Release Notes for Imprivata Privileged Access Management

Release 2.3.202502161552 (February 16, 2025)

Extensions

• Added the ability to disable the License Expiration message for all users except the administrators via new parameter "Display License Expiration Warning to Administrators" from Administration > Settings
• Added the ability to set a custom value for Days to License Expiration Warning via new parameter "Days for License Expiration Warning" from Administration > Settings

Fixes

• Removed Internet Explorer as a Remote App Record Type

Release 2.3.202502021603 (February 02, 2025)

Fixes

• Fixed the issue when updating AD info through the GUI resulted in application startup issues if the default LDAP configuration was customized in catalina properties
• Fixed the issue whith PAM nodes incorrectly showing as down on the Application> Nodes and Updates page
• Fixed the issue whith Apache Log4j v2 set to Debug log level on installation. New PAM deployments will have a default log level of Info

Security

• Rebuilt and resigned PAM XTautoshell.exe
• Reduced potential vulnerability of long lasting active Session Id by setting a default of 900secs(15 minutes) to the Web Session Idle Timeout parameter as per advised security standards for new deployments. Existing customers are advised to set this parameter value to minimum of 15min

Release 2.3.202501191600 (January 19, 2025)

Extensions

• Added API endpoint /password/account-updated-history to update the Account Updated field in the Job History Report

Fixes

• Fixed the issue with executing custom scripts with non standard arguments
• Fixed the issue with linux installer when verifying presence of zip archiver

Security

• Enhanced security by converting special characters in HTML to prevent potential vulnerabilities

Release 2.3.202501051537 (January 05, 2025)

Extensions

• Updated Copyright year to 2025 in the Federated Sign-In login page for new deployments.Existing deployments require an update of the Federated Sign In Module
• Updated Copyright year to 2025 in the application installers

Security

• Improved security with updated libraries in the Federated Sign In Module v 6.5.5.3 20241210. Existing deployments require an update of the Federated Sign In Module
• Improved security with updated libraries in the Federated Sign In Module v 5.2.8.20241212. Existing deployments require an update of the Federated Sign In Module
• Updated WEB Container to version 9.0.98 for new deployments. Existing deployments require an update of the Web Container
• Enhanced Security when generating and storing new passwords for Password Reset Job Executions

Release 2.3.202412221543 (December 22, 2024)

Features

• Added Record Type MySQL to support password reset and check status of MySQL and Maria DB user accounts

Extensions

• Added the option to display the full object path in Inventory and Workflow reports. This can be enabled by setting parameter "Display full path for objects in reports" to Enabled

Release 2.3.202412081607 (December 08, 2024)

Features

• PAM installations are now packaged with Apache Log4j v2, enhancing logging capabilities and security. Log4jv2.24.1 requires Web Container 9.0.97 or higher

Extensions

• Added ability to execute custom Windows Remote scripts with arguments using the dynamic variables supported by PAM
• Added support to display Account Updated column in the Job History Report for the Check Status tasks
• Added support to display Account Updated column when exporting Job History Report

Security

• Updated Apache log4jv2 to the latest version 2.24.1. Note that the logger log4jv1 has been replaced with log4jv2 for new deployments. All existing deployment with log4jv1 will require manual update

Release 2.3.202411241549 (November 24, 2024)

Extensions

• Added support for configuration of multiple Entra Id tenants for Password Reset Jobs

Fixes

• Refactored the notifications service to include a check for remote worker event ensuring that outdated events (more than 24 hours old) are also processed
• Fixed the issue with handling of error when executing the Password Reset Remote Windows Arguments script

Release 2.3.202411101557 (November 10, 2024)

Extensions

• Added support to display Account Updated in the Job History Report for password reset jobs executed on Remote Worker nodes
• Added support to display Account Updated in the Job History Report for key rotation jobs

Fixes

• Improved handling of Task processing when scheduled tasks are deleted

Security

• Updated WEB Container to version 9.0.96 for new deployments. Existing deployments require an update of the Web Container
• Updated application Framework to version 21.0.5 for new deployments. Existing deployments require an update of the Framework
• Improved security with updated libraries in the Federated Sign In Module v6.5.5.3 20241029. Existing deployments require an update of the Federated Sign In Module

