Release Notes for Imprivata Privileged Access Management

Release 2.3.202312311512 (December 31, 2023)

Features

• Improved user experience to the Session recording video playback by bringing in color coded keyframes to the timeline representing each type of session event (key sequences, file activity, clipboard, database, In-Session)
• Added integration with Shibboleth IdP V4

Extensions

• Added the option to include the workflow rejected reason with a {{request.reject.reason}} placeholder in a custom email template

Security

• Updated WEB Container to version 9.0.84 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202312241507 (December 24, 2023)

Fixes

• Improved performance on Proximity Groups page
• Fixed the issue with incorrect time displayed in the ACL column on Inventory Report
• Improved application startup error handling when SSH proxy fails to start

Security

• Updated Session Manager to version 1.5.3-20231215 including FreeRDP to 2.11.2. This change applies for new deployments. Existing deployments require update of WEB Session Manager module

Release 2.3.202312171531 (December 17, 2023)

Fixes

• Improved spacing between UI components in the Mass operation log window
• Fixed the issue with Database import operation in certain cases

Release 2.3.202312101524 (December 10, 2023)

Extensions

• Added the option to Request Access for actions on Users report

Fixes

• Added additional logging for troubleshooting Azure AD issues
• Fixed the issue when editing Record type icons
• Fixed the issue with breadcrumbs on Workflow Instance page

Release 2.3.202312031538 (December 03, 2023)

Extensions

• Implemented System Log archival on Remote Worker Nodes based on System Logs Retention property
• Added the unit of time measure label for parameters on Application Nodes page

Fixes

• Fixed the issue with rare cases of remote job executions on slow Windows endpoints
• Fixed the issue with the failed access to API documentation
• Fixed the issue with breadcrumbs on the Reindexed Record Types page in the German language
• Fixed the issue with resetting GAUTH MFA for installations integrated with MS SQL database in case sensitive mode

Security

• Updated WEB Container to version 9.0.83 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202311261510 (November 26, 2023)

Extensions

• Added the option to search Session Event report using IP address criteria
• Added the option for the Cron Expression Builder to edit existing cron expression in addition to creation of new ones

Fixes

• Fixed the issue when authentication to rdp proxy fails for certain passwords

Release 2.3.202311191534 (November 19, 2023)

Features

• Added Instant Video Playback accessed Audit Log Event to the Audit Log report

Fixes

• Fixed the issue for retrieval of Distinguished Name for shadow account when executing LDAP User password Reset task
• Fixed log4j dependency issues with uploading Public Key Authentication for SSH Clients from My profile > Preferences page

Release 2.3.202311121512 (November 12, 2023)

Features

• Added support for Azure AD federated with cloud or on-premise AD with ADFS

Extensions

• Updated the audit log message for token-based authentication
• Added support for remote app with SQLDeveloper 23.1 version

Fixes

• Fixed the issue with displaying parameter "Password Reset LDAP Validation" on My Profile>Preferences page
• Fixed the issue with foreign key constraint error during DB import when vault level workflow template is added to a vault
• Fixed issue with ssh proxy connection for a double hop proxy configuration

Release 2.3.202311051457 (November 05, 2023)

Fixes

• Fixed the issue when user input was allowed too soon for SQLDeveloper Remote App Launcher record

Release 2.3.202310291429 (October 29, 2023)

Fixes

• Fixed the issue with MFA grace period for installations integrated with MS SQL database
• Added a server-side check to prevent task execution on the Main node if record permissions include a user that belongs to a group with a service global role
• Fixed the issue with creating a record with hidden record type in a container

Security

• Updated application Framework to version 21.0.1 for new deployments. Existing deployments require update of the Framework
• Updated WEB Container to version 9.0.82 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202310221524 (October 22, 2023)

Extensions

• Added an Audit Log Event when accessing a Session Event report from the Report Center

Fixes

• Fixed the issue when exporting Sessions report on all levels with selected columns

Release 2.3.202310151502 (October 15, 2023)

Extensions

• Added WEB Session manager version to About page
• Updated favicon with new Imprivata logo for browsers extensions

Fixes

• Improved overall processing of folder copy and paste operations

Security

• Updated PAM core libraries for Windows, Linux x86 and Linux arm platforms

Release 2.3.202310081525 (October 08, 2023)

Fixes

• Improved performance of search for Active Directory Users or Groups
• Improved performance of applying permissions to Active Directory Users or Groups
• Fixed the issue with Relay node updates in certain cases

Release 2.3.202310011524 (October 01, 2023)

Extensions

• Added a sample report with Record ID Filter under Custom Queries
• Added Test button for the Content Location, Export Location and Temporary Location global parameters to validate that provided location exists and the PAM service can read/write from this location
• Added validation during CSV file import to only import record types allowed within the Vault

Fixes

• Fixed the issue with the remote node hanging during the update

Release 2.3.202309241514 (September 24, 2023)

Extensions

• Added validation to ensure records of configured record types for a vault can be copied via the Copy Links action

Security

• Updated WEB Session Manager components to the latest version 1.5.3 including FreeRDP 2.11.1. This change applies for new deployments. Existing deployments require update of WEB Session Manager module

Fixes

• Fixed an issue with Record level Session Events report not rendering data
• Fixed an issue with displaying correct Type in Import logs when there is a failure during CSV Import

Release 2.3.202309171539 (September 17, 2023)

Extensions

• Added support for exporting and importing JWT signing key history during database Import/Export operation
• Updated favicon with new Imprivata logo
• Added logging when pasting a record into a vault where the associated record type is not allowed

Fixes

• Added support for exporting all reports fields in CSV, XLSX, PDF formats for all levels reports
• Fixed the issue with cut and paste a record into a vault where the associated record type is not allowed

Release 2.3.202309101528 (September 10, 2023)

Features

• Added a configurable Grace Period option for proxies and workflows requiring MFA authorizations

Fixes

• Fixed the issue with Relay session not completing if master node Temporary Location is not valid

Release 2.3.202309031638 (September 03, 2023)

Features

• Added Vault selector option to only allow a Record Type to be visible within the defined Vault(s) for record creation

Fixes

• Fixed the issue with updating the password for the referenced record while the Reset Password job is being executed on Remote Worker
• Fixed the issue with the Periodic Password Reset task execution
• Fixed the issue with database import operation

Release 2.3.202308271538 (August 27, 2023)

Features

• Added new Record Type Microsoft Entra ID to support password reset of Entra ID (Azure AD) user accounts

Fixes

• Fixed the issue with Minutes after unlock task policy having a max value of 356

Security

• Updated WEB Container to version 9.0.79 for new deployments. Existing deployments require update of the Web Container
• Updated versions of client side libraries in the Federated Sign-In module

Release 2.3.202308201618 (August 20, 2023)

Features

• Added SSO JWT Signing key history page with restore options

Fixes

• Fixed the issue with new relay node configuration

Security

• Updated WEB Session Manager components to the latest version 1.5.3. This change applies for new deployments. Existing deployments require update of WEB Session Manager module

Release 2.3.202308131130 (August 13, 2023)

Extensions

• Added support for arguments based Password Reset Remote Windows PowerShell scripts. Current tasks should be reconfigured to use new scripts if needed. Otherwise, current tasks will remain the same.
• Improved performance of loading and searching for Users report
• Optimized the process of alerts generation and added more logging for troubleshooting purposes

Release 2.3.202308061134 (August 06, 2023)

Extensions

• Updated WinRM protocol for script executions on remote Windows Hosts to support future extensions

Security

• Updated application Framework to version 17.0.8 for new deployments. Existing deployments require update of the Framework
• Updated WEB Container to version 9.0.78 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202307301105 (July 30, 2023)

Extensions

• Added full breadcrumb path to the record on Create record page

Fixes

• Optimized performance of copying and pasting objects with large folder structure

Release 2.3.202307231143 (July 23, 2023)

