue with API documentation in some deployments
- Labs: Fixed the issue with the RDP remote server file transfer drive name to G on Access manager Two for WEB Session Manager 2 deployments
back to top
Release 2.3.202010112255 (October 11, 2020)
- Added the option to schedule reports email delivery in encrypted ZIP format for both PDF and CSV exports using password provided at the time of subscription
- Added the option to export Audit Log report in encrypted ZIP format using provided password for both PDF and CSV exports
- Added Users Activity chart to the Administrator Dashboard displaying 5 most active users for the last 7 days
- Added Records Activity chart to the Administrator Dashboard displaying 5 most active records for the last 7 days
- Added the option to specify custom delay for SSH Proxy switch user, enable and command password features by reusing system property xtam.session.command.input.wait previously only available for WEB SSH Sessions
- Added the option to save generated credentials in the post-installation file instead of printing them on the screen at the end of the Linux installation
- Added the option to define timeout for SSH job execution channel open in milliseconds following system property xtam.ssh.channel.connect.timeout
- Added error message with the explanations about launching CLI utility from the folder other than $XTAM_HOME to prevent users running it from incorrect locations
- Fixed the issue with disabling Yubikey MFA in case of failure to connect to Yubico services (CAS update is required)
- Fixed the issue with daily rotation of performance log file
- Fixed Order By SQL injection vulnerability issue in the application REST API
- Fixed the issue with the system export
- Fixed the issue with handling errors during session reconnects while recovering previous session recording
- Fixed the issue with commented out development link to QA product distribution site
- Fixed the issue with columns in the reports displaying order control for the columns that could not be used to sort report by
back to top
Release 2.3.202010042300 (October 4, 2020)
- Added Dashboard screen featuring visual representation of aggregated key metrics about assets, sessions, jobs and user activity
- Added the option for SQL password reset execution strategies (including Oracle, MS SQL and Informix ones) to reset password for the user given by CommandUser and CommandPassword credentials on record with Connection field defining connection string to the database
- Added the option for SSH Proxy to prompt user for a dynamic port given by value 0 in the Port field
- Added CLI Utility command RenameGroup to rename ADS groups directly in ADS
- Added the option to specify dynamic user in SSH Command String from the field CommandUser using placeholder {{CommandUser}} in the connection string
- Fixed the issue with selecting alternative WEB Session keyboard layout
- Fixed the issue with database constraint violation when de-duplicating users
- Fixed the issue with backward compatibility of REST API function to get item permissions without global flag specified
- Fixed the issue with password reset on Unix computers for old or new passwords that contain single quote and reversed single quote characters
- Fixed the issue with user remote IP address reported in the audit log for join session event
- Fixed the issue with session owners joining their own sessions
- Fixed the REST API issue with /folder/getVault function generating an exception when called for non-vault object
- Fixed the issue with using user preference instead of global setting when detecting server layout for WEB sessions
- Internal: Added foreign key names for user field of Public Key, Session Join Request and User Key Store tables for easier identification of database constraint violations
back to top
Release 2.3.202009272223 (September 27, 2020)
- Added the option for record viewers to join active WEB Sessions in view-only mode following request approval by session owners
- Added Expanded ACL option for the Inventory report
- Added Server criteria to the Search Center to filter server records with connect option
- Added the reference to specific users removed from a local group to the group membership management Audit Log event
- Added editor and timestamp of permission modification to the Object Access report
- Added report title and report generation date to the exported reports in PDF and CSV formats
- Added initially hidden Approved column to Requests and My Workflows / My Requests reports indicating the time of the request approval
- Added Approved field to the request details screen indicating the time of the request approval
- Added time of approval or rejection of workflow by each approver to the approver list of My Workflows / My requests report
- Updated code signature for Windows interactive installer signed by EV certificate
- Added Join Session control to Record View screen for record Editors, Managers and Owners to simplify session joining
- Fixed the issue with the application starting up when one of the integrated LDAP servers fails connecting (CAS update required for existing deployments)
- Fixed the issue with Approvers column not included in the CSV/PDF export of My Requests report
- Fixed the issue with displaying Record Type for Local Accounts with unselected Record Type for Auto-Import field on the discovery query editing screen
- Fixed the issue with reporting standard groups that are parts of domain controller Administrator group in Windows Privileged Accounts discovery script
- Fixed the issue with Bulk Actions drop down menu displayed under the application status bar on small screens
- Fixed the issue with Query Type selection drop down menu displayed under the application status bar on small screens
- Fixed the issue with Secured-ID format of printing session id in the log when joining or reconnecting to a session
- Fixed the issue with blanket system log message about error parsing WEB session window size
- Fixed the issue with displaying records with long name in the record list
- Fixed the issue with global subscriptions trigger alerts for object level events
- Fixed the issue with excessive audit log events about collecting hourly statistics
- Fixed the issue with executing Unix Remote scripts that contain single quotes as an SU user
- Fixed the issue with SSH su command execution syntax on some operating systems. Introduced parameter xtam.ssh.exec.su.mode to switch from the default (default 1 for su - user -c command and otherwise su -c command - user)
back to top
Release 2.3.202009202248 (September 20, 2020)
- Added calendar style weekly access analytics report to display distribution of sessions during the hours of the day and day of the week
- Added Denmark and Swiss German keyboard layout to WEB RDP Sessions
- Added command line utility command to create new local group (optionally with the initial member) using syntax CreateGroup web group.name group.description [group.member]
- Optimized performance of Tasks Configuration report
- Added support for collecting last successful password update event on the remote assets.
- Added hidden Rotated column to the Inventory report to review password aging data with the red indicator for passwords rotated more than 60 days ago
- Added session last update time to the session reports for Active sessions to monitor session completion logic
- Added hidden Host column to the Inventory report to display hosts on reported records
- Added support to display multi-line description fields in multiple lines on the record view, record list and record quick view
- Updated code signature for Windows PowerShell installer
- Updated Copyright and code signature for Windows interactive installer
- Fixed the issue with the global permission list available to review for global owner using the direct link to the global permissions screen
- Fixed the issue with displaying error message about retrieving permissions inheritance status
- Fixed the issue with creating workflow binding in certain situations after system import
- Fixed the issue with displaying records with long names without spaces on the inventory report
- Fixed the issue with displaying tasks report in the system with large number of records
- Increased the group size for displaying long names without spaces to 50 characters from 20
- Fixed the issue with Inventory report to display folders and records queries
- Fixed the issue with wrong title in bread-crumbs in Job Record Details
- Fixed the issue with caching API authentication for non-remote nodes
back to top
Release 2.3.202009131050 (September 13, 2020)
- Fixed the issue with incorrect detection of failed password reset as successful in SSH with SU password reset strategy
- Fixed the issue with server level permission check when Editor or Manager joining sessions
- Fixed the issue with global owner managing global permissions
back to top
Release 2.3.202009062236 (September 6, 2020)
- Added the option to define custom icon image and color for folders
- Added the option to define custom icon image and color for records of the selected record type
- Added Ephemeral Accounts option to provision temporary account on the destination host just in time for the requested access removing the account after the requested access is expired
- Added just in time permission elevation option to enable account privileges on the destination host for duration of the requested access removing the privileges after the requested access is expired
- Added After Approval task execution policy event to trigger a job to finalize successful request approval
- Added region and duration information to the audit log record about generating AWS STS Temporary token
- Added Windows Host Ephemeral Account record type to simplify creation of windows ephemeral accounts
- Increased expiration time for self-signed during installation SSL certificate to 5 years, changed its metadata version to V3, and added warning message to replace the certificate in the Organization Unit field
- Fixed the issue with refreshing current jobs and last events widgets when navigating to a record view page
- Fixed the issue with refreshing current jobs list after requesting access on the record
- Fixed the issue with incorrect search center query type selection with selected initial query type for Favorites and Shared with Me option
- Fixed the issue with displaying hidden flag of fields on the record type screen as checkboxes
- Fixed system property name confusion by adding xtam.proxy.mfa.disable system property to disable MFA for all proxy authentications to replace deprecated because of poor name selection parameter xtam.ssh.proxy.mfa.disable
- Fixed the issue with test selection using mouse in SSH WEB Session performed from the bottom to the top of the screen
- Fixed the issue with pages looping during initial application access after previously closing the browser without proper logout from the application or in certain other circumstances
- Fixed the issue with occasionally low delay for switch user password entry in SSH sessions
- INTERNAL: Fixed the issue with CAS login stuck on Wait... message on the login button under vary rare circumstances after logging in to the system, closing the browser after login, reopening browser again, navigating to the application and logging in during first 4 seconds. The fix replaces the following file in the CAS deployment: $XTAM/webapps/cas/WEB-INF/classes/templates/fragments/loginform.html
- INTERNAL: Added code comments to ConnectType structure to outline how it maps to the interpretation in operational parts of the application
back to top
Release 2.3.202008302308 (August 30, 2020)
- Added the option to generate temporary Amazon Web Services API access keys
- Added the option to customize Search Center appearance
- Added optional field to display Request Reason to the Record and System Sessions and Session Events reports
- Optimized performance of referenced record selection on record editing and creation screen
- Fixed the issue with WEB Session stability after selecting large amount of text on the Unix terminal using mouse
- Fixed the issue with the full path bread-crumbs navigation on the Record level Audit Log, Sessions, Job History and Change History reports
- Fixed the issue with SSH Proxy connectivity to remote servers under certain network conditions
- Fixed the issue with SSH Proxy connection prompting for empty credentials for records setup with dynamic or pass-through credentials
- Fixed the issue with processing pages with unsupported content encoding in HTTP Proxy
- Added placeholder in the system logging configuration file to simplify troubleshooting of HTTP Proxy
- Added the option to overwrite pass-through credentials by Management / My Profile / Preferences / RDP Proxy Access control
- Internal: Updated AWS SDK to the latest version
- Internal: Updated embedded Groovy scripting language to the latest version.
back to top
Release 2.3.202008232228 (August 23, 2020)
- Added the option to use a record from the vault for account discovery process
- Optimized performance of shadow account selection
- Optimized performance of referenced record selection for discovery queries
- Optimized performance of notification about users joining and leaving active WEB sessions and displaying certificates
- Optimized performance of importing records referencing other records
- Optimized pre-processing performance of importing records from CSV spreadsheet
- Optimized performance of importing records with unique record in folder restriction enabled
- Optimized performance of the system and stability of WEB Session in the networks with broken DNS direct and reversed name lookup
- Fixed the issue with Linux installer allowing to install the application into the subfolder of /tmp folder
- Added more system logging to troubleshoot record import performance
- Fixed the issue with generating pass-through signing key for Federated Sign-in module during the application startup in case the key does not exist in the database
- Fixed the issue with displaying record list with records located in the folders with very long names or very long full path without spaces as well as for records with long names with no spaces
- Fixed the issue with displaying password formula parameters on narrow screen sizes
- Added extended system logging for unknown errors during connecting using SSH Proxy
- Fixed the issue with creating audit log events related to objects with long names
- Fixed the issue with displaying the record name on the record editing screen for records with very long names
- Fixed the issue with displaying very long folder names without spaces in the favorites tab
- Fixed the issue with displaying very long record names without spaces on record task list screen
- Fixed the issue with Federated Sign-In component compatibility with 3-byte Unicode MySQL / MariaDB databases (MySQL 8.x)
- Fixed the issue with slow random number generator on ARM CPUs
- Added ping-pong service for troubleshooting purposes
back to top
Release 2.3.202008162310 (August 16, 2020)
- Added support for network proximity selection in geographically distributed deployments for sessions established using native clients
- Added the option to reset password for the second account of SU records defined with dynamic credentials as a first account in case the dynamic credentials are resolved at the time of the reset execution for pamservice account.
- Added the option to specify expiration day for Administrative Messages
- Added the option to edit existing Administrative Messages
- Added the option for a user to close an administrative message on the Record List screen
- Added the option to specify XTAM Proxy Host for each individual node in the geographically distributed cluster by using system parameter xtam.proxy.host to offer native clients a proxy in a closer proximity
- Added session duration information to the Session Completion audit log event
- Added import file information to the system Import audit log event
- Added audit log message about finishing object import process with the indication of number of records imported, import source type and time to import
- Fixed the issue with system import and export of Administrative Messages
- Fixed the issue with ServiceNow integration compatibility with latest ServiceNow incident completion requirements
- Fixed the issue with editing folders and Vaults from Favorites area
- Added system logging message to monitor timing of mass import, copy and creating of records
- Fixed the issue with job execution caused by jobs without records
- Optimized performance of pre-processing stage of Import from CSV operation
back to top
Release 2.3.202008092318 (August 9, 2020)
- Added the option to display Administrative Messages for all users
- Added support for PPK (PuTTY generated) key format when connecting to remote servers
- Added support for PPK (PuTTY generated) key format when rotating keys on remote servers
- Improved WEB Session Manager security for new deployments by restricting accepted cryptographic protocol to TLS v1.2+
- Improved Local User Directory Services security for new deployments by restricting accepted cryptographic protocol to TLS v1.2+
- Added support for multiple different SSL certificates (based on SHA1 fingerprint) imported into the system keystore using CLI SSLImport command to preserve all certificates added from several servers responding to the same domain name in high availability configuration of destination service
- Added support for multiple SSL certificates imported into the system keystore using SSLImport command from the services listening on different ports of the same server
- Added password reset option for Unix Host with SU records referencing the record with shared SU User and SU Password
- Fixed the issue with re-encrypting selected records with new master password for the deployments with external back-end databases
- Fixed the issue with Windows Logoff Disconnected Sessions script invisible for the system
- Fixed the issue with importing records using CSV file with headers corrupted by leading or trailing spaces or given in case insensitive format
back to top
Release 2.3.202008022311 (August 2, 2020)
- Added the option to open WEB GUI using only WEB application host in the URL string
- Added the option to override email preference for system notifications
- Added the option to manage dynamic credentials for shared assets in personal vaults
- Added customizable SSH URI Handler to launch a native SSH client on Windows and Linux platforms using WEB GUI to connect through system SSH Proxy
- Added customizable RDP URI Handler to launch a native RDP client on Windows and Linux platforms using WEB GUI to connect through system RDP Proxy
- Added certificate expiration date to the information displayed during SSLImport command of command line management utility
- Fixed the issue with requesting extra permissions (tabs) for form filler Browser Extension (Add-On)
- Fixed the issue with corrupted screen layout when displaying records with very long titles that do not contain spaces on record list, quick view, record view screens as well as in bread-crumbs navigation menu including record name
- Fixed the issue with displaying extra empty option on the record edit screens for the drop-down choice fields that include default values
- Fixed the issue with browser auto-complete feature interfering with global parameters editing form
- Fixed the issue with the message wording about license expiration dead line
back to top
Release 2.3.202007262300 (July 26, 2020)
- Added the option to specify default value for record type fields
- Added the option to mark record type field as hidden on record views
- Added the option for item Owner to manage item workflow bindings
- Added the option to define color depth for WEB RDP sessions using Record Type ColorDepth (display name Color Depth, type: Choice, Values: 8,16,24) field
- Added default password formula for WEB portals in new deployments. Current deployments should create password formula by editing and saving password formula for WEB Portal record types
- Fixed the issue with restarting services dependent from each other when executing Password Set or Reset Remote Windows with Service Dependencies scripts
- Fixed the issue with Xton Browser Extension support for backslash character in user or password fields
- Fixed the issue with failure to generate proxy.pac file based on WEB Portal records with empty URL present in some of the records
- Fix the issue with the possibility to create duplicate records by quickly saving new record several times
- Fixed the issue with handling TOTP and YubiKey MFA in proxy and configuration components for the systems deployed with backend database configured with case sensitive table names
- Fixed the issue with editing removed workflow template
- Fixed the issue with sending email notifications caused by intermittent errors from mail server such as throttling
- Fixed the issue with displaying very long record descriptions and host names in the record list
- Internal: Added sample script to update record port field in XTAM Vault
back to top
Release 2.3.202007192320 (July 19, 2020)
- Added the option to import record file attachments using CSV Import
- Improved recording rendering to video formats
- Fixed the issue with recording rendering to video formats in Linux deployments by non-root user
- Fixed the issue with repeated recording rendering to video formats for deployments with recording encryption enabled
- Fixed the issue with potential malicious privilege escalation when attacking WEB Sessions from compromised Windows destination server (CVE-2020-9497, CVE-2020-9498)
- Fixed the issue with selecting dates from the date picker on the access request form and custom times for report filters
- Fixed the issue with validating password for the record that does not have password formula defined
- Fixed the issue with errors on the browser developers console when selecting referenced records
- Fixed the issue with WEB Session reconnect option after long network timeouts
- Fixed the issue with missing date part in the internal user directory system logs
back to top
Release 2.3.202007122310 (July 12, 2020)
- Added the option to approve or reject access requests by using shortcuts in notification email
- Added support for remote applications run on the Windows RDS application host through RDP Proxy using native RDP clients
- Added Windows Logoff Disconnected Sessions script that could be used in After Session trigger to forcefully logoff disconnected but not logged off sessions from Windows computers
- Added the option for AD server administrator used as a shadow account to manage other accounts passwords in multi-AD configuration to reset its own password using record type LDAP Server
- Added the option to enable Federated Sign-In in multi-tenant environment allowing authentication for users from different URLs
- Added the option to define timeout for sending email notifications using property mail.smtp.timeout (default 10sec)
- Added batch timeout to send alert notifications
- Added Sessions group on the Parameters screen to segregate session related parameters from Access group
- Added the option to enforce session and session event recording for assets located in personal vaults
- Added Python example script to connect to XTAM with Federated Sign-In component
- Fixed the issue with installation feedback when installing the application using PowerShell script on slow hosts
- Fixed the issue with the PowerShell installer error reporting about incorrect connection parameters
- Fixed the issue with improper error message when deleting Remote App record type that contains associated records
- Fixed the issue with the proper highlighting of the active menu on the gray skin
- Fixed the issue with the infinite timeout when sending email notifications
- Fixed the issue with blanket large error stack message in the system log about failure to update user NT Key
Release 2.3.202007052258 (July 5, 2020)
- Added command line Windows PowerShell installation script with silent deployment options
- Added the options to generate, reveal and copy password to clipboard when managing user profile for local users
- Added an error message about executing an on-demand job scheduled for the remote node using GUI Run action
- Added detailed feedback about connecting to database in Linux installation script including database type, server and user
- Added detailed feedback about connecting to Active Directory in Linux installation script including LDAP server and user
- Added the option to pass password in base64 encoded form to the system command line utility
- Fixed the issue with error reporting in LDAP job execution strategy
- Improved system logging for LDAP job execution strategy to troubleshoot LDAP jobs
- Fixed the issue with error message and failure to create a history entry after trying to change record Type using Bulk actions
- Fixed the issue with Quick Connect on the record list prompting for MFA token when required
- Fixed the issue with the extra space at the end of the default Radius protocol specification
- Fixed the issue with displaying wrong record fields cached from the old record type after bulk updating record type
- Fixed the issue with prompting for parameters even when they are specified in the silent Linux installation script
- Fixed the issue with generating uninstaller from Linux Installation script run using full path specification
- Fixed the issue with special characters in passwords when performing high trust login to WEB Portals using Chrome or Internet Explorer remote application technology through dedicated Windows RDS server
- Fixed the issue with the error message when MFA fails to save new user or group configuration
- Fixed the issue with exporting very large reports in PDF format
Release 2.3.202006282252 (June 28, 2020)
- Added health-check notification process monitoring the state of various system components
- Added the option to specify custom port and protocol for password reset and job execution for Windows Remote PowerShell strategy
- Added the options to generate, reveal and copy password to clipboard when creating or editing local users
- Added full-path bread-crumbs navigation with multiple link paths to the WEB GUI forms for managing tasks and Access Report
- Added warning notification to the application GUI about the upcoming license expiration
- Added case-insensitive search to Audit Log report
- Fixed the issue with proper display of PowerShell Run as Administrator menu option in WEB Session command control toolbox
- Fixed the issue with WEB Session command control toolbox size to fit all controls in one row
- Fixed the issue with position of controls tooltips on the WEB Session command control toolbox
- Fixed the issue with the object name on the access requests reports for administration requests
- Fixed the issue with object navigation on the My Workflow tabs for administration actions requests
- Fixed the issue with excessive error message about failing to delete old system log files locked by Operating System. Added more information about the reason to fail to delete old log files
- Fixed the issue with invisible tab page titles in the Grey application GUI skin
- Fixed the issue with accessing ghost MFA parameters on the administration settings screen
- Fixed the issue with the audit log message about stopping internal services during the application update to happen before the services termination
- Fixed the occasional issue with restarting central background jobs service after service restart or application update
- Removed the option to automatically import application WEB certificate during application restart on Windows platforms to avoid conflict with anti-virus and end-point protection software as well as with the OS file locking mechanism
- Fixed the issue with extra trailing slash when generating Federated Sign-in prefix parameter during system installation to simplify integration with SAML providers
Release 2.3.202006212300 (June 21, 2020)
- Added Basic Authentication option for HTTP Proxy high-trust login to WEB Portals
- Extended Auditor role to include management review options
- Added the option to transparently reconnect to RDP Proxy session established using native RDP client with MFA code after brief disconnection
- Added the option to define custom keywords for email approvals or access requests
- Added full-path bread-crumbs navigation with multiple link paths to the WEB GUI forms for managing permissions, workflows, task lists, tokens, password formula, command control, local users and groups
- Added the option to hide all passwords on the record change history reports with the option to reveal them one by one
- Added optional User ID column to users report and its export
- Fixed the issue with deleting records with associated file transfer session events
- Fixed the issue with accumulating system load on both browser and server side while browsing WEB GUI viewing multiple records caused by repeated calls to API functions triggered by several sequential record views
- Improved the database transaction logic of processing of session events alerts to address the issue of losing some session event alerts. Added additional system logging to troubleshoot alert generation
- Fixed the issue with disabling background processes by specifying 0 in the pool size node configuration
- Improved RDP Proxy system log messages to troubleshoot connections made using native RDP clients
- Fixed the issue debugging the application in a single-class loader environment
- Fixed the issue with the Office 365 high trust login through HTTP Proxy
- Fixed the issue with breaking MFA and SSL configuration during the application startup and saving WEB GUI forms. Removed Administration / Settings / MFA and SSL upload configuration WEB forms
- Fixed the issue with system administrator view of record type task lists
- Fixed the spelling error in Approve by Email help balloon
- Fixed the issue with blanket system log exception about releasing already released internal lock
- Fixed the issue with duplicated links in bread-crumbs navigation paths on the Record List, Favorites, Personal Vault and Shared with Me views
- Fixed the issue with consistent order of multi-path bread-crumbs navigation on record view screens for items linked to multiple folders
- Fixed the issue with browser console logs errors on the Behavior Profiles list
- Fixed the issue with the option to specify zero duration on the workflow binding create or edit screens
- Fixed the issue with navigating to the folder associated with access request from My Workflows and My Requests lists
Release 2.3.202006162327 (June 16, 2020)
- Fixed the issue with breaking MFA and SSL configuration during the application startup and saving WEB GUI forms
Release 2.3.202006142324 (June 14, 2020)
- Added the option to display Windows Wallpaper in RDP WEB Sessions
- Added the option to display Windows Theme in RDP WEB Sessions
- Added internal system monitoring to review the state of background processes
- Updated application framework to version 14.0.1
- Added support for updating MFA and SSL configuration directly in the properties file to be reflected on the WEB GUI in addition to GUI modifications
- Added Visible Unlock option to display the value of the secret field on the screen right after unlock operation without the need to click Reveal button
- Improved system logging to better troubleshoot the option of file upload during RDP WEB sessions
- Fixed the issue with the Access Report processing groups from external user directories which are members of the local groups
- Fixed the issue with WEB session file upload thread keep running after upload terminated by error
- Fixed the issue with WEB session file upload recovering from occasional corrupted zero-long network packet
- Added information about thread id to asynchronous thread launcher to improve system monitoring using system logs
- Fixed the issue with Quick Launch Play button on the record list generating an error message when a record is checked out
- Fixed the issue with large CAS audit blocking queue processing
Release 2.3.202006081617 (June 8, 2020)
- Fixed the issue with visual appearance, position and disappearance behavior for the context help balloons on the Task List management screen
- Fixed the issue with the SSH Proxy authentication through remote node
- Fixed error reporting about ssh proxy authentication failure
back to top
Release 2.3.202006072218 (June 7, 2020)
- Added support for application deployment on 64-bit ARM platform
- Added support for an alternative LDAP or Active Directory connection to user directory in high availability mode
- Added support for SSH ProxyJump option for SSH Proxy connections
- Added the option to specify key size for the Unix account public key rotation routine
- Added current date, time, time zone, service and application uptime to the performance section of the Management / About screen
- Fixed the issue with reporting disabled Active Directory users in access report and licensing counts
- Fixed the issue with TOTP authentication for SSH Proxy and Workflow requests for users with mismatched upper and lower characters in the user name during authentication
- Fixed the issue with unexpected SSH Proxy Shell termination when re-connecting to different record after disconnect from the previous one
- Fixed the issue with deleting workflow approval email in case of business logic error preventing the workflow to be approved
- Fixed audit logging channel name for SSH Proxy agent forwarding channel
- Improved performance of session manager selection when configured multiple session manager in selected proximity group
- Fixed the issue with rotating Unix account public key protected with password for records of record types inherited from Unix Host with Protected Key record type
- Improved performance of record list, record view and session controller screens by reducing amount of communications with the server from the browser
- Fixed the issue with Sessions label spelling on the application nodes tab in Russian translation
- Fixed the terminology issue replacing Processor with Process in audit, system and syslog log messages
- Fixed the issue with executing password reset strategy for the base reference records with fields marked as transparent by $null value
- Added more details about remote server URI in the troubleshooting debug system messages during HTTP Proxy operation
- Fixed the issue with HTTP Proxy session heart beet feedback processing in case of multiple hidden parameters on the page under management
- Improved file uploads troubleshooting during WEB Sessions by adding more DEBUG level system log messages
- Improved HTTP Proxy session authentication troubleshooting by adding cookie information to DEBUG level system log messages
- Fixed the issue with file upload speed computation in WEB Sessions
- Added support for validation of workflow parameters and improved order of workflow parameters in Administration -> Settings -> Parameters -> Workflows screen
- Added form validation for configured input restrictions on access request screen
- Fixed the issue with blanket error messages in the system log when terminating SSH Proxy login before completing MFA authentication
- Fixed the issue with accessing accounts in connected user directories that have special characters in the login names when processing failed authentication events
- Fixed the issue with processing very large amount of WEB login events collected in the Federated Sign-In cache table
back to top
Release 2.3.202005312314 (May 31, 2020)
- Added support for SSH agent forwarding through high trust SSH Proxy
- Added the option to restrict possible values for requested time and reason on the access request form
- Added the option to configure WEB SSL certificate using WEB GUI
- Added support to generate RDP WEB session key-sequence event in response to mouse click, Function-Keys or Crtl-Keys actions in addition to ENTER-key
- Added alerts notification place-holders: log.ip for the IP address from the audit log, request.ip and request.requestor.ip for the last IP of the workflow requester for Workflow related notifications to track the location of the access requester
- Added -mp MASTER-PASSWORD option to Linux installation script to deploy the new system with the provided master password instead of generated one to simplify deployment of High Availability or recovery nodes
- Fixed the issue with the extra space typed after command entering into Cisco enable mode without the level specified if level was on the record before
- Fixed the issue with proximity group selection during session connection when failed DNS name resolution of the host on record while there are IP-based proximity groups configured
- Fixed the issue with switching to default enable level when connecting to Cisco devices
- Re-factored HTTP Proxy for compatibility with new network product infrastructure
- Added debug and trace system logging messages to troubleshoot HTTP Proxy operation
- Fixed the issue with the multi-hop HTTP Proxy connection to standard HTTP Proxy port
- Added troubleshooting system logging for the proximity group selection (direct or cached) during HTTP Proxy connections
- Fixed the issue with proximity group selection for the non-SSL HTTP Proxy connections
- Fixed the issue with duplicate host display in the break glass recovery Extract command
- Fixed the issue with disabled prompt for credentials parameter in the default RDP launcher template
- Fixed the issue with enforcing access request if required when sharing items from the record list
- Fixed the issue with the horizontal scrolling in Request for Approval list to accommodate narrow screens
- Fixed the issue with Download Remote Desktop File option available for user with Connect and Record permissions
back to top
Release 2.3.202005242314 (May 24, 2020)
- Added the option to re-encrypt existing records with new master password
- Added display of the master password hash on the Management / About screen for system administrators
- Added the option to re-encrypt records encrypted with old master password with the new master password available on the Administration / Settings / Database / Re-Encrypt control
- Fixed the issue with incorrect help link on the Re-Index records progress page
- Fixed the issue with compatibility of the Windows Remote Reset Dependent Services script with Windows hosted system
- Fixed the issue with resource management and session completion when disconnecting head-less high trust SSH tunnel
- Fixed the issue with referencing users in the system integrated with multiple Active Directory servers configured with different account attribute (for example, sAMAccountName vs UserPrincipalName)
- Fixed the issue with request approval by email when reply email contains up to 10 levels of nested parts
- Fixed the issue with request approval by email when reply email contains concatenated plain text attribute-value pairs
- Fixed the issue with request approval by email when reply email contains concatenated HTML text attribute-value pairs
- Fixed the issue with request approval by email when reply email from GMail contains image signatures
- Fixed the issue with incorrect sample password generating using special characters on the Manage Password Formula page
- Fixed the issue with spelling error in the request rejection notification email
- Fixed the issue with the audit log message about saving SMTP and IMAP server configuration
- Fixed the issue with error reporting about the failed request approval by email
back to top
Release 2.3.202005172240 (May 17, 2020)
- Added WEB GUI for MFA configuration
- Added folder-based proximity groups to configure session routing to remote isolated networks based on the folder where records are located
- Added composite proximity groups to configure session routing to remote isolated networks based on complex composite criteria combining vault, IP-range and host mask selection
- Added pagination, search, filter, sort, export and column customization options to Management / My Workflows / My Requests report
- Added information about the actual account executing jobs on the remote computers using PowerShell strategy with the indication of shadow or direct account used and the script or reset nature of the job execution
- Updated version of distributed WEB container to 9.0.34
- Added the option to display and copy SSO JWT Signing Key on the Management / About screen
- Added the option to update SSO JWT Signing Key brought from the other server using Administration / Settings / Parameters / JWT Signing Key parameter
- Added Delete Folder option to delete folder with all nested folders and records inside
- Added support to handle keep-alive requests from openssh server on TCP/IP tunnel connection in SSH Proxy
- Added the option to schedule jobs (such as password reset of check status) for the records configured with dynamic credentials to trigger the job on the records found by the search criteria
- Added error audit log messages about failed import items
- Fixed the issue with the password reset verification results displayed before the password reset results in the job details transcript
- Fixed the issue with updating password for dependent services run by the accounts with mismatched UserPrincipalName and sAMAccountName
- Fixed the issue with updating password for dependent services that have depended services needed to be restarted in the specific order
- Fixed the issue with the successful completion of Windows Remote Reset Dependent Services task on the computers with old Task Scheduler (Windows Server 2003)
- Fixed the issue with successful completion of Windows Remote Reset Dependent Services task on the computers with no IIS installed without displaying blanket error messages
- Fixed the issue with absent Federated Sign-In prefix and name parameters in the default configuration after including Federated Sign-In component into the product installation
- Fixed the issue with enabling session events recording for exec, sftp and scp protocols based on user permissions
- Optimized performance of importing data from CSV file by limiting the number of stored and displayed log messages on the feedback screen
- Added numerical feedback about importing records and folders from CSV spreadsheet
- Fixed the issue with the form-filler interference on the screen defining proximity groups vault and folder setup
- Fixed spelling mistake in the message about mail server configuration verification
- Fixed REST API help for Test SMTP server connectivity function
- Fixed the issue with testing SMTP mail server configuration
- Fixed the issue with multiple attempts required to login to the system in certain network configurations
- Fixed the issue with saving SMTP and IMAP mail server configuration in case of either IMAP or SMTP parameters are not defined
- Fixed the issue with saving SMTP and IMAP mail server configuration in case of previously incorrectly defined parameters
- Internal: Removed system logging message about deleting items
back to top
Release 2.3.202005102258 (May 10, 2020)
- Added support to record file content transferred by scp protocol through SSH Proxy tunnel
- Added support to record input and output streams of commands executed through SSH Proxy tunnel
- Added the option to overwrite fields inherited from referenced records by marking these fields with $null values
- Added connection string to connect to the record using native SSH clients for Unix record view screen to simplify copy and paste command to native clients
- Added the option for integration with load balancer on http-only 8080 port for out of the box deployments including Federated Sign-In (CAS) component
- Updated MySQL driver reference in the configuration to newer class
- Fixed system error reporting when failing to detect next-level RDP Proxy in multi-hop proxy environment
- Improved performance of daily statistic collection by avoiding collecting user count for licenses with unlimited users
- Fixed the issue with the application update stuck in the Updating state after the application restart
- Fixed the issue with the error handling in RDP Proxy login without specifying record search criteria
- Fixed the issue with restored change history record removed from the history
- Fixed Ansible XTAM lookup plugin compatibility with Ansible Tower framework removing http.cookie module dependency