Release 2.3.202410271550 (October 27, 2024)

Extensions

• Added support to display the Account Update column in Job History Report for password reset jobs on Records with User/Password. Upcoming releases will include jobs executed on Remote worker and User/Key rotation jobs

Fixes

• Fixed the issue where users with Record Control: Viewer or Unlock were unable to join sessions after having their request approved
• Fixed the issue with processing approval results when using certain punctuation marks in the email approval keyword list

Release 2.3.202410131511 (October 13, 2024)

Extensions

• Added support for number matching in Proxy sessions and MFA-required workflows when integrating with OneSign Confirm ID 24.1 (Xena) with Number Matching enabled

Fixes

• Fixed ordering of rows on Users report when pagination set to 100 items per page
• Resolved deadlock issues during the concurrent scheduling of multiple task execution jobs

Release 2.3.202409291532 (September 29, 2024)

Extensions

• Added capability to enable JMX monitoring on the PAM web container

Fixes

• Fixed login issue with OneSign Confirm Id 24.1 (Xena) integration when Number Matching is enabled. This change applies for new deployments. Existing deployments require update of Federated Sign in component to version 6.5.5.3 or higher

Release 2.3.202409151525 (September 15, 2024)

Fixes

• Fixed the issue with overwriting cas.authn.ldap.dnFormat value after changing the domain controller via the UI
• Improved performance of the Queue Service process during job execution
• Fixed the issue with cut and paste operations between different containers

Security

• Updated WEB Container to version 9.0.93 for new deployments. Existing deployments require an update of the Web Container

Release 2.3.202409011531 (September 01, 2024)

Features

• Added support for securing and managing Autologon Domain Accounts (Windows Kiosk mode)

Fixes

• Fixed the issue with custom date format on the Application Nodes and Database settings page
• Improved debug logging during task execution
• Fixed the issue with application updates on Windows Server 2016 and 2019 installations

Security

• Improved security for the execution of the Password Set Remote Windows Task

Release 2.3.202408181516 (August 18, 2024)

Features

• Added PAM Centralized Deployment Manager (CDM), an Ansible-based toolset, to help automate PAM deployment on Linux. The tool will deploy and manage multi-master PAM farms with remote nodes. Guide to use the tool can be found at https://help.xtontech.com/content/installation/linux-installation-guide/centralized-deployment-manager.htm

Extensions

• Removed Database event category from the Session Event overlay in recorded video playback

Security

• Improved security for SSH connections during task execution when using SSHD connectors

Fixes

• Fixed the issue when the PAM SSH Proxy tunnel loses connection during file downloads
• Fixed the issue when exporting Requests Report with deleted records

Release 2.3.202408041538 (August 04, 2024)

Extensions

• Added display of Approved By or Rejected By to the Email notifications

Fixes

• Fixed the issue with Requests Report not displaying deleted records
• Fixed the issue with applying custom date format for My Alerts and Request For Approval reports

Security

• Updated WEB Container to version 9.0.91 for new deployments. Existing deployments require an update of the Web Container
• Updated application Framework to version 21.0.4 for new deployments. Existing deployments require an update of the Framework

Release 2.3.202407211647 (July 21, 2024)

Features

• Added functionality to delete files from temp locations used by PAM. The frequency with which the delete process is scheduled is controlled through a new parameter "Temp Folder Retention"

Fixes

• Fixed the issue with executing tasks using custom scripts requiring dynamic account name
• Fixed the issue with displaying Dual Account Audit Log Report when Dual Account parameter is set to Disabled

Security

• Updated Apache log4j v2 to the latest version 2.23. Note that PAM is shipped with log4j1 and the migration to log4j2 has to be done manually

Release 2.3.202407071600 (July 07, 2024)

Extensions

• Added a filter box to simplify searching on Workflow Bindings page

Fixes

• Added validation during move operations (cut/paste) of new records to ensure that target container allows only record types based on its defined Vault(s)
• Fixed the issue with missing Requested Date on the My Requests report
• Fixed the issue with incorrect date format for Requested Date in email notifications and exported My Requests report