Extensions

• Added new parameter to manage pre execution of the Password reset LDAP script
• Added the option for custom queries to filter by secured IDs using '=', 'in' and 'like' operators with specific values and by ':search' property

Fixes

• Fixed the issue with supporting passwords longer than 16 characters for RDP proxy sessions with enabled MFA Confirm ID for the user authentication
• Fixed the issue with Periodic Password Reset task execution
• Fixed the issue with errors after clicking the button View Objects for AD users on Users report
• Fixed the description of Manage permission on Grant Access page for Global Permissions

Security

• Improved server side permissions check on Tasks page for users without Owner or Manager permissions

Release 2.3.202307161125 (July 16, 2023)

Extensions

• Added reporting of Session Connected and Session Disconnected events to integrated ServiceNow tenants
• Added the option to configure After Create task execution policy for new deployments

Release 2.3.202307091122 (July 09, 2023)

Extensions

• Added vertical scroll bar for Mass Operations Log page

Security

• Updated WEB Session Manager components to the latest version 1.5.2. This change applies for new deployments. Existing deployments require update of WEB Session Manager module

Release 2.3.202307021107 (July 02, 2023)

Fixes

• Removed record type hyperlink from a Record inherited Task List screen for users other than System Administrators

Release 2.3.202306251223 (June 25, 2023)

Fixes

• Fixed the issue with auto archival of Audit Logs

Security

• Updated WEB Container to version 9.0.76 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202306181226 (June 18, 2023)

Fixes

• Fixed the issue with displaying incorrect PUSH notification for approved Azure AD MFA required workflow action
• Fixed the issue with activation of Azure AD B2C Guest User in user profile
• Fixed the issue with establishing SSH, RDP Proxy connections as well as for Workflow Requests requiring MFA for Azure AD B2C guest users

Release 2.3.202306111146 (June 11, 2023)

Extensions

• Implemented new welcome message for SSH proxy session initiated through the relay node
• Improved reliability of application updates
• Added an option to limit script viewing

Fixes

• Fixed the issue with incorrect SSH proxy prompt for the master node
• Fixed the issue with application updates for relay node

Release 2.3.202306041250 (June 04, 2023)

Extensions

• Optimized SSH Proxy session establishment performance through the relay node

Fixes

• Fixed the issue with remote users displaying for SSH Proxy sessions through the relay node
• Fixed the issue with selecting MFA provider without user for MFA page
• Fixed the issue with displaying Subscribe button on Search screen
• Fixed the issue with creating session objects on master node for repeated connections from SSH Proxy internal shell through the relay node
• Fixed the issue with German, Russian and Portuguese languages translation on Job Summary report for time selector
• Fixed the issue with German, Russian and Portuguese languages translation on Cron expression builder page for Hours, Day and Month tabs

Release 2.3.202305281231 (May 28, 2023)

Features

• Added support for RDP proxy sessions through the Relay Node

Fixes

• Fixed the issue with German, Russian and Portuguese languages translation on Parameters page for the recently added parameters
• Fixed the issue with German, Russian and Portuguese languages translation on Parameters page for the groups of parameters

Security

• Updated WEB Container to version 9.0.75 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202305211122 (May 21, 2023)

Extensions

• Added support for Microsoft Azure AD MFA with Number Matching for Access Requests that require MFA confirmation
• Added support for Microsoft Azure AD MFA with Number Matching for SSH Proxy sessions

Fixes

• Fixed the issue with permissions assigning to temporary record for relayed sessions
• Fixed the issue with Time Selector on Session Events report
• Fixed the issue with Time Selector for all Saved Reports
• Fixed the issue with German language translation on Parameters page for help buttons
• Fixed the issue with German language translation on Job History report for State column
• Added system log messages to troubleshoot deletion of temporary session recordings

Release 2.3.202305141310 (May 14, 2023)

Fixes

• Fixed the issue with failure to execute jobs for a record with granted permission to a groups that includes a locked local service account
• Fixed the issue with German language translation on Reports filters
• Optimized RDP Proxy Remote App Launch Stability in certain situations
• Fixed the issue with the links to Job History and Job Summary reports on Report Center page

Release 2.3.202305071136 (May 07, 2023)

Fixes

• Fixed the issue with PAM browser extension for certain Websites that do not recognize values set in User and Password fields for Chrome, Edge and Firefox Browser extensions. The update is pending approval from browser extension stores
• Fixed the issue with German language translation on Job History report
• Fixed the issue with German language translation on Report Center page for reports names, links and descriptions
• Fixed the issue with exporting Job History report with All Jobs filter selected

Security

• Improved Server side permission checks for Sessions Report
• Fixed the issue when PAM is not reflecting changes made to user name in AD configuration in situations when a service account DNs that contain comma

Release 2.3.202304301105 (April 30, 2023)

Extensions

• Added Checkout and MFA as selectable columns to the Workflows report

Fixes

• Fixed AD integration issue with AD user/manager having names with comma

Security

• Improved security on active sessions launched through relay nodes
• Updated application Framework to version 17.0.7 for new deployments. Existing deployments require update of the Framework
• Updated WEB Container to version 9.0.74 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202304231130 (April 23, 2023)

Security

• Added support for blacklisting ciphers used for RDP Proxy sessions
• Improved Server side permission checks for access to Recorded Sessions in all formats

Release 2.3.202304161253 (April 16, 2023)

Features

• Added the option to configure Relay Node to be displayed for specific containers or records based on Proximity Groups selector

Extensions

• Added support for rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519 Host Key Algorithms; diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges to WEB SSH sessions. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
• Added ability to change Azure AD Users password from the My Profile page
• Added display of warning and error messages on Database export UI page

Fixes

• Fixed the issue with the breadcrumbs on folder level Workflow Bindings Report page
• Fixed the issue with sorting by Record field on Tasks Report page
• Fixed issue with certain special characters in User and Password fields for Chrome and Edge Browser extensions. Published extension version with the fix is 1.45
• Fixed the issue with German language translation on Command Control page
• Fixed the issue with view records when using SSH Proxy Shell with Relay node

Security

• Updated WEB Session Manager component to the version 1.5.0 including FreeRDP 2.10, libssh2 1.10. This change applies for new deployments. Existing deployments require update of WEB Session Manager module
• Improved security for API authentication with tokens for deployments with two Duo Security MFA configurations enabled. This change applies for new deployments. Existing deployments will require update of Federated Sign In module

Release 2.3.202304091157 (April 09, 2023)

Extensions

• Added a visual indicator in the record list for records with active sessions

Fixes

• Fixed the issue with Web session service restart on some Linux installations when there is an active session

Release 2.3.202304021148 (April 02, 2023)

Features

• Added interactive shell support for SSH Proxy sessions through the Relay node

Fixes

• Fixed the issue with the tooltip location for the button File Browser in Web sessions with enabled German language
• Fixed the issue with incorrect displaying user permissions in Access Report
• Fixed the issue with missing Session Control option on Grant Access page
• Fixed the issue with displaying record name in the session column of the Session Events report for the events related to currently deleted records
• Fixed the issue with the quick playback option for the recordings of the deleted records
• Fixed the spelling mistake on the Clipboard button tooltip on the WEB Session GUI toolbar

Release 2.3.202303261146 (March 26, 2023)

Fixes

• Fixed issue with Launch SSH Client button displayed on Relay Connect dialog for non-ssh records
• Fixed issues with missing German language translations

Security

• Updated WEB Container to version 9.0.73 for new deployments. Existing deployments require update of the Web Container
• Improved security around API authentication when MFA is enabled. This change applies for new deployments. Existing deployments will require update of Federated Sign In module
• Improved security around API authentication when application is configured to use non-standard ports. This change applies for new deployments. Existing deployments require update of Federated Sign In module

Release 2.3.202303191222 (March 19, 2023)