- Fixed the issue with wrong session event delta time displayed for file transfer sessions
- Labs: Added GUI option for MFA providers configuration
back to top
Release 2.3.202005032323 (May 3, 2020)
- Added Ansible lookup plugin accessing XTAM Vault to retrieve sensitive information
- Added report mapping personal and privileged accounts for brokered sessions
- Added the option for Federated Sign-In module to support trusted SSL certificate accessed by incorrect host name
- Added support to automatically import configured application certificate into the application key store during application startup
- Added audit log event about initiating of background processes restart including user and a location of the initiator
- Improved performance of RDP proxy sessions
- Fixed the issue with occasional error 500 (String Index -1 is out of bounds) during user / password login using Federated Sign-in module when the server is installed on certain (CentOS, etc) operating systems
- Fixed the issue with back-end database optimistic lock for audit log event creation transactions
- Fixed the issue with file transfer during recorded RDP Proxy sessions
- Fixed the issue with SSH Proxy sessions remained open after tunneling Execute, SFTP and scp commands
- Fixed the issue with reporting details about Execute and scp commands on the Session Events report
- Fixed the issue with LDAP configuration prompt appearing on the new line in the Linux installer
- Fixed the issue with SAML login audit events displaying too much information for the supplied credentials message
- Fixed the issue with short background process execution as well as with SSH or RDP Proxy connections after restarting background processes using Administration / Settings screen
- Fixed the issue with accessing SSH Proxy functionality after restarting or re-deploying the server caused by reloading Bouncy Castle security provider
- Fixed the issue with the SSH Proxy or WEB Session attempting to connect to the destination record using Private Key or Certificate stored in the record previously even when the current record type does not include these fields
- Internal: Removed WEB login audit log event for basic authentication pending research how to detect login session
- Internal: Disabled database monitoring watch dog pending further research
- Internal: Added optional (default false) xtam.summary.available system property to disable daily available users statistics count to monitor system performance
back to top
Release 2.3.202004262312 (April 26, 2020)
- Added support for continuous long term XTAM Shell sessions
- Added content organization to record types and script libraries
- Added record types groups on the Administration / Record Types screen for better organization of record types library
- Added script groups on the Administration / Scripts screen for better organization of script library
- Improved strength of enabled WEB SSL protocols in the out of the box deployments by locking the available protocols to TLS v1.2 and TLS v1.3 only with related strong only cipher suites
- Improved cipher strength of default self-signed WEB certificate generated during the installation to SHA512 with RSA
- Added support for SHA2-256+ cipher suites for in-browser SSH sessions for Linux-based deployments
- Added performance data to the application about screen for system administrators
- Updated command line help to the Linux install script to include service account command line parameter -user
- Removed debug log level for CAS login events scanning
- Added thread names for application initialization functions to track thread utilization
- Fixed the issue with restarting session event processor using the application GUI
- Optimize performance of in-browser sessions caused by too frequent participants query
- Fixed the issue with re-indexing records referencing a record after the update
- Enabled behavioral analytics rules enforcement in the out of the box deployments
- Added database monitoring watch guard that dumps all threads leaking database connections into the system log after the total number of connections exceeds certain threshold
- Fixed the issue with XTAM Shell command line help for the request command
back to top
Release 2.3.202004210832 (April 21, 2020)
- Fixed the issue with the multi-jump SSH proxy
back to top
Release 2.3.202004192321 (April 19, 2020)
- Added the option to connect to remote servers in isolated networks using native RDP clients through multi-jump RDP Proxy
- Added the option to launch native Microsoft RDP client from the record view screen on Mac OS computers
- Added -user USER parameter to the Linux installation script for the option to install the application run as a provided service account
- Added audit log WEB login event for basic authentication scenarios to track logins to the application GUI including consequent processing of behavioral analytics rules
- Fixed the issue with user display names in the report exports for users without first or last names
- Fixed the issue with SSH Public Key expiration unit of measurement in days
- Improved error feedback about searching users in the LDAP server in case multiple users with the same sAMAccountName found in the user directory
- Fixed the issue with correct termination of temporary background processes during application update or shutdown
- Improved Quick player user experience when playing RDP proxy sessions
- Improved resource management on the remote Job Manager node to close connections in certain situations
- Fixed the issue with installing the system with back end MS SQL Server database including naming instance in the connection string
- Fixed the issue with breadcrumbs on Global Roles shows as System Administrators
- Fixed the issue with non-credential fields updated to reference record value in Edit mode when credentials only is set to true
- Fixed the issue with deleting records configured as Reference Record for Auto-Import in discovery queries
- Fixed the issue with session events processing thread management during application update
- Added system property xtam.ueba.enabled to enable user behavioral analytics enforcement disabled by default
- Increased the the number of attempts in optimistic locking transactions handling
- Internal: Re-factored the logic of provisioning of guest accounts outside of the context generation function
- Labs: Added form-based authentication option for new deployments
- Labs: Added form-based authentication for the remote node connection to the main node
back to top
Release 2.3.202004122320 (April 12, 2020)
- Added support for video recording of sessions established using native RDP clients including quick player and conversion to video format options
- Added Frequent Logins behavioral analytics rule to trigger Block User or Log Audit Event in response to too frequent login to the system
- Added Frequent Failed Authentication behavioral analytics rule to trigger Block User or Log Audit Event in response to too frequent failed login to the system
- Added the option to launch native SSH client from the record view screen on Mac OS computers
- Added the option to verify SMTP server connectivity by direct connection in addition to sending a test email
- Added user, host and shadow indicator to the error message about password reset using PowerShell reset strategy
- Added audit log events about successful and failed login to the system through RDP proxy interface made by native RDP clients
- Fixed the issue with incorrect location of CAS log files in the default deployments
- Fixed the issue with resource management when performing password reset and verification using LDAP strategy
- Fixed the issue with excessive system logging messages about failure to sent email notifications because of not configured mail server
- Fixed the issue with file upload progress bar when uploading empty files using file manager in the in-browser sessions
- Fixed the issue with objects import to the system with backend database configured with optimistic transactions lock mechanism
back to top
Release 2.3.202004052240 (April 5, 2020)
- Added Excessive Activity behavioral analytics rule watching for the total number of any events that happened during a session
- Added Session Duration behavioral analytics rule watching for the long sessions exceeding configured parameter
- Added the option to display rule narratives for the selected user behavior profile on the workflow binding configuration screen
- Added the case insensitive search option to the Inventory report
- Added the option to display authentication type on the system information page
- Added the option to configure IMAP server independently of SMTP server
- Added the option to test IMAP mailbox configuration by connecting the the IMAP server
- Added system information displayed on the Application About screen available for system administrators and auditors
- Fixed the issue with generating folder-level reports as well as searching in the folders with large number of sub-folders
- Fixed the issue with executing jobs using shadow accounts by remote nodes
- Fixed the issue with Auditors subscribing to reports
- Fixed the issue with updating RDP credential cache after resetting master password
- Fixed the issue with Inventory report search with trailing or leading spaces
- Fixed the issue with the behavioral analytics rule triggering when exceeding but not equal to configured threshold
- Removed MySQL specific processing for record creation
- Fixed the issue with terminating import process after encountering critical error during import with one of the imported records
- Fixed the issue with record-level database transaction isolation when importing objects from CSV and XML files
- Fixed the issue with stuck job executions preventing other jobs to run by introducing job execution timeout
- Fixed the issue with displaying mail server password in the audit log when updating Mail Server parameters
- Fixed the issue with displaying audit log information message details when updating mail server parameters
- Fixed the issue with WEB GUI is available after Linux Installation without including WEB GUI included in the component selection
- Fixed the issue with revealing too much information about JWT signing key on the system information page
- Fixed the issue with re-generating Federated Sign-In pass-through credentials encryption certificate upon the application startup in case it exists
- Fixed the issue with After Unlock task policy triggered after session start preventing session complete task policy to trigger after session is completed
- Fixed the issue with updating IMAP configuration without restarting the server
- Added trace system logging for email parsing for workflow auto-approval mechanism to troubleshoot workflow approve-by-email option for different integrated servers
back to top
Release 2.3.202003292209 (March 29, 2020)
- Added support to control file transfer option for RDP or SSH sessions performed using in-browser or native clients globally or for individual records
- Added SSH Public Key management facility including upload or generate auditing, blocking, expiration, reporting
- Added alerts and reports subscription reports displaying subscription information for all system users with the option to search, sort and export the reports as well as to unsubscribe individual subscriptions
- Added Asset Bindings Report to display all users in all groups with the related workflow bindings to the selected asset (folder or record) with the search and export options to simplify analysis of workflow binding configurations
- Added system end-point URL https://host.company.com/xtam/proxy.pac to generate proxy.pac configuration file for the browsers to use to system proxy setting based on the configured global property HTTP Proxy Domains
- Added system end-point URL https://host.company.com/xtam/proxy.pac?portals to generate proxy.pac configuration file for the browsers to use to system proxy setting based created WEB Portal records
- Added the option to disable file transfer option for SSH Proxy sessions
- Added the option to disable file transfer option for RDP Proxy sessions
- Added quick option to copy record ID to the clipboard on the record editing screen
- Added color coding for recently (one minute old) created or edited records in the record list to quickly identify new of updated records
- Fixed the issue with availability of Upload XTAM Tool button on the toolbar of the session with disabled file transfer
- Fixed the issue with saving choice field value in record editing without the leading and trailing spaces given in the choice values of the field definition
- Added system logging to RDP proxy termination logic to troubleshoot proxy shutdown
- Fixed the issue with misplaced HTTP Proxy Password Placeholder parameter on the global parameters screen
- Fixed spelling mistake in the SSH proxy error messages
- Fixed the issue with the button File Transfer is unavailable after session reconnection
- Fixed the issue with ghost recording available for non-interactive SSH Proxy sessions such as file transfers
- Added timing and entity count information to users and groups export feedback
- Added system log message with timing and entity count information about generating and distributing scheduled reports
- Added timeout for scheduled report distribution service removing potential block in collecting summary information and temporary users lock
- Added timing data to the summary data collection process
- Fixed the intermittent issue with failing to create records when importing or copying large number of objects in the system with MySQL or MariaDB backend databases
back to top
Release 2.3.202003222309 (March 22, 2020)
- Added the option for all workflow approvers to terminate (force-checkin) active requests
- Added local user directory URL to the list of system deployment information on Administration / Settings / Database screen
- Added Workflow Design for the selected Workflow Template on the Workflow Binding editing form to display the structure of the selected template when configuring workflow bindings including indications for automatic approval or restrict access workflows
- Fixed the issue with the control alignment for Assign to All Users checkbox on the workflow binding configuration screen
- Fixed concurrency issue with establishing several parallel sessions at the exactly same time using native SSH clients
- Fixed the issue with null displaying for the accounts without first or last name when searching for the accounts on the user selection screen
- Fixed the issue with deleting container after folder-scoped user is deleted
- Fixed the issue with deleting folder-scoped user leaving a ghost artifact behind later preventing deletion of this folder
- Fixed the issue with including referenced records by name or by ID when importing items from CSV file
- Fixed the issue with including referenced records by secure-id when importing records from CSV file
- Fixed the issue with removing user related tokens when deleting local users
- Fixed the issue with deleting folder scoped users and groups when deleting folders
- Fixed with issue with deleting folders or vaults with unique workflows bound to the local folder-scoped user
- Fixed the issue with incorrect record re-indexing in some cases for records referencing other records
- Fixed the issue with locking and populating fields inherited from parent record types on the record editing form when selecting referenced record
- Fixed the issue with re-indexing of large number of records
- Fixed the issue with displaying progress bar on the record type re-index screen for IE browsers
- Fixed the issue with group member of workflow approvers missing Requests for Approval tab on My Workflows screen
- Fixed the issue with the vertical alignment on the request details form for Approvers and Workflow Design fields
- Fixed the issue with attempting to save Local group with no name. Fixed the issue with displaying artifact message when displaying a local group without members
back to top
Release 2.3.202003152317 (March 15, 2020)
- Added quick navigation to record type definition from record view for system administrators
- Added the option to update account password for the account running the system service itself
- Optimized performance of the folder browsing
- Added multi-replication support for system directory services involving 3+ nodes
- Fixed the issue with using Active Directory accounts accessing the system before switch to UserPrincipalName
- Fixed the issue with inheriting record level password formula from the record type for cases when no current formula exists for the record
- Added auto-fix issues with record level formula when re-indexing record type records
- Fixed the issue with inheriting record level formula when changing record record type
- Fixed the issue with the executing IMAP folder check for email based request approval when either mail server or its port are not defined
- Fixed the issue with installing remote system directory services on Linux platforms
back to top
Release 2.3.202003082259 (March 8, 2020)
- Added the option to login to the application using Facebook or Twitter delegated authentication
- Added the option to add a newly created guest user after SSO login to the local group specified by the system parameter xtam.user.guest.group
- Added the option to restrict automated scheduled export to certain time window (such as night or weekends) according to configured Export Time Window global parameter
- Updated WEB Container version for new deployments
- Fixed the issue with granting permissions to a user with legacy login cached before changing user directory configuration to use different authentication property (such as sAMAccountName vs UserPrincipalName)
- Fixed the issue with saving changes in Record with MFA required Workflow
- Fixed the issue with MFA enforcement following SSO/SAML authentication during login to the application WEB GUI
- Fixed the issue with searching by Tasks, Favorites, Formula,Orphaned objects in folders
- Improved system performance when searching in folders and building folder reports
- Improved search query performance when executed in the root folder
- Improved root folder reports performance when executed
- Improved the size of the context help balloons on Administration / Settings / Application Nodes, AD and Syslog configuration screens
- Fixed too aggressive system log message about absent Federated Sign-In (CAS) component to debug log level
- Fixed the issue with Windows Event logging appender configuration preventing startup of background processes by maintaining WEB Container scope of logging libraries when updating the application
- Fixed the issue with reference record updates appearing in the change history report
- Fixed the issue with restoring a record from its history respecting reference record property
- Fixed the issue with Bulk Update Reference Record does not update the record's Change History with this action
- Fixed the issue with password reset and verification in multi-domain Active Directory environment
- Fixed the issue with availability of the Generate Password button when the password field is locked by the reference record
back to top
Release 2.3.202003012228 (March 1, 2020)
- Added the option for request approvers to terminate and check-in approved requests
- Added support to search inside selected vaults or folders in addition to a global search
- Added the option for requesters to terminate approved requests
- Added the option for system administrators to terminate in-progress requests during the approval cycle
- Added account discovery auto-import option to only import local accounts discovered on the end-point server without importing the account of main discovered host. To enable this option, specify empty record type for the host record
- Added LOGIN placeholder to the Prologue mechanism executing specified commands right after session establishment
- Fixed the issue with ghost accounts detected on the Windows end-points during discovery process reported and imported as local users
- Fixed the issue with blanket error reporting in the system log about missing audit resources in deployments with legacy Federated Sign-in (CAS) module
- Improved system error logging about Active Directory password reset issues for troubleshooting purposes
- Internal: added test PS scripts to list local users for WS-Manager testing
- Fixed the issue with Ghostcat vulnerability for new deployments
back to top
Release 2.3.202002231453 (February 23, 2020)
- Added guest account access option when integrating with external user directories through SSO mechanism
- Added SSH Proxy login, logout, MFA and authentication failure audit log events
- Added support to display the fields inherited from the parent record types when editing record type together with the record type own fields to visualize the record edit and view screens
- Added the confirmation prompt including the home folder information before the installation starts on Linux platforms
- Added licensing enforcement on the background Discovery, Job execution and periodic Job Scheduling processes preventing them to start for specific software licenses
- Added audit log events for MFA Policy management
- Fixed the issue with the excessive error logging in the deployment without Federated Sign-in module about login auditing
- Fixed the issue with updating user profile when the browser password filler interferes with the form
- Fixed the spelling mistake in the system log message
- Fixed the issue with detection of the client end point IP address in login, logout and authentication failed event in deployments including load balancer / reversed proxy
- Fixed the issue with reporting client side port number in client IP address of login, logout and authentication failed events
- Fixed the issue with the availability of Cut option in the right drop down menu for individual items on the search result screen
- Fixed the issue with browsers auto-fill is enabled on the mail server configuration form
- Fixed the issue with browsers auto-fill is enabled on the AD configuration form
- Fixed the issue with Record Type field modifications including Confirmation dialogs
- Fixed the issue with the ability to install the application into the /tmp folder on Linux platforms
- Fixed the issue with generating alert for deleted workflow instance
- Fixed memory management and performance issues when processing large job queues
- Fixed memory management and performance issues when scheduling periodic jobs for large record sets with periodic job policies
- Fixed the issue with search on MFA policy configuration screen
- Fixed the issue with excessive system error logging when logging with authenticated user absent from the connected user directories
- Internal: Added extractor for syslog messages
- Internal: Added software version information to the daily usage report
back to top
Release 2.3.202002162247 (February 16, 2020)
- Added login, authentication failure and logout audit log events to track authentication activities
- Added the option to manage Active Directory accounts in multiple forests
- Added the logic to verify password reset in Unix systems by the returned result code
- Added display of Federated Sign-In (CAS) module core configuration parameters (Service, JWT Signing Key, Public Key location and algorithm) on the database configuration page on Administration / Settings screen
- Added more verbose information to the LdapConnect command of Command Line Utility in case of failures
- Fixed the issue with reporting import destination when using SSLImport CLI command
- Fixed the issue with the password verification logic for Switch Users records using Remote Unix connections
- Fixed the issue with error reporting in the import process
- Fixed the issue with including Behavior Profiles in the system export
- Fixed the issue when clipboard event recording when connecting to Windows Server 2012R2
- Fixed the issue with displaying Blocked Global Role status in the users report
back to top
Release 2.3.202002092319 (February 09, 2020)
- Added active behavior analytics component to monitor, log and automate management of suspicious and undesired user activities
- Added support to record clipboard and file transfer events during sessions made using native RDP clients with the option to capture content of transferred files and clipboard
- Added the option to temporarily block users as a quick way to restrict and restore access without modifications in the permission architecture
- Added more details to the Audit Log message about adding or removing Global Roles
- Fixed the issue with narrow visual appearance as well as with disappearing behavior of context help popup on the Grant Permissions screen
- Fixed the issue with the option to temporarily removing user MFA requirement after requesting access to connect or unlock with MFA required
- Fixed the issue with the record view screen for the records a user has no permissions to access displaying generic messages to avoid the option to enumerate records to detect valid IDs
- Remove default logging configuration from the properties file for legacy Federated Sign-In module.
- Fixed the issue with integrating with LDAP servers failing queries involving incorrect attributes
- Fixed the issue with system export on some Windows Server operating systems
- Fixed the issue with generic audit log message about session termination
- Internal: Added default auditing configuration for updated Federated Sign-In module to capture login, failed login and logout events
- Internal: Added default auditing configuration for updated Federated Sign-In module to capture login, failed login and logout events in existing deployment and for external databases support.
back to top
Release 2.3.202002022247 (February 2, 2020)
- Added the option to mass update referenced record for multiple selected records
- Added the option to connect by alias when using native SSH clients
- Added the option to connect to remote Unix end points with native SSH clients using records given by general search including search by name, description and indexed fields
- Added the option to configure mfa-generic MFA provider to support system generated MFA tokens using application WEB GUI for native clients sessions through SSH or RDP Proxy
- Added confirmation prompt before mass updating records
- Fixed the issue with overwriting a field absent in a record type of a referenced record in certain situations of editing a record
- Fixed the issue with displaying correct information about session recording in the session tool bar after reconnecting or joining the session
- Fixed the issue with session completion time increasing after the session is completed under certain circumstances
- Fixed the Execute dropdown button available for archived records
- Fixed the issue with the system feedback about blocked access when scheduling tasks from the record list
- Fixed the issue with mass scheduling a single task for a single selected record
- Improved system export files compatibility with default OS un-compress commands
- Added support for automatic recovery of SSH Proxy session recordings in case the session disconnection happens before the channel disconnection
- Fixed the spelling issue in the system logging feedback about succeeded Proxy authentication
- Fixed the issue with allowing to edit empty fields inherited from the referenced records
- Fixed the issue with mass records updating available for archived records
- Fixed the issue with excessive periodic performance logging in default configuration of Federated Sign-In (CAS) component
- Fixed the issue with duplicated automatic export schedule process run on the nodes with both GUI and Worker components deployed
- Fixed the issue with the repeated error messages about the locked export scheduling process in the system log
- Fixed the issue with the ability to connect through SSH proxy to records without Connect permissions
- Fixed the issue with the availability of generic MFA code generation button on Management / My Profile / Preferences screen for the user with Duo Security MFA provider
- Labs: Added support for clipboard text and file transfer events logging for RDP proxy sessions established using certain client application
back to top
Release 2.3.202001262238 (January 26, 2020)
- Added the option to quickly schedule single or multiple tasks for a selected record from the record list screen
- Added SMS option for non-interactive native clients (RDP, SFTP, etc)
- Added Radius / SMS option to Connect, Unlock, or Edit actions requiring MFA verification as well as for non-interactive native clients (RDP, SFTP, etc)
- Added more details to the context help for the Workflow Binding Duration parameter
- Updated sample Python script to include folder creation function with the example of JSON payload
- Added record count and timing information to the importing and exporting records on the system export and import progress dialogue
- Added progress indicator in number of processed records to export and import process to monitor the progress of each individual entity
- Added export file time stamp, size and number of volumes to the list of system exports
- Fixed the issue with HTTP sessions HAR recordings for certain destinations
- Fixed the issue with alphabetical order of the scripts on the mass execute script selection screen
- Fixed the issue with deleting items created by the legacy version of the software deployed in high availability configuration
- Fixed the issue with context help for bottom workflow binding controls to appear visible on the screen without scrolling the page
- Fixed the issue with displaying full error stack from the system log message about deleting old log files
- Fixed the issue with generating alerts with long reason
- Fixed the issue with importing system export that contains data with restricted XML characters
- Fixed the issue with exporting and importing records or record history data that contain very large objects by introducing pagination for the export procedure
- Fixed the issue with the system export producing too many small files as part of the export process including these files into the main export archives
- Fixed the issue with the system export performance by off-loading large data parts into the external files
- Improved import and export progress screen to include currently processing object to the progress bar
- Fixed the issue with the creating and updating records caused by the browser auto-fill option
- Fixed the typo on export confirmation dialog
- Fixed the issue with the Session chart on the Statistics report labels duration to Minutes
back to top
Release 2.3.202001192249 (January 19, 2020)
- Added the option to auto-import discovered local accounts
- Added search center with the visual query builder
- Added the option to customize local accounts discovery scripts for Windows and Unix computers using Scripts Library
- Added the option to select whether All Accounts or Privileged Accounts to discover on the remote end-points during discovery process
- Added support to use record type defined in the Discovery Query when manually importing discovered hosts or local accounts into the record vault by copying and pasting them from the discovery to the vault
- Added support for continued discovery of the local accounts following repeated discovery query execution
- Added the explicit button to clear and re-execute search
- Added operation progress feedback for the on-demand system export process
- Added initially disabled Radius-related properties to the default configuration file to simplify enabling Radius MFA configuration
- Added the message feedback in response to the records command in SSH Proxy shell about no records found
- Added system property to disable upstream servers certificate validation for HTTP Proxy connections: xtam.proxy.http.trustAllServers=true (default false)
- Added SSH Proxy host and current user information into the Welcome Banner of the SSH Proxy Shell Login
- Fixed the issue with error reporting by RDP Proxy when processing requests from the users unknown to the system to handle password enumeration traffic
- Fixed the issue with error reporting by RDP Proxy when processing malformed requests to handle port scanning traffic
- Fixed the issue with the context help menu on the Discovery Query Editing and Creating screen to close when clicked outside of the help balloon and to have larger and better positioned visual appearance
- Fixed the issue with Linux-based Session Manager available on all network interfaces in the default installation
- Fixed the issue with downloading Remote Desktop File after requesting Connect option protected by MFA
- Internal: Segregated Replication logic into separate service
- Internal: moved replication server logic to an independent servlet based on the JWT authentication instead of user authentication
back to top
Release 2.3.202001122307 (January 12, 2020)
- Added second factor authentication enforcement option for the Connect, Unlock and Edit actions
- Added the option to define starting view as All Records, Shared with Me, Favorites or Personal Vault views globally or individually by users
- Added support for variety of keyboard layouts when connected using native RDP clients
- Added the option to display Referenced Record in an optional column of the Inventory report
- Added support for enabling RDP Proxy access from user profile view to supplement automatic enabling during user connect
- Fixed the issue with inherited password formula does not change after changing record type
- Fixed the issue with existing records with password formula inherited from the wrong record type caused by record type update in the past
- Fixed the issue with handling Active Directory groups and group members with commas in the group names
- Fixed the issue with handling of the unexpected characters in the Active Directory group names
- Fixed the issue with Go to Parent button available on the record list or on the record view for parents the current user does not have permissions to see
- Fixed the issue with displaying parent folders in the record list the current user does not have access to
- Fixed the issue with record and folder access API returning parent folders the caller user does not have permissions to see
- Fixed the issue with closing context help balloons on a mouse click outside of the help balloon as well as increased the size and improved screen position of the context help balloons on the workflow binding screen
- Fixed the issue with the pass-through credentials update enabling the option by default for existing deployments
- Fixed the issue with compatibility of the existing deployments with the latest distribution of Federated Sign-In (CAS) component
- Fixed the issue with redirecting user browser to the application after logging in using Federated Sign-In component terminating with the Successful Login page when starting accessing the system with Federated Sign-In component login page, accessing the system from SSO Service Provider catalog or after some cases of timing out GUI session
- Fixed the issue with the unlocking secret binary field on the quick view form with the option to download the file
- Fixed the issue with command line SSH or RDP proxy connect string processing only numeric or special (push, sms, phone) code as an MFA token
- Added system parameter xtam.proxy.cli.mfa.disabled to disable accepting MFA token in connection string of native tools establishing sessions through SSH and RDP proxies
- Labs: Added initial database agnostic initial and incremental data replication routine between two servers
- Internal: Fixed the issue with debug logging message for the Duo Security Authentication call
back to top
Release 2.3.202001052309 (January 5, 2020)
- Added the option to record RDP Proxy keystroke events for sessions established using native RDP clients
- Added optional source (when available) and destination location to the item Copy, Link and Move audit log records
- Updated Copyright year to 2020 in the application footer, About screen, CLI utility and Linux installation
- Fixed the issue with the availability of the Cut action for the item move operation on the item search screen when the source of the move is not known
- Fixed the issue with Copy Folders operation when pasting a copied folder inside itself
- Fixed the issue with the error message when removing last member from a local group
- Fixed the issue with the button Copy Folders available for records
- Updated Copyright year to 2020 in the Windows installer
back to top
Release 2.3.201912292256 (December 29, 2019)
- Added the option to Download Remote Desktop File for quick just-in-time access to Windows servers through RDP Proxy using native RDP clients
- Optimized performance of the on-demand system and record level Audit Log report
- Fixed the issue with too high frequency of authentication cache hit reporting in the system log under DEBUG level when connecting from remote nodes
back to top
Release 2.3.201912222243 (December 22, 2019)
- Added Radius MFA support for connections made by native SSH or RDP clients
- Added Multi-Factor Authentication support for connections made by non-interactive native SSH, SFTP or RDP clients
- Added system property xtam.item.ref.credential.only (default false) to inherit only User and Password fields when referencing records
- Added bread-crumb navigation to the record edit screen including complete folder path for all linked folders
- Fixed the issue with blanket system log error message about collecting user credentials for the deployments with disabled CAS credentials access
- Fixed the spelling errors and improved semantics in the labels of some system error log messages
- Fixed the issue with rotating catalina.out file
- Fixed the issue with the month displayed in the name of the rotated catalina.out file
- Fixed the issue with the syslog ERROR messages to SEIM system split on multiple messages representing each line of the error stack
back to top
Release 2.3.201912152235 (December 15, 2019)
- Added session risk score providing quick indication of unwanted or suspicious activity on company servers
- Enabled pass-through credentials option and the option to access Windows servers using native RDP clients for the legacy deployments
- Added alert subscription information to the alert reason to track alerts origins
- Updated out-of-the-box deployment of Federated Sign-In (CAS) component to include the options to enable TOTP, Google Authenticator, Duo Security, Radius, Yubikey MFA as well as SAML SSO integration without the need to replace the component after the initial installation
- Added the option to send Space character to the session under command control using /space command or selecting Space button on the command menu
- Fixed the issue with Proxy Server for application updates parameter affecting communications among other system components
- Fixed the issue with requirement to restart the application after changing the Proxy Server parameter for application updates
- Fixed the issue with Global Permission remains granted to uniquely permissioned objects after it is revoked. Fixed the issue with global permissions remaining in some existing uniquely permissioned items in the existing deployments
- Fixed the issue with visually identifying new alerts in the alerts report as well as in the alerts widget in the application toolbar
- Added WEB GUI, Worker and Federated Sign-In (CAS) modules installer for various Linux versions run on ARM 32-bit and ARM 64-bit platforms
back to top
Release 2.3.201912082248 (December 8, 2019)
- Added record search option to all application screens by using top level search bar
- Added My Anonymous Links shortcut to the current user profile context menu to simplify access to Anonymous Links section on the User Profile screen
- Added the option to specify Vault as an import container for the CSV-driven import process
- Added the option to terminate RDP Proxy sessions from the Sessions report
- Added support for pass-through credentials for RDP Proxy sessions
- Added support for dynamic credentials for RDP Proxy sessions
- Added support for just-in-time access request enforcement for RDP Proxy sessions
- Added support to re-inherit absent record task list when re-indexing records for selected record type
- Added support for console output file rotation on Linux platforms
- Added context help for Session RDP Keyboard Layout parameter
- Added context help for RDP Proxy and RDP Proxy Port global parameters
- Improved visual appearance of global parameters and personal preferences context help
- Fixed the issue with user name displayed in information messages about session termination for accounts without first or last name
- Improved remote script execution using PowerShell scripts by repeating operation failed because of connection or execution timeouts
- Fixed the issue with the confirmation message about record re-indexing on the Record Type management screen
- Fixed the issue with the Job History report status filter displaying index for statuses
- Fixed the issue with managing Command Control Policies for deployments with certain versions of PostgreSQL external database
- Fixed the issue with the error message displaying after clicking Connect button on Record List screen when the access to connect is restricted by workflow
- Fixed the issue with system import caused by collected RDP hashes
- Fixed the issue with cross-site scripting token verification for password strength request
- Fixed the issue with the width of top level search bar
- Updated PostgreSQL driver to the latest version
back to top
Release 2.3.201912012240 (December 1, 2019)
- Added RDP Proxy component to enable high trust access to remote Windows devices using native RDP applications
- Added session channel information to the audit log event about creating a new session
- Reorganized Administration / Settings / Parameters screen to segregate Browser Extension as well as Proxy related parameters (HTTP, SSH, RDP proxy) into separate groups
- Fixed the issue with building object or system Access Report when it includes circular groups nested inside each other
- Fixed the issue with reporting incorrect IP address in the audit log report about completing of SSH, RDP or HTTP Proxy session accessed using native clients
back to top
Release 2.3.201911242316 (November 24, 2019)
- Added support to automate management of Windows IIS WEB Containers Application Pool Owner accounts
- Added support to update Windows WEB application pool owner password after resetting the password of the account for domain owners using the out of the box script Windows Remote Reset Dependent Services
- Added support to update Windows WEB application pool owner password after resetting or setting the password of the account for local owners using the out of the box script Windows Remote Reset with Dependencies
- Added information about Computer Name, OS, Framework and WEB Container version hosting the server node to the Administration / Settings / Database page
- Added script code hash to the script editing form to verify script equivalence on different deployments
- Upgraded the version of the out of the box framework and WEB container deployed during new installations
- Fixed the issue with the incorrectly available instant playback option on the system sessions report for HTTP sessions
- Fixed the issue with the Join session menu item available for SSH Proxy sessions
- Upgraded proxy management framework to the latest version
- Fixed the compatibility issue of Caching User Authenticator with WEB Container v 9.0+
- Removed OS and Framework version displayed on the health check page
- Decreased system log message level for second hop proxy detection to trace from debug
- Fixed the issue with the Script editing form could be left unsaved without the warning after restoring script to factory settings without saving the form
back to top
Release 2.3.201911172228 (November 17, 2019)
- Added the option to clear individual user Google Authenticator or Yubikey token from the MFA configuration screen
- Added the option to increase text size in record description field
- Increase text size in record description field for new installations
- Added the option to disable WEB GUI MFA option to keep MFA requirement for SSH Proxy
- Fixed the issue with visible password strength meter bar on the My Profile screen for non-local users