Release 2.3.202406231542 (June 23, 2024)

Features

• Added new Properties option for containers (folders and vaults)to display container metadata
• Added support for native Azure token authentication for MSI Accounts. This will allow Azure MSI accounts to authenticate into PAM via API calls

Extensions

• Added a filter box to simplify searching on Local Users, Local Groups, Discovery, Workflows, Command Control, Behavior Profiles pages
• Added support for specifying LDAP server and optional port in ADSReplicate and ADSReplication commands, enabling SSL connections where specified

Fixes

• Improved performance of Access Report

Security

• Improved security of REST API designed for password formula validation
• Improved security when PAM is integrated with Enterprise Access Management (formerly OneSign) v24.1 for second factor authentication with number matching enabled. It is recommended to disable the EAM Number Matching feature to retain Push notification support using PAM. This change applies for new deployments. Existing deployments require update of Federated Sign in component to version 6.5.5.2

Release 2.3.202406091757 (June 09, 2024)

Features

• Added Dual Account Management for High Business Continuity Scenarios. Information regarding business purpose and configuration can be found at https://help.xtontech.com/content/administrators-and-power-users/tasks/additional-topics/dual-account-control.htm

Extensions

• Added filter box to simplify searching on Global Permissions and Global Roles pages
• Redesigned export process to write temporary files to the $PAM_HOME/content/tmp folder instead of the Export location

Fixes

• Improved message in the Audit Log report when modifying fields for record types

Release 2.3.202405261528 (May 26, 2024)

Fixes

• Fixed the issue with Windows uninstaller where some files were not deleted post uninstall
• Added improved logging during CSV and XLSX report generation

Security

• Updated WEB Session Manager components to the latest version 1.5.5 including FreeRDP 2.11.7. This change applies for new deployments. Existing deployments require update of WEB Session Manager module

Release 2.3.202405121544 (May 12, 2024)

Fixes

• Fixed the issue with failure to copy folders with assigned Workflows
• Optimized queries to Active Directory when pulling data for Users Report
• Fixed the issue with tunneled connections using SSH Proxy
• Fixed the issue with displaying Type field for deleted records in CSV or PDF downloads for Sessions Report
• Fixed the issue with error message after attempting to add AzureAD user to the local group

Release 2.3.202404281526 (April 28, 2024)

Features

• Added capability to prevent malicious commands from being executed using the password reset functionality. An administrator can blacklist certain string or regex expressions through a parameter "User Input Validation" under Administration>Settings>Parameters

Extensions

• Added a new parameter "Record Cache TTL" under Administration>Settings>Parameters to improve performance when retrieving frequently accessed records

Fixes

• Fixed the issue with truncated record details displayed on the Quick view page
• Added checks to ensure user has Unlock+ permissions on a record referenced through Dynamic search when accessed through the PAM browser extension plugin

Security

• Updated WEB Container to version 9.0.88 for new deployments. Existing deployments require an update of the Web Container
• Updated application Framework to version 21.0.3 for new deployments. Existing deployments require an update of the Framework

Release 2.3.202404141615 (April 14, 2024)

Extensions

• Added description column to the Record Type summary page

Fixes

• Fixed the issue where changes to syslog settings via UI updates log4j2.pam.xml when PAM instance is configured with log4j2
• Fixed the issue with MFA grace period when cas.authn.mfa.globalProviderId is set in catalina.properties
• Fixed the issue with failed connections to Unix Host with Protected key records when using PuTTY generated key in ppk format as private key and converting to Openssh format public key

Security

• Updated SSHD core libraries with improved features and security for SSH connections

Release 2.3.202403311616 (March 31, 2024)

Features

• Added support for Pass-through and Dynamic Login to the PAM browser extension . Published extension version is 1.49 on Chrome, Edge and Firefox

Extensions

• Enhanced SSH key generation algorithms to improve key rotations and connections
• Improved stability of WEB SSH sessions when connecting with SSH keys
• Improved stability of remote job execution with SSH connections
• Added pre-defined Field ID mapping to the Web Extension for the Imprivata Enterprise Access Management web portal