Features

• Added support for German language on the application GUI
• Added ability to launch sessions using SSH clients, such as putty, and route traffic through the Relay Node instead of a Master Node
• Added Relay Connect dialog on the Record View page to provide connection options and information through the Relay Node

Extensions

• Implemented automatic retrieval of email address for users configured on Azure AD to be used for PAM alerts and notifications

Fixes

• Fixed the issue with the broken search for objects with unique permissions

Release 2.3.202303121214 (March 12, 2023)

Features

• Added the option to the record list page to identify checked out records

Extensions

• Updated the rule description for the Session Score Violation Behavior Profile

Fixes

• Fixed the issue with sorting by Date column for Jobs Summary Report

Release 2.3.202303051145 (March 05, 2023)

Fixes

• Fixed issue where Alerts were not sent to group members who subscribed for notifications
• Fixed display of timestamp on Date column in Job Summary report
• Fixed issue when there is a trailing space in URL for Directory Service API calls

Release 2.3.202302261036 (February 26, 2023)

Extensions

• Added the option to mass Cancel multiple selected jobs on the system and record level Job History report

Fixes

• Fixed the issue with sorting by Date column for Jobs Summary Report

Security

• Improved Server side permission checks for Session Recordings and Session Events

Release 2.3.202302190914 (February 19, 2023)

Features

• Added support to display alternate date formats for downloaded versions of Reports which can be configured from Administration > Settings

Fixes

• Fixed the issue with occasional 404 error in Inventory report page

Release 2.3.202302120707 (February 12, 2023)

Features

• Added support to display alternate date formats in Reports which can be configured from Administration > Settings

Fixes

• Fixed the issue during CSV export of objects from the Root Folder
• Removed warning migration message from all Reports pages
• Fixed the issue with search by unique permissions not returning some folders

Release 2.3.202302050754 (February 05, 2023)

Extensions

• Added support for Workflow Session Termination for sessions initiated via a Relay Node

Fixes

• Fixed the issue with displaying event user instead of subscribed user on My Alerts list
• Fixed the issue with displaying password on the Record Quick View screen in case the password contains special characters

Security

• Updated WEB Container to version 9.0.71 for new deployments. Existing deployments require update of the Web Container
• Updated application Framework to version 17.0.6 for new deployments. Existing deployments require update of the Framework

Release 2.3.202301290932 (January 29, 2023)

Features

• Added support for Remote App execution through a Relay Node
• Added Session Event Report Masking option

Extensions

• Added context help balloons to the global parameter Password Detection Entropy
• Added help article link to the Record Change History page
• Added support to display Windows Key in the Session Events report

Fixes

• Fixed the issue with the breadcrumbs path on Personal Vault and Workflow Bindings Report pages
• Fixed the issue with the titles for Permissions pages on Vault, Folder, Record Levels
• Fixed the issue with the titles for Tasks pages on Record Type and Record Levels
• Added debug logging based on connection id to both Master and Relay Nodes to improve connection troubleshooting

Release 2.3.202301220959 (January 22, 2023)

Features

• Added the option to specify a group with service account member to designate a record for remote job execution

Fixes

• Fixed the issue with the breadcrumbs path on Command Control, Record Type Formula, Record Type Tasks pages
• Fixed the issue with the titles for all pages under the Administration Left Menu

Release 2.3.202301151100 (January 15, 2023)

Extensions

• Added the option to resolve dynamic and pass-through credentials in the user field when connecting through Relay Node
• Added the option to resolve dynamic credentials in the user field when connecting through Relay Node using Private Key authentication (Unix Host with Key and Unix Host with Private Key record types)
• Added messages for created records and folders in the object import log to match the messages about updated and skipped objects
• Externalized import log messages for multi-language support

Fixes

• Fixed the error message after trying to add AzureAD user to Local Groups
• Added performance optimization for re-indexing records during reference record update
• Fixed the issue with dry run for CSV export for records with references
• Fixed the issue with Parents drop down control overlapping with left side menu on the Record Type editing screen

Release 2.3.202301081053 (January 08, 2023)

Features

• Added options to ignore or update existing records when importing records to a vault

Security

• Implemented tunnel authorization for Web Sessions with disabled Web Sockets parameter
• Improved Server side permission checks for Instant Session Recording playback

Release 2.3.202301011045 (January 01, 2023)

Extensions

• Removed Reports Tab from the Left Tab Menu in favor of accessing reports using Report Center
• Updated Copyright year to 2023 in the application GUI and command ine utility
• Updated Copyright year to 2023 and a link to EULA in the application installers
• Updated Copyright year to 2023 in the login page of the Federated Sign In module for the new deployments
• Added support to highlight Report Center in the Left Tab Menu in case user opened a Report

Fixes

• Fixed the issue with the breadcrumbs path on Import Records page
• Fixed the issue with empty dropdown menu in case editing MFA configuration and choosing MFA Deny provider on MFA page
• Fixed the issue with the links to the custom queries highlights in the left side menu

Security

• Updated WEB Session Manager components to the latest version 1.4.0 including FreeRDP version 2.9

Release 2.3.202212250957 (December 25, 2022)

Features

• Added Session Relay node component to create separation of the session traffic from the control planes in geographically distributed PAM deployments

Extensions

• Added entropy-based algorithm for password detection to enable future extensions

Fixes

• Fixed the issue with importing records from PuTTY(.reg) file
• Fixed the issue with errors in the browser console as well as incorrectly displayed Dry Run checkbox after refreshing the Import screen
• Fixed the breadcrumb for Edit Custom Query page
• Fixed the issue with the application performance after executing password reset jobs for records referenced from large number of records

Release 2.3.202212181031 (December 18, 2022)

Security

• Updated WEB Container to version 9.0.70 for new deployments. Existing deployments require update of the Web Container

Extensions

• Updated example custom queries for discovered administrators and services by adding search option to filter discovered artifacts by the artifact, host and the discovery query

Fixes

• Fixed the issue with accessing external Internet servers to cache GUI fonts in new deployments of Federated Sign-In module
• Fixed issue with empty mfa provider drop down value when user edits existing Deny Login provider
• Fixed the issue with displaying session event details report for the sessions of the deleted records
• Fixed the issue with handling of internal data model auto-corrections
• Fixed the issue with attempting to automatically import LDAP certificate during establishing connection to LDAP servers using non-secure channels
• Fixed the issue with blanket periodic system log message about worker engine on the main node bypassing job executions scheduled for the remote nodes by moving the message to the debug level
• Fixed reports description translations in Russian and Portuguese
• Fixed the issue with errors generated during session rendering error processing for the sessions of the deleted records

Release 2.3.202212111009 (December 11, 2022)

Features

• Added Deny Login capability to globally deny a principal login to PAM

Extensions

• Added an example of a custom query to display a list of administrators discovered on remote computers when running a discovery query
• Added an example of a custom query to display a list of user owned services discovered on remote computers when running a discovery query
• Added CSV Export help article to the CSV Export page
• Added description to Bindings, Local Group Membership and Access reports

Fixes

• Fixed login issues for Azure AD Guest users to PAM
• Fixed the issue with breadcrumb links to Report Center when user navigates back from queries or saved reports

Release 2.3.202212041016 (December 04, 2022)

Security

• Improved security of REST API functions designed for communications between internal services

Extensions

• Added the option to build folder level custom queries for queries that contain group by clause
• Added context help to Filter field of the Remote App Host type on the record creation and editing screens
• Added the option to specify $account placeholder in the User field of a record to use the account portion of the current user login without domain as a user part of pass-through credentials when connecting to the endpoint servers
• Added the option to specify PAMACCOUNT placeholder in the job execution script to use the account portion of the current user login without domain when executing jobs on the endpoint servers
• Added the option to specify PAMACCOUNT placeholder in the command template to execute when connecting to the endpoint servers to use the account portion of the current user login without domain