- Fixed the issue with the blanket error message in the log file about scanning embedded security libraries for annotations
- Fixed the issue with conditional list of MFA providers on the individual MFA configuration screen to maintain individual or group settings during provider reconfiguration
- Fixed the issue with dynamic MFA Groovy script compatibility with Federated Sign-In CAS 6.1 component
- Fixed the issue with displaying very long item descriptions in the list of items, record view and record quick view screens
- Internal Code: Fixed the issue with Tomcat dependency when uploading user thumb-nail picture
- Labs: Added Windows and Linux installers to install the latest QA version with JRE 8 and Tomcat 8.0
back to top
Release 2.3.201911102225 (November 10, 2019)
- Added Duo Security as an MFA option for SSH Proxy access using native SSH clients
- Added Quick View option that enables reviewing record fields in the popup dialogue from the item list
- Added the option to copy folder hierarchies with permissions and workflow configuration
- Added the option to export and import local users and groups only
- Added the option to Force Complete terminated session in case it did not terminate and remains in Active state
- Added the option to perform user-based MFA configuration for deployment without Federated Sign-In to support SSH Proxy MFA
- Added Share option to an item drop down menu in the folder browser
- Renamed Record View drop down menu option to Open
- Improved the logic of session completion under system load
- Fixed the issue with restarting Windows services after updating passwords of the associated account to delay before starting the service after stop
- Added system log warnings about no host user or password defined during in-browser session connection to troubleshoot situations with missing information on the application host records
- Fixed the issue with making folder workflow configuration unique for folders that contain All Users bindings
back to top
Release 2.3.201911032222 (November 3, 2019)
- Added the option to stream session events to syslog or SIEM systems
- Updated security library to the latest version
- Fixed the issue with removing Every... to... days value from the policy definition when removing this policy
- Fixed the issue with scheduling multiple tasks following After Session policy
- Fixed the issue with Open API documentation for session information function
- Added *-cbc ciphers to vulnerable list for SSH Proxy configuration
- Fixed the issue with SSH Proxy connecting to the destination host using a private key provided as a field with pasted key value (as in the Unix Host with Private Key record type) as opposed to private key provided as attached files (as in the Unix Host with Key record type)
- Fixed the issue with the HTTP Proxy related parameter display or hide automatically without explicit refresh after enabling or disabling proxy server
- Fixed the issue with creating After Session task execution policy during the system initialization
- Added system log message following failed test of AD connectivity check on the GUI
back to top
Release 2.3.201910272209 (October 27, 2019)
- Added task execution policy to trigger a job after session completion
- Added the GUI option to navigate to the remote application host serving selected remote application record
- Added the option to use non-SSL IMAP port when polling email-based Workflow approval notifications configured by Use TLS property of mail server configuration
- Fixed the issue with RDP session screen resolution rounded to 4 pixels
- Fixed the issue with restoring scripts to factory default automatically respecting future script updates
- Fixed the issue with Windows Remote Reset Depending Services script compatibility with Windows 2008
back to top
Release 2.3.201910202213 (October 20, 2019)
- Added conditional initialization of in-browser sessions to remote computers based on image pattern analysis of session video stream
- Added the option to configure SSH Proxy security algorithms
- Added the option to select specific Key Exchange, Message Authentication Code (MACs) and Cipher algorithms used by SSH Proxy client connection
- Improved security of out of the box deployment of SSH Proxy by removing weak MACs, ciphers and key exchange algorithms from default configuration
- Added entropy-based video stream analysis condition when executing Prologue sequences in the beginning of an in-browser session
- Added visual feedback about the operation of mass lock and unlock local user
- Added certificate subject and alternative subject verification as an optional connection check when configuring connection to Active Directory with LDAPS protocol using CLI ADConnect command run in the verbose mode
- Added certificate subject and alternative subject verification feedback when testing connection to Active Directory using LDAPS protocol in the application GUI
- Added SAML integration with WatchGuard AuthPoint Identity Provider
- Added recommendation message to the system roles screen suggesting to maintain several system administrators
- Added recommendation message to the AD integration screen to update AD integration account password after changes
- Added system log message Prologue Condition check with the actual calculated values to evaluate threshold conditions for entropy-based video stream analysis
- Fixed the issue with recovering data from the system export using CLI utility
back to top
Release 2.3.201910132229 (October 13, 2019)
- Added support for SMS based shared Virtual MFA
- Added support for TOTP based shared Virtual MFA
- Added support for single remote application sessions published on Windows RDS servers including high-trust access, events and session recording
- Added integration with Twilio SMS service
- Added configurable at run-time integration with SMS service providers
- Fixed the issue with failure to connect to records that do not have protocol specification in the URL using HTTP protocol
- Fixed the issue with automatic fallback to direct access in case of failure to establish connection through second HTTP Proxy hop
- Improved system logging about multi-hop connection through HTTP Proxy
- Fixed the issue with small HTTP session timeouts to accommodate slower connections
- Fixed the issue with the item search using search criteria including multiple forward slash characters
- Fixed the issue with the user directory search including the forward slash in the search query
- Fixed the issue with the null value appearing in the user display name for the accounts with undefined first of last names in logs and email notifications
- Fixed the issue with Google Authentication App not available in the initial application deployments
back to top
Release 2.3.201910070936 (October 7, 2019)
- Added support for distributed HTTP Proxy chaining to connect to WEB Portals in isolated networks using IP and host mask rules
- Fixed the issue with in-progress session recording for in-browser sessions remain in the temporary folder for some sessions
- Fixed the issue with session completion preserving session recordings when auto-completing abandoned sessions in multi-node configuration
- Fixed the issue with XSRF token verification for signature keys including leading or trailing white spaces
- Fixed the issue with displaying the list of record types in Internet Explorer browsers when mass updating records
- Internal: Added test driver for generic netty based proxy to research RDP and SQL Proxy development
back to top
Release 2.3.201909292215 (September 29, 2019)
- Added the option to approve or reject access requests by replying to approval notification email
- Added Command Line Interface commands to request connect or unlock access or to check request status
- Added request approval notification email place-holders for requested time, requested from and to times
- Updated default request approval notification email template to include requested time, from and to times when applicable as well as approver name and request ID in the notification body
- Added support to include record type to the record view, unlock and record listing in the SSH Proxy Shell
- Added the option to list non-Unix records in SSH Proxy Shell CLI for consequent view, unlock and access request operations
- Fixed the issue with the error reporting on the sharing items screen
- Fixed the issue with reporting SecureID request number in the email notification about approving the request
- Fixed the issue with the enabled access request option in the case of restricted access default binding configuration
- Improved the option to approve workflow requests by making the Requests for Approval tab first in the My Workflows section
- Fixed the issue with availability of the Requests for Approval tab in the My Workflows section for the users that cannot act as approvers in any workflow template
- Fixed the issue with item related place-holders remaining in the email notification about administrator actions related requests
- Fixed the issue with user login saved as a search string with wild-card characters used to search for the principal in non-Microsoft user directories integrated as a primary user directory
back to top
Release 2.3.201909222223 (September 22, 2019)
- Added support to delegate local users, groups and API tokens management to vault and folder owners
- Added support to MySQL 8.0 as an option for database back-end
- Added support to re-index records based on the record type field configuration using a Reindex button on the Record Type editing screen
- Added support for in-browser sessions displaying in OS level Full Screen using switch on the session toolbar
- Added audit log entry about resetting of MFA token
- Fixed the issue with resetting MFA token for users logged in using account name in different capitalization cases
- Fixed the issue with deleting manually created folders from the application logs directory when cleaning old application logs following log retention policies
- Fixed the issue with too large initial screen size when launching in-browser session in Full Screen mode using Chrome browser on Windows platforms
- Fixed the issue with Portuguese translations to the button tooltips of the in-browser sessions toolbar
- Fixed the issue with language translations for the Show Participants button of the in-browser sessions toolbar
- Fixed the issue with the typo in the Google Authenticator App audit log message
- Fixed the issue with folder level audit log reporting events about this folder itself
- Fixed the issue with Workflow request button not shown when the binding Duration contains a value in absence of default workflow binding
- Fixed the issue with folder level reports displaying data from deep folder hierarchies
- Improved the logic of detection of job execution should be performed by remote node
back to top
Release 2.3.201909152349 (September 15, 2019)
- Added command line SSH Proxy Shell commands to view and to unlock records
- Fixed the issue with GUI console timing out during active in-browser session to remote computer
- Fixed the issue with respecting record permissions while auto–searching records in response to interactive commands in the SSH Proxy shell
- Fixed the issue with using preferred encryption method when saving records
back to top
Release 2.3.201909082220 (September 8, 2019)
- Added support to use Oracle SQL Developer 19 as a remote application shared with high trust login and session recordings
- Added support to import Unix Host with Key, Unix Host with Protected Key and Certificate records from KeePass XML export file for entries that contain file attachment treated as certificate in combination with User Name and Password fields
- Added support for separate parameters to logout from application and disconnect in-browser session after inactivity timeout
- Added the option to allow non-unique records and folders when importing data from third party systems
- Fixed the issue when parsing xtam.http.proxy system parameter value containing spaces
- Improved processing of system properties to include more variations in the values such as lower, upper case and trailing spaces
- Improved the logic of connection close detection in WS-Management protocol
- Improved internal error reporting, resource management, thread termination and interruption when handling unexpected situations
- Fixed the issue with Week Year format used for formatting dates in exported reports, offline and custom reports generation, summary jobs report, HAR format http session recordings, SSH key management
- Fixed the issue with reusing random number generator during the application up time
- Fixed the issue with updating container level encryption utility when updating the application in Linux platforms
- Fixed the issue with backward compatibility of the CLI utility with the legacy deployments
- Fixed the issue with Search bar help icon when using Internet Explorer browsers
- Internal Code Organization: Fixed the issue with using boxed numbers during system export
- Internal Code Organization: Fixed the issue with sharing cached remote access token between multiple threads
- Internal: Fixed the issue with detecting application path when deployed to the container root
- Internal Code Organization: Fixed the issue with comparing with constants in the workflow service. Fixed the issue with internal server errors in case of not found actor and terminating non-existing sessions
- Internal Code: Added hashCode method to USer Directory dictionary
- Internal Code: excluded non-deploy-able drivers from the code analysis. White listed the code analysis error about the unused variables in JavaScript controllers
- Internal Code: White listed the code analysis error about the unused variables in JavaScript controllers
- Internal Code: White listed global pattern utility from code analysis
- Internal Code: fixed the issue with equality compare in the heartbeat handler
- Internal Code: White listed variable reuse and extra semi-columns in code analysis
- Fixed the issue with resource management when listing export files, interrupting export process, recording rendering, updating software registration, importing system data, CLI utility operations, job execution, session management
- Fixed the issue with reporting results of bulk operations for non-existing items
- Fixed the issue with internal application error when deleting non-existing job queue record
- Fixed the issue with alerting users about permissions modifications in case of undefined initial permissions
- Fixed the issue with the internal application errors in case of executing jobs for non-existing tasks
- Fixed the issue with detecting very old scans for summary aggregation, anonymous links expiration, users for de-duplication process, performance log generation schedule
- Fixed the issue with thread termination during application shutdown and updates
- Improved error reporting about failure to delete incompletely processed export file
- Fixed the issue with incorrect completion of operation in case of failure to obtain Azure AD access token in Azure AD client
- Fixed the issue with the server errors when encrypting or decrypting null messages
- Fixed the issue with reporting the absence of the master password
- Fixed the issue with reporting the errors with TLS connections to LDAP
- Improved error reporting about failure to execute PowerShell commands on the remote host
- Fixed the issue with the tag attribute detection in the HTTP proxy for non-compliant attributes
- Fixed the issue with multi-threading operations of HTTP Proxy HAR recording
- Fixed the issue with SSH Proxy connection to the Unix Host record with protected key without the password ever was on the record
- Fixed the issue with detecting empty command control policy enforcement
back to top
Release 2.3.201909012238 (September 1, 2019)
- Added support to store Google Authenticator secret key in a record with the option to generate tokens
- Added support to import selected accounts discovered on the remote Windows and Unix hosts
- Added support for native clipboard transfer using hot keys or menus for Internet Explorer
- Added the option to refresh record view screen once a minute to display currently opened sessions
- Added support to detect, display, select and import OS accounts when discovering Unix computers
- Added feedback screen about importing selected discovered hosts
- Fixed the issue with establishing new session from the record view screen in the Exclusive Sessions mode to perform active session count
- Fixed the issue with discrepancy in the jobs count in the Jobs Summary report and the details summary count of individual jobs
- Fixed the issue with the reporting missing time limit on the workflow binding editing screen
- Fixed the issue with created, modified and last accessed properties for the files uploaded to remote Windows computer during in-browser RDP session
- Fixed the issue with session events recording for sessions established using native SSH clients respect configured permissions
- Improved the logic of periodic audit log archiving to better handle multi-threading
- Improved the logic of periodic system export to better handle multi-threading
- Improved resource management when updating Federated Sign-In component configuration
- Improved the logic of detecting discovered hosts for auto-import
- Improved processing of server side feedback queue to the application GUI
- Fixed the issue with SSH Proxy session losing ongoing recording after the system shutdown, restart of update during session
- Fixed the issue with authorizing the user logged in through external email based SAML Identity Provider to a base Active Directory configured system
- Internal Code Organization: removed duplicate declarations in the application menu builder
- Internal Code Organization: identified false positive error about bitwise operation in client side code
- Internal Code Organization: fixed the issue with extra statement in the columns selector directive
- Internal Code Organization: Added doctype for error HTML pages
- Internal Code Organization: identified false positive error reports about using emphasis tone for icons when using accessibility option
- Internal Code Organization: identified false positive error reports about missing page titles for supportive pages
- Internal Code Organization: identified false positive error reports about automatic database schema updates
- Internal Code Organization: Removed unused ProxyServlet used in development of HTTP Proxy
- Internal Code Organization: removed empty statements in directives declaration
- Internal: added alternative image tag for workflow request checkbox
back to top
Release 2.3.201908252217 (August 25, 2019)
- Added record type Unix Host with Private Key to connect to corresponding accounts
- Added visual feedback screen about system import process
- Added the option for system administrators to access users personal vault from the User report
- Added qualification message to the audit log entries about deleting or unlinking items to include the specific operation (delete or unlink) and the parent folder
- Added the option to provide Unix account private key in a text field instead of the file attachment using the Text field PrivateKey instead of File field Cert
- Added master password verification result into the system import feedback screen
- Added visual indicator with the error message and configured time limit on the access request form when selecting request duration restricted by the access workflow
- Added the option to bypass group membership search for selected integrated user directories by specifying disabled clause in the role search parameter to optimize login performance in case groups from this directory are not used
- Added protection against XML XXE attack during break-glass recovery process using command line utility
- Added protection against XML XXE attack during remote PowerShell script executions
- Improved performance of online Users report display and export when building without slow calculating columns selected: Groups, Roles, Items and Log counts
- Improved application resource management and threads control after logging out from the application deployed using Federated Sign In module
- Improved application resource management and threads control during SSH Proxy sessions established using native SSH clients
- Fixed the issue with password reset of locked accounts using LDAP strategy
- Fixed the issue with HTTP Proxy initialization after failure to create folder chain for the generated certificate
- Fixed the issue with overwriting HTTP Proxy port using locally defined property
- Fixed the issue with reporting verification message about job execution at the end of the job execution status after the application version signature
- Fixed the issue with terminating HTTP Proxy operating in a Worker component during re-deployment or service stop operations
- Fixed the issue with remote SSH Proxy connection recovery for certain error cases
- Fixed the issue with blanket duplicate audit log message about deleting or unlinking folders during mass item delete operation
- Fixed the issue with the label Import Completed
- Fixed the issue with leaving corrupted system export files in case of failed export operation
- Improved system log message about application update failures to troubleshoot application updates
- Improved troubleshooting system log messages to diagnose HTTP Proxy server startup
- Improved the operation of exporting records with large attachments by limiting an export volume size
- Improved performance of Access Request form by implementing asynchronous language translation mechanism
- Improved system logging in binary content streaming service, remote PowerShell code execution, SSH Proxy operations, File Transfer, encryption operations, In-Browser Session services, and utility modules
- Improved the application thread monitoring by naming data import thread for instrumentation identification
- Improved error reporting in the process of updating system configuration across multiple nodes
- Internal code organization: identified false positive reports about password related properties, attributes and place-holders
- Internal code organization: encapsulated unnecessarily visible properties of the internal objects
- Internal code organization: identified false positive reports application test drivers not included in the application build
back to top
Release 2.3.201908182213 (August 18, 2019)
- Added support for rotating password protected public SSH keys
- Added protection against XML XXE attack when importing XML-based data from KeePass, RDCMan and system export
- Fixed the issue with the intermittent initial connection drop when connecting to destination end-point using native SSH clients through remote SSH proxy
- Fixed the issue with user name displaying in Workflow bindings tab of the workflow administration missing the user login
- Fixed the issue with rotating SSH keys for long key size
- Fixed the issue with completing HTTP session in API Authentication module
- Fixed the issue with importing WEB Portal record types from CSV spreadsheets
- Fixed the issue with resetting index with the newly selected indexed fields when changing record types for individual records of in bulk
- Fixed the issue with HTTP Only cookie mark when initializing HTTP Proxy
- Improved error reporting about deleting temporary files during the application update and check for latest version
- Improved error reporting about downloading binary streams
- Improved error reporting about system import and export
- Improved error reporting about generating scheduled reports
- Code organization: Removed dead code in the API authentication module
- Code organization: Capitalize constant for service account
- Code organization: Improved initialization strategy for policy definition storage
- Code organization: Fixed the long data type constant in the anonymous link scheduled deletion mechanism
- Code organization: Improved the logic of folder access by employing more reliable compare mechanism
- Code organization: Fixed the long data type constant in user thumbnail upload logic
- Code organization: Added false-positive markers for hard coded password use detection in password service, public key password, system configuration
back to top
Release 2.3.201908102242 (August 10, 2019)
- Added silent installer for Linux platforms
- Added the option to generate system administrator password during the system installation
- Added a column to Sessions Report displaying a session manager host used to broker a connection
- Added the option to reset blocking administrator actions in workflow bindings using command line utility command DBReleaseLockedAdmins
- Added double warning message about saving workflow binding for administration functions bound to the currently logged in user to prevent system administrators to accidentally block themselves
- Added support for non standard ports when connecting to devices using native clients through remote SSH Proxy
- Fixed the issue with disabled record type password formula editing for vault editions
- Fixed the issue with disabled record level password formula editing for vault editions
- Fixed the issue with enabled Bulk Request permissions in the licenses without enabled Workflows
- Fixed the issue with reporting session manager used to broker the connection using SSH Proxy server
- Fixed the issue with audit logging executed in the same transaction for folder related API functions
- Fixed the issue with failure to process one entry in the computer listing from AD terminated computer listing completely
- Improved system log messages on debug and trace level to troubleshoot listing computers from AD
- Fixed the issue with processing double quotes in certain places of PowerShell scripts
- Fixed the issue with using the double quote characters in the password reset using PowerShell execution strategy
- Fixed the issue with Periodic in range task policy loosing second value when task inheritance broken
- Fixed the issue with Time Window task policy loosing its value when task inheritance broken
- Fixed the issue with Shadow record task policy loosing its value when task inheritance broken
- Fixed the issue with Time Windows is enabled for editing in the task policy inherited from the record types
- Fixed the issue with the field Users displayed without value in Workflows report and binding listings for entries with all users selected
- Fixed the issue with executing multi-line PowerShell commands in the deployment built on Windows platforms
- Fixed the issue with terminating active connections when archiving a record
- Fixed the issue with menu item separator for an empty section visible at the bottom of the drop down menu for the archived records
- Fixed the issue with record list horizontal scrolling on the mobile devices for both portrait and landscape mode
- Fixed the error message about copy to clipboard on the devices without support for clipboard copy
back to top
Release 2.3.201908042210 (August 4, 2019)
- Added visual password strength indicator with recommendations how to improve weaker passwords
- Added support for distributed SSH Proxy chaining serving native SSH clients to connect to devices in isolated networks
- Added the option to restore a record from its change history
- Added system command line management utility command SSLPoke to test validity of the SSL certificate on the provided URL and port
- Added system command line management utility command SSLImport to import a component of the certificate chain exposed by specified host and port to the system keystore or to the staging location
- Added support to display password examples that can be generated with the currently defined password formula on the Password Formula Editor screen with the password strength indicator
- Added logout confirmation window for deployments including Federated Sign-In components
- Added the option to search by record indexed fields to the Inventory report
- Added the option to search by record indexed fields to the Audit Log report
- Fixed the issue with executing generic multi-line PowerShell script using Windows Remote strategy
- Fixed the issue with prompting about lost data when navigating from Password Formula editing form after some modifications
- Fixed the issue with HTTP sessions recording interrupted by the application restart
- Fixed the issue with updating a record with the empty password after non password reset job executed by the remote node
- Fixed the issue with re-connection of remote application node in case of expired or reset connections
- Fixed the issue with pass-through credentials option enabled for the default installations
- Fixed the issue with the application logout using system with Federated Sign-In component deployed to redirect to a login form with the correct service URL
- Improved HTTP Proxy component for multi-threaded operations
- Fixed the issue with reporting changes in binary files or certificates on the record change history report
- Fixed the issue with the field layout on the user profile screen
back to top
Release 2.3.201907282252 (July 28, 2019)
- Added the option to import data from KeePass Password Safe
- Added the option to mass update record type for multiple selected records
- Added the option to filter Inventory report by folders or records only by using search string "folders" or "records"
- Fixed the issue with using Unicode characters in the PowerShell scripts parameters
- Fixed the issue with using Unicode characters when resetting Windows passwords
- Fixed the issue with the incorrect encoding of Unicode text export of system reports in IE browser
- Fixed the issue with using comma in the old or new password during password reset using Cisco remote job execution strategy
- Fixed the issue with using double quote characters in the PowerShell scripts
- Fixed the issue with using double quote characters in the PowerShell scripts parameters
- Fixed the issue with the incorrect link to a trial license download on the message about non activated software
- Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and used application nodes in high availability or remote deployment scenarios
- Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and used remote session manager nodes
- Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed users as compare to the users that can access the system through granted global, object level permissions or roles
- Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and available records
back to top
Release 2.3.201907212231 (July 21, 2019)
- Added support for HTTP(s) traffic recording of high-trust sessions from client side browsers to WEB Portals
- Added the option to distribute large volume of job executions over long time range
- Added the option for case insensitive search in Sessions and Session Events reports
- Added the option to control the command to elevate privilege in SSH/SU session
- Added client IP address of the user created the session as a column to the session report
- Added a WEB Portal category to the pie chart of distribution of records to major record types based on session managers
- Added user directory label to the user information in report exports to PDF and CSV files
- Fixed the issue with time filter on Jobs History and Jobs Summary reports
- Fixed the issue with the initial time filter on the job summary report
- Fixed the issue with displaying session report for sessions with recordings saved into the database
- Fixed the issue with continuous session recording after session reconnect event caused by losing connectivity
- Fixed the issue with the system logging for Removing expired transfers to be on debug level
- Fixed the issue with the system logging for using cached authenticator for remote node connections to be on debug level
- Fixed the issue with reporting error status of non-password reset jobs executed by remote nodes
- Fixed the issue with inheriting workflows from parent folder when purging reused record workflow manager entry
- Fixed the issue with displaying session and job related information on global or item level permissions screen in the Vault only license
- Fixed the issue with displaying session and job related information on grant permissions screen in the Vault only license
- Fixed the issue with displaying session and job related information on Statistics Report screen in the Vault only license
- Fixed the issue with SSH Proxy connection when the server runs on the system with specific (one-part) LANG specification
- Added trace level system logging to troubleshoot Cicso job execution strategy
back to top
Release 2.3.201907142227 (July 14, 2019)
- Added system administrator and user manual
- Added the option to pinch and zoom in-browser sessions on the mobile devices
- Added the option to scroll zoomed screen on the mobile devices using two-fingers scroll operation
- Added the option to zoom-in and zoom-out active in-browser session using plus, minus and restore buttons on the session toolbar
- Added support to create session events for commands accepted by command control restrictions
- Added the option to open in-browser session toolbar with left to right swipe gesture on mobile devices
- Added an audit log event about commands blocked using command control shell in active in-browser sessions
- Fixed the issue with joining a session in Tab starting mode
- Fixed the issue with blanket error message in the browser console when navigating to API token management screen
- Fixed the issue with improper total message of filtered objects on the system parameters, record types, MFA configurations, scripts and custom reports lists
back to top
Release 2.3.201907072217 (July 7, 2019)
- Added visibility to user selection for permissions and workflow configuration
- Added user directory information to the user formatting: Display Name (login) /Directory and for group formatting: Group Name /Directory to visualize the source of the principal in various places of the application
- Added Apply to all Users checkbox to Workflow Binding screen to explicitly designate a workflow to apply to all users
- Optimized performance of import operation
- Added the option to trigger task execution policy for record creation during record import
- Included more fields referencing other objects to auto-generated for custom reports when selecting object
- Fixed the issue with the auditors cannot see custom reports properties when building custom reports
- Fixed the issue with purging Public Key and Report Subscription data storage in the existing databases before the import process
- Fixed the issue with missing Report Subscription configuration to export and import process
- Fixed the issue with the scheduled export process run before the system initialization
- Fixed the issue with excessive authentication attempts by the remote job engine node
- Fixed the issue with the empty list of templates when canceling add or edit binding screen on the workflow management page
- Fixed the issue with extra component in the page breadcrumb on system level add or edit workflow binding screen
- Fixed the issue with the user formatting: Display Name (login) /Directory for users displayed on the record view screen
- Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the permissions list screen
- Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the grant permissions screen
- Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the permissions edit screen
- Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the Global Roles screen
- Fixed the issue with job scheduling for periodic policies with unspecified time range
- Added system logging information about initialization of SSL connector
- Fixed the issue with starting in-browser sessions when failed to detect the load balancer settings
- Fixed the issue with the error reporting about unknown user when checking MFA configuration
- Added system logging information for personal folders de-duplication logic
- Fixed the issue with user de-duplication logic for several system objects
- Fixed the issue with displaying object breadcrumbs for certain locations
back to top
Release 2.3.201906302237 (June 30, 2019)
- Added support to design and generate custom reports with export options
- Added API documentation for alerts and job history scheme models
- Added group by, user, identified by and dual keywords to the syntax highlighting option of the SQL scripts editor
- Fixed the issue with displaying session events for certain events without saved data
- Fixed the issue with creating duplicate personal folders for some users
- Added an automatic logic removing duplicated personal vaults accidentally created by the legacy software
- Fixed the issue with Manager role reported in the PDF and CSV export of Access Report
- Fixed an incidental issue with the user logout from the application deployed with Federated Sign-In component
- Added native system method for both Windows and Unix environments to detect host name in case all previous methods failed
- Added automatic cleanup of system nodes configuration that do not have host name defined
- Improved application host name detection on Linux platforms
- Fixed the issue with syntax highlighting for SQL scripts in the script library
back to top
Release 2.3.201906232230 (June 23, 2019)
- Added support for the application deployment to Linux platforms with updated systemd init manager (v237+) using non-privileged user
- Improved application maintenance by exposing more details about internal threads operations
- Added confirmation screen before revoking item or global permissions
- Added message description for session termination event with IP location of the user duplicating the log IP location
- Added the option to repair internal embedded database for stand-alone deployments to rebuild indexes and compress large tables
- Added the option to mass select and unselect local group members for bulk operations
- Added a sort order for local group members
- Improved the application thread management by switching to short-lived thread pools for job execution, discovery, notification, video rendering and summary processing
- Fixed the issue with exporting very large data from the session event log
- Improved thread management when discovering assets by executing asset discovery in small batches
- Fixed the issue with failure to purge database with existing session file transfer data during import
- Added support to export and import file transfer data during session events
- Fixed the issue with excessive error reporting about loading missing LOB files when importing data
- Fixed the issue with offset in the user count in Reports / User report
- Increased shutdown timeout for Linux deployments to 60 seconds
- Fixed the issue with services setup on Linux systems with updated (2018+) systemd init manager forbidding switch user from the service to the exec script
- Fixed the issue with the Linux uninstall process continue when pressing enter on the uninstall prompt instead of confirming uninstallation
- Increased copyright year on the Linux installation script
- Fixed the issue with page size label on the records browser page
- Fixed the issue with user search box for record owners on the command control assignment page
- Fixed the issue with incorrect error message about deleting assigned command control policy
- Fixed the issue with the header error message about deleting command control policy
- Improved system log messaging about errors importing ADS objects
- Improved procedure of adding members to a group by reducing a number of calls to the local user directory to a single operation adding all users together instead of updating a group with each member one at a time
- Fixed the issue with enabled confirmation button on the user selection screen to update group membership, grant permissions or assign a policy (workflows, etc) when the button is already pressed to prevent multiple trigger of the same operation
- Fixed the issue with displaying Unicode strings in the Sessions Events report for Clipboard transfers and Command executions
- Fixed the issue with the confirmation message about canceling editing Command Control Policy after saving configuration
- Fixed the issue with assigning a Command Control policy to a principal without selecting a policy
- Fixed the issue with disappearing user profile control center in the top left navigation menu
- Fixed the issue with adding multiple members to a local group in parallel using REST API
- Fixed the issue with enabled Remove Members button after triggering remove operation
- Fixed the issue with the error reporting when removing members of a local group
- Internal: Added test framework for custom reports display engine
back to top
Release 2.3.201906162243 (June 16, 2019)
- Added the option to search records with the associated anonymous links using alinks: search criteria
- Added the option to search by event type to the session event report
- Added the option to filter by date to the system session event report
- Added host information display to the list of records in the folder browser
- Added command line utility options to list system administrators, list system users and make a user an administrator all provided current master password
- Added support for the application CLI management utility update during the general application update
- Added version information to the application CLI management utility
- Added an audit log message about summary data collection for aggregation reports
- Fixed the issue with extracting a referenced records when recovering sensitive information from the export files in case of break glass scenario using command line utility
- Updated Telnet Host, CISCO, MS SQL Server and AS/400 record types to be hidden in the initial default installation with the option to enable them using Record Type screen
- Added license enforcement for Jobs, Sessions, Discovery, MFA, API, Workflow and Tenants modules
- Fixed the issue with Linux installer deployed XTAM CLI utility to WEB Container folder
- Fixed the issue with missing log message after deleting individual records or folders
- Improved the logic of identifying users in case of multiple user entries in system tables
- Fixed the issue with REST API function that adds a member to a local group
- Fixed the issue with the function to add a member to a local group adding a random member to a group in case no member is specified
- Fixed the issue with item update and delete operations as well as with making unique permissions for the deployments based on Unix-hosted MySQL databases
- Fixed default sort order for MFA configuration page to Ascending by principal
- Fixed the issue with secured access for HTML templates, Java Script and locale files in the WEB application framework
- Fixed the issue with the application startup on the back-end database with unsynchronized primary key sequence due to incomplete database replication
- Internal: Added new product Vault to the licensing system to enforce vault-only deployment without the options to use sessions, execute jobs, use Workflows, configure API tokens, custom MFA or use discovery
- Internal: Removed MSP-driven Multi-tenant option from the Labs mode replacing it with licensing module Tenants
back to top
Release 2.3.201906092258 (June 9, 2019)
- Added the option to share records or sensitive messages using destructible anonymous links with unique IDs and expiration terms viewable by the users outside of the system
- Added support for file encryption of saved session recordings and transferred files
- Added the option to search recently created system objects using new:day, new:week, new:month, new:hour or new: (defaulted to hour) criteria
- Added the option to decrypt encrypted object using command line utility
- Added tool tips for icon buttons on the record view screen: Subscribe to Alerts, Add and Remove to Favorites
- Added tool tips for icon buttons on the record list screen: Subscribe to Alerts, Add and Remove to Favorites as well as on the Share and Connect buttons for records and folders
- Added Federated Sign-In (CAS) module that includes options to configure multiple MFA providers: Google Auth, Duo, Radius, Yubikey along with LDAP, AD and SAML integration
- Fixed the issue with populating WEB Browser form by browser extension in case when user field is given by email type field without name or id