Fixes

• Fixed the issue with JWT signing key generation for new deployments with Federated Sign-In version 6.5
• Fixed the issue with restoring credentials from Record Change History when underlying record type name has been updated

Security

• Updated WEB Container to version 9.0.87 for new deployments. Existing deployments require an update of the Web Container
• Updated application Framework to version 21.0.2 for new deployments. Existing deployments require an update of the Framework

Release 2.3.202403171516 (March 17, 2024)

Extensions

• Added the option to jump to a specific session event on the session recording video playback

Fixes

• Added validation on the updateField API

Security

• Improved security with updates to PostgreSQL libraries in Federated Sign-in module

Release 2.3.202403101505 (March 10, 2024)

Fixes

• Optimized performance when copying large volume of records into another container
• Fixed the issue with Web session logging out a user while they have an active session in another tab or window

Release 2.3.202403031540 (March 03, 2024)

Extensions

• Added the option to search by Record Name for deleted records in Sessions and Session Events report
• Improved handling of Federated Sign-In version in the Windows Powershell Installer

Release 2.3.202402251536 (February 25, 2024)

Fixes

• Improved reliability of database import for large datasets

Release 2.3.202402181543 (February 18, 2024)

Features

• Updated Federated Sign-In component version to 6.5. Migration instructions from existing version to the latest are provided at https://help.xtontech.com/content/installation/federated-sign-in-module/federated-sign-in-v6.5-migration.htm
  Note: DUO will be standardizing on their new Universal prompt from Mar 30, 2024. DUO MFA customers will need to update to latest Federated Sign-In version and reconfigure their PAM integration as per updates on https://help.xtontech.com/content/installation/integrations/duo-security.htm prior to this March 30, 2024 deadline to minimize disruption

Extensions

• Updated Windows and Linux installers to provide option of Federated Sign-In version for new deployments. It is our recommendation to use this latest 6.5 version for new PAM instances and existing PAM instances should match their current deployed major version

Release 2.3.202402111528 (February 11, 2024)

Extensions

• Updated SSHD connector as the default for SSH connector type parameter for new deployments.The SSHD Connector provider includes extended cryptography algorithms to support job executions on different sets of devices
• Updated Imprivata PAM browser extension on Firefox to Manifest V3 which is the latest version of the extensions platform for Safari, Firefox, and Chromium-based browsers

Release 2.3.202402041456 (February 04, 2024)

Extensions

• Added support for session event masking conditions to include Clipboard text event type

Release 2.3.202401281558 (January 28, 2024)

Fixes

• Fixed the issue with searching by ID for Inventory report
• Fixed the issue with remote job execution for AD and LDAP user records
• Improved stability of the import process for cases with broken data in the export file

Release 2.3.202401211516 (January 21, 2024)

Extensions

• Added option to disable auto import of LDAP certificates in PAM by setting properties xtam.ldap.cert.auto-import=false and xtam.web.cert.auto-import=false in $PAM/web/conf/catalina.properties. These properties are set to true by default
• Added the option to search by ID for Requests, Inventory, and Users reports

Fixes

• Fixed the issue with concurrent LDAP certificate imports
• Fixed the issue with case-sensitive search for Task column in Job History report
• Fixed the issue with Database import operation due to constraint violation in certain cases

Release 2.3.202401141447 (January 14, 2024)

Extensions

• Updated Copyright year to 2024 in the Federated Sign-In login page for new deployments
• Added ability to perform case-insensitive search on reports

Fixes

• Fixed the issue with password cache for AD users
• Improved performance on Shared with me page
• Fixed the issue with performing cut and link operation on hidden record types in vaults

Release 2.3.202401071515 (January 07, 2024)

Extensions

• Updated Copyright year to 2024 in the application installers

Fixes

• Fixed the issue with performing cut and paste operation on hidden record types in vaults
• Fixed the issue with displaying long text in Session Events Keyframes
• Fixed a typo in the script for the Windows PowerShell installer
• Fixed the issue with autofill for certain websites on PAM browser extension plugin for Chrome and Edge