Fixes

• Fixed the issue with selecting a referenced record on the record creation and editing screens included records for which the current user had only Viewer permissions
• Fixed the issue with including root folder to the Export to CVS function when exporting objects from the root folder
• Fixes the issue with personal vault root folder appearing in the CSV export file causing problems during import

Release 2.3.202211270943 (November 27, 2022)

Features

• Added Export to CSV capability that can be used on individual or bulk objects (record and container) to generate a secure, encrypted CSV file

Security

• Updated WEB Session Manager components to the latest version including FreeRDP version 2.8.1

Extensions

• Implemented quick Download RDP File link on the record list screen to simplify access to the RDP File
• Added up- (for connected nodes) and down-arrow (for disconnected nodes) icons for the node status of the node on the Settings / Application Nodes screen to augment color-based indicators
• Added a lock icon to the session manager port on the Settings / Proximity Groups screen for the session managers with SSL protected traffic to augment color based indicator of the session manager connection status
• Added the actual Special Characters as well as Forbid Using User Name (checkbox) fields into the custom formula report example

Fixes

• Fixed the issue with deleting a record type that includes or included in the past Command Control Policies

Release 2.3.202211200918 (November 20, 2022)

Extensions

• Added support for Azure AD Guest user logins to PAM
• Added support to display all sessions as a default option for the record-level session report to allow auditors to quickly review the history of the record access
• Added custom query example to report unique password formula including formula parameters to demonstrate custom query grouping, aggregation, joining, metadata enhancement, record linking options as well as technique to retrieve record policies
• Added Report Center button on Record list page for quick access

Release 2.3.202211131043 (November 13, 2022)

Security

• Updated application framework to version 17.0.5 for new deployments. Existing deployments require update of the Framework
• Updated application Web Container to version 9.0.68 for new deployments. Existing deployments require update of the Web Container

Release 2.3.202211061015 (November 06, 2022)

Features

• Added support to preserve session recordings after deleting a record for new deployments. Existing deployments might enable this feature by making field CSESSION.record_id NULL-able in the back end database (no service restart is required)

Extensions

• Added quick Download RDP File link to the Record View screen to simplify RDP Proxy access to the remote Windows servers

Fixes

• Added custom query prefix to the custom query name in breadcrumbs for Custom Query reports
• Removed custom query prefix from breadcrumbs where it is not needed

Release 2.3.202210301144 (October 30, 2022)

Extensions

• Added system log messages to troubleshoot connections from remote to master nodes
• Updated default behavior for new deployments to enable dynamic reference from local groups to external LDAP members thereby allowing entry reorganization in the external user directory without breaking local groups membership. The property xtam.ad.members.search=true in $PAM/web/conf/catalina.properties is set for new deployments
• Added support of various initial indexes (0 or 1) for AzureAD entries in configuration file
• Removed requirement of using a service account for Azure AD integrations

Release 2.3.202210231056 (October 23, 2022)

Features

• Added native integration with Azure AD cloud directory for user authorization, search and add AD users to local groups

Extensions

• Added support for Oracle 19+ versions for new PAM deployments with Federated Sign-In module
• Added support to search for record name having a colon character by enclosing in double quotes

Fixes

• Fixed the issue with unsuccessful CSV Import where the reference record name has colon character
• Fixed the issue with re-indexing record type records with non-indexed or secure User field should reset User display on the Inventory report

Release 2.3.202210161126 (October 16, 2022)

Security

• Updated application framework to version 17.0.4.1 for new deployments. Existing deployments require update of the Framework

Fixes

• Fixed the issue with Bulk Archive and Bulk Restore terminology in the Audit Log following bulk archive and restore operations
• Fixed the issue with the visual indicator for a hidden session toolbar controller for WEB sessions visible when in session participants list, file browser or clipboard controllers are visible on the screen
• Fixed the issue with Interactive and Delegated Approval templates can be saved without approvers and used as an Automatic template

Release 2.3.202210091138 (October 09, 2022)

Extensions

• Added a visual indicator to enable easy access of toolbar menu for WEB sessions

Fixes

• Fixed the issue with password reset task execution for LDAP Server record type using Remote Worker

Release 2.3.202210021124 (October 02, 2022)

Extensions

• Added the option to block and to unblock SSH Public Key to the Edit Local User screen
• Added tooltip for the Delete SSH Public Key button to the Edit Local User screen

Security

• Updated WEB Session Manager for Windows platform including FreeRDP version 2.8

Fixes

• Fixed the issue where cut and paste of objects to same container creates orphaned objects
• Fixed the issue with the narrow context help box describing SSH Public Key generation controls on the Edit Local User screen
• Fixed the issue with Record/Folder owner permissions were not respected in the Permissions Management page when the Auditor role has been granted to a user
• Added the option to improve performance for large integrated User Directory domains by the allowing to specify several small directory branches for the role search instead of connecting to the large ambient directory tree. To enable multiple connection to user directory role trees, the option allows to specify the following parameters in addition or instead of the regular role search connection points: ldap.roleBase.1, ldap.roleBase.2, ldap[1].roleBase.1, ldap[2].roleBase.2, etc
• Launch Report Center article in a new tab when clicked from the link on report pages

Release 2.3.202209251205 (September 25, 2022)

Extensions

• Added the option for system administrators or vault owners to manage ssh public keys of the local users under their management
• Added local users ssh public key management REST API for automation of the application to application access

Fixes

• Updated help article links on the Discovery, Global permissions and Behavior profile screens

Release 2.3.202209181150 (September 18, 2022)

Extensions

• Added restriction to limit a number of search query criteria that can be added in GUI

Fixes

• Fixed the issue with unnecessary checkboxes on the Local Groups screen
• Fixed the issue with error during PAM setup on Linux if the script is run not from the installation directory
• Fixed the issue with vault container get converted into a folder container when using copy and paste action into the root folder
• Fixed the issue with applying script placeholders to Public Key Update Remote SSH script for tasks execution

Release 2.3.202209111221 (September 11, 2022)

Extensions

• Added description to downloaded versions of the following reports: system level Subscriptions (Alerts) and Subscriptions (Reports), record level Audit Log and Job History
• Added click-able link to a Report Center help article

Security

• Updated WEB Session Manager for Windows platform including FreeRDP version 2.6.2

Fixes

• Fixed the issue with the password is displayed as email for the passwords with @ character on the record quick view screen
• Fixed the issue with using regular font when displaying non-password secure fields on the record quick view screen
• Fixed the issue with displaying informational message about the Report Center on folder and record level reports
• Fixed the issue with displaying informational message about the Report Center for My Sessions report
• Fixed the issue with pre-creating keys folder on the file system during the application start up to simplify configuration of SSO logins
• Fixed the issue with reporting WEB Sessions that failed to connect as successfully created sessions in the session report
• Added trace level system logging to troubleshoot reporting about establishing of WEB session

Release 2.3.202209041201 (September 04, 2022)

Features

• Added the option to disable a server in a proximity group so it would not accept new sessions to broker to facilitate update for remote session managers deployed in high availability configuration

Security

• Updated WEB Container to version 9.0.65
• Updated WEB Session Manager for Linux platforms (x86 and arm) including ssh library 1.10 to enable new modern ciphers and FreeRDP version 2.8

Fixes

• Fixed the issue with Palo Alto Networks records failing to connect to the destination using WEB SSH Session because of enabled file transfer which is typically disabled on the end point devices. Note that the update affects only new deployments. Existing deployments should create a record type level field FileTransferDisabled (Field Type: Checkbox, Display name: File Transfer Disabled) and check it Enabled in the corresponding record.