- Fixed the issue with populating WEB Browser form by browser extension for cases when a delay for the form processing is required when populating password field right after the user field
- Fixed the issue with creating or importing WEB Portal type records (or any records with URL field) when URL is longer then 255 characters
- Fixed the issue with non-ASCII encoded filenames when downloading file from session browser or session events view
- Fixed the issue with non-Latin filenames when downloading file from session browser or session events view using Firefox browsers
- Fixed the issue with spaces in filenames replaced with other characters when downloading file from session browser or session events view
- Fixed the issue preserving correct filenames when downloading file from session browser or session events view using Internet Explorer / Edge browsers
- Fixed the issue with file transfer event not saved when transferring empty files
- Fixed the issue with global auditor ability to download session file transfers
- Fixed the issue with permission-related error in the system log file when processing system alerts
- Fixed the issue with incorrect reported total number of entries in the sessions report for non-global viewer displaying permissions-trimmed sessions list
- Added the option _none_ to the transport security parameter of RDP connections to enable different negotiation algorithm to auto-select transport security during connection
- Moved system log messages about throwing Access and API exceptions to trace level to reduce amount of blanket caught and handled access exceptions
- Improved system debug logging for session recording video conversion
- Fixed the issue with license verification using the framework with modified default keystore type
- Fixed the issue with blanket warning message about missing logging component when running some command line utility command
- Fixed the issue with extracting passwords that contain colon character from system export
- Fixed the issue with extracting passwords that contain double quote character from system export
- Internal: Removed unused deprecated code related to initial folder/record policies and record type/record reset strategies implementations replaced with the multiple tasks/jobs approach
back to top
Release 2.3.201906022218 (June 2, 2019)
- Added interactive application REST API documentation browser in OpenAPI format
- Added support for Mobile Device layout session on-screen keyboard with larger buttons
- Added View button for auditors to review the scripts in a read only mode
- Added the option to search for orphaned records and folders using orphaned: search criteria
- Improved isolation of operations with records and folders shared between multiple simultaneous transactions
- Improved the application business logic related to handling parent folders of records and folders
- Fixed the issue with availability of Reports button on the Saved Searches
- Fixed the issue with folder- and session- level session events report
- Fixed the issue with search on the session events report
- Fixed the issue with Create, Delete and Edit buttons available for Auditors on the Scripts listing screen
- Fixed the issue with the error reporting using referenced record blocked by the workflow requirement when creating or editing records
- Fixed the issue with extra database connection consumption when deleting records
- Fixed the issue with PDF and CSV export of system access report
- Fixed the issue with Found N entries message on the permissions, task list, global roles, MFA and command control screens
- Improved the logic of folder deletion by detaching the folder from its parents in an isolated operation
- Added optimistic locking support for records and folders objects to enable database monitoring of the related entities and prevent simultaneous updates of items from several parallel threads
- Switched system log message about sending report subscription to debug level
- Fixed the issue with reusing items with database attachment in the offline reports
- Fixed the issue with user name or password values contain double quote character in the Chrome and Firefox Form Filler and Broker extensions
- Fixed the issue with file download using IE/11
- Fixed the issue with blanked error message about scanning components in the system log during application startup
- Fixed the issue with deleting item with no permissions from favorites
- Added system logging messages to troubleshoot folder and record deletion or move process resulting to removing an item from its current parent location
- Fixed the issue with the blanket error message when initializing the application after database rebuild
- Internal: Added the option to monitor and enhance database operations performed by the application logic
- Internal: Added OpenAPI documentation for Permissions interface
- Internal: Added OpenAPI documentation for Password (Job Queue) interface
- Internal: Updated Open API documentation about /user/whoami call to include reference to XSRF token
- Internal: Removed mock transaction logic for queries
- Internal: Moved the logic that checks item parents to a separate function
- Internal: Removed deprecated functions related to old job execution before introduction of tasks
back to top
Release 2.3.201905262229 (May 26, 2019)
- Added support for logging content of the files transferred to or from remote servers accessible using File Transfer events of the in-browser or SSH Proxy session events log with the option to define retention policy to keep saved files content
- Added System Access Report accessed from the Global Permissions screen displaying all users that can access any part or the object in the system
- Improved visual appearance and usability of the progress bar on the Instant Player for session recordings
- Updated context help for Session RDP Screen Size parameter to include the MAX/CURRENT option for initial size of the session windows without consequent resize mechanism
- Added the option to execute PowerShell scripts with shadow account place-holders
- Improved visual appearance and usability of record archival status indicator on some monitors
- Fixed the issue with availability of Save Search button on the pre-built saved searches
- Fixed the issue with respecting item-level permissions in the Object Access report
- Fixed the issue with executing domain account password reset scripts with shadow accounts specified in domain\user notations
- Fixed the issue with resetting password of domain account specified using UserPrincipalName using a domain shadow account
- Fixed the issue with an Auditor role visibility of token management controls
- Improved system logging about fallback executions of password reset commands printing results of the original failed executions to troubleshoot password reset issues
- Improved system logging about failures to self-reset password for Windows domain account
- Fixed the issue with reporting Secure-ID item ID on the export of Audit Log report
- Fixed the issue with Linux installation EULA in the offline installer
- Internal: Added OpenAPI comments for operations and parameters for the Application interface
- Internal: Added OpenAPI comments for operations and parameters for the Discovery interface
- Internal: Added OpenAPI comments for operations and parameters for the Directory interface
- Internal: Added OpenAPI comments for operations and parameters for the Summary interface
- Internal: Added OpenAPI comments for operations and parameters for the Audit Log interface
- Internal: Added OpenAPI comments for operations and parameters for the Command Control interface
- Internal: Added OpenAPI comments for operations and parameters for the Configuration interface
- Internal: Added OpenAPI comments for operations and parameters for the Tasks and Scripts interface
- Internal: Added OpenAPI comments for operations and parameters for the Users interface
- Internal: Added OpenAPI comments for operations and parameters for the Stream Events interface
- Internal: Added OpenAPI comments for operations and parameters for the Public Key interface
- Internal: Added OpenAPI comments for operations and parameters for the Record Type interface
- Internal: Added OpenAPI comments for operations and parameters for the Workflow interface
- Internal: Added OpenAPI comments for operations and parameters for the Content interface
- Internal: Added OpenAPI comments for operations and parameters for the File Transfer (Streams) interface
- Internal: Added OpenAPI comments for operations and parameters for the User Preferences interface
- Internal: Added OpenAPI comments for operations and parameters for the Sessions interface
back to top
Release 2.3.201905192222 (May 19, 2019)
- Added the option to archive records to stop job executions, job scheduling, editing and establishing sessions for archived records with the option to restore archived records in their original state
- Added the option to save search queries for the later access using left side navigation menu
- Added the option to chain job executions for a record based on job failure criteria
- Added the option to discover accounts using SSH protocol with password protected keys
- Added the option to display current status of YubiKey token for a user in the Users Report
- Added the option to reset YubiKey token for a user using the Users Report
- Added the option to search for archived records using archived: or arch: search criteria
- Added pre-built saved search queries for common searches such as Windows or Unix Hosts, WEB Portals, records with unique permissions, formulas or task lists, archived records or records accessed using SSH protocol
- Fixed the issue with disappearing progress control when loading large record level audit logs
- Optimized performance o loading large record level audit logs
- Fixed the issue with SMS Passcode integration using Radius protocol for Multi-Factor Authentication purposes
- Optimized performance of in-browser sessions to remote computers by removing heart-beat and session termination detection logic from the main communication channel
- Added alternative name for TrafficIntercepterHints field name as TrafficInterceptorHints to provide hints for SQL recording in SSH tunnels
- Added monitoring and management of stale and abandoned connections to database connection pool for the new installations
- Fixed the issue with the space necessary after ticketing systems integration pattern when submitting access requests
- Fixed context help for system roles on the grant permissions screen
- Fixed the issue with Editor and Manager roles accessing session events and recordings
- Optimized shutdown procedure for internal cache cleanup process
- Fixed the issue with the empty Manage button with no actions is rendered on the record view page for users who do not have any configuration to manage
- Fixed the issue with sorting by principal on the MFA configuration screen
- Fixed the issue with database connection leak and database conflicts when periodic checking for the system export schedule
- Fixed the issue with the marking alerts as read and listing object alerts
- Fixed the issue with the search modifiers without the search criteria causing search errors
- Fixed the issue with permissions search or shared with me query total record count is off by one
- Fixed the issue with positions of the button tooltips on the in-browser session toolbar
- Fixed the issue with incorrect total object count when searching the Inventory Report
- Internal: Added support for documenting the application REST API using OpenAPI 3.0 standard
- Internal: Added OpenAPI annotations for Folder, Record, MFA and Alert services
back to top
Release 2.3.201905122212 (May 12, 2019)
- Added traffic recording option for MySQL and MS SQL Server databases
- Added the option to automatically archive old Audit Log entries based on specified policy
- Added Multi-Factor Authentication option using Radius-based devices that require user authentication with credentials provided during 1st factor stage
- Added the option to provide host information when connecting to remote VNC servers without host on the record
- Updated system Federated Sign-In module to add compatibility with Framework version 11 and improve system logging
- Fixed the issue with exporting Session Events report generated for a selected session
- Fixed the issue with database resource management when processing system alerts
- Added system logging to troubleshoot alert generation
- Optimized the application performance by reducing a number of database connections when processing system message queue
- Optimized the application performance by reducing unnecessary internal copy of records, folders, permissions, alerts and audit log objects
- Optimized the application performance when saving system objects by reducing SQL updates to only modified fields in records and folders entities
- Fixed the issue with reporting globally granted permissions as an item permissions on the item access report
back to top
Release 2.3.201905052219 (May 5, 2019)
- Added support for Multi-Factor Authentication using Yubi Keys
- Added Manager role for object permissions that allows to create, delete and edit objects in addition to the existing permissions carried by the Editor role
- Added the option to combine outputs from multiple jobs executed on different computers to a single text file
- Added the option to specify Time Window for periodic job executions using CRON expressions (including visual CRON expression builder) to task lists that could be defined for all records of a record type or overwritten by individual records
- Added feedback log screen about copying, moving and linking objects
- Added the option to export system or record job history report to text file to collect outputs from multiple jobs possibly executed on different computers
- Fixed the issue with deprecated sorting mechanism for record browsing
- Switched system logging of record custom data to debug from trace level
- Fixed the issue with the memory management when handling keep-alive tunneling in SSH Proxy when accessing remote systems using native SSH clients
- Fixed the issue with preserving all details of the record including its connection to parent folders when handling task execution strategy and task lists
- Fixed the issue with the application data updates performed on the system configured with Oracle backend databases
- Fixed the issue with visibility of bulk copy, cut and delete options available for non-managers of the current folder
- Fixed the issue with visibility of bulk execute action available for non-editors of the current folder
- Fixed the issue with visibility of bulk share, inherit permissions and inherit workflows actions available for non-owners of the current folder
- Fixed the issue with displaying user name with partially defined fields on the job history report
- Fixed the issue with exporting or generating periodic notifications for inventory report
- Fixed the issue with workflow restrictions enforcement when performing REST API copy, move and link operations on individual records
- Fixed the issue with reporting item name during mass copy, move and link operations results
- Fixed the issue with fallback job type display on the job history report export
- Fixed the issue with unclear error message when executing AD password reset jobs failed to find a user or connect to a domain controller
- Fixed the issue with the blanket error message in the system log after mass removing workflow bindings
- Fixed the issue with several cases of Secured-IDs detection
- Fixed the issue with records lists visibility for accounts in Split View and Service global roles
- Fixed the issue with the folder unlink/delete option available for the account with Editor role using system REST API
- Fixed the issue with the vault unlink/delete option available for the account with Manager or Owner roles
- Fixed the issue with the group-based MFA configuration
back to top
Release 2.3.201904282239 (April 28, 2019)
- Added system workflow integration with ServiceNow ticketing system
- Added profile picture support for local users
- Added the option to schedule and execute jobs developed in the internal cross-platform scripting language Groovy
- Updated reports PDF export to generate in landscape format
- Added tracking and displaying of reviewer and reviewed time columns for the sessions rating events on the session report with the option to export data in CSV and PDF formats
- Added node name serving the session to the session creation audit log entry
- Added the options to request Edit access and check request status for the record on the record list screen
- Optimized performance of browsing and searching records and folders on Records View screen by implementing server- and database-level pagination
- Added the option to restart running services dependent on the domain or local account after resetting the account password and updating the services with new password for quick password verification purposes
- Fixed the issue with adding AD user to a local group by cached sAMAccountName search after switching to UserPrincipalName
- Fixed the issue with granting object, global permissions or global roles to accounts that used to access the system but now removed from the local or external user directory
- Fixed the issue with confirming navigation after unsaved changes when switching tabs on the Administration / Settings page to prevent false-positive trigger without the option to continue
- Fixed the issue with confirming navigation after unsaved changes when switching tabs on the Management / My Profile page to prevent false-positive trigger without the option to continue
- Added detailed logging about incorrect cron expression saved in the node configuration
- Fixed the issue with clear item ID reported in the Inventory report when Secure-IDs option is enabled
- Fixed the issue with missing session rating comment in rating audit log events
- Fixed the issue with new keyboard layouts for RDP sessions available in Linux-hosted session manager: English (Great Britain), Spanish, Portuguese (Brazil) and Turkish (using new layouts requires session manager upgrade)
- Fixed the issue with the double backslash in the user name when updating password for dependent services and tasks for domain service accounts
- Switched system logging of record custom data to trace from debug level
- Fixed the issue with too large system logging of records custom data
- Fixed the issue with Edit option available on the list of records in the record actions dropdown menu when the option is blocked by an active workflow
- Fixed the issue with the system log configuration to enable daily rotating system log file for new installations to address the issue with log file rotation on Windows computers
- Fixed the issue with missing Windows Remote Reset Dependent Services script in default installations
- Fixed the issue with dynamic credentials option enforcing permissions of a referenced record
- Fixed the issue with updating Windows services with new account password when encountering services with assigned empty account
- Fixed the issue with uploading SSH keys or other binary files on the record edit screen when using Internet Explorer or Edge browsers
- Fixed the issue with uploading personal SSH Proxy public key on the My Profile screen when using Internet Explorer or Edge browsers
- Fixed the issue with printing troubleshooting message on the browser console when managing report columns
- Added help message about different options for Active Directory integration to the Linux installation script
- Fixed the issue with resetting worker Node Job Queue Time Window configuration when importing system data
- Fixed the issue with failure to import a user or a group preventing the import of the rest of the local user directory when importing system data
back to top
Release 2.3.201904212227 (April 21, 2019)
- Added the option to provide host and user information when connecting to remote servers using native SSH clients
- Added the option to switch application color scheme
- Added the option to bulk request unlock operation
- Added the option to comment session rating with the option to review ratings with comments and export them to printable report
- Added error messages explaining error codes during connection to remote system using in-browser sessions
- Added new keyboard layouts for RDP sessions: English (Great Britain), Spanish, Portuguese (Brazil) and Turkish (using new layouts requires session manager upgrade)
- Added column selector control for Record-level Audit Log report
- Added column selector control to My Alerts view
- Fixed the issue with HTTP Proxy tunneling traffic not linked to an authorized active session
- Fixed the issue with the blanket exception in the system log about displaying currently selected workflow template on the access request form for bulk request operations
- Improved appearance of bulk operations actions menu by hiding Mass Unselect option when nothing is selected and hiding Mass Select and Mass Select Records options when something is selected
- Fixed the issue with multiple file transfer events recording for SFTP transfers initiated using native SSH clients through SSH Proxy
- Fixed the issue with accessing LDAP entries with attributes that have no values
- Fixed the issue when no error reported when sending test email with mis-configured email server settings
- Fixed the issue with the system import
- Fixed the issue with missing column visibility settings in the system export and import
- Fixed the issue in Linux install script with the autostart services on Ubuntu 18 servers with systemd init system
- Fixed audit logging reporting in certain cases of moving and deleting folders
- Fixed the issue with item name reporting for mass delete operation in cases of missing item permissions
- Fixed the issue with the column selection on the Management->My Sessions view
- Fixed the issue with root folder detection mechanism in cases with orphaned folders
- Fixed the issue with prompt for host and user when connecting to a record Unix Host with user switch option without a user or a host field defined in in-browser session connect
- Fixed the issue with the form exit confirmation message after new password generated on the record editing form
- Fixed the issue with column selector column initialization to enable the option to hide columns in default configuration
- Fixed the issue with displaying secured session ID in the exported session reports when Secure-IDs option is enabled
- Fixed the issue with displaying secured request ID in the exported requests reports when Secure-IDs option is enabled
- Fixed the issue with the displaying the star rating on My Sessions view
back to top
Release 2.3.201904142223 (April 14, 2019)
- Added dynamic column selection option to customize system reports
- Added support for keep-alive request forwarding in SSH Proxy for the connections established by native SSH clients
- Added the option to navigate to the record when clicking on the object link in the object session specific events report
- Added the option to delete records linked to multiple parents from the search results screen
- Added the option to execute scheduled jobs on-demand using record jobs schedule report for the non-admin user with the execute permissions for the record
- Added extended audit log event message about using overwrite or dynamic credentials when connecting to records using in-browser sessions
- Fixed the issue with Right-Control key operations during in-browser SSH sessions
- Improved processing of session completion events by recovering from failed operations to archive recording in cases they are recoverable (for example, failure to delete original active recording after archiving)
- Fixed the issue with the blanket error message in the system log when creating every RDP sessions caused by logging a file listing operation before the session is created
- Improved periodic task scheduling error reporting mechanism by logging complete error stack to the exception about scheduling tasks into the system log
- Fixed the issue with misspelled error message about deleting a folder with multiple parents from the search results
- Improved the logic of deleting unique workflow bindings when deleting records
- Fixed the issue with session reconnect metadata available only for record owners
- Fixed the issue with forcing AD queries for recursing group membership search
- Fixed the issue with forcing AD queries for group search
- Fixed the issue with granting item or global permissions to multiple users or groups in one operation
- Fixed the issue with displaying error when testing AD integration
- Fixed the issue with the internal object lock when checking for automatic export process
- Improved error reporting about failure to access users groups in the user report
- Fixed the issue with processing local groups with duplicated cn attributes in the LDAP user directory
- Fixed the issue with processing and reporting errors in the Windows password update script for service and tasks dependencies
- Removed blanket session connect audit log message always recorded after session creation event
- Fixed the issue when a user without Unlock (but with Execute) role can navigate to the password reset screen to specify new password for the password reset job
- Fixed the issue with clearing the search field on the Grant access screen using x button
- Fixed the issue with generating new passwords when creating new records of the type with no formula defined by using default local user password formula
- Fixed the issue with generating new SSH public key for key-based native applications access
- Fixed the issue with HTTP Proxy tunneling traffic originated from non-authorized sources
- Internal: updated RDP server layout choice with GB, Turkey, Spanish and Portuguese keyboard layouts. The update is disabled pending session manager support update
back to top
Release 2.3.201904072223 (April 7, 2019)
- Added Microsoft Active Directory password self-reset script run without the use of the main integration or a shadow account using the existing password
- Added the option to set MS Active Directory account password using a shadow account instead of default use of an AD integration account
- Added check status option for MS AD User accounts executed using shadow AD user records
- Added the option to verify auto-imported records matching the actual host name of the discovered computer with the DNS name of the host retrieved from AD query based on the Auto-Import Name Check parameter in the AD Discovery Queries
- Added details about failed discovery including failure to connect or failure to resolve name during PowerShell or SSH discovery process displayed by the discovered hosts report
- Added scrollable record types selector with filter option on the Add New Record buttons on the records list toolbar and on the empty folder view as well as on the change record type control on the record editing screen
- Added confirmation message about losing changes in the form fields when canceling editing or navigating out of the following objects creation or editing screens: Command Control, Settings (node configuration, session manager group, license activation, parameters, mail server, AD and syslog integration), management profile and preferences.
- Added confirmation message about deleting a session manager proximity group
- Added refresh button to Administration / Settings / mail server configuration screen to cancel changes
- Added Executed By signature including user name, node name, node type and the application version to each job execution result details
- Added password verification method to connecting to the destination services for test possibly failed password reset attempt in MS Active Directory
- Added verbose script result from AD/LDAP script execution strategy to indicate the exact logic of the password reset or validation used during the job execution
- Fixed the issue with displaying Tasks Report in sub-folders
- Fixed the issue with the daily rolling file appender extra unused max file size and backup index parameters in the default installation
- Fixed the issue with using Unix and Windows Console Strategies
- Fixed the issue with missing record column to the exported discovery host report
- Fixed the message about error deleting a folder that contains items
- Fixed the issue with renewing cross-site scripting token during continuous operation of remote worker nodes
- Fixed the issue with search by template on the workflow report
- Fixed the issue with creating duplicate users in the user cache table sometimes causing lost user permissions
- Fixed the issue with missing record types in the change record type selector when editing record second time after editing and saving a record when changing its record type
- Fixed the password verification routine messages to indicate the method of password verification
- Fixed the issue with missing Add to Favorites icon on the folder listing
- Fixed the issue with displaying informative error message when failure to create or update local user
- Internal: Updated version of UI Bootstrap library to 2.5.0 to prevent navigation from unsaved form in tab
back to top
Release 2.3.201903312230 (March 31, 2019)
- Added system-, vault- and folder- level Tasks Report displaying records with the associated tasks, their policies, shadow accounts and the task list inheritance status from the correspondent record type
- Added the option to access the system using Microsoft Azure AD (Office 365) authentication
- Added separate configuration idle timeout parameter for SSH Proxy for the sessions established using native SSH clients with the option to disable SSH Proxy sessions idle timeout
- Added confirmation message about losing changes in the form fields when canceling editing or navigating out of the following objects creation or editing screens: Local Users, Local Groups, updating or creating Records, Discovery Query, Script, Record Type, Field, Workflow Template, Workflow Binding
- Added system log messages about HTTP Proxy start including its listening port
- Added the option to map Identity Provider user domain to the system user domain after SAML-based authentication using system parameter xtam.saml.upn.adjust=@domain.com
- Fixed the issue with break-glass command line utility Extract option to support record search by Secured-IDs
- Fixed the issue with the available application GUI for the unknown user by forcing the logout process in the situation when the user is authenticated but could not be found by user directory integration queries
- Fixed the issue with interactive or automated SSH Proxy connections established using native SSH clients remain connected to the destination server after session disconnect
back to top
Release 2.3.201903242218 (March 24, 2019)
- Added support for controlling font smoothing option for RDP sessions. Use System Preference Session RDP Font Smoothing or record type field named FontSmoothing for record level control
- Added support for Windows Task Scheduler updates after resetting passwords for local or domain accounts
- Added Check Status job for LDAP and Active Directory records
- Added Session Clipboard Hotkeys preference to optionally enable Ctrl-C/Ctrl-V (Cmd-C/Cmd-V) hotkeys for in-browser sessions clipboard
- Added default system export configuration as a daily automatic export with a weekly retention time
- Added current user information to the system and task logging of the PowerShell script execution strategy
- Added the option to enable application performance logging for troubleshooting purposes. Use system parameter xtam.perflog.enabled=true to enable performance logging
- Added the option to enable application system environments logging for troubleshooting purposes. Use system parameter xtam.perflog.dump_attributes=true to enable performance logging
- Added remote worker node name to the audit log entries generated by this node
- Fixed the issue with the error reporting including a user and a host about failure to verify host name when executing PowerShell command on a remote computer
- Fixed the issue with the sorting user report by the last activity time displaying users without the activity on the bottom of the report
- Fixed the issue with operations of an isolated remote worker node deployed without GUI module
- Fixed the issue with accidental session reconnection, lost session recording and application instability issues in certain data and operational situations
- Fixed the issue with creating audit log entries related to specific records from remote worker node set up with Secure-IDs enabled
- Fixed the issue with time zone difference when reporting current time for the remote worker node on the Node Configuration screen
- Fixed the issue with completing message queue requests such as application download and update from the remote worker node
- Fixed the issue with remote worker node operations with Secure-IDs option enabled on both remote and main nodes
- Fixed the issue with naming First Activity field on the Users report to better reflect its meaning in the system
- Fixed the issue with inheriting binary files such as SSH keys from referenced records
- Switched log level of troubleshooting messages from CAS MFA detection script to debug
- Fixed the issue with the node state, version and downloaded version reporting from the remote worker node
- Labs: Added the option to overwrite remote node name with the one given by parameter xtam.remote.node
- Internal: Fixed the issue with POST requests from the remote worker node
- Internal: Added the option (currently disabled) to use client side IP address in MFA decision process
- Internal: added the option to use real client IP address in the CAS IP-based logic instead of IP of the reversed proxy
back to top
Release 2.3.201903172234 (March 17, 2019)
- Added the option to auto-unlock locked screen in VNC sessions with the password on-record
- Added support for scheduled report notifications for individual users My Sessions View report
- Added the option to filter scripts on the Script Library screen
- Added the option to filter record types on the Record Types management screen
- Added information about current host, current time, OS, OS version and the framework version to the application health check page
- Added the option to filter Requests Report by the status of the request (Approved, Rejected, Completed or Active)
- Added the option to search records using multiple comma separated session managers criteria
- Added configuration property (xtam.session.command.input.wait) in milliseconds to control delay before password input in privileged sessions.
- Added support for reporting node IP address and node name as an audit log IP and Object on the Audit Log report for background activities
- Added the option to specify {ENTER} as a key in the key-sequence Prologue combination sent to the channel during in-browser connections
- Added the option to define VNC Host password in VNCPassword parameter to enable referencing unlock user password or the OS user from the other record
- Added the option to specify placeholders for {PASSWORD}, {USER} and {VNCPASSWORD} in the Prologue key-sequence sent to the destination server in the beginning of the in-browser connection
- Added context help links to help pages on the Script Library screen, Record and Record Type Task Manager screen as well as to Task Execution Policy screen
- Fixed the issue with HTTP(s) Proxy popup balloon indicator when browsing using IE 11 browser
- Fixed the issue with displaying records with SSH/SU session manager in the list of records in the SSH Proxy Shell
- Fixed the issue with null session manager host reported for HTTP(s) Proxy connections
- Fixed the issue with displaying request related sessions
- Improved performance of in-browser sessions by disposing executed and unused filters
- Improved performance of in-browser remote application sessions by disposing executed script injectors
- Fixed the issue with intercepting Unix privilege elevation mechanism by disabling user input while performing privilege elevation
- Fixed the issue with the possibility to return back to the unprivileged session when connecting to Unix shells using privilege elevation
- Improved the troubleshooting logging for remote applications stream injectors
- Fixed the issue with the changing user permissions when sending report subscriptions
- Fixed the issue with password generation function when creating new records
- Fixed the issue when SSH Proxy session failing to close when using tunnels
- Improved performance of user authenticating in SSH Proxy by enabling caching mechanism for user DN detection
- Fixed the issue with inheriting password formula from the record type to a record without the formula defined
- Fixed the issue with generating pass-phrase for the records of the record type Unix Host with Protected Key
- Fixed the issue with split-view secret segregation should apply to any secret string field
- Fixed the issue with a user without a system administrator or an auditor global role accessing System Settings, Discovery, Scripts, Local Users and Groups and Record Type pages with their controls using URLs in the browser even without the ability to see or change data
back to top
Release 2.3.201903102229 (March 10, 2019)
- Added support to report tunnel parameters when establishing SSH tunnels through SSH proxy
- Improved a file name convention of a generated scheduled reports by adding a date to the report name to resolve caching issues with some of the email clients
- Added support for item.* related placeholders for scheduled report notification templates. Added support for the following placeholders: {{item.name}}, {{item.description}}, {{item.type}} (Record, Folder, System), {{item.url}}, {{item.id}}
- Fixed the issue with displaying workflow report if accessed first after the browser refresh
- Improved portability of Linux installation procedure by eliminating dependency from realpath application, removing incompatible parameters from df command, resolving assumption of the path to /sbin and introducing an explicit check for pidof command
- Fixed the issue with reconnecting to a joined session
- Fixed the issue with terminating SSH Proxy tunnel sessions using GUI or request expiration process
- Fixed the issue with links to records and folders in the alert notification templates
- Fixed the issue with using object IDs in the alert notification templates in situations with Secure-IDs enabled
- Fixed the issue with enforcement of currently set permissions when sending scheduled reports based on the report subscription
back to top
Release 2.3.201903040842 (March 4, 2019)
- Added the option to subscribe to system, vault-, folder- or record-level reports with specified filter criteria to receive daily, weekly or monthly reports as PDF or CSV file attachment
- Added the option to mass share multiple items with selected users or groups
- Added support for temporary local accounts with the account expiration time after which the system locks the account
- Added the option for vault and folder owners to view vault reports without system-wide Auditor role
- Added support for dropdown parameters in custom scripts given in the form of $${Parameter:Value1,Value2,Value3} placeholder
- Added the option to use an Auto-Deny workflow template in a duration-based binding as a fall-back mechanism for long time requests
- Added information about session manager selected for a specific session to the audit and the system logs
- Added the fixed size option for RDP sessions to initially re-size to fill the complete browser screen instead of using the specified dimensions by defining empty Session RDP Screen Size preference with Fixed Session RDP Resize Method
- Added the option to search Job History report by job execution type (Periodic, etc) for both system-wide and record-scoped reports
- Fixed the issue with short expiration time for the newly generated HTTPS Proxy certificate
- Fixed the issue with detecting successful connection in in-browser sessions in certain network situations
- Fixed the issue with recording in-browser sessions in certain network situations
- Fixed the issue with using Vault-based proximity groups selection for Session Manager groups configuration in Secure-IDs enabled deployment
- Fixed the issue with the Java helper file missing in the Remote Application host distribution package
- Fixed the issue with searching records with square brackets in the search criteria in the deployments with MS SQL Server as a back end database
- Fixed the issue with navigating to parent folder using screen breadcrumbs navigation from the vault- or folder-scoped Requests Report
- Fixed the issue with navigating to parent folder using screen breadcrumbs navigation from the vault- or folder-scoped Inventory Report
- Fixed the issue with displaying vault- or folder-scoped session report with enabled Secure-IDs
- Fixed the issue with simultaneous execution of password reset jobs for an account and for its shadow account causing conflicts by executing queued jobs for accounts without shadow first
back to top
Release 2.3.201902242229 (February 24, 2019)
- Added Secure-IDs option to hash internal object IDs in both GUI and API interfaces to prevent an external observer to enumerate or scan system objects by IDs
- Enabled Secure-IDs as a default option for new deployments
- Added Secure-IDs option for existing deployments
- Added context help for FAQ to the Object Access Report
- Added placeholders for log level of various system components for the new deployments to simplify enabling troubleshooting logging
- Fixed the issue with new record type creating with tasks list enabled to simplify further management of tasks for the newly created records of this record type
- Fixed the issue with connecting to local directory services from command line tool using non-standard LDAP port
- Fixed the issue with the blanket message in the system log about scanning some infrastructure libraries for annotations on some operating systems
- Fixed the issue with loosing web-sockets request when establishing sessions with configured web-sockets enabled after screen refresh on the record view
- Fixed the issue with the empty element on object access report breadcrumb navigation for the root folder
- Fixed the issue with sending an authentication token as an URL query parameter instead of request header when authenticating Remote Worker process
- Fixed the issue with supporting cross-site scripting token for Remote Worker node
- Fixed the issue with remote worker communicating with the server without Secured-IDs enabled
- Fixed the issue with the remote worker node communication with the master vault node when both nodes set up with Secured-IDs option
- Fixed the issue with creating or modifying data in the main vault from the Remote Worker process
- Fixed the issue with remote execution of non-password reset jobs using Remote Worker process
- Fixed the issue with the blanket error on developers console about workflows when opening a local group editing screen
- Fixed the issue with the displaying local group update errors on the GUI screen
- Fixed the issue with the incorrect error message feedback about failing to create local groups
- Fixed the issue with loosing privileges granted to a group by group members after renaming a local group until the server restart by resetting the internal LDAP cache after the group rename
- Fixed the issue with creating a new local group using the old name of just renamed local group
- Fixed the issue with renaming local groups by changing letter case (upper or lower) of the group name
- Fixed the pagination issue for consequent pages when accessing job queue from the Remote Worker process run with enabled Secured-IDs option
- Improved the error handling during the WEB application startup after re-deployment, application update or regular start
- Fixed the issue with discovery query invalidates host connection status using second account on the query definition right after successful discovery with the first account
- Fixed the issue with the password reset verification for Windows computers using PowerShell method by attempting to login to a remote computer using new password even in cases when the previously executed password reset fails with certain false negative messages.