Release 2.3.202208281233 (August 28, 2022)

Features

• Added the option to disable proximity groups to help in building and troubleshooting routing of sessions network traffic

Extensions

• Added a link to a help page describing script variables and placeholders to the script editing screen
• Added a description to all files generated during subscription or export to pdf, csv, txt , xlsx for all system reports
• Added a warning message on the reports accessed using left side menu prompting users to use Report Center to access report in favor of deprecating left side menu

Release 2.3.202208210859 (August 21, 2022)

Features

• Added the option to search Session Events report by multiple comma separated keywords. Enclose the search condition in the double quotes for precise search criteria

Extensions

• Added default description to Record level Audit Log report

Fixes

• Fixed the issue with incorrect name of the report on Records List screen in Reports drop down menu

Release 2.3.202208141254 (August 14, 2022)

Features

• Added the Single Logout Option to automatically logout a browser session from the OneSign Identity provider when logging out from the WEB Application. The option is configured by the system parameter to the configuration file $PAM/web/conf/catalina.properties
  cas.authn.pac4j.saml[0].autoSlo=true
  Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter

Extensions

• Added Description field for the default reports on the report center

Fixes

• Removed the option to publish and unpublish reports on Report Center page for Personal Vaults
• Removed the option to publish and unpublish reports on Report Center page for Personal Vaults using the Bulk action option
• Removed create option for Custom Queries Tab for Folder level Report Center
• Added extended system logging information about failing to access Federated Sign-In module backend structures to troubleshoot module deployments when run under debug mode enabled by log4j.logger.com.pam.bl=DEBUG parameter in $PAM/web/conf/log4j.pam.properties logging configuration file.
  Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter
• Fixed the issue with cleaning legacy files after the application update for the deployments switched to logging version 2

Release 2.3.202208071235 (August 07, 2022)

Extensions

• Added support for ephemeral accounts with key authentication on Linux devices for the Shadow record authentication using key

Fixes

• Fixed the issue with displaying errors for users with Auditor Global Role on Custom Reports tab for folder level Report Center
• Fixed the issue with missing some Custom Queries on Custom Reports tab of Report Center
• Fixed the issue with incorrectly using private key based connection when executing SSH jobs in case Certificate data exist in the record metadata but not in the record type

Release 2.3.202207311144 (July 31, 2022)

Features

• Added support for ephemeral accounts with key authentication on Linux devices for the Shadow record authentication using protected key

Extensions

• Added the option for users with Owner permissions to view folder level Custom Queries on folder level Report Center
• Added support for multi-byte characters in the user passwords for the new deployments configured with basic authentication
• Added the option to encrypt ticketing systems integration service account password in the configuration file
• Added the option to specify ticket number in the dedicated Ticket Information field instead of the Reason field on the access request form to reference an integrated external service management system ticket
• Added the option to interactively specify a password using dash value for the administrator password parameter in the Command Line Utility Set Directory Administrator Password command
• Added the option to interactively specify a password using dash value for the local user password parameter in the Command Line Utility Create User command
• Updated search help link on the search center on the record list screen

Fixes

• Fixed the issue with displaying errors on Users Audit Log report after page refresh
• Fixed the issue with deleting ephemeral accounts with running processes on Linux hosts

Release 2.3.202207250858 (July 25, 2022)

Fixes

• Fixed the issue with deploying new system with external database

Release 2.3.202207241157 (July 24, 2022)

Features

• Added support for ephemeral accounts with key authentication on Linux devices. Added new record type Linux Host Ephemeral Account with Key

Extensions

• Added support for configurable buffer size for RDP Proxy sessions recording to optimize performance of RPD Proxy sessions with recording enabled. To specify custom buffer size add the following parameter to the configuration file $PAM/web/conf/catalina.properties file
  xtam.rdp.proxy.recording.buffer_size=1024000
  Note that PamManagement / pammanager service needs to be restarted after adding or modifying this parameter

Fixes

• Fixed the issue of displaying incorrect search results after searching on the Report Center page
• Fixed the issue with missing letter in the Jobs Summary report label on the Report Center page
• Fixed the issue with the search label on custom queries tab on the report center page to show the number of results
• Fixed the issue with the system report links on the Report Center screen
• Fixed the issue with the report name update button on the Report Center screen
• Fixed the issue with not functional check-boxes on the custom queries tab on the Report Center screen
• Fixed the issue with not functional check-boxes on the global custom queries screen

Release 2.3.202207171244 (July 17, 2022)

Extensions

• Added the option for a remote worker node to connect to the master node over the transparent perimeter forward tunnel established by the same node
• Added the option for a remote worker node to connect to multiple master nodes over the transparent perimeter forward tunnels established by the same node

Release 2.3.202207101204 (July 10, 2022)

Features

• Added Custom Queries area to the Report Center

Extensions

• Moved references to Saved Reports from Reports tab on global level and from dropdown Reports menu on folder level to the Report Center
• Renamed Reports / Custom Queries menu item to reflect the nature of queries as user defined entity-relationship querying capabilities

Fixes

• Fixed the issue when search returning out of the box reports in search results on the Report Center
• Fixed the issue with the bread-crumbs links on the Report Center
• Fixed the issue with search results label on the Report Center

Release 2.3.202207031222 (July 03, 2022)

Features

• Added support for session events recording for file transfers over drive redirection events during RDP Proxy connections
• Added the option for the remote application records to only use application hosts located in the same vault as the record itself to simplify remote application hosts configuration for multi-tenant deployments. The option is enabled by the system parameter xtam.apphost.crossvault.disable=true in $PAM/web/conf/catalina.properties configuration file

Extensions

• Added title and context help to the Administration / Settings / Mail Server screen
• Added the option to execute scripts right after establishing Switch User session on Unix endpoints

Fixes

• Fixed the issue with system import using automation scripts when including volume index in the name of the imported export archive
• Fixed the issue with too excessive audit logging for the event of accessing session event report

Release 2.3.202206261142 (June 26, 2022)

Features

• Added Report Center to consolidate out of the box and saved reports simplifying reports access and management for the system administrations and folder owners

Extensions

• Added audit log event for accessing Session Events Report for a selected session. Session type, date and operator are mentioned in the audit message along with the user accessing the reports, time of access and the record. Note that accessing cross-sessions Session Events report does not create an audit log record
• Added the option to verify Active Directory user password expiration date over non-secure connection to Active Directory Domain Controller

Fixes

• Fixed the issue with importing system data using automation scripts when including volume index in the name of the imported export archive

Release 2.3.202206191318 (June 19, 2022)

Features

• Added support for ephemeral accounts with password authentication on Linux devices
• Added OAuth 2.0 authentication support for IMAP and SMTP protocols to receive email request approvals and to send notifications using Office 365 mail server

Extensions

• Added support for Use sudo option when executing jobs on Unix endpoints using Switch User mechanism through sudo privilege elevation
• Added the option for the record owners to copy JSON representation of record fields to the system clipboard using JSON option on the record view screen

Fixes

• Fixed the issue with executing jobs for the Unix Host records that include artifacts of the previous record versions created before switching record type to the one that does not contain these fields anymore
• Fixed the issue with detecting maximum password age in certain configurations of Active Directory policies

Release 2.3.202206121224 (June 12, 2022)

Features

• Added the option to use dynamic and pass-through credentials for remote application launchers run over WEB RDP or RDP Proxy sessions

Extensions

• Improved reliability of creating new SSH Proxy sessions through next hop remote session manager

Fixes

• Fixed the issue with executing After Approval jobs by remote nodes executing jobs in the remote data-center
• Fixed the issue with executing After Session jobs by remote nodes executing jobs in the remote data-center

Release 2.3.202206051257 (June 05, 2022)

Features

• Added the option to automatically logout a user from the application when the user has the browser disconnected from the server by the network transport (such as VPN) or does not have the application open in the browser tab. The following timeout parameters can be configured in the $PAM/web/conf/catalina.properties file
  cas.ticket.tgt.maxTimeToLiveInSeconds=3600
  cas.ticket.tgt.timeToKillInSeconds=3600
  PamManagement / pammanager service would need to be restarted after adding or modifying these parameters.

Fixes

• Fixed the issue with detecting maximum password age in certain configurations of Active Directory policies
• Fixed the issue with Re-indexing record type records completed even after failing to perform one of the re-indexing activities on one of the records

Release 2.3.202205291316 (May 29, 2022)

Extensions

• Improved performance of RDP Proxy sessions established with video recording enabled. The option is disabled by default. The option could be be enabled by system parameter xtam.rdp.proxy.compression=true set in the $PAM/conf/catalina.properties file
• Improved performance of Web sessions established with enabled Session Idle Activity Timeout parameter
• Improved performance of SSH Proxy sessions established over the Transparent Perimeter deployment tunnel by disabling tunnel buffering using the following parameters in the $PAM/conf/catalina.properties file: xtam.reverse.tunnel[N].pty=true or xtam.forward.tunnel[N].pty=true
• Added the option to disable audit log collection to the WEB GUI authentication events for the deployments without this option enabled in the Federated Sign-In module by defining system property xtam.cas.audit.auth=false set in the $PAM/conf/catalina.properties file
• Added supporting information about subject and issuer into the error message about failed XSRF token verification to improve troubleshooting of system deployments

Fixes

• Fixed the issue with displaying errors on Sessions Report page opened from the Request Access form
• Fixed the issue with connecting to AS/400 endpoints with the user name on record as long as the maximum possible length supported by the destination system. Introduced system parameter xtam.driver.as400.user.length to define the maximum user name length for AS/400 endpoints

Release 2.3.202205221232 (May 22, 2022)

Extensions

• Added connection restriction to SSH Proxy sessions for the expired local users using SSH private key to connect

Fixes

• Added user friendly message in case administrator removing themselves from a Global Role
• Fixed the issue with visual appearance of disabled Revoke Permissions and Remove buttons on the permissions and global roles management screens
• Fixed the issue with enabled revoke global roles button when no global role selected
• Changed the button style for Enter password to encrypt report popup to disabled button by default

Release 2.3.202205151203 (May 15, 2022)

Extensions

• Added support to handle server side keep-alive messages during SSH Proxy sessions

Security

• Added token based authentication support for access request approvals performed using replies to notification email to improve security of email approvals

Fixes

• Fixed the issue with the same access request requirement for Mailbox and Parameters tabs of system settings screen
• Fixed parameter name translation on parameter update information and error messages
• Fixed the issue with the creating a named index for saved report database table in the existing deployments
• Fixed context help for global parameter Session Idle Timeout to indicate its deprecation

Release 2.3.202205081204 (May 08, 2022)

Extensions

• Added connection restriction to RDP and SSH Proxy sessions for the expired local users
• Improved performance of RDP Proxy sessions with video recordings

Security

• Updated application framework to version 17.0.3 for new deployments. Existing deployments require update of the Framework
• Announced EOL support for Internet Explorer. Starting July 17, 2022, the Internet Explorer browser will no longer be supported. We recommend IE users transition to using the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox with Imprivata PAM

Fixes

• Fixed the issue with Active Directory configuration update using WEB GUI or CLI Utility breaking advanced or custom Active Directory configuration
• Fixed the issue with Active Directory configuration update using WEB GUI or CLI Utility incorrectly replacing values commented out in the configuration file to preserve old values with the new values
• Fixed the issue with resizing WEB sessions when changing browser window size

Release 2.3.202205011211 (May 01, 2022)

Extensions

• Added the option to disable Enable Mode authentication for CISCO devices when connected through SSH Proxy by using -1 value in the Enable Level field
• Added support for remote node connection to the master farm load balanced with the cookie based session affinity using user and password authentication
• Added the option to control processing of login events using global parameter
• Added description to saved reports exports

Fixes

• Fixed the issue with too many Login events in the Audit Log when remote node uses multi-master node configuration
• Fixed the issue with updating cookie expiration time during remote node communications with the master farm load balanced with cookie based session affinity
• Fixed the issue with triple system logging about remote node connection to the master node in case of multi-master node configuration

Release 2.3.202204241153 (April 24, 2022)

Security

• Fixed the issue with user password visible in the system log during user login using CIDRA Password + ID modality for new deployments. Existing deployments require update of Federated Sign In module or re-configuration of logging system.
• Updated components of Federated Sign-In module for new deployments. Existing deployments require update of Federated Sign In module.

Extensions

• Added Federated Sign-In module version if present to the application About screen

Fixes

• Fixed the issue with system imports from certain export files breaking the option to create new records
• Fixed the issue with Search Filter displaying in GUI for saved Users report
• Fixed the issue with logout from GUI in certain conditions
• Improved the logic for a remote node connectivity to a master node by refactoring Salt transfer routine introduced in February, 2022 out of remote node connection function
• Improved the logic for a remote node connectivity to a master node by using packaged cookie parsing library
• Added the index name to saved report database table to simplify troubleshooting
• Fixed the issue with missing Search criteria in the reports export files
• Fixed the issue with Browser Extension displaying records when user has Viewer permission and Plugin Level is set to Viewer

Release 2.3.202204171248 (April 17, 2022)

Features

• Added support for remote node connection to the master farm load balanced with the cookie based session affinity

Security

• Fixed the issue with HTTP Secure Headers update to support filter asynchronous mode

Extensions

• Optimized system performance when handling session events and audit log reporting by building additional indexes on the corresponding database tables
• Added the option to include a description to saved reports

Fixes

• Fixed the issue with remote node connection to the master farm in presence of cookies with previously unsupported attributes
• Fixed the occasional issue with remote node connection to the master node caused by incorrectly formatted system cookie
• Fixed the issue with saving reports without name

Release 2.3.202204101246 (April 10, 2022)

Extensions

• Unified bread-crumbs navigation for system and folder level reports

Security

• Updated WEB Container to version 9.0.62

Fixes

• Fixed the issue with incorrect displaying of folder level Custom reports
• Fixed the issue with logging out of the application configured with basic authentication for the user that does not have permissions to any resource
• Optimized performance of the application GUI and REST API for the local users by short-time caching (10 minutes) of the local user expiration date
• Added system logging to troubleshoot remote node connectivity issues

Release 2.3.202204031338 (April 03, 2022)

Features

• Added Automation global role to enable special configuration (such as throttling and quality of service) for machine to machine communications through PAM Server

Extensions

• Improved response time to block expired local users to use WEB GUI

Fixes

• Fixed the issue with incorrect label on Password Formula page for local users
• Added system logging message to reflect errors accessing password expiration date of an Active Directory user
• Fixed the issue with errors detecting an Active Directory user password expiration in case of lack or permissions to access or missing some of the attributes required for this detection

Release 2.3.202203271414 (March 27, 2022)

Features

• Added support for high trust remote session access with optional recording for OneSign Administration Console using Remote Application technology
• Added support for high trust remote session access with optional recording for OneSign Appliance Console using Remote Application technology

Security

• Added HTTP Security headers to the WEB Container configuration during application update and installation (requires one server restart after application update to enable)
• Removed stack trace and server version logging visible in the WEB Browser and REST API calls after server errors (requires one server restart after application update to enable)

Fixes

• Fixed the issue with state selector on Job History report page for saved reports with state parameter

Release 2.3.202203201230 (March 20, 2022)

Extensions

• Updated context help for Administration / Database management screen

Security

• Updated components of Federated Sign-In module

Fixes

• Fixed the issue with saving a composite proximity group with incorrectly specified IP addresses
• Fixed the issue with failure to establish WEB Session in case of one of the proximity groups defined with incorrect IP addresses

Release 2.3.202203131245 (March 13, 2022)

Extensions

• Added support for RDP and SSH Proxy connection through remote session manager tunneled through master node loopback interface to simplify Transparent Perimeter deployments