- Fixed the issue with availability of discovered Windows artifacts during auto-import of first time discovered endpoints for artifact filtering option
- Fixed the issue with the main vault job execution process executes jobs tagged for remote workers service accounts
- Fixed the issue with the error reporting on the WEB GUI when removing users or groups from the Global Roles
- Fixed the issue with transactional consistency of discovering, creating, providing feedback to a discovery process and triggering the policy event for a discovered record auto-import process
- Fixed the issue with discovery host duplication during Active Directory discovery process
back to top
Release 2.3.201902172217 (February 17, 2019)
- Added Object Access report displaying the list of all users who have access to the selected object with the list of access level (global role, global permission or an object ALC) and an access path through the local or external user directory group available on the object permissions screen and as a drill down option on the inventory report
- Added SSH Proxy dynamic credentials support for the native SSH clients allowing to use different privileged credentials configured for different users
- Added SSH Proxy pass-through credentials support for the native SSH clients allowing to use current user credentials when accessing the remote system
- Added support to connect using a record name or a host name to the SSH Proxy Shell connect command used by native SSH clients in case of a single available record found. SSH Proxy Shell connect command will display a list of available records filtered by the provided search criteria in case of multiple records found.
- Added the option to choose an algorithm and a key size while generating private/public key pair for SSH native clients connected using SSH Proxy
- Added the option to use ${host} placeholder for discovered host name in the provided account for discovery auto-import process
- Added the option to use ${connected.user} placeholder for using user name without domain qualification in the discovered account for discovery auto-import process
- Added the option to specify a password for the provided account during auto-import process for the discovery queries
- Fixed the issue with exposing software error stack to the client API caller in case of server generated errors
- Fixed the issue with the port conflict in the default system installed on Windows Server 2016+ computers
- Fixed the issue with the language translation for the Ssh2 public key and Certificate fields on the My Profile screen
- Fixed the issue with processing session recording for native SSH clients connected through SSH Proxy without shell channel (for instance, for pure scp, sftp, tunnel connections)
- Fixed the issue with including custom MFA configuration to system export and import processes
- Fixed the issue with including public/private key setup to use by native SSH clients to system export and import processes
- Fixed the issue with LDAP integration certificate compatibility with JRE version 8.181+ for new system installations
- Fixed the issue with the command control policy resolution for the users without detected LDAP groups
- Improved system operation with back end database
- Fixed the issue with the option to use dynamic credentials for the records stored in different vaults
- Improved the logic of installing an external security provider to ensure it takes a preference execution to better handle remote SSH job execution as well as connecting with native SSH applications to servers using high-bit authentication keys (typically Solaris OS)
- Fixed the issue with overwriting record fields with referenced record fields that contain empty values
- Fixed the issue with missing reference to the auto-imported record in the discovered host
- Fixed the issue with exporting system reports using IE or Edge browsers
- Fixed the issue with parallel execution of discovery process
- Improved memory management of internal cache during the application update
- Fixed the issue with detecting host name of the remote Windows device during discovery process in case of failed computer information call
- Fixed the issue with failure to successfully discover a Windows device in case of failure to list local administrators and services on this device
- Added system logging to troubleshoot creating and updating discovery host records
back to top
Release 2.3.201902102231 (February 10, 2019)
- Added support for public key authentication to personal accounts in XTAM SSH Proxy server when establishing high trust connections to remote devices using native SSH applications such as SSH shell, Secure CRT or PuTTY
- Improved support for job execution time window applicable only to periodic, weekly or monthly job executions
- Improved processing of background jobs
- Improved the logic of discovering hosts using AD query to avoid duplicate entries
- Added system log messages to troubleshoot detecting new hosts during discovery process
- Fixed the issue with overriding a record name with the hostname when discovering hosts in Amazon Web Services EC2 tenants
- Fixed the issue with remote SSH job execution as well as connecting with native SSH applications to servers using high-bit authentication keys (typically Solaris). Use xtam.transport.security.bc=true system parameter to enable the security provider capable to accept high-bit keys
- Fixed the issue with duplicating discovered hosts at Amazon Web Services EC2 tenants
back to top
Release 2.3.201902032213 (February 3, 2019)
- Added support for automatic re-execution of failed periodic jobs
- Added task execution policy to trigger a job at the time of request expiration
- Added the option to customize password attribute for the LDAP password reset strategy
- Added configurable RDP session resize tolerance limits parameter to control the degree of browser window resize to trigger session resize for windows session with default value of 3x65. The parameter primarily introduced to handle temporary browser status bars such as downloads status bar appearing during the sesions.
- Added the option to support system logs retention with the default value of 30 days
- Added Session WebSocket parameter to enable WebSockets protocol for in-browser sessions
- Added the option to select specific transport security level for RDP connections using choice record type fields TransportSecurity with values rdp,nla,tls,any
- Added job processing time on the job details screen
- Added job processed time to the Job History report
- Fixed the issue with the Session Request Enforcement parameter appeared in the user preferences. Moved the parameter into Access parameters group
- Fixed the issue with Oracle DB password reset procedure for the passwords started with a number
- Fixed the issue with scheduling a periodic (once in a number of days) job at the beginning of the current day instead of the last scheduled date
- Fixed the issue with missing session recordings for SSH Proxy interactive sessions in certain cases of session termination
- Fixed the issue with periodic, one-a-week and one-a-month policy schedule is based on the scheduled day of the last event instead of last execution date
- Disabled continuous clipboard synchronization to avoid logging of local clipboard events unrelated to opened session
- Fixed the issue with inheriting tasks from the parent record preserving tasks of the original record type in case of no other records of this record type
- Fixed the issue with inheriting tasks from the parent record when changing record type while editing record
- Added troubleshooting system logging messages for periodic job scheduling
- Fixed the issue with scheduling periodic jobs even with existing in-process jobs
- Fixed the issue with handling errors when scheduling jobs for AD Query records that do not include queries
- Fixed the issue with scheduling periodic job executions after failing to process some of the polices
- Internal: Fixed the issue with creating unnecessary display related database columns for Parameters model
back to top
Release 2.3.201901272252 (January 27, 2019)
- Added the option to specify flexible time window for workflow binding using cron expressions
- Added visual custom time window expression builder to job queue execution as well as workflow binding time window specification
- Added host name detection during discovery process to some types of devices accessible by SSH protocol
- Added context help button for the node configuration parameters on the Administration / Settings / Application Nodes / Edit screen instead of the highlighted label with help
- Added the option to type master password when importing master password to the system using command line tool instead of including it as a command line parameters
- Added the option to update existing Personal Vault records of a type not supported by the Personal Vaults anymore to improve backwards compatibility with the legacy situation when all record types were available in the personal vault
- Added WEB Portal record type to a list of personal vaults record types for new installations
- Added foreign language translations support with the translation to the supported languages for the system parameters group names
- Added the option to filter system parameters by group
- Fixed the issue with the application copyright year on the About screen and in the application footer
- Fixed the issue with reporting record update errors on the application GUI
- Fixed the issue with reporting error saving workflow binding on the application GUI
- Fixed the issue with enabling out-of-the-box support of MFA GUI configuration
- Fixed the issue with host name detection during discovery process on the devices that do not support hostname command replacing host name with the device IP address instead of using shell output about non-existing command
- Fixed the issue with password reset on Unix endpoints with new or old passwords including dollar characters
- Internal: Reduced an expiration time of an unactivated application to one week (7 days)
- Internal: Fixed the issue with JRE 11+ compatibility for unused LDAP TLS factory provider
- Internal: Removed Azure strategy as well as Azure record types from all new installations to maintain compatibility with the future (JRE 11+) framework versions
- Labs: Fixed the issue with system logging of Secured-IDs during alert processing
- Labs: Fixed the issue with authenticating to SSH Proxy using REST API fallback when using Secured-IDs
back to top
Release 2.3.201901202225 (January 20, 2019)
- Added support for job execution time window limiting activities triggered on the remote computers by certain hours or days of the week
- Added action-able path-based navigation system to folders and records browser
- Added the option for a user to review the status of this user's approved requests
- Added the option for UID based group membership search in the integrated user directory instead of DN-based one
- Added the option to execute scripts and password resets for SQL endpoints (such as Oracle RDBMS, MS SQL Server or Informix DB) using shadow record with administrative privileges
- Added support to display permission trimmed paths to the folder and to the record view screen
- Added the option to use back button of the browser to step back in the folder navigation
- Added support to connect to remote hosts using either a sequential number from the list of records or a record ID when using SSH Proxy Shell
- Added the option for language translation of system parameters
- Added translation of system parameters to the supported languages
- Added support to display requests approved by the current user in the Manage / My Workflows / My Requests report
- Added time selection defaulted to the Last Day to Manage / My Workflows / My Requests report
- Added Requester column to Manage / My Workflows / My Requests report
- Added WS-Management Timeout system parameter to control network as well as command execution timeout for PowerShell? script executions on remote Windows computers
- Added WS-Management Delay system parameter to control command execution delay to allow WS-Management Host subsystem to initialize to Opened state
- Added help message for GenerateCASCipher option of XTAM command line management tool
- Added context help for the node configuration parameters on the Administration / Settings / Application Nodes / Edit screen
- Added support for Radius MFA for the system login using Federated Sign-In module without the option to perform Radius authentication on the login page
- Fixed the issue with inheriting or making unique permissions for the folders with circular containment
- Fixed the issue with the option to disable MFA for individual users during authentication using native SSH clients through SSH Proxy
- Fixed the issue with the typo in success message when adding new principals to MFA configuration
- Fixed the issue with the requirement to maintain a special user to activate the option for granular MFA configuration
- Fixed the issue with missing scheduling of once-per-week and once-per-month events
- Fixed the issue with event scheduling started from the beginning of the day
- Fixed the issue with downloading recorded SSH Proxy sessions in zipped type-script format
- Improved performance of left-side navigation menu rendering on the screen
- Fixed the issue with the location of SSH Proxy produced recordings
- Fixed the issue with deleting a record with unique formula or with formula inheritance in cases when unique formula is assigned to other records
- Fixed the issue with deleting records in case of unique workflow manager is assigned to other records
- Fixed the issue with not-functional restart button from the screen with discovery query
- Fixed the issue with the Join option available for record Viewer on the sessions report screen
- Improved system logging mechanism for remote PowerShell commands execution to trace both input and output traffic
- Fixed the issue with enabling command execution and tunneling using SSH Proxy without shell enabled for users that require second-factor authentication
back to top
Release 2.3.201901132239 (January 13, 2019)
- Added Multi-Factor Authentication option for native SSH clients connecting through SSH Proxy
- Added Python example to access XTAM REST API
- Added the option to enforce single sessions established for the same record
- Added the option to enforce Google Authenticator MFA for SSH Proxy logins using native clients
- Added the option to enforce System generated MFA token for SSH Proxy logins using native clients
- Added the option to specify custom terminal type for in-browser SSH sessions
- Added the option to verify remote Windows host name match with the host name on the record before executing any script on the remote computer to detect mis-configured or attacked name resolution service. The option is enabled by the presence of unchecked checkbox field HostNameDNS in the record type of the record describing destination computer. Checking the field disables the option to verify host for the specific record.
- Added xtam.ssh.proxy.mfa.disable parameter to disable MFA request for SSH Proxy connections
- Added the option to the User Profile / Preferences to generate temporary short lived XTAM MFA code to access remote hosts using native clients through SSH Proxy for MFA providers not supported by SSH Proxy directly or for SAML based user authentication schemes
- Extended the option to see active sessions for record viewers that have connect permissions to a record
- Changed default time range filter for the Audit Log report to the Last Day
- Changed default time range filter for the Job History report to the Last Day
- Changed default time range filter for the Requests report to the Last Day
- Improved stability of in-browser sessions for slow or unreliable networks
- Fixed the issue with creating new task lists for newly created record types
- Improved Federated Sign-In authentication process for the cases of deploying Federated Sign-In module after the initial installation
- Fixed the issue with occasional missing file in the very large file listings in the in-browser file manager for SSH sessions
- Fixed the issue with timing for initial in-browser sessions resize interfering with establishing an SSH connection to certain remote servers
- Fixed the issue with detecting MFA configured for groups
- Fixed the issue with the detection of the connection type for in-browser sessions based on the session manager instead of previously record type to support custom record types
- Fixed the issue with displaying XTAM Tool button on the in-browser SSH session toolbar for the records of custom record types with SSH session managers
- Fixed the issue with displaying record checkout status right after requesting access with checkout
- Fixed the issue with displaying active sessions on the record view screen after initiating a session from this screen
- Fixed the issue with limiting number of hosts discovered by the Active Directory query by a page size limitation
- Fixed the issue with limiting the sampling of Active Directory hosts in the discovery query specification
- Fixed the issue with SSH Proxy allowing empty password pass to the validation routine when logging in using native SSH clients
- Fixed the issue with the error message about saving fields with non-compliant names
back to top
Release 2.3.201901062234 (January 6, 2019)
- Added the option to run the application on OpenJDK 11 framework
- Added support for fixed screen size for in-browser SSH or Telnet sessions configured on the individual record level controlled by ScreenSize field
- Added the option to specify delay time for the script execution for the After Unlock event policy in minutes
- Added support for disabling screen resize for in-browser SSH or Telnet sessions configured on the individual record level controlled by ResizeOnConnectDelay field
- Added context help FAQ button for the default Record List page
- Fixed the issue with the task policies screen looks like disabled when navigating to the screen from the task list
- Added browser console log messages to troubleshoot logout problems resulting in the init screen
- Added support for initial resize delay for in-browser SSH or Telnet sessions configured on the individual record level controlled by ResizeOnConnectDelay field
- Fixed the issue with deleting objects from the search results screen in case they are linked to a single parent
back to top
Release 2.3.201812302233 (December 30, 2018)
- Added the option to display record IDs when querying records in the SSH Proxy interactive shell
- Added the option to connect by record ID in the SSH Proxy interactive shell
- Updated default periodic job scheduler process to run every 5 minutes
- Added the option to disable request for file transfer protocol during Unix sessions controlled by the record field FileTransferDisabled
- Added the option to disable cross-vault shadow record check following the system variable xtam.shadow.crossvault.disable=true
- Fixed the issue with verifying PowerShell job execution results as successful after password reset job failed as a part of the ambient script
- Fixed the issue with cleaning up orphaned task managers when inheriting tasks or deleting records in case of legacy data with single task manager associated with several records
- Fixed the issue with recording an audit log event in case of opening new SSH Proxy channel
- Fixed the issue with periodic job scheduler taking in consideration previously executed jobs scheduled for different events
- Fixed the issue with time filters in the Sessions report to include entries created after initial navigation to a report
- Fixed the issue with Every Sunday policy event does not display a number
- Added system logging messages to troubleshoot the process of automatic completion of the disconnected sessions
- Added the option to run the application on OpenJDK 11 framework
back to top
Release 2.3.201812232242 (December 23, 2018)
- Added interactive MFA configuration with the options to define multiple MFA providers for different principals, default MFA provider and group or user-based exceptions
- Added support to display a list of linked folders for each object on the list of records and on the search screens
- Added the option to discover Windows hosts with specified service accounts in services
- Added precise search option to locate exact record match
- Added the option to define a subset of record types that could be used in Personal Vaults
- Updated default time range selection for the session report to be the Last Day
- Improved performance of mass copy, cut, paste and import from discovery operations
- Added an FAQ help button to the Search bar on the record list
- Added the option to reset Windows domain account password using Windows host and shadow domain administrator
- Added the option to search records as well as shadow and reference records for exact criteria instead of wildcard search by enclosing a search criteria in double quotes
- Improved the mechanism to maintain local group membership of external (such as Microsoft Active Directory) users and groups by allowing object reorganization in the external user directories while still maintaining the local group membership. The option is disabled by default but could be enabled by using configuration property xtam.ad.members.search=true
- Fixed the issue with inheriting permissions to a linked item affected unrelated items in the original folder
- Fixed the issue with moving an item item affected unrelated items in the original folder
- Fixed the issue with the blanked debug message on the browser console
- Fixed the issue with establishing sessions for the browsers with disabled clipboard support
- Fixed the issue with accumulated resources during periodic purge of export files
- Fixed the issue with deleting records with unique task managers in certain situations
- Fixed the issue with orphaned non-executed tasks left in the job queue after deleting of a record
- Fixed the issue with Editor is allowed to delete objects when using the Bulk Delete option
- Fixed the issue with executing scripts using shadow records located in different vaults
- Fixed the issue with the script updating windows services with the new account and password for domain accounts
- Fixed the issue with the background process start up in case of failure to apply data patches
- Fixed the issue with frequent blanket message about execution of retention process
- Fixed the issue with mass executing tasks on-demand for selected records
- Fixed the issue with reporting object name on the list of the results about mass scheduled tasks for selected objects
- Fixed the issue with some periodic task policies are not executing for records with reused task lists
- Fixed the issue with displaying Users Reports for users in certain groups in eDirectory
- Internal: Restructured multi-language translation files to better maintain translations to different languages
- Labs: Fixed the issue with notification subscriptions using Secure-IDs option
back to top
Release 2.3.201812162247 (December 16, 2018)
- Added the option to enforce workflow restrictions for the sensitive administration functions
- Added the option to enforce workflow restrictions for folder and record level permissions and workflow bindings to delegate Administration roles to object management
- Added the option to trigger task execution for dependent records after successful completion of the task executed for a master record (#XTAM TRIGGER REF _Script Name to Trigger_)
- Added the option to apply dual control workflow to the Global Role configuration
- Added the option to apply dual control workflow to the Global Permissions configuration
- Added the option to apply dual control workflow to the item Permissions configuration access including granular control on the nesting folder hierarchy following workflow binding inheritance
- Added the option to apply dual control workflow to the function to change password of a local user
- Added the option to apply dual control workflow to the function to add a local group member
- Added the option to apply dual control workflow to the publishing of workflow templates
- Added the option to apply dual control workflow to the system workflow binding configuration
- Added the option to apply dual control workflow to the folder and record level workflow binding configuration including granular control on the nesting folder hierarchy following workflow binding inheritance
- Added the option to apply dual control workflow to import and export functions
- Added the option to apply dual control workflow to change values of system parameters
- Added audit log event about changing a value of a system parameter
- Added out of the box script to reset password of accounts linked to Windows services
- Added context FAQ page to the Global Roles screen
- Added context FAQ page to the Password Formula screen
- Fixed the issue with deleting folders with inherited workflow bindings
- Fixed the issue with executing After Create or Update Policy Event after auto-importing records from discovery query
- Fixed the issue with displaying of the folder objects on list of requests for approval
- Fixed the issue with session management in Internet Explorer file browser
- Fixed the issue with adding a group with circular dependencies to the system permissions, workflows or roles
- Fixed the issue with displaying users in the users report even in case of no connectivity to underlying user directories
- Fixed the issue with stability of remote applications executed on the remote application host
- Improved developer console logging to troubleshoot issues occurred during opened sessions
- Fixed the issue with scheduling a task for a record that already include the same active task scheduled
- Fixed the issue with re-initiating logout procedure in case there is no active system user detected on the application initialization page
- Labs: Fixed the issue with creating new workflow templates using Secure-IDs option
back to top
Release 2.3.201812121821 (December 12, 2018)
- Fixed the issue with stability of Remote Applications executed on the remote application host
back to top
Release 2.3.201812120915 (December 12, 2018)
- Fixed the issue with starting in-browser sessions in Internet Explorer
back to top
Release 2.3.201812101248 (December 10, 2018)
- Fixed the issue with deleting folders
back to top
Release 2.3.201812092111 (December 09, 2018)
- Added support to collect and report details about protocol used during high-trust session including specific channel requested by native clients (such as Shell, SFTP, Tunnel or Exec)
- Added support to disable File Transfer option for all system users
- Added support to limit location of originator of token based REST API calls by IP Filter
- Added context help to the Comment field on the Token generation screen
- Fixed the issue with initiating SFTP connections using native clients through SSH Proxy server
- Fixed the issue with adding a Tab option to the Session Start Mode global parameter
- Fixed the issue with using script parameters including new passwords with a single quote (ampersand) in PowerShell scripts
- Fixed the issue with in-browser session file listing of the folders that contain object names with unprintable characters
- Fixed the issue with removing unique workflow binding when deleting folders
- Fixed the issue with removing unique workflow binding, unique task lists and unique formulas when deleting records
- Fixed the issue with orphaned task lists left after deleting records with unique task managers preventing deletion of shadow records
- Fixed the issue with establishing connection with LDAP directories that do not have certain properties
- Fixed the issue with the application initialization page appears in certain cases after logging off the application
- Fixed the issue with resolving the users form external directories using the search criteria of the external directory
- Fixed the issue with masking all secured fields when printing debug messages into the system log
- Added application version to the system log during application start-up
- Fixed the issue with initializing in-browser session screen in certain situations
- Fixed the issue with the missing IP address in some session completion audit log records
- Fixed the issue with occasional problems accessing data in systems deployed with PostgreSQL backend database
- Fixed the issue with the password reset function in the systems deployed with PostgreSQL backend database
- Fixed the issue with completing SSH Proxy sessions established by native clients using open multiple channels
- Fixed the issue with completing port forwarding only SSH Proxy session established by native clients
- Fixed the issue with displaying large text in records String fields on the record view screen
- Improved server- and client-side logging mechanism to troubleshoot folder listing in the in-browser sessions file browser
- Fixed the issue with too quick execution of switch user command when connecting to Unix user with switch user account
- Internal: reorganized code to simplify development of external membership
- Labs: Fixed the issue with creating new task list using Secure-IDs option
- Labs: Fixed the issue with several generic GUI operations using Secure-IDs option
- Labs: Fixed the issue with enabling API tokens using Secure-IDs option
- Labs: Added framework for configurable MFA authentication
back to top
Release 2.3.201812051058 (December 5, 2018)
- Fixed the issue with session resize timeout for RDP sessions
back to top
Release 2.3.201812031019 (December 3, 2018)
- Added the option to open a session in a browser tab as an alternative to full screen or popup window
- Added ASCII mode when transferring files during in-browser sessions
- Added the option to search for records by shadow accounts specified in the search criteria using shadow:QUERY search
- Added auto-pagination support for listing large folders in the in-session file browser
- Added the option to allow users other that system administrators to use the Bulk Cut, Copy and Delete options enforcing permissions check when processing individual objects
- Added reference to a user in an error message about script execution or password reset for Windows strategy to better communicate the issue with either on-record or shadow account
- Added workflow design scheme to the list of user requests
- Added the current step to the list of user requests during request approval process
- Added direct LDAP authentication as a primary mechanism for SSH Proxy server leaving system API authentication as fallback method to simplify SSH Proxy deployment and performance of authentication
- Added support to disable Personal Vault option for all system users
- Added the option to extend number of the choice field selection items
- Improved event processing by disabling caching and buffering by intermediate proxies
- Fixed the issue when event processing failed with Federated Sign-In module (CAS) filters
- Fixed the issue with deleting orphaned records
- Fixed the issue with adding multiple users to a local group at the same time
- Fixed the issue with the ticket generation for PostgreSQL database backend
- Fixed the issue with duplication of discovered hosts in Active Directory based discovery queries
- Fixed the issue with errors on the developer console and participants reporting during in-browser sessions in non-secure ids configuraiton
- Added server- and client-side logging mechanism to troubleshoot folder listing in the in-browser sessions file browser
- Added Debug Mode user preference to troubleshoot specific client cases
- Increased timeout for the session screen resize to improve the initial connectivity to certain computers
- Fixed the issue with initiating workflow requests with the TO date in the future but FROM date in the past
- Fixed the issue with the ability to make a record type parent as the same record type or a record type that has the current type in its parent hierarchy resolving circular dependency in the record type inheritance
- Fixed the issue with accessing record types with circular parent relationships created by the old versions of the application
- Fixed the issue with accessibility of the application initialization page in certain situations
- Fixed the issue with re-initiating logout procedure in case there is no active system user detected on the application initialization page
- Fixed the issue with navigating to the record listing in case the application has been already initialized on the application initialization page
- Fixed the issue with Cut and Copy actions unavailable for record owner without connection permissions
- Fixed the issue with the confirmation screen after restoring a script to a factory default
- Labs: Fixed the issue with creating new workflow binding using Secure-IDs option
back to top
Release 2.3.201811252222 (November 25, 2018)
- Added Query Execution Frequency system parameter to control execution of discovery queries
- Added the option to clean currently discovered hosts from the discovery query
- Added optional parameters xtam.cas.registry.sqlCasJwtSigningKey, xtam.cas.registry.sqlCasJwtUpdateService, xtam.cas.registry.sqlCasJwtUpdateProperty to customize CAS registry storage in different databases
- Added system architecture (64-bit) check for Linux installs
- Added the option to execute jobs and to reset password on network devices with Shell script sequence strategy using shadow account
- Fixed the issue with adding or updating record type fields with not allowed characters in field name when using REST API
- Fixed the issue with removing group membership when deleting local users
- Fixed the issue with file upload for both Windows and Unix sessions with enabled API token verification
- Fixed the issue with exporting and consecutive importing of job execution strategy objects
- Fixed the issue with creating new discovery queries
- Fixed the issue with error during auto-importing records during discovery process preventing the discovery query to complete
- Improved debug level system logging to troubleshoot record loading and decryption of record secret data as well as PowerShell and SSH strategy script execution
- Improved error processing for the operation of updating discovered hosts for Active Directory and Amazon EC2 queries
- Fixed the issue with inheriting the task lists from records parent record type in case there were jobs run on the unique tasks in certain backend database configurations
- Fixed the issue with deleting records in certain backend database configurations
- Added system log message to better troubleshoot mass delete operations
- Fixed the issue with update queue state for PostgreSql backend
- Fixed the issue with SSH session view file browser unable to display files if user does not have read permissions to one of the elements of the home parent path by adding support for HomeLocation optional field to override default user home location with custom setting including {User} and other placeholders for record type fields
- Fixed the issue with freezing of import records view progress bar on certain race conditions
- Labs: Added Secured-IDs encryption for audit logging
- Labs: Fixed the issue with updating system password formula using Secured-IDs
- Labs: Fixed the issue with displaying discovered hosts with enabled Secured-IDs option
- Labs: Fixed the issue with mass deleting, moving and copying objects with enabled Secured-IDs option
- Labs: Fixed the issue with saving discovery query record type for auto-import with Secured-IDs option enabled
- Internal: Added development build instruction to deploy worker in a safe manner
- Labs: Added strict mode boolean flag to system property xtam.secured.ids.strict to enforce Secures-IDs option
back to top
Release 2.3.201811182254 (November 18, 2018)
- Added an interactive terminal shell for native SSH clients to browse and filter the list of available assets as well as to initiate connections using interactive commands
- Added the option to search for objects referencing records specified in the search criteria
- Added support for fixed-sized RDP sessions created with Full-Screen option initially opened to fill the complete session screen
- Added enforcement of XTAM REST API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability
- Added /healthcheck end-point to indicate the online status of the system
- Added examples of Shell and PowerShell XTAM REST API call including API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability
- Added on option on the user report to remove duplicated user entries
- Added the option to execute Unix shell scripts forcing pseudo-TTY in case the script starts with sudo command
- Fixed the issue with API Token generation causing operation failure using the legacy application installations without CAS HA configuration embedded
- Fixed the issue with audit log message about unlocking a local user
- Fixed the issue with incorrectly updating new password in the vault after various issues connecting to a destination server
- Fixed the issue with locking currently logged in local user
- Fixed the issue with deleting currently logged in local user
- Fixed the issue with infinite account lock for local users after several unsuccessful login attempts with the wrong password by limiting the automatic lock to 10 minutes
- Fixed the issue with deleting folders that have associated subscriptions
- Fixed the issue with deleting (unlinking) an object from its parent when the user has permissions to the object but not the parent
- Fixed the issue with records browsing for the systems setup with PostgreSQL as a back-end database
- Fixed the issue with occasional blocking of permissions inherited from root folder while browsing system objects resulting in hiding otherwise visible objects from the view of the user caused by short-term database cache overwriting when calculating global permissions
- Fixed the issue with workflow bindings report displaying its data when workflow is bound to non-enxisting item
- Fixed the issue with reporting workflow bindings unique for folders using system Workflows report
- Fixed the issue with database selection prompt during Linux setup
- Fixed the issue with creating an audit log event about record deletion at the end (not at the beginning) of the operation
- Fixed the issue with Linux install script when using PostgreSQL as a database server
- Fixed the issue with multi-threading interference during various background operations
- Fixed the issue with orphaned session objects created during failed connections using native SSH clients
- Fixed the issue with blanket error message in the system log about checking global permissions
- Fixed the issue with occasional runspace is in Opening state error when executing remote PowerShell commands on Windows computers
- Added debug level system logging to troubleshoot record loading and decryption of record secret data
- Added debug level system logging to troubleshoot no host error when executing PowerShell or SSH Shell commands
- Added debug level system logging to troubleshoot execution of SSH Shell commands
- Labs: Added optional support for secured-IDs in the system GUI and API exposing randomized ID for all system functions instead of the real ones to prevent ID enumeration technique
back to top
Release 2.3.201811120904 (November 12, 2018)
- Added the option to mass inherit permissions from the current folder to multiple selected items
- Added the option to mass inherit workflow binding from the current folder to multiple selected items
- Added message screen confirming removing users or groups from global roles
- Added error message display in case of failure to remove users or groups from global roles
- Fixed the issue with inheriting permissions for the item linked from several different folders
- Fixed the issue with inheriting workflows for the item linked from several different folders
- Fixed the issue with detecting valid password reset on Windows computer using PowerShell script in case of timing out connecting to a remote computer
- Fixed the issue with removing last system administrator
- Fixed the issue with the emergency restore of default system administrator during application startup in case of removing all system administrators
- Internal: Added mechanism for Cross-Site Request Forgery (CSRF) protection using generated API token for POST/PUT/DELETE API requests modifying application data. Temporary API token is generated using /rest/user/whoami function. The token enforcement is disabled by default in this update, and could be enabled by xtam.api.token.verification=true parameter
- Internal: Added examples of Shell XTAM REST API call including API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability
back to top
Release 2.3.201811042134 (November 4, 2018)
- Added retention policy enforcement for scheduled system exports
- Added the option to search any connected user directory for users and groups on permissions, roles, groups and workflow related principal selection screens
- Added the option to configure server keyboard layout for RDP sessions
- Added password reset verification routine by attempting to log in to a remote system using new password in PowerShell and SSH password reset strategies
- Added support for grouping parameters on the administration settings screen
- Added the option to filter parameters by name on the system settings screen
- Added user login, principal name or email display for active directory users members of local groups
- Added several options to specify connection string for Oracle password reset strategy including the one with empty port or service, the service started with colon for SID (default) or slash for Service, and with the empty port and service allowing to specify full connection string in a Host field
- Fixed the issue with exporting session recording stored in the database
- Added comments to VBScript system API example
- Fixed the issue with occasional 401-Unauthorized errors during PowerShell password reset scripts executed on the remote Windows computers
- Fixed the issue with making fields editable after removing referenced record on record edit screen
- Fixed the issue with adding Active Directory users that contain command in the distinguished names to local directory groups
- Fixed the issue with removing Active Directory users from local groups in case these users specified by user principal name instead of login names
- Fixed the issue with updating local groups that contain Active Directory members specified by User Principal Names
- Fixed the issue with sending workflow notifications to Active Directory members of local groups
- Fixed the issue with frequent blanket error message in the system log about querying remote session participants
- Fixed the issue with adding an Active Directory group to permissions, roles, groups or workflow configuration by group DN
- Fixed the issue with adding Microsoft Active Directory group by unique legacy name to permissions, roles, groups or workflows configurations
- Fixed the issue with selection list for record vaults covered by certain GUI elements of the page on the proximity groups editing in the application settings
- Fixed the issue with selection list for shadow accounts covered certain GUI elements of the page on the task list editing
- Fixed the issue with selection list for referenced records covered by certain GUI elements of the page on the record edit page
- Internal: Added test driver for domain user password reset
back to top
Release 2.3.201810282228 (October 28, 2018)
- Added native clipboard (Ctrl-C/Ctrl-V) support for WEB sessions in Google Chrome browsers
- Added support for MFA authentication with RSA one time password (OTP) during application login
- Added support for MFA authentication using Radius protocol during application login
- Added support to Connect without Recording permissions with the option to record session events
- Added the option to reset passwords for active directory accounts when the account is specified in domain or email notation for the integrations made with pure account names
- Added support for WEB forms using JSON transport to login for high trust authentication during HTTPS sessions
- Added VBScript example to generate new password and to create a record with this password in XTAM server using basic connection
- Fixed the issue with preserving multiple consecutive white-spaces in record type names on the record view screen
- Fixed the issue with transferring large texts using WEB sessions clipboard
- Fixed the issue with closing the PowerShell session on the remote Windows computer after executing remote commands
- Fixed the issue with partial execution of password reset on Windows computers using PowerShell method during slow communications
- Fixed the issue with detecting successful execution of password reset command on Windows computers using PowerShell method
- Fixed the compatibility issues with PostgreSQL in the scripts, tasks, activation, session recording, discovery, favorites and workflow components
- Fixed the issue with Remote Application shell auto-logout after connection timeout
- Fixed the issue with reporting and using client IP address with the port at the end
- Fixed the issue with displaying records with associated workflows bound to IP addresses when accessed from certain locations in deployments using load balancers reporting client IP including client IP port
- Fixed the issue with reporting errors during password reset for MS Active Directory accounts in case of failed integration with AD or non-existing account
- Fixed the issue with reporting of complimentary communications data during WinRM communications
- Added system log messages to troubleshoot export of database stored session recordings
- Fixed the issue with accessing partially initialized system
- Fixed the issue with blanket error message in the system log file about detection of Federated Sign-In module deployment during applicaiton startup
- Fixed the issue with missing user login names on the workflow bindings and workflow binding editing screens
- Fixed the issue with users report failing to display completely when locked local users are present
- Fixed the issue with reporting duplicated copies of the user name in the user report after certain operations
- Internal: Updated session management libraries to version 0.9.14 in the WEB application
- Internal: Added a driver implementation of Radius server to test XTAM/CAS MFA integration with Radius providers
back to top
Release 2.3.201810212225 (October 21, 2018)
- Added support for configurable session recording retention time
- Added support for recording client IP address to audit log for SSH Proxy
- Added the option to use database as a storage for SSH Proxy session recordings made by native clients as an alternative to the file system
- Added user login display to the list of users on the Global Roles screen
- Added session ID to the session report as well as to session creation and completion audit log records
- Added indication of a session protocol used to the record level and the system session report as well as to the audit log record about session creation
- Added current database information section at the end of Administration / Settings / Database screen
- Added the option to search for fields to populate based on the placeholder value in the browser extension
- Fixed the issue with using database as a storage for session recordings
- Fixed the issue with creating or updating local users when local user directory password formula contains the rule for the user match
- Fixed the issue with automatic restoring remote application host to the initial state after failed attempt to run remote application
- Fixed the issue with automatic form validation when populating fields without id or name in the browser extension
- Improved the logic of SSH Proxy authentication mechanism to offset mis-configured reversed proxy (load balancer) setups in the scenario of authentication using federated sigh-in module