Security

• Fixed the issue with URL redirection for non-existing application endpoints

Fixes

• Fixed the issue with executing jobs for Active Directory Users record type
• Fixed the issue with RDP and SSH Proxy connections to IPv6 endpoints through the remote session manager
• Fixed the issue with displaying incorrect time-frame criteria in reports exports for custom selected time ranges
• Fixed the issue with adding a user to a folder level group after approved workflow request
• Fixed the issue with closing system export feedback screen after failed export
• Fixed the issue with product maintenance in various operating environments

Release 2.3.202203061120 (March 06, 2022)

Extensions

• Added quick access option to Shadow Record from the records and record types task lists
• Added quick access option to Reference Record from the record editing screen

Fixes

• Added the error message for Folder Level Templates management screen when adding a user from another level
• Fixed the issue with Virtual TOTP and Virtual SMS fields tasks executed from the record Quick View screen resulted in the dialog hidden under the quick view screen
• Fixed the issue with the blanket errors in the browser WEB Console when entering invalid number of hours and minutes to the custom time range selector on the reports screens
• Fixed the issue with the folder level group member approving access requests for the objects in different container

Release 2.3.202202271219 (February 27, 2022)

Extensions

• Added Access Request Scope Connect option as a global parameter to enable browser extension to fill login forms following approved connect action for HTTP Proxy sessions
• Added Copy to Clipboard button on Virtual MFA dialog
• Added Workflow Template option to wave notifications sent to requester for automatically approved requests

Security

• Updated WEB Container to version 9.0.58

Fixes

• Fixed the issue with remote worker node connectivity to the master node
• Fixed the issue with conflict executing several jobs originating from different records or shadow records simultaneously on the same host
• Fixed the issue with blanket error message about folder level reports identification in the browser console when accessing Favorites and Archive screens
• Fixed the issue with the pointer shape of the cursor when hovering over the URL on record on the record list screen

Release 2.3.202202201302 (February 20, 2022)

Features

• Added the option to manage workflow templates at folder level to facilitate delegation of administration functions to vault owners

Extensions

• Added Audit log message for Install, Update and Restart operations
• Added re-branded Application to Okta store for SSO integration

Security

• Fixed the issue with tab-nabbing adding special option when opening new window or tab

Fixes

• Fixed the issue with cutting multiple records located in different folders from the Search results
• Fixed the issue with preserving Workflow Binding MFA Required setting when copying folders
• Fixed the issue with preserving Workflow Binding Checkout Required and MFA Required settings when breaking bindings inheritance
• Optimized the logic of font loading for exporting reports to MS Excel format

Release 2.3.202202131330 (February 13, 2022)

Features

• Added the option to save folder level Inventory report columns, options and filter configuration for quick access

Extensions

• Added Period timeframe filter display for Reports generated during Email and Folder subscriptions
• Added the option to control Mail Server updating using Workflow Bindings with Administration actions

Security

• Fixed the issue with limiting access control to some global parameters
• Addressed a potential script injection vulnerability

Fixes

• Fixed the issue with timeframe filter displaying in the Email subscription on reports
• Fixed the issue with updating Saved Report name that includes slashes
• Fixed the issue for Email subscription on Reports for users with Owner permissions
• Fixed the issue for Email subscription on Reports for users with Auditor Global Role

Release 2.3.202202061116 (February 06, 2022)

Features

• Added support for dynamic port forwarding channel for SSH Proxy tunnel sessions build by native clients with -D option
• Added the option to save folder level Requests report columns, options and filter configuration for quick access
• Added the option to save folder level Job History report columns, options and filter configuration for quick access

Extensions

• Added the column indicating deleted users for exports of the Users report

Security

• Updated WEB Session Manager components to the latest version
• Fixed the issue with decrypted system export available for for system administrators to require full master password for verification

Fixes

• Fixed the issue with incorrect options displaying for Manage button for Personal Vaults
• Fixed the issue with missed filter for saved versions of Job History report
• Fixed the issue with incorrect displaying Manage button for Auditor Global Role
• Fixed the issue with periodic health check report attempting to check the status of HTTP Proxy with HTTP Proxy license disabled
• Fixed the issue with renaming a local group that contains parenthesis with the new valid name
• Fixed the issue with allowing local users and groups to have colon characters in the login names
• Fixed the issue with empty state selector Any on saved reports

Release 2.3.202201301141 (January 30, 2022)

Features

• Added the option to save folder level Sessions report columns, options and filter configuration for quick access
• Added the option to save folder level Session Events report columns, options and filter configuration for quick access
• Added the Express Export option to exclude historical data from the system export to support quick migration

Fixes

• Fixed the issue with incorrect options displaying for Manage button on root folder level
• Fixed the issue with non search-able fields on Tokens page
• Fixed the issue with SQL Proxy JDBC version 21 connectivity to Oracle server version 21

Release 2.3.202201231112 (January 23, 2022)

Features

• Added support for Imprivata ID authentication modality that supports Password and Push MFA for Proxy sessions and MFA required Workflows

Fixes

• Fixed the issue with missed Search Filter for pdf, xlsx or csv exports of MFA report
• Fixed the issue with missed State Filter for pdf, xlsx or csv exports of Job History, Job summary reports
• Fixed the issue with Search Filter on Authentication Tokens Page
• Fixed the issue with occasional failure to perform an action after providing 2nd factor authentication required by configured workflow binding

Release 2.3.202201161118 (January 16, 2022)

Extensions

• Added out of the box system logging configuration for Oracle SQL Proxy to simplify troubleshooting logging when needed
• Added Scope and State filters for Email subscriptions on Sessions and My Sessions Reports
• Updated Copyright year to 2022 in the application installer for Windows
• Updated context help in the managed path configuration for SSO integrations in the application installer for Windows
• Updated Copyright year to 2022 in the login page of the Federated Sign In module
• Updated Apache log4j library in the Federated Sign In module to the latest version for the new deployments. Note that existing deployments could be updated using the previously recommended patch.

Fixes

• Fixed the issue with duplicated report name in downloaded versions of Sessions Report
• Fixed the issue with missed search filter data for several system level reports: Subscriptions (Alerts), Subscriptions (Reports), Tasks, Users, Workflows, Access, Local Group Membership, Discovery Hosts, Tokens , Alerts, Requests as well as customized saved versions of Inventory and Users reports
• Fixed the issue with missed search filter data for several record level reports: Audit log, Jobs History
• Fixed the issue with allowing local users to have underscore characters in the login names
• Fixed the issue with displaying error verbose message in system and audit logs for unsuccessful Web Session connections for Windows deployments
• Fixed the issue with Re-Enable RDP Proxy option to enable Pass-Through access for users logged in using SAML SSO option
• Fixed the issue with incorrect tooltip displayed for scope filter for My Sessions Report
• Fixed the issue with timeframe displaying after Email subscription on Tasks and Local Membership Reports
• Fixed the issue with incorrect Search Query Type selected on the Record List page for users, who changed Initial Query Type preference
• Fixed the issue with missed Status Filter for pdf, xlsx or csv exports of Discovery Hosts reports
• Fixed the issue with incorrect column name Record in Audit Log and Job History reports displaying instead of Record Name
• Fixed the issue with continuous background radius messages sent by the Federated Sign In module to the Imprivata CIDRA server in case the end user not confirming push request. Note that in addition to the module update the following parameter should be updated as well in $HOME/web/conf/catalina.properties file from existing PAP to new CIDRA_PAP value: cas.authn.mfa.radius.server.protocol=CIDRA_PAP

Release 2.3.202201091122 (January 09, 2022)

Features

• Added selectors, filter, folder and record information to reports subscriptions and exports as well as to the email notification with the attached report

Extensions

• Added digital signature to PowerShell installer changed after copyright year update
• Improved session manager load balancing performance

Fixes

• Fixed the issue with calculation formula for Last Month time selector in reports filters
• Fixed the issue with missing columns for Sessions report saved in PDF format
• Fixed the issue with state selector on Job Summary report displaying state id instead of user-friendly label
• Fixed the issue with state selector on Job Summary report displaying default selector value
• Fixed the issue with state filter applicability when generating pdf, xlsx or csv exports of Job Summary report
• Fixed the issue with exceptions when generating Inventory report subscription in certain situations
• Fixed the issue with copyright year and holder for Linux setup license agreement
• Fixed the issue with load balancing session managers that include localhost inside the same proximity group