- Fixed the issue with reporting session completion events to the system user for SSH Proxy and HTTP proxy sessions in the audit log report
- Fixed the issue with completing SSH Proxy sessions with recording properly
- Fixed the issue when navigate to recording for in-browser session opened type-script player
- Fixed the issue with import and export of discovery queries
- Improved troubleshooting system log messages for session completion logic
- Improved troubleshooting system log messages for SSH Proxy authentication logic
- Improved troubleshooting system log messages for SSH and PowerShell discovery process
- Fixed the issue of closing sessions in certain situations for the systems configured with PostgreSQL
- Fixed the issue with completing SSH Proxy sessions
- Improved log message for session completion with or without recording in the system and audit logs
- Fixed the issue with the Windows discovery process not detecting connectivity successfully for the endpoints that contain many services
- Fixed the issue with the Windows endpoints discovery detection of the non-standard services
- Fixed the issue with the returning long responses from remote PowerShell commands
- Fixed the issue with confirming dialog when deleting discovery queries
- Fixed the issue with deleting discovery queries that collected some data
- Fixed the issue with preventing application initialization page to appear with no active user logged in
- Fixed the issue with authenticating HTTP Proxy sessions opened for the destination sites listening on a non-standard ports
- Internal: Added a build script to make and upload offline package from the latest update
- Internal: Added a portion of the activation code to product usage report
- Internal: Added build command to compile CAS
back to top
Release 2.3.201810142210 (October 14, 2018)
- Added the option to lock and unlock local users
- Added the support to specify the method of associating account with the auto-imported records from the discovery process including three options: a) Use the account successfully connected to a destination host during the discovery process; b) Use a referenced record to maintain the same account (such as domain Administrator) for several auto-imported records; c) Use specified account name to rely on password set logic defined on the record type task list
- Added support for indexed session recording playback for native SSH clients enabling jumping to the playback position from the selected session event
- Added support to dynamically change playback position in session recording for native SSH clients
- Added the option to display lock status for the local users
- Added the option to bulk select and to bulk unselect local users
- Added item ID to the list of items screen
- Added user name / principal name to qualify user selection to the grant permission, add global role, add approver to workflow template and bind template screens
- Added display of record ID on the record view screen
- Added the option to control session heartbeat intervals for browser sessions (use Session Heartbeat Interval global parameter)
- Fixed the issue with TAB character recording in the event report for native SSH clients
- Fixed the issue with Enable Mode for Cisco devices require Prologue field in the Cisco record
- Added an option defined by system parameter xtam.saml.upn.adjust=true to automatically adjust UserPrincipalName returned from SAML providers to sAMAccountName in case sAMAccountName based authentication is used by the system while SAML IdP returns UserPrincipalName only
- Fixed Shell and PowerShell examples for token based authentication REST API calls to pass token in the call header instead of the URL
- Fixed the issue with duplicated system parameters
back to top
Release 2.3.201810072211 (October 7, 2018)
- Added session recording support for SSH Proxy connections using native clients with the option to playback session recordings in an Instant Player or download session recording in human-readable type-script format compatible with 3rd party players such as scriptreplay
- Added the option to auto-import discovered hosts based on the specified policies defining destination import folder and record type for a discovery query
- Added the option to perform Active Directory discovery based on an LDAP AD Query
- Added the option to specify the list of non-standard ports during host discovery for all types of queries
- Added condition to use only one protocol for each discovery query
- Added the option to display the port on the discovered host on the host details screen
- Added context help and increased the size of the Filter field on the discovery query screen
- Added the option to search folders in the application search string using folder: or folders: qualifier
- Added the option to remove orphaned and custom node configurations on the Administration Settings screen
- Added Edit button for node configurations on the administration settings screen to change node parameters
- Added troubleshooting debug logging for the automatic application update
- Fixed the issue with disabled Sample button for Active Directory discovery queries
- Fixed the issue with editing discovery queries that have no accounts defined
- Fixed the issue with getting Samples report for AWS discovery query
- Fixed the visualization issue with displaying sample results for Active Directory query with no OS retrieved from the query
- Removed the action of editing the nodes on the administration settings screen by clicking at the row itself
- Fixed the issue with the automatic application update after partially completed previous update leaving some artifact files in the temporary locations
- Fixed the issue with language translations for error messages on the discovery query definition screen
- Updated license reason field to display more rows in the License Manager WEB application
- Fixed the issue with saving licenses that contain multi-byte Unicode characters in the reason field in the License Manager application
back to top
Release 2.3.201809302224 (September 30, 2018)
- Added the option to discover computers at Amazon AWS EC2 data centers
- Added the option to discover Unix hosts accounts using SSH public key authentication
- Simplified configuration of multi-domain user authentication method by grouping all required properties in a single location
- Added the option to import discovered hosts using SSH public key authentication to the application vault
- Updated upload button when editing CSV-based discovery queries
- Added the option to check connectivity to the remote directory service when setting up Local Directory Services replication
- Optimized performance of the application GUI when operated by a user from slow performing Active Directory
- Added the option to configure Group Cache TTL in minutes using system parameter Group Cache TTL
- Added the option to force reset Group Cache TTL using Reset Cache button on the Administration / AD screen
- Added the link to the system at the bottom of the workflow approval request notification
- Fixed the issue with re-starting Local Directory Service replication for accumulated changed after consecutive execution of ADReplicate command
- Fixed the typo in connection status failed
- Fixed the issue with loosing trailing and leading white spaces when specifying password for local users
- Fixed the issue with Active Directory Query record type inheritance from the Active Directory User during application initialization
- Fixed the issue with the missing browser toolbar for Firefox browsers when connecting to HTTPS sessions
- Fixed the issue with clearing a group cache from all nodes on a multi-node setup after logout
- Fixed the issue with clearing a group cache after changing local group membership
back to top
Release 2.3.201809232243 (September 23, 2018)
- Added Restrict Access workflow template type to implement operations removed from the application GUI and rejecting execution to disable or enable certain types of actions from configured locations or at the configured times
- Added explicit Automatic Approval workflow template type to require users to enter business reason for access requests performed from specified locations or at the specified times
- Added the option to search records by selected custom fields indicated as indexed in the record type definition
- Added workflow template type column to the workflow template list
- Added the option to indicate a field in a record type as indexed to be used in the record search
- Added FAQ link to record type field screen
- Updated license expiration messages
- Fixed the issue with default HTTP session manager for WEB Portal records in new installations
- Fixed the issue with displaying object name with object ID in the audit report (including report export) for deleted objects
- Fixed the issue with the users report that contains Active Directory users after disabling Active Directory integration
- Fixed the issue with AS/400 terminal size restriction and color scheme for SSH based sessions
- Fixed the issue with default protocol for AS/400 record to be Telnet
- Fixed the issue with the hidden personal folders appears in the shared with me area or in the permissions search
- Fixed the issue with editing folder by the non-system administrator
- Fixed the issue with downloading or quick playing a session recording by a non-system administrator
- Fixed the issue when supervisor with viewer permissions was not able to edit command controls
- Fixed the issue with the ability to reference Active Directory users by display name that incorrectly adds them to the system as groups
- Fixed the issue with inconsistent results when removing multiple item or global permissions at ones
- Fixed the issue with refreshing the list of item or global permissions after removing all permissions from the list
- Added the option to select and un-select all permissions in the list on the item or global permissions page
- Fixed the issue with the option to select individual permissions on the un-editable permission screen for permissions inherited from the parent item
- Fixed the issue with trimming leading and trailing spaces when saving record passwords
- Fixed the issue with displaying multi-byte Unicode custom fields values in records
back to top
Release 2.3.201809162212 (September 16, 2018)
- Added support for fixed size AS/400 terminal windows with 24x80 and 27x132 options controlled by a global parameter
- Added green color scheme to direct AS/400 sessions
- Added the option to specify a complete connection string to establish connection to Oracle database to use it as a backend application database
- Fixed the issue with establishing Telnet session connection to remote computer by names when using Linux distribution of session manager
- Fixed the issue with Backspace button mapping for direct AS/400 terminal
- Optimized performance of AD group membership permission check configuration in new and existing installations
- Optimized GUI performance for AD users by caching user DN
- Optimized record list GUI performance for AD users by sequential call of API functions to allow for short term caching of AD query results
- Optimized GUI performance for AD users by utilizing initial cache when displaying navigation controls
- Fixed the issue with overloading Windows RDP manager during initial connection to Windows servers in Reconnect resize mode
- Fixed the issue with displaying error message when failing to perform automatic application activation suggesting to use manual one
- Fixed the issue with utilizing the same SSH and Telnet fonts for Windows and Linux based session manager deployments
- Fixed the issue with clearing group membership cache when logging out from the application
back to top
Release 2.3.201809092249 (September 9, 2018)
- Added support for management of LDAP compliant user directories such as Apache Directory Services, IBM Tivoli Directory Server, Novell eDirectory, etc including the option to reset password
- Added the option to generate new password based on the configured complexity formula when creating new or editing existing records
- Added generic option for record referencing including all fields extending existing option to reference only User, Password and Cert fields
- Added a context help referencing documentation or FAQ pages to majority of administration and reporting application screens
- Added IBM onscreen keyboard layout with support for F13-F24 functional keys
- Fixed the issue with enforcing approval workflow limitations when joining active sessions
- Fixed the issue with the respecting global roles when checking Connect permissions
- Fixed the issue with deleting record types that have tasks with job history associated
- Fixed the spelling for the error message finishing session reconnect attempts
- Fixed the issue with saving task list with typed but not selected shadow account
- Fixed the issue with functional and special keys handling during direct browser-based AS/400 sessions including support for F1-F24 function keys
- Fixed the issue with post installation deployment of Federated Sign-In component
- Added the option to optimize nested active directory queries
- Added a mechanism to create links to FAQ articles from the application screens
back to top
Release 2.3.201809040852 (September 4, 2018)
- Fixed the issue with the respecting global roles when checking Connect permissions
back to top
Release 2.3.201809010855 (September 1, 2018)
- Added the option to define global user or group permissions applicable for all records down the folder hierarchy regardless of the unique permission inheritance
- Added the option to copy unlocked password or secret to clipboard instead of displaying it on the screen
- Added the option to specify session manager proximity groups IP-range selection criteria in IPv6 notation
- Added the option to specify approval workflow IP-range filter in IPv6 notation
- Added the option to specify IP-range discovery scan in IPv6 notation
- Added the option to remove discovery queries with related collected information
- Updated context help popup for global roles
- Fixed the issue with connecting to computers using IPv6 addresses including bracket notation
- Fixed the issue with connecting to remote computers with permissions precluding session events recording
- Fixed the issue with limiting failed attempt to deliver alerts following the parameter Alert Notification Attempts
back to top
Release 2.3.201808262211 (August 26, 2018)
- Added last scan time field to the list of discovery queries
- Added linked record information to the list of the discovered hosts
- Added single download package for offline installation
- Added un-install script for Linux installations
- Fixed the issue with the extra scroll bars on the SSH session screen
- Fixed the issue with the extra scroll bars on the dynamically resized RDP session screen
- Fixed the issue with looping session screen size change in certain situations
- Fixed the issue with large size of the in-session virtual keyboard
- Improved job error message when task is executed against record with no defined host
- Fixed the issue with session window title for the sessions with dynamic credentials
- Fixed the issue with session window title for the sessions with pass-through credentials
- Fixed the issue with session window title for the sessions with blank credentials
- Fixed the issue with publishing old branded installers along with the new ones
- Fixed the issue with collecting the list of local administrators during Windows discovery process
- Fixed the issue with executing PowerShell scripts that include double quotes
- Fixed the issue with missing offline installation page for Windows installers
- Fixed the issue with displaying the error message when attempting to install the application into read-only location
- Fixed the issue with the session manager startup in the default installation in Windows 7 computers
- Fixed the issue with Alerts report displaying alerts for legacy session events
back to top
Release 2.3.201808192232 (August 19, 2018)
- Added support for a Personal Vault for each system user for personal records management with sharing capability between system users
- Added support for multi-domain forests for Active Directory users authentication and access
- Added the option to specify domain in pass-through credential configuration such as in the example of $login@domain.com
- Added the option to delete API tokens from the system
- Added pass-through and dynamic credential options to remote application credentials executed on the application hosts
- Added token based authentication method for remote worker nodes
- Added ADQuery command to command line utility to troubleshoot and test query active directory structure
- Added audit log events about creating, disabling and enabling API tokens
- Added token ID to the list of API tokens for easier token reference
- Added expiration time display instead of expiration length on the token list screen with the indication of expired tokens
- Fixed the issue with audit log events recorded under Connect operation for connect options selection
- Fixed the issue with highlighting current menu item when selecting Token management screen
- Fixed the issue with refreshing the list of tokens after generating a new token
- Fixed the issue with incorrect audit log message about disabling JWT tokens
- Fixed the issue with referring to token authentication function in API token authentication example for PowerShell
- Fixed the issue with POST and PUT REST API calls in PowerShell token based authentication function
- Fixed the issue with the button to generate token located on the top of the screen
- Fixed the issue with mail-based authentication and user access for Microsoft Active Directory
- Fixed the issue with principal-based authentication and user access for Microsoft Active Directory
- Fixed the issue with initial out-of-the-box support for MS SQL Server back end databases connection pool quick reconnect and connection to a replicated server
- Fixed the issue with initial out-of-the-box support for MySQL and Maria DB back end databases connection pool quick reconnect and connection to a replicated server
- Fixed the issue with initial out-of-the-box support for PostgreSQL back end databases connection pool quick reconnect and connection to a replicated server
- Fixed the issue with the incorrect status report for scheduled downloads and updates during updating multi-node farms
back to top
Release 2.3.201808122223 (August 12, 2018)
- Added Credential Pass-Through option to use credentials of the currently logged in user to initiate GUI in-browser sessions to remote computers
- Added Dynamic Credential option to use parametric search criteria to find credentials in the Vault to initiate GUI in-browser sessions to remote computers
- Added the option for token based authentication to access system API
- Added Unix shell and PowerShell examples to access the system API using JWT tokens. Note that Federated Sign-In (CAS) module is required for token authentication
- Added a screen to manage API Authentication Tokens with the options to review or disable existing tokens and generate new ones
- Fixed the issue with respecting Active Directory sub-groups when resolving user permissions to system objects
- Fixed the issue with searching records by connection type for case insensitive session manager names such as Telnet or RemoteApp
- Internal: Added a mechanism of storing large files such as keys and certificates in the system database to simplify high availability configuration
- Internal: Added mechanism of updating local application configuration to simplify updates of various application components
- Internal: Added mechanism of maintaining service registry of Federated Sign-In (CAS) component in the application database to simplify high-availability deployments
- Internal: Fixed the issue with including tenant configuration, internal certificate storage and authentication tokens to export and import routines
back to top
Release 2.3.201808052230 (August 5, 2018)
- Added the option to rotate SSH keys for Unix accounts on-demand, periodically or following the account access workflow
- Added the option to type database password in the response to the command prompt when setting up connection to the external database in the command line instead of specifying the password in the command line
- Improved default external database connection pool configuration to validate connections in the pool
- Added configuration template to enable Federated Sign-In module logging for default Windows and Unix installations
- Fixed the issue with the availability of the Install button after downloading new version of the software
- Fixed the issue with enabling Active Directory configuration for the container authentication when performing AD integration using the application GUI
- Fixed the issue with SSH Proxy authentication using native clients for the systems configured with Federated Sign-In module on non-standard HTTPS port
- Fixed the issue with executing scripts for the records without password formula defined
- Fixed the issue with executing scripts for the records with certificate that has no password
- Fixed the issue with executing scripts for Unix accounts using SSH key access
- Fixed the issue with ambiguous column names and long database constraint names compatibility with Oracle back end DB
- Fixed the issue with initial out-of-the-box support for Oracle RAC back end databases
- Fixed the spelling mistake in Application Initialization screen title
- Fixed the issue with overloading back end Oracle database with the cached queries in the default system setup
- Fixed the issue with updating record with empty content
back to top
Release 2.3.201807292306 (July 29, 2018)
- Added support for native applications (such as mysql client) launched on the Unix application hosts with workflow-controlled permission-based access, high-trust login, session and session events recordings and video playback using browser based experience
- Added support for native applications (such as mysql client) launched on the Unix application hosts with workflow-controlled permission-based access, high-trust login and session events recordings using local SSH clients experience
- Added "verbose" option to the command line utility for better feedback about errors
- Fixed the spelling error when reporting failed executions of the tasks queue
- Fixed the issue with detection of successful script execution on network devices in certain situations
- Improved error reporting about script execution errors
- Improved handling of the task executions not involving password resets
- Fixed the issue with locking user and group search in organizational unit of the service manager when connecting to Active Directory directly without Global Catalog
- Fixed the issue with processing results from the job execution for the records of record types with all fields inherited from the parent record
- Increased timeout when waiting for the response from network devices when executing scripts
- Labs: Added support for multiple tenant access each with the unique URL and unique Database
back to top
Release 2.3.201807222250 (July 22, 2018)
- Added support for multi-tenant configuration with the isolated groups of assets, reporting, permissions, workflows, computer access and task execution managed for every individual client using distributed client deployed nodes and system vaults
- Added the option to login to Windows computers using RDP protocol with microsoft.com accounts
- Added the option for a user to interact with Windows login banner screen when launching applications on the remote application host
- Added REST API function /unlock/{id}/{field} to retrieve a single string value of specified field from the specified record
- Improved the user experience for Navigate to Parent Folder control to implement it as a single button instead of drop-down choice in cases of a single parent available
- Added progress report when importing assets to the system
- Improved performance of the process of importing assets from RDP manager (rdg) and PuTTY (reg) files
- Improved timeout handling when connecting to remote computers and devices
- Improved re-connect behavior in cases of disconnection when connecting to remote computers and devices
- Updated copyright year in presented EULA during Linux installations
- Added field validation logic to the Session Managers Proximity Groups editing and creation screens
- Fixed the issue with navigation from import log to record type instead of a record
- Fixed the issue with the option to create vaults available in the non-root folder accessed through certain navigation paths
- Fixed the issue with blanket error message in the client side browser console about number of pages calculations on the list of records screen
- Fixed the issue with handling timeouts when executing slow running sequence-based scripts such as password reset or status check in network devices such as Juniper, Palo Alto, Cisco, VMWare vCenter or ESXi, or McAfee IPS
- Fixed the issue with consistent selection of a processor role when downloading and installing new application version on the nodes with multiple roles such as GUI and Worker
- Fixed the issue with service start from setup script on Ubuntu OS
- Fixed the issue with lost value of proximity group selector control after creating a new group
back to top
Release 2.3.201807152234 (July 15, 2018)
- Added SSH Proxy support for local port forwarding with high-trust login option
- Added SSH Proxy support for SOCKS proxy with high-trust login option
- Added the option to update current user profile for local users including self-service password reset
- Added support for IBM Informix database with the options to check database connections status and reset password for the database account
- Added support for workflow controlled access to Google Chrome WEB applications using remote application host with high-trust login without revealing password, session and in-session events recording
- Added pagination support when displaying a large list of records in folders or during search to improve GUI performance
- Improved performance of the process of importing from CSV spreadsheet
- Improved performance of creating and copying records
- Improved user experience of the Group Edit and Delete screen to prevent accidental group deletion
- Added the option to manage record vaults to simplify multi-tenant configurations
- Fixed the issue with submitting browser extensions to the Google Chrome and Mozilla Firefox stores by simplifying the code base and removing unused files from the package
- Improved system logging to troubleshoot video rendering of session recordings
- Improved system logging to troubleshoot execution of SQL-related strategies and password reset routines
- Fixed the issue with connecting to computers defined by records with removed or undefined during import vital connection values (such as port) that require using default values instead
- Fixed the issue with connecting to records of the record type with all fields inherited from the parent type
- Fixed the issue with deleting local group generated incorrect audit log message about deleting a user
- Fixed the issue with the re-creating a local group or a user with the same name after deleting
back to top
Release 2.3.201807082224 (July 8, 2018)
- Added HTTPS-Proxy based WEB Access Broker that enables access to WEB Portals without revealing credentials to the end users
- Added support for workflow controlled access to Internet Explorer WEB applications using remote application host with high-trust login without revealing password, session and in-session events recording
- Added XTAM Broker Browser Extension that automatically configures browser proxy to support XTAM WEB Access Broker for Chrome and Firefox browsers
- Added support for SFTP protocol file transfer events logging in SSH Proxy
- Added support for SCP protocol file transfer events logging in SSH Proxy
- Added the option to enable or disable session events recording
- Added support for SSH Proxy connection using native clients by record or host name
- Labs: Added quick launch option from the list of records screen for HTTP sessions
- Labs: Fixed the issue with the recording option available when establishing HTTP sessions on the record view screen
back to top
Release 2.3.201807012215 (July 1, 2018)
- Added support for Microsoft Remote Desktop as a native application executed, recorded and monitored on the remote application hosts to implement double-jump scenario to access computers in remote isolated networks through the jump-server located in DMZ
- Added support for folder-level reporting facility for system administrators and auditors to generate system reports for objects located inside selected folder and its sub-folders
- Added the option for system administrators to purge session events
- Added folder level audit log report for supervisors and auditors to display audit log for objects inside the selected folder and its sub-folders
- Added folder level Inventory report for supervisors and auditors to display inventory report inside the selected folder and its sub-folders
- Added folder level Job History report for supervisors and auditors to display job history report for the objects inside the selected folder and its sub-folders
- Added folder level Sessions report for supervisors and auditors to display Sessions for the objects inside the selected folder and its sub-folders
- Added folder level Session Events report for supervisors and auditors to display Session Events for the objects inside the selected folder and its sub-folders
- Added folder level Requests report for supervisors and auditors to display access requests for the objects inside the selected folder and its sub-folders
- Added folder level Workflows report for supervisors and auditors to display configured workflows for the objects inside the selected folder and its sub-folders
- Fixed the issue with Add New Record list with record types on the list view screen moved out of the right side of the screen on some screen resolutions
- Fixed the issue with installing session manager on Windows Server 2008 or 2008R2
back to top
Release 2.3.201806242148 (June 24, 2018)
- Added support for TSplus RDS as an option for a remote application host to launch in-browser native windows applications
- Added support for PuTTY as a native application executed and monitored on the remote application hosts including high-trust login without revealing password, session and in-session events recording
- Added the option for system administrators to terminate workflows after they have been approved
- Changed Active Directory User record type name for new installations
- Added support for automatic enable mode switch for Cisco devices when accessed using native applications through the system SSH Proxy
- Added support for Prologue sequence sent into the remote device at the start of the connection when using native applications through the system SSH Proxy
- Fixed the issue with editing folders
- Improved troubleshooting logging for the remote applications
- Fixed the issue with Grant and manage drop down menu appear below the edge of the screen by switching them to drop-up menus
- Improved the background procedure to auto-complete approved access requests after the expiration of the requested time
- Fixed the issue with workflow Approve / Reject dropdown menu come out of the right edge of the screen in certain situations on the Requests for Approval screen
- Fixed the issue with workflow details dropdown menu come out of the right edge of the screen in certain situations on the My Requests screen
- Fixed the issue with selecting an appropriate workflow from the list of workflows with mixed restrictions for users and for location
- Fixed the issue with the visual display of the duration-bound selected workflow on the incomplete request form requesting access for the specified date range
back to top
Release 2.3.201806172250 (June 17, 2018)
- Added the option to the system command line service utility to export local user directory including users with optionally encrypted passwords and groups with membership information
- Added the option to import local users and groups into the directory services using command line service utility
- Added support to include export of local user directory to general system export including users with optionally encrypted passwords and groups with membership information
- Added the support to import local users and groups into the system user directory as a part of general database import process
- Added support for terminating SSH Proxy sessions on-demand and after workflow expiration
- Fixed the error reporting when using unrecognized key format for SSH protocol connecting through SSH Proxy
- Fixed the issue with requirement for a user to have connect permission to a application host record in order to connect to the remote application itself using this host record
- Fixed the issue with the improper position of Notification and Favorites buttons on the record view screen for a user with view-only permission to the record
- Fixed the issue with respecting record checkout status for SSH sessions brokered by SSH Proxy
- Fixed the issue with reporting non-printable key sequences for SSH sessions brokered by SSH Proxy
- Fixed the issue with using certain keys in certain environments for SSH sessions brokered by SSH Proxy
- Fixed the issue when user can connect to the checked out record by direct URL in the browser
- Fixed the issue with terminating related active sessions when checking-in a record
- Fixed the issue with importing data into the system database that includes historical session data to purge
- Added system log message about starting an import process
- Labs: Added XTAM Broker Browser Extension that automatically configures browser proxy to support XTAM HTTPS broker for Chrome and Firefox browsers
back to top
Release 2.3.201806102238 (June 10, 2018)
- Added support for native client side applications (such as ssh, scp, sftp, Putty, Secure CRT, WinSCP, PC5250, etc) using SSH, scp, sftp protocols when directly connecting to remote Unix hosts or network devices including password- and key-based high-trust login tracking the use of shared privileged accounts to personal accounts, session events recording, audit logging, session timeout, switch user support as well as permissions, time, location and workflow controlled access
- Added the list of application hosts serving a remote application record to the record view
- Added a warning message on the remote application record view about absence of enabled application hosts to launch this application
- Added support for automatic setup of trust between various application components such as SSH Proxy, XTAM and Federated Sign-In Service in the default installation based on the generated certificate
- Fixed the issue with adding permissions to the new principals
- Fixed the issue with the long blanket error message in the system log about accessing latest application version
- Fixed the issue with resetting password for domain user on Windows machine by the same user executed from Windows-deployed server
- Improved feedback reporting about troubleshooting remote application connectivity by adding system log error when remote application host not found
- Fixed the issue with using disabled application hosts when launching native application using Remote App technology
- Fixed the issue with locked classes in some cases of the application update
- Fixed the issue with MS SQL Studio remote application session closed on new query action
- Fixed the issue with adding a script for Quest Toad Oracle remote application with command line parameters during the application initialization
- Fixed the issue with importing certain database export data into the newly initialized system database
- Fixed the issue with blanket error message in the system log about mismatched internal user state
- Labs: Added the option to configure HTTP Proxy port as well as managed domains using the application GUI
- Labs: Added the option to auto-configure proxy settings for HTTP Broker configuration in Chrome browsers
- Labs: Added the option to auto-populate fields on the WEB page handled by the HTTP Proxy with the HTTP Proxy placeholder
- Labs: Added initial implementation of proxy configuration to FireFox Add-On
back to top
Release 2.3.201806032159 (June 3, 2018)
- Added the option for system administrators, auditors and record owners to review sessions using star-rating system
- Added support for Quest Toad / Oracle native application launch using command line parameters with the ability for high-trust login with session and session events recording including indexed playback
- Added the option to configure integration with Active Directory using application WEB GUI
- Added the option to configure integration with Syslog server using application WEB GUI
- Added the option to configure integration with Active Directory based on the complete distinguished name of the service account
- Added audit log event about updates in Active Directory configuration
- Added audit log event about updates in Syslog configuration
- Fixed the issue with collecting aggregated summary for statistics report
- Fixed the issue with the bread-crumbs navigation on the application settings screen
- Added system parameter to enable HTTP Proxy server during the application startup instead of using properties file configuration
- Added context help for HTTP Proxy User and Password parameters
back to top
Release 2.3.201805272220 (May 27, 2018)
- Added support for workflow controlled access to Oracle SQL Developer Remote Application with high-trust login without revealing password, session and in-session events recording
- Added embedded support for root password change as an automatic option during regular user password change on Unix computers
- Added component version information to the audit log (and system log) record about starting both GUI and Worker components on the node
- Added the option to execute tasks by Oracle RDBMS driver for records referencing server connections by host, port and SID
- Improved performance of the application WEB GUI loading
- Fixed the issue with mismatching suggested port for VNC records and default port used during connections
- Fixed the issue with availability of workflow binding management controls for users not-system administrators
- Fixed the issue with the feedback about successful root password reset on Unix devices
- Fixed the issue with the feedback about successful password reset on Red Hat based operating systems
- Fixed the issue with the application installation on Windows computers with configured SOCKS proxy
- Fixed the issue with resetting passwords for Unix accounts with shadow records
- Fixed the issue with executing tasks by Oracle RDBMS driver for records referencing server connections by connection string
- Labs: Added the option to configure user and password placeholders for high-trust HTTP login
- Labs: Fixed the issue with auto-populating non-credential fields with the credential information in HTTP proxy
- Labs: Added the option to configure auto-populated field names using Plugin Filed parameters for high-trust login using HTTP Proxy
back to top
Release 2.3.201805202325 (May 20, 2018)
- Optimized application performance when logged in using a user from remote user directory
- Optimized performance of file transfer operations between local and remote computers
- Added the script to the script library to reset root password on the Unix computers using SSH connector
- Added the option to interactively execute the queued job by the GUI WEB application before it is executed by the background job process
- Added support to use system proxy configuration for application updates on Windows and Gnome 2.x systems if the proxy server is not configured in the system
- Added the option to configure proxy server for application updates
- Fixed the issue with establishing session connection to remote computer by names when using system session manager installed on the latest versions of CentOS
- Fixed the issue with the error message about failed attempt to send a test email to test mail server configuration with the suggestion to save mail server configuration before testing
- Fixed the issue with enabled button to test mail server configuration during the attempt to send the test email
- Fixed the issue with the incorrect detection of the successful connection to the remote computer in the slow networks
- Fixed the issue with incorrect handling of the reconnect operation to a disconnected session
- Improved system logging message to troubleshoot the job queue operation
- Fixed the issue with executing commands on the remote Unix computer using switch user operation
- Fixed the issue with the timeout mechanism to automatically terminate remote SSH command execution sequence in case of unresponsiveness of job execution script
- Fixed the issue with recovering from the unsuccessful software update to avoid software restart to continue the update process
- Fixed the issue with the establishing sessions using switch user operation in certain network situations
- Fixed the issue with Password Reset Remote Palo Alto Networks script description
- Fixed the issue with loosing certain file transfer events from the event logging
- Fixed the issue with the enabled debug level in the default user directory integration
- Fixed the issue with deleting a record that has associated sessions
- Internal: Added the option to generate master password for CAS sensitive properties encryption (such as AD password) during the software installation
back to top
Release 2.3.201805132211 (May 13, 2018)
- Added support for NetIQ eDirectory as a system user repository
- Added a count-down screen on a reconnect to a disconnected session
- Improved performance of the application WEB GUI loading
- Fixed the issue with connecting to and operating with user directories with empty root entry name
- Fixed the issue with connecting to LDAPS user directories with TLS security layer enabled
- Fixed the issue with updating configuration for additional integrated user directories
- Fixed the issue with executing scripts on Unix computers using SSH strategy
- Fixed the issue with missing task name in task execution start and error audit log messages
- Fixed the issue with loosing keyboard and mouse control when reconnecting to remote application sessions accessing native applications
- Fixed the issue with reporting missing dependencies in the Linux installation script run on certain operating systems (such as CentOS)
- Labs: Fixed the issue with HTTP Proxy login with the password that contains special characters that need to be encoded
- Labs: Fixed the issue with HTTP proxy login with the user given with the email domain qualifier where the user login is expected
- Labs: Fixed the issue with HTTP Proxy operation with the remote WEB Portals preventing script injections
- Labs: Fixed the appearance of the visual indicator of the HTTP Session in the browser
- Labs: Fixed the issue with accessing pages that include multi-byte Unicode characters in HTTP sessions
back to top
Release 2.3.201805062226 (May 6, 2018)
- Added multi-node high availability option for Federated Sign-In Service
- Added support for TLS 1.2 security layer when connecting to RDP sessions
- Added the option for integration with SAML-based identity providers
- Added the option to enable Federated Sign-In service system logging after installation for troubleshooting purposes
- Added authentication persistence option for Federated Sign-In service preserving user login during the application restart
- Added command line utility to simplify management of the application security keys and certificates
- Fixed the issue with populating fields inherited from parent records types when using the Import function
- Fixed the issue with errors in the system log caused by the undefined SMTP server in the mail server configuration
- Fixed the issue with configuring integration with Active Directory first time after the installation
- Fixed the issue with connecting to RDP sessions to Windows computers with certain configurations
- Fixed the issue with incorrect Record Edit button labels during workflow operation
- Fixed the issue with reliability populating values in Remote Applications controls on the remote application hosts
back to top
Release 2.3.201804292325 (April 29, 2018)
- Added Spanish on-screen keyboard layout for active sessions
- Added the option to configure local user directory replication option using command line control utility
- Added password prompt option when connecting to local directory services using command line control utility
- Changed software trial time for un-activated software to 14 days
- Improved performance of loading record change history report
- Fixed the issue with joined sessions remained active after the session owner terminates the session
- Fixed the issue with a record Editor accessing session information for the record
- Fixed the issue with masking last values of secret fields in the record change history report
- Fixed the issue with starting authentication services (CAS) in the default configuration setup connected to external database other than the embedded one
- Fixed the issue with the specific message to the session participants about the owner leaving session
- Fixed the issue with receiving alerts and notifications about in-session events for the subscription scheduled for all categories
- Fixed the issue with reporting all-categories subscriptions when displaying the list of subscriptions
- Fixed the issue with interpreting certain characters in the session events report
- Fixed the issue with updating CSV-based discovery queries
- Labs: Fixed the issue with concurrent context access in HTTP Proxy filters
- Labs: Added the option to use HTTP Proxy sessions for WEB sites with distributed federated authentication involving browser redirects
back to top
Release 2.3.201804222226 (April 22, 2018)
- Added support to display users (with the access IP address) joined an active session in the session control panel
- Added the option to notify session owners about users joining or leaving the session
- Added support for multiple disconnected Active Directory forests or non-Active Directory LDAP users sources
- Added support to display session events about users (with access IP addresses) joined or left the session in the session events report
- Added the option to add users or groups from external user directories (including primary or disconnected Active Directories) as members of the local groups to simplify management of permissions, global roles and workflow configurations
- Added command line configuration utility options to configure or remove additional LDAP user directories such as isolated Active Directory forests or other LDAP user sources
- Added the option to display the user directory of a principal when displaying members of a local group on the local group management screen
- Updated copyright year for the Windows installer
- Fixed the issue when importing records into the system using Internet Explorer 11 browser
- Fixed the issue with displaying initial application screen to the authenticated user not found in the current user directory
- Fixed the issue with blanket messages in the system log related to authenticating a user not found in the current user directory
- Fixed the issue with the blanket error in the system log about impossibility to lock the object for processing by multi-thread pool
- Fixed the issue with integration with Active Directory user sources using the account that has comma in the distinguished name
- Fixed the issue with terminating file transfer process based on the remote session idle timeout
- Fixed the issue with language translations for session idle message dialog
- Fixed the issue with detection of idle sessions with active file transfer in progress
- Fixed the issue with bread-crumbs navigation from inside a folder to the Home and Records Root locations
- Fixing the issue with releasing old thread pool locks when starting up the application
- Improved a procedure of recovering from the long locked operations
- Fixed the issue with a confirmation message about removing local group members
- Fixed the issue with incorrect reporting of the successful connectivity to the remote user directory during Windows installation
back to top
Release 2.3.201804152246 (April 15, 2018)
- Added support for the approval based permission elevation option on the remote Windows end points
- Added support for Okta Authentication services
- Added support for auto-start configuration when installing the application on systemd init based operating systems
- Added support for secure communication traffic to the local user directory during the default installation
- Updated default system password formula for local users directory to 24 characters in the default installation
- Updated default password formula for Unix, Windows, AS400 and Database destinations to increase maximum characters in the default installation
- Added the option to configure integration with Active Directory servers using fully qualified user distinguished name
- Added the option to grant permissions to Active Directory users and groups using fully qualified distinguished name
- Updated default log file format to include thread number to track sequence of related events
- Added factory default for Windows Local Administrators Group Cleanup script
- Added factory default for Windows Remote Reset with Dependencies script
- Improved error reporting about resolving Active Directory group membership
- Fixed the issue with resolving Active Directory groups with members distinguished names including certain special characters
- Fixed the issue with sending alerts about session events
- Fixed the issue with resolving permissions and group membership given to users with commas in the distinguished names through Active Directory groups
- Fixed the issue with overloading Windows session manager when accessing RDP sessions using Internet Explorer browser connecting to the system with IIS load balancer
- Fixed the issue with displaying global service accounts on the users report
- Fixed the issue with timeout when configuring integration with Active Directory server as well as with remote system user directory
- Fixed the issue with Federated Sign-On component integration in the default installation SSL setup
back to top
Release 2.3.201804082221 (April 8, 2018)
- Added support for Juniper Networks devices with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs
- Added support for Palo Alto Networks devices with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs
- Added support for Oracle RDBMS with the event- or time-based password verification and reset automation jobs
- Added support for Toad / Oracle native application with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs using native Oracle RDBMS connection
- Added support for IBM PC5250 terminal emulator native application with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password reset automation jobs using native AS/400 connection
- Added HTTPS access option for the newly installed application using generated self-signed certificate
- Added the option to automatically configure Active Directory connection to AD Global Catalog referencing a root of the AD forest in case a connection to AD Global Catalog could be established
- Added the option to reset a local user password using XTAM control utility
- Added script placeholder parameter {{PAMLOGIN}} to designate the login of the user executing the job on-demand
- Added an indicator of an enabled or hidden record type to the record types list
- Added the option to mass enable or disable multiple selected record types
- Added the option to select / unselect all record types
- Fixed the issue with prompting for credential and host for non RDP or SSH records that do not include these fields in the record types
- Fixed the issue with a bread-crumb navigation to the list of command control policies on the command control editing screen
- Fixed the issue with a Cancel button on a record type editing page
- Fixed the issue with the early expiration time of self-signed certificates for the internal component communications
- Fixed the issue with displaying the usage information of the XTAM control tool if run without parameters
- Fixed the issue with on-demand execution of password reset and script with parameters with factory default scripts
- Fixed the issue with the attempt to run XTAM GUI as a remote process
- Fixed the issue with MS SQL Server record type name and description for new software installations
- Fixed the issue with excessive internal message reporting in the system log in the default installation
- Improved performance of remote application launcher on the remote applications host
- Added an interactive option to provide a secret to encrypt to the XTAM control utility
- Fixed the issue with saving video recordings and also system exports to Windows shares configured with UNC path
- Fixed the issue with reporting errors and completing sessions when failure to save session recording
- Added a confirmation message after saving or creating a record type
- Fixed the issue with better error message when deleting a script which is in use
back to top
Release 2.3.201804012143 (April 1, 2018)
- Added support for workflow controlled access to Cicso devices with high-trust login (without revealing password), automatic high-trust switch to enable mode, session and in-session events recording as well as heart-beat monitoring and password change option for users
- Improved performance of launching high-trust sessions with native applications on the remote application hosts
- Fixed the issue with using the configured user for remote XTAM node operation
- Fixed the issue with refreshing password formula screen by clicking on the last bread-crumbs navigation item
- Fixed the issue with the blanket error message on the JS console when saving scripts
- Fixed the issue with recording system related information to keystroke recording report when performing high-trust login with switch user for Unix destinations, AS/400 and Cisco enable mode
- Improved error reporting about failed notification process
- Fixed the issue with the availability of user controls during launching sessions with native application on remote application host
- Improved support to connect to remote Windows computers using remote PowerShell method
- Fixed the issue with loading default script from the factory supplied template when executing scripts on remote devices in both local and remote XTAM node execution scenarios
- Fixed the issue with bread-crumbs navigation to the records list from the record editing screen
back to top
Release 2.3.201803252244 (March 25, 2018)
- Added support for workflow controlled high-trust login (without revealing password) to IBM AS/400 computers with the session recording and session events recording options
- Added support for workflow controlled access to MySQL Workbench Remote Application with high-trust login without revealing password, session and in-session events recording
- Added support for file transfer events recording for files upload and download during active sessions to remote computers
- Added support for remote XTAM job execution node securely communicating with the central XTAM Vault to support scenarios with cloud hosted XTAM Vault serving on-premises network or centrally located XTAM Vault serving several remotely isolated networks for password reset, password reconciliation, heart-beat, local administrators management and elevated script execution activities
- Added a confirmation dialog when saving record types
- Fixed the issue with the message on the confirmation dialog when deleting a record type
- Fixed the issue with selecting MS SQL Server authentication when logging in using MS SQL Server Remote Application high trust login
- Fixed the issue with bread-crumb navigation back to the list of queries from the discovery query editing screen
- Fixed the issue with Local Groups list displaying the number of found objects
- Fixed the issue with Discovery Queries list displaying the number of found objects
- Fixed the issue with the menu label for the Instant Video Playback option on the Sessions report
- Fixed the issue with reporting successful execution result about successful heart-beat check for Unix records
- Fixed the issue with host and credentials popup screen appear for records other than SSH or RDP records
- Fixed the issue with enabling Active Directory integration during installations on Linux servers
- Fixed the issue with default system administrator login name created during installations on Linux servers
- Labs: Added a configurable option to HTTP Proxy port using system parameter http.proxy.port=xxxxx
back to top
Release 2.3.201803182321 (March 18, 2018)
- Added support for native applications launched on the application host farm with high-trust login, session and session events recordings and the load balancing support for multi-host server application farms
- Added support for MS SQL Studio Remote Application with high-trust login without revealing password, session and in-session events recording
- Added the option to scale the session video playback in the Quick Player to the size of the player with the option to dynamically resize the playback with the player size
- Added the option to supply factory default scripts that could be updated with the application update with the option to restore a script to factory default
- Added application expiration warning when the application is activated but expired
- Fixed the issue with incorrect Session Timeout message
- Fixed the issue with the user that has an Auditor global role accessing record and system sessions, session events reports as well as sessions playback
- Fixed the issue with connecting to VNC hosts without asking for host and credential information
- Fixed the issue with the confirmation message for the system import
- Fixed the issue with encrypting imported data
- Fixed the issue with script execution for blank records expecting user entry for user or password
- Fixed the issue with closing stale sessions
- Fixed the issue with enabling ADS security for the existing old deployments
back to top
Release 2.3.201803112233 (March 11, 2018)
- Added support for command line file transfer from remote Unix server to the local computer during active session using XTAM tool (xtam -d FILE)
- Added support for quick file transfer from remote Windows server to the local computer by copying (drag-and-drop) file to Downloads folder of the XTAM Drive on the remote server that triggers file download in the session browser
- Added support for file upload to a remote server using drag-and-drop operation to the session screen. For Windows remote server the file uploads to the root of the XTAM drive. For Unix remote computers the file uploads to the root of the current users home directory unless the destination changed using XTAM tool (xtam -s DIRECTORY)
- Added the option to subscribe for in-session key stroke events to receive alerts and email notifications when certain key sequence typed during sessions
- Added support to display large lists of discovered hosts with the options to search the list and export the list into CSV and PDF formats
- Added the option to import host records referencing other records either by name (use Reference column in the import file) or by ID (use ReferenceId column in the import file)
- Added support to deploy the XTAM tool to a remote Unix server using in-session toolbar button. Use XTAM tool to initial file download to a local computer using command line (xtam -d FILE) or to configure a default directory for drag-and-drop file uploads (xtam -s DIRECTORY)
- Added the option to edit a set of special characters that could be used in a password formula
- Fixed the issue with the audit log of long messages
- Fixed the issue with the task execution of the scripts that return long results
- Fixed the issue with Discovery Query types displaying out of the right screen border when creating new discovery query
- Fixed the issue with more clear GUI controls for Checkout Required and Checkout Disabled options on the access request screen including context help
- Fixed the issue with the wrong label for the Back button on the session event detail page
- Fixed the issue with the Thursday label on the script execution policy configuration screen
- Fixed the issue with bread-crumbs navigation for the discovery / query / hosts / host hierarchy
- Improved the application update process including graceful shutdown of internal services before update
- Fixed the issue with incorrect total count of sessions on the sessions report
- Fixed the issue with the error message about white- and black-listing of commands
- Fixed the issue with the error message when deleting a record that is in use as a reference record
- Fixed the issue with error reporting when mass deleting objects from the system
- Fixed the issue with screen title for mass delete log screen
- Labs: fixed the issue with shutting down HTTP Proxy server during the application update before deploying and starting up the new version
- Labs: Added support to complete HTTP sessions based on the heart-beat sync traffic
- Internal: Added the script injection into the download page that controls heart-beat sync as well as screen decoration and recording in the future
- Labs: Added information panel to the HTTP session
back to top
Release 2.3.201803042208 (March 4, 2018)
- Added the option to checkout records for an exclusive access with the support of check-in, checkout timeout, emergency override and one-time password use
- Added the option to change record type when editing a record inheriting tasks, command control and scheduling policies as well as password formula configurations but preserving audit log and history of the original record
- Added the option to display the list of active sessions by user on the record view
- Improved the time display on the quick player for session recordings
- Improved the animation style of the quick player for session recordings to prevent scroll-bar appearance on fade out
- Added support to display currently selected workflow template when submitting access request
- Added request originator for grant requests to the access request detail screen
- Added checkout expiration time to the record view for checked out records
- Added task execution (and password reset) policy trigger for record check-in event
- Fixed compatibility issues with Internet Explorer browser
- Fixed the issue with displaying other user requests when they are submitted but not yet approved
- Fixed the issue with filtering session report by session type (Active, Completed)
- Fixed the issue with screen labels on the grant operation log screen
- Fixed the issue with incorrect color coding of successful connect operation on the record view screen
- Fixed the issue with resetting password on Windows computers with certain communication speed
- Fixed the issue with display labels of job types on the Job History, Audit Log reports as well as on the Record View screen
- Fixed the issue with overloading Windows session manager when accessing RDP sessions using the system with IIS load balancer
- Fixed the issue with updating local users created before switching to ID based user identification
- Fixed the issue with high-trust login to a WEB Portal through the HTTP Proxy in case of subdomain-based authentication (such as Hubspot.com)
back to top
Release 2.3.201802252240 (February 25, 2018)
- Added the option to display video recording of a key sequence, clipboard transfer of other session event in the session player
- Added the option to mass execute scripts for multiple hosts based on Active Directory query without the need to import hosts to the system vault
- Added the option to export Audit Log, Inventory, Job History, Job Summary, Requests, Sessions, Session Events, Users, Workflows and Alerts reports to PDF format that includes records from all pages of the report
- Added a modern visual appearance and user experience for the session recording player
- Added the option to delete local users and groups from the local directory
- Added task name to the audit log records about script execution
- Added host, task and result to the job details screen
- Added the option to display job numbers instead of the actual jobs on the record view screen for large number of scheduled jobs
- Fixed the issue with starting up background services responsible to software heart-beat, download, update, export and import triggering
- Fixed the issue with Cancel button on the Create New Record screen navigates to the parent folder instead of the root folder
- Fixed the issue with exporting all pages of Session Events report to CSV and PDF formats
- Fixed the issue with exporting all pages of Requests report to CSV and PDF formats
- Fixed the issue with exporting all pages of Alerts report to CSV and PDF formats
- Fixed the issue with exporting all pages of Record level Audit Log report to CSV and PDF formats
- Fixed the issue with creating a record of a record type that does not have fields but its parent record type does
- Fixed the issue with the discovery script to list local administrators to work for both old and new PowerShell COM implementations
- Fixed the issue with executing PowerShell commands on slow remote computers
- Fixed the issue with reporting queue status as a number instead of the label in the audit log records about script executions
- Fixed the issue with rudimentary Export to Excel, Print and Copy options for system reports
- Fixed the issue with error reporting when accessing session recordings
- Fixed the issue with incorrect screen title for adding a user to a group dialog
- Fixed the issue with preventing a local group to be added to itself
- Fixed the issue with creating a local group by an Active Directory user
- Fixed the issue with deleting record types that have associated tasks
- Fixed the issue with HTTP Proxy accepting connections from remote computers
- Fixed the issue with transferring extra data when querying sessions using application API
back to top
Release 2.3.201802182308 (February 18, 2018)
- Added support for managing membership of a local Administrator group on multiple remote Windows end points
- Added support for password reconciliation for local accounts on remote Windows end points
- Added Jobs Summary report displaying summary of job executions per day with the counts by tasks, execution status and result with the search and export options as well as the options to drill down to the individual job details and display the aggregated results in a graphical trend chart
- Added Session Events report displaying system wide sessions events such as key sequences, file and clipboard transfers across all sessions with the search and export capabilities
- Added support to display relative time of event according to session create time in the Session Events reports
- Added Windows Local Administrators Group Cleanup script to the script library
- Added the Windows password set script to the script library that does not require old password to set a new one. This script requires account with Administrator rights to execute.
- Added context help for Language preference setting as well as for Language global parameter
- Added mass select and unselect actions to the discovery screen displaying the list of discovered hosts
- Added Cancel button to the On-Demand password change screen
- Fixed the issue with ordering task lists in the execute action on the record view
- Updated server side message translations for some languages
- Fixed the issue with sorting Manage actions on the folder and record level as well as Grant actions on the record view screen
- Fixed the issue with double connect audit record in the situation of failed first connect with the consequent successful connection repeat
- Fixed the issue with secure date field displaying null on the record view screen
- Fixed the issue with secure date field displaying raw unformatted date string after unlock
- Fixed the issue with formatting when copying to the clipboard unlocked secured date fields
- Fixed the issue with unclear record description when searching for shadow records
- Fixed the issue with shadow record selection dropdown is covered by the application status bar at the bottom of the screen
- Fixed the issue with deleting records that contain recorded session events
- Fixed the issue with incorrect confirmation message when deleting records and folders (reversed ones for records and folders)
- Fixed the issue with the incorrect error message when deleting a record which is a shadow record for some other record
- Fixed the issue with using a proper task name in the confirmation message for the schedule action on the on-demand password change screen
- Fixed the issue with resetting Windows passwords that contain hash character
- Fixed the issue with executing remote task in case when not all fields are defined in the record
- Fixed the issue with the incorrect Select button name on the mass task execution screen as well as on the command control restriction definition screen
- INTERNAL: Added the option to download auto-generated HTTP Proxy certificate
- INTERNAL: Added system property option to auto-start HTTP Proxy server. Added HTTP session manager to experiment with HTTP sessions. Added the option to launch an HTTP session from the records with associated session manager
back to top
Release 2.3.201802112225 (February 11, 2018)
- Added the option to switch application language for the whole application or individually for a user in preferences
- Added the option to define formula for any record type that does not have a formula yet
- Updated Copyright year on the application About screen
- Fixed the issue with session join operation opening a new session to a remote computer
- Fixed the issue with resetting passwords for domain users on Windows computers using remote PowerShell method
- Improved the permissions logic of My Sessions report to include only sessions that a current user initiated or the sessions started for records the user owns
- Fixed the issue with displaying action menu items for the users without permissions to use them in the My Sessions report
- Fixed the issue with displaying Events, Join, Terminate, Download and Convert actions for administrators and record owners only even if the record displays in the session report because the current user is the session originator
- Fixed the issue with attaching a formula from the parent record type when creating new record type.
- Fixed the issue with defining helper placeholder for number fields
- Updated right-side dropdown menu for the objects in the record list to open on the left side of the button to have more space
- Fixed the issue with enabled Go to Parents button on the root folder
- Fixed the issue with drop down actions menu on the workflow bindings list moving out of the right border of the browser
back to top
Release 2.3.201802042258 (February 4, 2018)
- Added the option to reset a password for a Windows account including update of dependent services
- Added Request Approval Matrix (Workflows) report displaying all workflow bindings with high level objects associated with these bindings, binding details and workflow template approval steps with actors and ranks with the option to export the report to CSV spreadsheet
- Added support for Choice field in the record types with the option to secure the field
- Added support for multi-line Text field in the record types with the option to secure the field
- Added support for Date field in the record types with the option to secure the field
- Added support for automatic restart of dropped connections to remote computers for all supported protocols to improve stability of remote sessions
- Added the option to copy unlocked secret to the clipboard using a button
- Added the option for auditors to review scripts in the scripts library
- Added support to show a warning badge in a session window when connection is lost
- Added the option for a script to communicate execution feedback back to the XTAM framework display in the Result column of the report
- Added managed.path, item.id and request.id placeholder for alerts notifications
- Added Description field to scripts definitions
- Added the option to sync Active Directory group with the Active Directory
- Added default script descriptions for out of the box scripts for initial software installations
- Fixed the issue with re-sizing RDP session during initial connect to fit the screen by opening the new session with the right size right away
- Fixed the issue with granting access to records based on workfow bindings associated with groups from user directories different than the one where the currently logged in user belongs
- Fixed the issue with displaying Windows specific commands (such as Start PowerShell) in the Command Control prompt in non-Windows sessions
- Fixed the issue with searching Job History report by task and user
- Fixed the issue with detecting the script failure for Remote PowerShell execution strategy
- Fixed the issue with detecting password reset failure for Remote PowerShell method of resetting password
- Improved error reporting from Remote PowerShell password reset script
- Fixed the issue with exporting Job History report to CSV spreadsheet
- Fixed the issue with ordering field type selection when creating or editing fields
- Fixed the issue with defaulting field type selection for new fields to String
- Fixed the issue with messages about license expiration
- Fixed the issue with displaying error message when deleting a script in use
- Fixed the issue with incorrectly positioned Schedule button on the On Demand password change screen
- Fixed the issue with executing custom password reset scripts for Windows computers
- Fixed the issue with triggering on-demand password reset option for script with old and new styles of password placeholders
- Updated the refresh icon on the script editor and script listing screens
- Fixed the issue with the sort order on the local users and local groups lists
- Fixed the issue with importing previously exported data into the system
- Fixed the issue with system initialization during the installation
- Added Importing Complete message at the end of the importing process
- Fixed the issue with the availability of a Helper option for the non-String fields
back to top
Release 2.3.201801282245 (January 28, 2018)
- Added Users Report displaying information about local and Active Directory users and groups accessing the system with last activity time and location, groups they belong to, global roles, MFA tokens, and count of accessible objects and associated audit events with the option to review accessible objects, audit log events, reset MFA token, and clean or sync cached data
- Added Inventory report displaying all objects with name, reference number, type, author, editor, created and modified dates, last successful and attempted connectivity actions with a time stamp, permission inheritance status and the list of permissions with the option to review associated object audit events and navigate to an object
- Added the option to grant one time access to connect, unlock or execute operations to specified users with the option to request approval from other stakeholders
- Added support for recording and reporting last user location
- Added a Session report to a Report section for an auditor access with the option to review sessions and session events
- Added a Requests report to a Report section for an auditor access
- Added the option to enter active directory password from the console when performing integration with Active Directory using command line utility
- Added the option to exclude commands, arguments and pipe redirections from a white- or black-list Command Control policy definitions
- Added the option to bind workflow templates to everybody from everywhere by not specifying either principals or IP filter
- Added in-session Command Control macros /cmd_admin and /ps_admin to start privileges command line and PowerShell prompts on Windows computers accessed with command control restrictions
- Added in-session Command Control tooltips for helper toolbar buttons
- Added in-session Command Control dropdowns to command input toolbar to run privileged command line shell and PowerShell prompts
- Added support for for separate logout action for Windows and Unix hosts in in-session command control prompt
- Added support for for /ctrl-c command for Unix sessions in in-session command control prompt
- Improved stability of session connection to remote computers by implementing automatic server side keep-alive process
- Fixed the issue with CSV export generating reports for all records on all pages for Audit Log, Job History, Users, Inventory and Session reports
- Fixed the issue with reporting user, notification and subscription details when failing to send alert email notification
- Added the option to auto-unsubscribe from all notifications and clearing up an alert cache when removing a user from the system cache on Users Report
- Fixed the issue with importing Workflow Template Actors from the system export files
- Fixed the issue with session recording status shows as In Progress for sessions not being recorded on the Sessions report
- Fixed the issue with prompting for destination host and credentials in case none of it is defined in a record
- Fixed the issue with creating password verification job for an incomplete records without host or user information
- Fixed the issue with locking the in-session command control prompt when executing a command
- Fixed the issue with handling timeout in the in-session command control prompt when executing a command
- Fixed the issue with loosing all tasks but one when making task manager unique for a record
- Fixed the issue with the Statistics report title
back to top
Release 2.3.201801212136 (January 21, 2018)
- Added support for Command Control associated with active RDP and SSH sessions that allows to restrict commands (and parameters) entered by an operator based on configured white- or black-lists
- Added Split View option allowing to display part of a password for different groups of users for two-person (segregation of duty) access to sensitive information
- Added support for location based access to managed servers and devices
- Added the option to require request approval based on user location for remote access, remote script execution and unlock of sensitive information
- Added the option to prompt for the target host while using credentials on record when connecting to remote computers and devices
- Added the option to prompt for the target credentials while using host on record when connecting to remote computers and devices
- Added the option to validate record credentials after record creation or update as well as on schedule or on-demand in bulk for multiple selected records
- Added the option to define more complex password formula including minimum number of upper and lower case characters, numbers, special characters or white spaces as well as maximum and minimum password length boundaries and whether a password can contain a user name as a subset
- Added the option to display all rows in Job History, Audit, Workflow Instances, Alerts and Session reports for export purposes
- Added the option to filter session report by custom time range
- Added the option to subscribe to alert notifications based on the audit log message in addition to a folder, a record, a category, a level and an event
- Added Reports section in the navigation area including Audit Log, Job History, Sessions and Statistics reports
- Added the function to record the last time when a user accessed the system
- Fixed the issue with managing multiple unrelated global roles for the same user
- Fixed the issue with breadcrumb navigation from workflow binding configuration to the host record or folder
- Fixed the issue with the icon for the refresh workflow binding action
- Fixed the issue with data formatting when exporting Session report
- Fixed the issue with for refresh button on Audit, Job History, Sessions and Workflow reports
- Fixed the issue with row count on the session report
- Fixed the issue with displaying task name on the Job Queue section of the record view
- Fixed the issue with displaying queue status on the record view Job Queue section
- Fixed the issue with export and import support for workflow, command control, session event recording, data update and item relationship modules as well as with importing audit log, job history records
- Fixed the issue with importing system data when some of the records have errors during import
- Changed the name of Management / My Sessions report
- Fixed the issue with the title of the Audit Log report
- Fixed the issue with including mouse movement in session recording
- INTERNAL: Added track-able named data patch system
- INTERNAL: Added shortcut commands and quick access buttons for Command Control window to open command line and PowerShell prompts on Windows computers as well as to switch windows, logout, exit shell, show desktop
- INTERNAL: Added command history support using Up- and Down-Arrows for command entry window for the sessions with Command Control enabled
back to top
Release 2.3.201801142228 (January 14, 2018)
- Added the option to define request workflow configurations for individual folders and records with the nested folder inheritance option down from nested folders to records for group configuration
- Added support for collecting and displaying information about a status of a last time login to a remote computer whether caused by a session connect or a task execution
- Added the option to capture client side IP address, display it in the audit log report with the search by IP option and stream to syslog servers
- Added Manage option for folders and records to combine managing functions for Permissions, Formulas, Workflows and Tasks
- Added confirmation message for the task execution
- Added the option to mass select and mass unselect workflow bindings
- Added the option to mass delete selected workflow bindings
- Added the option to mass select and mass unselect requests for approval to approve or to reject them
- Added the option to reveal attempted password to the global administrators in cases when the password reset successfully on the remote device but failed to update the record in the system
- Fixed the issue with enhanced security of local user directory component in the default software installation
- Changed Refresh button for folders to the icon-based button
- Fixed the issue with generating alerts for folder structure with cyclic nesting folders
- Fixed the issue with excessive amount of log records about the queue scan for event generation even when there is nothing scheduled
- Fixed the issue with consistent date format for created and modified dates on the record view
- Fixed the issue with the Scripts page title
- Fixed the issue with the page name for workflow bindings
- Fixed the issue with navigating to the parent folder using breadcrumb navigation from permissions, workflow binding and formula definition pages
- Fixed the issue with duplicated scheduled exports
- Fixed the issue with removing task from the record type task list in case the task has associated jobs run for some records of this record type
- Fixed the issue with checking request workflow requirements for a user not included to any group
- Fixed the issue with password reset functionality initiated for records with attached workflows
- Improved system logging to troubleshoot password reset functionality
- Added application version information to the system log to simplify application troubleshooting
- Fixed the issue with the excessive error reporting in the system log about accessibility of XTAM update server from environments without Internet access
- Fixed Copyright year to 2018 in the application footer
- Fixed the issue with some cases of attempted password to reset transferred over the network and stored unnecessary
- Fixed the issue with adding new probe accounts to the discovery query that does not have saved accounts yet
- Fixed the issue with sampling domain controller that includes joined computer without some date parameters defined when creating discovery queries
- Added the option to white-list and blacklist commands that a user can execute during an active session
- Added the option to configure session command policy to white-list or blacklist in-session commands for selected record types, records and users with configuration inheritance from record types to individual records
back to top
Release 2.3.201801072216 (January 7, 2018)
- Added the option to request approval for remote task execution
- Added the option to mass schedule on-demand execution of multiple tasks for several selected records and to request approval for executing remote scripts for multiple selected records as well
- Added the option for break-glass recovery of sensitive information from encrypted system export using administration utility
- Added the option to bulk copy, cut, paste and delete multiple selected records and folders
- Added the option to list records by matching name, description and host name in the export file using administration utility to support break-glass recovery
- Added the option to extract sensitive information from the encrypted export file using administration utility provided the export file, record name or record ID and the master password to support break glass scenario
- Added the option to schedule periodic export of system data
- Added the option to request approval for the record Edit operation
- Added support for auto-rejecting expired access requests
- Added the option to specify custom time range to query Audit Log data
- Added the option to specify custom time range to query Job History data
- Added the option to specify custom time range to query Alerts
- Added the option to specify custom time range to query Workflow Instances
- Added bulk operations to mass copy, cut and delete records and folders for global administrators
- Added the option to mass select and unselect records and folders in Bulk Actions menu
- Added the option to mass request task execution approval
- Fixed the issue with executing commands using remote PowerShell on remote Windows computers first time after remote computer restart
- Fixed the issue with executing commands on remote Windows computers using remote PowerShell during several minutes after initial failure to execute commands because of the network or OS issues
- Improved feedback message about errors executing remote PowerShell commands
- Fixed the issue with Warning message when terminating sessions
- Fixed the issue with editing a record as well as establishing high-trust connection to a record with empty unlock task execution policy
- Fixed the issue with displaying total count for job history report
- Fixed the issue with displaying total count for Workflow Instances report
- Fixed the issue with creating duplicate users in the local user directory
- Fixed the issue with creating duplicate groups in the local user directory
back to top
Release 2.3.201712311800 (December 31, 2017)
- Added the option to trigger an emergency workflow for short requested durations
- Added the option to schedule password reset after connection made to a remote device (reset is triggered based on the Unlock policy)
- Added the option to request access for multiple selected records
- Added the option to mass approve or mass reject access requests
- Added support for masking entered sensitive secret fields when editing records
- Added support for masking new password field on the Change Password On-Demand screen
- Added the option to display Session Report for sessions related to selected access request
- Added the option to display access request that enabled a selected session in the Session Report
- Added the option to display Request ID for cross-reference purposes on the list of requests, on the request information screen and on the list of My Requests and Requests for Approval
- Added the option to search Requests by Request ID
- Updated Audit Log report to include Request ID to request related messages
- Added the option to select multiple records on the record list screen to perform mass operations involving multiple records
- Added the option to display execution log about executing mass operations involving multiple records
- Added the option to define tasks with specific password change routine different from the out-of-the-box implementation
- Fixed the issue with mis-configured SSO authentication in the default setup of the software with the load balancer
- Fixed the issue with enabling SSO authentication in the default setup of the software on Linux OS
- Fixed the issue with Save and Return option when creating a new record returning to the root folder by returning to the record view screen for a newly created record like Save and Return works for updating the existing record
- Fixed the issue with renaming a group or a user in the local user directory reflects on the user or the group reference on permissions, workflows and navigation screens
- Fixed the issue with refreshing the permission list after revoking permissions
- Fixed the issue with saving scripts with names that contain special characters such as slash
- Fixed the issue with failure to change password using Remote SSH strategy still updated the attempted password in a record
- Fixed the issue with attempt to define workflow biding order as a decimal fraction
- Fixed the issue with failed initial startup of the application on some operating systems that required forced re-deployment of the system WEB applications
- Fixed the issue with browser extension connecting to XTAM server in some environments
- Fixed the issue with browser extension populating form fields of wrong types (buttons, checkboxes, etc)
- Fixed the issue with clearing the error message when refreshing Workflow Templates, Workflow Bindings and Workflow Instances views
- Fixed the issue with deleting workflow templates that have associated instances
- Improved error reporting when deleting workflow templates that have associated bindings
- Fixed the issue with audit log message about deleting workflow templates
- Improved detection of the successful password change for Remote SSH strategy by utilizing error code from the password change command and passing it to XTAM job engine (xtam passwd error code: N)
- Fixed the issue with the ability to create or update a record type with the same name as already existing record type
- Fixed the issue with cutting off long task names in the Execute action on the Record View screen when using the narrow browsers
- Fixed the issue with cutting off long parent folder names in the Go to Parent action on the Record List and Record View screens
- Fixed the issue with cutting off Connect options on the Record View screen when using the narrow browsers
back to top
- Fixed the issue with browser extension connecting to XTAM server in some environments
- Fixed the issue with browser extension populating form fields of wrong types (buttons, checkboxes, etc)
Release 2.3.201712242255 (December 24, 2017)
- Added the option to continue active sessions even after requested access expiration (use 'Session Request Enforcement' global parameter with Continue option)
- Added list view option to the file transfer browser for active RDP and SSH sessions
- Added progress bar information during file transfer to remote computers
- Added current path bread-crumb navigation in the file transfer browser for active RDP and SSH sessions
- Added refresh option to the file transfer browser for active RDP and SSH sessions initiated on-demand of when accessing the browser
- Added the option to hide record types from the list when adding records
- Added the option to search specifically for user groups when granting object permissions or global roles by using group:name syntax in the Add Principal search bar
- Added support for masking current password in the record change history
- Optimized performance of integration with Microsoft Active Directory for large user directories
back to top
Release 2.3.201712172320 (December 17, 2017)
- Added support for time-limited sessions to remote computers with automatic session termination after time expiration
- Added support for auto-populating WEB form fields in the browser extension when accessed by users with limited privileges
- Added Shift-Esc hot-key to display session information panel in the active session screen
- Added support to automatically terminate a session started under opened request upon request expiration
- Added the option to the browser extension to populate fields by their names in addition to IDs
- Added the option for a browser extension to populate WEB form fields for records with Viewer permissions only
- Added the option to display time to session expiration in the session window title bar for the sessions with approved access requests
- Added the option to display the remaining time left for the session in the session control panel for the sessions with approved access requests
- Added the option to display host and port information in the session control panel
- Fixed the issue with browser extension operations when XTAM URL is entered with the slash at the end
- Fixed the issue with alphabetical display of 'Parent Type' dropdown when creating new record type
- Fixed the issue with alphabetical display of 'Go To Parent' dropdown when viewing record
- Fixed the issue with Create New Record Type form duplicated empty options for 'Session Manager' and 'Parent Record Type' dropdowns
- Added support for an encrypted credentials transfer to a browser extension in case the Viewer option is enabled for the extension unlock process
- Fixed the issue with the browser extension populating credential fields defined inside WEB page frames
- Fixed the issue with the browser extension populating credential fields in case when multiple fields satisfy credential fields search criteria
- Fixed the issue with the browser extension populating credential fields when hidden fields found by the field search criteria
- Fixed the issue with the browser extension populating credential fields when multiples fields are found of the WEB page found by different criteria
- Added XTAM page access method to the system debug logging
- Fixed the issue with filtering audit log report by Workflow events
- Fixed the issue with subscribing to system and item level Workflow events
- Fixed the issue with displaying system alerts in the alert notification dropdown
- Fixed the issue with downloading empty or corrupted files as well as the files with undetected types from record file fields
- Fixed the issue with displaying an appropriate error message when deleting a record type in use
- Changed Permission audit event to include the actual permissions that were changed in the message
- Removed Event filtering selection from the audit report leaving the option to filter by events in the search box
- Added confirmation screens for saving workflow templates and bindings
- Fixed the issue with manual session termination
- Fixed the issue with accessing information about currently approved requests by the user who did not request them
- Fixed the issue with Session Manager labels in the audit log
- Fixed the issue with the new user experience for the Join Session operation
- Fixed the issue when keystrokes recording for joined sessions
back to top
Release 2.3.201712102225 (December 10, 2017)
- Added support for recording and reporting key sequences (including key modifiers) and clipboard transfer events that happen during active sessions to a remote computer
- Added the option to setup request approval process for remote access operation for RDP, SSH, VNC and Telnet protocols to connect to Windows and Unix devices
- Added the option to setup request approval process for password unlock operation.
- Added the option to define custom checkbox fields in record types
- Added the user preference option to open RDP sessions in fixed user defined resolution instead of dynamic one that depends on the browser size
- Added the option to connect to RDP console session in case a record has (checkbox) Console field set to true
- Added the option to configure multi-steps approval workflows with sequential and parallel approval steps with local and Active Directory managed users and groups to support access request scenarios
- Added the option to associate request approval workflows with system users in effect during the selected time (work hours, after hours, weekends or holidays) and operations protected by request approval process
- Added the option to request protected operations for the specified time or for the specified time range in the future
- Added the option to approve workflow steps, review the status of requests as well as alert and notify users about approving and completing access requests
- Added the option to use user login, old and new passwords as place-holders ({{LOGIN}}, {{OLDPWD}}, {{NEWPWD}}) in custom password reset and task execution scripts
- Fixed the issue with creating certain records in the system setup with PostgreSQL database
back to top
Release 2.3.201712032239 (December 3, 2017)
- Added support for Telnet protocol including connect without disclosing account credentials, session recording and password unlock options
- Added script samples to query application API from PowerShell or Shell scripts using SSO / Federation authentication scheme
- Labs: Added workflow template management screen to create, delete, update and publish workflow templates including multiple sequential steps and multiple ranked users / groups in each step.
- Labs: Added workflow binding management screen to create, update and delete workflow association with users, selection times and activities.
- Labs: Added the option to request Connect operation for users with the associated approval workflow from the record view screen including the indication of the status of the request approval process for GUI and API operations
- Labs: Added the option to display Task List and My Requests under Management / My Workflows section
- Labs: Added the option to approve or reject access requests
- Labs: Added the option to display requests initiated by the current user
- Labs: Added the option for administrators to see all workflow instances report in a paginated search-able export-able view (Administration / Workflows / Instances)
- Labs: Added the option to display workflow instance status with the current approval stage on a separate screen
- Labs: Added the option to see the current approval workflow state by the requester
- Fixed the issue with navigating to favorites area in certain situations
- Fixed the issue with the visual artifact appearing when adding a new record using large Add Record button on the middle of the empty folder screen
back to top
Release 2.3.201711262226 (November 26, 2017)
- Added an instant player of recorded sessions that plays sessions recordings in the native format without the need to convert recordings to videos
- Added display of a session host, port and account information to the session screen title
- Added a full screen mode option for RDP, SSH and VNC sessions
- Updated SSO service to enable authentication made from external scripts calling the application API
- Added Connecting... indicator for the session window title when connection to the destination device is not yet established
- Added API examples to create, update, retrieve, search and share records as well as to create, list and share folders for basic authentication scenario
- Added the user profile option to define individual user preferences based on the personalized global parameters
- Added the global parameter as well as the preference to define session startup mode as to start in a regular window or in the full screen mode
- Fixed the issue with duplicated session records created by the servers with problematic web-sockets connectivity
- Fixed the issue with blinking Shared with Me folder in the navigation menu for administrators and auditors
- Fixed the issue with the visual artifact appearing on the software registration screen
back to top
Release 2.3.201711192305 (November 19, 2017)
- Added support for file transfer to- and from- remote Windows systems through RDP connection channel using the current active browser session
- Added the option to reset passwords as well as to execute scripts for "Unix Switch User" accounts performed after second login
- Added support for new Office 365 login experience for the browser extension
- Added the option to configure and enforce password formula for the local users
- Added support to hide the current screen after logging out from the application configured with the basic authentication
- Added detailed message with the root cause of the issue when reporting details about the failed tasks or password reset commands
- Added a link to an FAQ explaining common errors during tasks or password reset routine execution to a job detail page for failed jobs
- Added daily rotating schedule for the application system log
- Fixed the issue with cleaning failed session recording rendering jobs
- Fixed the issue with executing a task or a password reset routine for a Windows record with the local non-domain user defined with the domain notation
- Fixed the issue with executing a task or a password reset routine for a Windows record using a Shadow Account with the local non-domain user defined with the domain notation
- Fixed the issue with using slash and backslash in the search criteria when searching for records
- Fixed the issue with failing the job in case of failure to access its code execution driver
- Fixed the issue with Azure code execution driver
- Fixed the issue with console execution drivers preventing execution of console-based tasks
- Fixed the issue with the ability to save formula with too short length to match the selected options
- Fixed the issue with deleting favorite records
- Fixed the issue with Delete option available in the favorites area
- Fixed the issue with Session Manager setup made it available for external access
- Fixed the issue with the blanket "null" reference in every PowerShell error output
- Fixed the issue with clean removing of Session Manager service from Windows computers
- Fixed the issue with executing commands including double quotes on Unix computers using SSH remote strategy
- Fixed the issue with automatic switch user option inside Websockets session
- Added a system logging message to troubleshoot details of session traffic
back to top
Release 2.3.201711122302 (November 12, 2017)
- Added support for file transfer to- and from- remote Unix systems through SSH connection channel using the current active browser session
- Added support for remote Unix system file explorer through SSH connection channel using the current active browser session
- Added the option to reset password for AS400 server accounts
- Added the option to reset password for Azure AD accounts
- Added the option to add individual records to favorites
- Added the option to show Favorite folders and records in a special section of the record navigator
- Added a permission level for task execution activities with the ability to grant or revoke Execute, Review and Manage record tasks as well as to enforce granted permissions when executing, reviewing and managing record tasks
- Added support for background rendering of session recordings to video files that allows users to leave the session report page while converting recordings to videos
- Updated labels on the Task Management screen for more consistent presentation
- Added AS400 script execution and password reset driver
- Added Azure AD script execution and password reset driver
- Added out of the box record type for AS400 account information
- Added out of the box record type for Azure AD account information
- Added the option to search for favorites using item search
- Changed Connect Control permission levels to become None, Connect (Always Recording), Connect (Optionally Recording)
- Added Add/Remove from Favorites menu item to both left and right context menus in the record navigator
- Added reference to the user initiated the task to the job history report
- Changed labels for a Record, Session and Task Controls permission levels on the Permissions and Grant Permission screen
- Added rendering service to the Worker process with a configurable thread pool for each application node
- Changed labels of the thread pool configuration page to fit configuration for rendering service
- Added the automatic auto-start configuration during the installation to Red Hat, Fedora and Centos Linux distributions
- Fixed the issue with enabled Save button when the create / edit script form is not completed yet
- Fixed the issue with error message on the Create New script form
- Fixed the issue with enabled refresh button on the Create New script form
- Fixed the issue with the system logging configuration on some of the Linux installations
- Fixed the issue with record type list appeared under the application status bar when selecting a record type to create a new record
- Fixed the issue with enabled Save button and visual editing options for non administrators when reviewing scripts
- Fixed the issue with removing In-Progress indicator when canceling the operation of canceling a scheduled job
- Fixed the issue with deleting old video files rendered from the session recordings for review
- Fixed the issue with installing the application to some Linux systems using un-privileged account
back to top
Release 2.3.201711052219 (November 5, 2017)
- Added support for the centralized management of Shell, PowerShell, VBScript and SQL scripts reusable for records and record types
- Added support to configure and execute multiple tasks for the same record and record type
- Added support to manage task lists for record types with the option to schedule script execution time and triggers
- Added support to manage task list for records with the options to schedule task execution time and trigger and to inherit task lists from record types or to make task lists unique
- Added a reference to tasks into the Job History report
- Added context help for the shadow account configuration
- Added context help for Principal, Role, Global Role and Session Control on the grant permissions screen as well as to add a member to a local group and add a global role screen
- Fixed the issue with enabling session recordings
- Fixed the issue with Save button enabled even when no user is selected on the permission grant screen as well as on adding users to global roles and adding users to local groups
- Fixed the issue with Job History report export to Excel, CSV and PDF files as well as with printing to include object name and detailed message for all exported records
- Fixed the issue with Download new version button is available for the up-to-date version of the application
back to top
Release 2.3.201710292221 (October 29, 2017)
- Added a Firefox browser extension to auto-fill login forms with credential information stored in XTAM Identity Vault
- Added a Google Chrome browser extension to auto-fill login forms with credential information stored in XTAM Identity Vault
- Improved performance of interactive sessions to remote computers by utilizing faster communication protocol between a client browser and the XTAM server with fall back to the slower protocol in case the faster one cannot be used
- Improved performance of interactive sessions to remote computers by leveraging a client side mouse pointer display instead of transferring excessive mouse events
- Fixed the issue with mismatched password generation and password validation routines
- Fixed the issue with semi-columns in the password generation
- Fixed the issue when numeric fields were failed to display in record view
- Fixed the issue with password reset configuration for Windows record types
- Fixed the issue with closing the idle session modal dialog before logout
- Fixed the issue with executing PowerShell scripts that include double quotes
- Added a global parameter for XTAM browser plugin custom field names for user and password
- Fixed the issue with reused job strategy for Windows and Unix record types
- Fixed the issue with editing password formula on record type level
- Fixed the issue with reporting the object when updating a record or a record type password formula and job execution strategy
- Fixed the issue with API permissions when updating formula or strategy on record or record type level
- Fixed the issue with redirecting to login page after application logout when using SSO authentication server
back to top
Release 2.3.201710222229 (October 22, 2017)
- Added the option to reset passwords for MS SQL Server database accounts
- Added the option to execute SQL statements as policy based or on-demand scripts for MS SQL Server databases
- Added the option to reference a record from another record with the purpose to reuse the account information in multiple records
- Added the option to define, schedule on-demand and execute scripts with parameters
- Added the option to automatically logout user from the application after inactivity timeout controlled by a global parameter
- Added a framework for dynamically loaded job execution strategies
- Added a Database record type with database host, port, user and password fields
- Added an audit log event for change history access
- Fixed the issue with enabling URL navigation for secure fields
- Fixed the issue with syntax highlighting in the strategy script editor
- Fixed the issue with indexing WEB Portal record URL field
- Fixed the issue with disabling a script editor when displaying a strategy inherited from its record type
- Fixed the issue with editing record type job execution strategy
- Fixed the issue with deleting a record with attached job history
- Fixed the issue with logout option dynamically detecting basic and SSO authentication mechanism in both toolbar and user drop down menu choices
- Fixed the issue with refreshing job history report after canceling one of the jobs
- Fixed the issue with listing strategy drivers on the strategy screen in alphabetical order
- Fixed the issue with logout function for various browsers in both basic and SSO authentication modes
- Fixed the issue with navigating circularly nested folders
- Fixed the issue with displaced Connect and Execute / Reset buttons for some browser dimensions in the record view toolbar
- Fixed the issue with accessing global parameters by the user with little permissions (specifically, inactivity timeout)
- Changed trial time to 30 days
- Fixed the issue with displaying Job History button for the records with no strategy
- Fixed the issue with creating records by non-supervisors in the folders they can create records in
- Fixed the issue with Audit Log button (but not the log itself) available for the record non-owners
- Fixed the issue with selecting Shared With Me menu sometimes switched to All Records
- Fixed the issue with recording an object in the audit log record about updating a policy
back to top
Release 2.3.201710152245 (October 15, 2017)
- Added the option to automatically terminate an active session after inactivity timeout
- Added touch support for session screen on mobile devices with the drag-and-drop option
- Added an out-of-the-box record type for WEB Portal with clickable URL, User and Password fields
- Added new English layout keyboard without page controls and arrow keys
- Added the option to display clickable URLs in name, description as well as in custom string fields
- Added the confirmation message about saving a script execution strategy
- Added the option to display Shared With Me content to the navigation menu for the users without global roles like system admin or auditor
- Fixed the issue with displaying time with seconds on both system and record level session report
- Fixed the issue with confirmation messages display in Internet Explorer browsers on the application GUI
- Fixed the issue with displaying record types in the alphabetical order in Add Record dropdowns as well as on the record type editing screen
- Fixed the issue with sharing records with users name found using wildcard character
back to top
Release 2.3.201710082246 (October 8, 2017)
- Added the option to display on-screen keyboard during active RDP, SSH or VNC session to remote computers
- Added the option to transfer clipboard content to and from remote devices during active RDP, SSH or VNC session to remote computers
- Added the option to display session control panel diring active RDP, SSH or VNC session to remote computers including the keyboard and clipboard controls as well as information messages and indicators
- Improved error logging when importing records from external sources
- Added search by event in the audit log report
- Added the option to close the session window automatically after successful completion of the session
- Improved error reporting about the password change on Unix hosts in the Job History view
- Added confirmation screens for saving password formula
- Fixed the issue with multi-protocol discovery query updating already discovered and connected host with the information related to different different protocol
- Fixed the issue with the ability to create custom fields with spaces in the field name
- Fixed the issue with resetting unix passords using SSH or SSH with Shadow Account strategies
- Fixed the issue with resetting unix password using the strategy involving shadow account
- Fixed the issue with handling errors in resetting password on Unix hosts
back to top
Release 2.3.201710012244 (October 1, 2017)
- Added global role for Auditors with the ability to view all folders and records, record and system wide audit log, job history and session reports but without options to create, modify or unlock records or manage system configuration
- Updated the visual appearance of the Initialize button when the application initialization is in progress
- Updated audit logging to send more information when streaming logging activity to syslog server
- Added example configuration for syslog integration
- Added extended error processing about duplicate or too long object names and existence of parent folder when importing records using CSV spreadsheet
- Added the option to assign global application wide roles with currently implemented System Administrator and Auditor roles
- Added the option to filter discovered hosts report by hosts with opened ports or by successfully connected hosts
- Added the option to view details of the discovered host by clicking on the View button instead of clicking on the host record in the host list
- Fixed the issue with creating a local group with empty group description
- Fixed the issue with double system initialization when clicking several times on Initialize button during application setup
- Fixed the issue with using passwords that contain special characters during installation when creating new local administrator, connecting to external database or directory services and when connecting to LDAP (Active Directory)
- Fixed the issue with spelling messages during import from CSV spreadsheet process
- Fixed the issue with reporting secret fields in the error log during import operation
- Fixed the issue with displaying latest alerts in the notification window popup in the top navigation bar
- Fixed the issue with displaying session report button for records without session manager defined
- Fixed the issue with users without Connect permissions joining the session using the sessions report
- Fixed the issue with non-record owners capable to terminate active sessions
- Fixed the issue with non-global admin with appropriate permissions accessing job history details
- Fixed the issue with a user other than a record owner with full connection permissions copying or cutting objects with a potential to paste them into the locations with elevated privileges
back to top
Release 2.3.201709261609 (September 26, 2017)
- Added the option to mass import records from CSV spreadsheet
- Optimized both Windows and Unix installers to use smart wait to connect to Directory Services
- Fixed the branding issues with Linux installer
- Fixed the issue with too much information printed during Windows installation
- Fixed the issue with connecting to external databases during Windows setup
- Fixed the issue with executing maintenance commands from linux installation command linke administration tool
- Fixed the issue with updating a record with the empty custom data
- Fixed the issue with strategy script and job queue message operations compatibility with MS SQL Server (or any other back-end RDBMS that does not support CLOB data types)
back to top
Release 2.3.201709242244 (September 24, 2017)
- Added the option to reset password or execute script jobs based on the Check-In policy after creating or updating a record as well as importing a record from discovery query results
- Added the option to connect to remote computers from the record view list using a shortcut
- Added the option to share folders and records from the record view list using a shortcut
- Added script functions to simplify access to the store API from PowerShell scripts
- Added default application properties to enable deployment of federated authentication service with embedded Google Authenticator with JPA as well as Duo Security providers
- Added the option to check status of Directory Service to the command line administration tool
- Updated job execution queue report to display scheduled time of execution instead of time of creation
- Updated job execution queue on the record view to display scheduled time of execution instead of time of creation.
back to top
Release 2.3.201709172238 (September 17, 2017)
- Added the option to search for uniquely permissioned items (folders or records) using permissions:unique, acl:unique or a:unique search query
- Added the option to search for items with unique policy configuration by using policy:unique or p:unique search query
- Added the option to search for records with unique password formula using formula:unique or f:unique search query
- Added the option to search for records with unique job execution strategy using strategy:unique or s:unique search query
- Added the option to search for records by session manager using session:rdp, session:vnc, session: or sm:, sm:ssh, etc search query
- Added the option to search for records by record type using type:RecordType or t:RecordType search query
- Added the option to search for records and folders accessible by a given user or group by using permissions:User, acl:User or a:User search query
- Added the option to import records from PuTTY SSH and telnet client for Windows
- Added visual indication for mandatory folder name field on the screen that creates or updates folders
- Updated file upload button for file type fields (such as on the Certificate records)
- Added the option to store Google Authentication configuration in the system database as an alternative to the file on the file system
- Added example configuration to use Duo Security as a two-factor authentication provider
- Added a mechanism to update system data after application update based on the information whether the data not updated yet during previous updates
- Added application data update that adds VNC session manager as well as default VNC record type for the deployments implemented before VNC connection was introduced
- Added script samples to query application API from PowerShell or Shell scripts using basic authentication scheme
- Fixed the issue with periodic jobs running out of schedule in case of failed execution
- Fixed the issue with records and folders count when searching records
- Fixed the issue with screen resize when displaying sessions
back to top
Release 2.3.201709102209 (September 10, 2017)
- Added the option to import records from Windows Remote Desktop Connection Manager
- Improved creation of records by making record name a mandatory field on the record creation screen
- Improved creation of folders by making folder name a mandatory field on the folder creation screen
- Fixed the issue with periodic execution of script execution jobs
- Fixed the issue with connection screen resize on the retina displays
back to top
Release 2.3.201709032322 (September 3, 2017)
- Added highlighted initial actions area for empty folders and empty root folder to emphasize Create Folder and Create Records as first logical actions to take in an empty folder
- Improved visual appearance of the Actions button on the records list
- Removed five records limitation from un-activated software
- Fixed the issue with executing daily password reset policy after the first execution
- Fixed the issue with receiving INFO email alerts when subscription is set to Error only
- Fixed the issue with displaying error message when pasting or linking records
- Fixed the issue with importing discovered record that contains special characters in one of its properties
- Fixed the issue with deleting records that have associated notification subscriptions
- Fixed the issue with legacy labels for job execution policies in the Job Execution and Audit Log reports
- Fixed the issue with the column sorting on Job History report
- Fixed the issue with the ability to edit inherited policy, formula and strategy information on the GUI screen
- Fixed the issue with the ability to edit inherited individual ACL permission entry
back to top
Release 2.3.201708272334 (August 27, 2017)
- Added the option to configure multi-factor authentication to login to the system
- Added the option to configure detailed troubleshooting logging for authentication process
- Added the option to display user thumbnail in the application navigator when available
- Improved performance of system and record level Job History report by implementing server side pagination and search
- Fixed the issue with configuring SSO authentication service during initial installation on Windows computers
- Fixed the issue with MAC OS artifacts appeared in the installation folder after SSO module deployment.
- Updated the message about unactivated software limitations with the suggestion to download the license
- Fixed the issue with using domain notation when adding system administrators
- Fixed the issue with GUI artifacts when reporting active sessions
- Fixed the issue with initial column sizes for audit log, job history and session reports
- Fixed the issue with navigation to a record using breadcrumb from Job History view
back to top
Release 2.3.201708202206 (August 20, 2017)
- Increased trial time to 60 days
- Optimized performance of GUI operations involving records by minimizing amount of information interchanged between server and the desktop
- Improved performance of system and record level Audit Log report by implementing server side pagination and search
- Improved performance of system and record level Sessions report by implementing server side pagination and search
- Improved performance of Alerts report by implementing server side pagination and search
- Fixed the issue with placeholder resolution in email templates
- Fixed XTAM rebranding in email templates
- Fixed the issue with date formats in email notifications
- Fixed the issue with resizing Audit Log report to match the width of the browser
- Fixed the issue with caching screen templates after updating the application
- Fixed the issue with using explamation mark in admin password during Windows installation
- Fixed the issue with breadcrumbs navigation in the Sessions report for records
- Fixed the issue with unlocking a field that was created in an unsecured record type field that was made secured later
back to top
Release 2.3.201708132222 (August 13, 2017)
- Added the option for a record owner to terminate an active session
- Added the option to join existing active session for RDP, VNC and SSH sessions
- Added Edit button to session managers proximity groups configuration instead of editing a group by clicking on the group record.
- Added alphabetical order the list of session managers in the proximity groups editing screen
- Added enforcement of alert subscriptions based on user permissions
- Added limitation to subscribe to record events to record owners only
- Added limitation to subscribe to system wide events to system administrators only
- Fixed the issue with removing and adding a session manager in a proximity group on a setting page simultaneously in one operation
- Fixed the issue with reinstalling single Session Manager component to a different directory on a Linux computer
- Fixed the issue with resetting password for a domain account on a Windows computer joining the same domain
- Fixed the issue with caching certain application GUI areas after live update the application
- Fixed the issue with updating correct discovery query when discovering qualifying hosts in case the host had been already discovered in the other query
- Fixed the issue with collecting aggregate summary for the Discovery chart
back to top
Release 2.3.201708062210 (August 6, 2017)
- Added automated load balancer configuration for Windows installations
- Fixed the issue with deleting records with associated recordings
back to top
Release 2.3.201707302217 (July 30, 2017)
- Added support for VNC sessions to Windows and Unix remote computers
- Application rebranded as XTAM (Xton Access Manager) in setup, GUI and naming conventions
- Added confirmation checkbox requesting saving initial configuration options after Windows installation
- Fixed the issue with saving certificates (or any other file based custom field) using IE browser on Windows computers
back to top
Release 2.3.201707211645 (July 21, 2017)
- Added initial support for Database for Secrets including the following options:
- Browse folders and records based on users permissions
- Create, edit, view and delete as well as copy, paste and link folders and records
- Manage objects and records ACLs including roles and ACL inheritance down the nested folder hierarchy as well as manage system administrators
- Unlock and lock secret fields when displaying records based on user permissions
- Manage record types defining record properties with pre-built record types for Secret, Certificate, Windows, Unix hosts, Unix host with Certificate and Unix host with Switch User
- Manage favorite folders
- Manage local users and groups
- Integration with Microsoft Active directory using LDAP protocol
- Maintain, query and export system audit trail log about system events
- Subscribe to system events and receive alerts and notifications
- Display system status reports
- Added initial support for Session Management including the following options
- Establish sessions to Unix and Windows computers with RDP and SSH protocols using HTML5 browser on the client computers
- Support for RDP and SSH protocols
- Support for agent-less remote desktop display for Unix shell and Windows desktop in a browser
- Support automatic switch user for configured unix computers
- Optionally record sessions
- Browse sessions report
- Display session recordings in AVI or MOV video formats
- Added initial support for automated password reset including the following options
- Support resetting passwords on Windows computers including domain or standalone computers as well as local and domain users
- Support resetting passwords on Unix computers
- Support resetting passwords in LDAP user directories including Microsoft Active Directory
- Support for direct remote PowerShell (Windows), remote shell (Unix) as well as console (session manager based) VB Script (Windows) and shell (Unix) password reset strategies
- Manage password formulas including inheritance from record types to individual records
- Manage password reset strategies including inheritance from record types to individual records
- Manage password reset policies defining when the password should be reset including inheritance down the nested folder hierarchy to the individual records
- Browse and export password reset queue
- Added initial support for job execution including the following options
- Support for direct remote PowerShell (Windows), remote shell (Unix) as well as console (session manager based) VB Script (Windows) and shell (Unix) job execution strategies
- Manage job execution policies defining when jobs should be executed including inheritance down the nested folder hierarchy to the individual records
- Browse and export job execution queue
- Added initial support for account discovery including the following options
- Manage IP-Range discovery queries
- Manage Microsoft Active Directory queries
- Manage CSV-based queries
- Support for multiple accounts discovery scan
- Import discovered accounts into managed records space
- Added initial support for setting up the application including the following options
- Role based software installation on Windows and Linux computers
- Support for internal database deployed during the software installation
- Support for external RDBMS: Oracle, MS SQL Server, MySQL and PostgreSQL
- Optional configuration of IIS load balancer on Windows platforms
- Optional installation of federated sign-in server
- Support for multi-node farm setup with the distributed load for WEB Front Ends and Job Execution processes
- Manage software registration
- Manage system load configuration per node
- Manage configuration for Session Managers
- Support database export and import
- Manage global system parameters
- Manage mail server configuration
back to top
Download Today!
Xton Access Manager is an unlimited, agentless, cross-platform privileged access management solution built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.
Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.