Release 2.3.20220102110 (January 02, 2022)

Fixes

• Fixed the issue with the ability to approve or reject non-active workflow using email approval process
• Fixed the connection issue to Web Portals with MFA required Workflow without asking the authentication token
• Fixed the issue with login to the application after successful logout in certain configurations deployed with custom branded Federated Sign In module

Release 2.3.202112261102 (December 26, 2021)

Features

• Added the option to save folder level Audit Log report column, options and filter configuration for quick access
• Added the option to transfer files in WEB RDP session using SFTP Server configured on the remote Windows Server authenticating with user and password on record. The option is managed by the record type Choice field SFTP with the potential values Enabled,Disabled

Extensions

• Added a placeholder with INFO level for SSH Proxy log level configuration to the out of the box log configuration file
• Added hidden legacy message to the application health check page to enable backward compatibility with the existing load balancers checking the status of the application. Note that if the load balancer monitor is using page title to detect the health status the new title had been updated to _PAM Health Check Page_

Fixes

• Optimized memory consumption while generating alerts from session events to avoid Out of Memory issues when processing session events that contain large amount of data
• Fixed the issue with the Risk column name matching GUI and exported Sessions reports
• Fixed the issue with log4j library could be reconfigured to enable vulnerable modules
• Fixed the issue with check-box selectors on the Job History report available to Auditors
• Fixed the issue with displaying error message about saving reports
• Fixed the issue with allowing local users to have @ characters in the login names

Release 2.3.202112191110 (December 19, 2021)

Features

• Added the option to save Requests report columns, options and filter configuration for quick access

Security

• Addressed a potential Angular Template injection vulnerability

Fixes

• Fixed message branding on the system health-check page
• Fixed the issue with cross-out columns display on the Reports Subscriptions report
• Fixed the issue with transferring very large (2Gb+) files using scp over SSH Proxy
• Fixed the issue with login to the application after successful logout in certain configurations deployed with new branded Federated Sign In module
• Fixed issue with incorrect number of sessions count on Sessions report
• Fixed the issue with Action button is missing for Auditors in the saved Job History report

Release 2.3.202112121126 (December 12, 2021)

Features

• Added the option to save Job History report columns, options and filter configuration for quick access

Security

• Updated application framework to version 17.0.1
• Fixed the issue with log4v2 vulnerability for new deployments that include Federated Sign-In module

Fixes

• Fixed the issue with the descriptive error message when creating a local user or a local group with special characters in the login name. Added validation to allow only alphanumeric and $, -, (. ), and . characters
• Fixed the issue with details and false positive error reporting of the scheduled tasks password update in the Windows Remote Reset Dependent Services script
• Fixed the issue with the manual software registration
• Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications from RDP Proxy
• Fixed the issue with Management menu area availability for users without global roles accessing not activated system
• Fixed the issue with re-branding of the anonymous link viewer

Release 2.3.202112051108 (December 05, 2021)

Features

• Added the option to save Sessions report columns, options and filter configuration for quick access
• Added the option to save Session Events report columns, options and filter configuration for quick access

Extensions

• Added re-branding for default TOTP, Yubikey, Duo MFA provider names
• Added re-branding for generated self-signed certificate subject name

Security

• Addressed a potential script injection vulnerability

Fixes

• Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications from RDP Proxy
• Fixed the issue with moving (cutting and pasting) an object from search screen
• Fixed the issue with mass moving the objects from search, favorites and archive screen
• Fixed the issue with allowing to move objects linked to multiple folders from search, favorites and archive screens
• Fixed the issue with exporting legacy saved reports
• Fixed the issue with incorrectly located Subscribe to Alerts button on the Shared With Me screen
• Fixed the issue with Management menu area availability for users without global roles accessing not activated system
• Fixed the issue with processing checkbox fields when importing records from CSV file

Release 2.3.202111281108 (November 28, 2021)

Features

• Added Oracle RDBMS server version 21 authentication protocol support for SQL Proxy connections made using native JDBC clients
• Added account management support for F5 BIG-IP network devices including check status as well as direct and shadow password reset script

Extensions

• Added titles to saved versions of Audit Log, Users, Inventory reports

Fixes

• Fixed the issue with columns displaying after Email or Folder subscriptions

Release 2.3.202111211106 (November 21, 2021)

Features

• Added Oracle RDBMS version 10 authentication protocol support for SQL Proxy connections made using native clients

Extensions

• Added support for Microsoft Azure AD MFA for Workflow actions and Proxy authentication including push and OTP support for the deployments configured with UserPrincipalName property for user identification (user@domain.com)
• Added the option to save Audit Log report column, options and filter configuration for quick access

Fixes

• Fixed the issue with Cancel button on New Record Type and Edit record type pages
• Fixed issue with archived objects retention policy scheduled execution to remove all the expired objects once a day

Security

• Fixed the issue with exposing unnecessary details about the software license to regular users through the network traffic

Release 2.3.202111141103 (November 14, 2021)

Extensions

• Added user preference Search Scope enabling the option for the Browser Extension to exclude records found in the other users vaults for system administrators and auditors

Release 2.3.202111071128 (November 07, 2021)

Fixes

• Fixed errors during reports export to Excel format
• Fixed the issue with the option to create a local account with the name of the previously deleted account to avoid confusion with the legacy data associated with the old deleted account
• Fixed the issue with large Add Record, Add Folder and Import buttons available on the empty Favorites and Archived pages
• Fixed the issue with Subscribe, Add to Favorites and Save Search buttons available on the empty Favorites and Archived pages
• Fixed the issue with NATO Alphabet button when accessing the application using Internet Explorer browser

Release 2.3.202110311252 (October 31, 2021)

Features

• Added Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO / SPNEGOEx) authentication support to RDP Proxy connections

Extensions

• Added the option to search Result column in system, folder or record-level Job History report
• Added Non-Owner Personal Vault Unlock message to the Unlock Audit Log event for the events when a user other than the personal vault owner unlocks a record
• Added support for order by clauses to folder level custom reports

Security

• Updated WEB Container to version 9.0.54

Fixes

• Fixed the issue with displaying Push Sent message immediately after the first push request
• Fixed the issue with HTML script in the error pop-up after selecting Automatic Registration with an empty Activation Code field
• Fixed the issue with the default report subscription email template subject duplicating words that come from custom report title
• Added trace level system logging to troubleshoot MS AzureAD MFA OTP notifications
• Optimized performance of AzureAD MFA OTP
• Optimized performance of Matrix export of Inventory report
• Fixed the issue with misspelled error about Unknown user during Proxy connections

Release 2.3.2.3.202110241205 (October, 24)

Features

• Added support for Microsoft Azure AD MFA for Workflow actions and Proxy authentication including push and OTP support

Extensions

• Added Task Execution Policy for After Create events that triggers jobs only when record is created
• Re-branded subject and body of email notifications sent by the PAM server
• Added report title {{report.title}} and timestamp {{now}} placeholders to the default email template for report subscriptions
• Added ${host.short} placeholder to Discovery Query Name Pattern for simple host name without domain qualification

Fixes

• Fixed the issue with updating CSV-based discovery queries
• Fixed the issue with assigning main host record as a shadow for dependent local accounts when auto-importing records after discovery process
• Fixed the issue with changes to the Report email template are not read until service is restarted
• Fixed the issue with report email does not read the Subject value defined in the template
• Fixed the issue with blanket system log message about archiving audit logs with long retention period
• Fixed the issue with extracting referenced records in break glass scenario for multi-volume archives
• Fixed the issue with blanket system message about accessing non-existing console session object
• Fixed occasional issue with auto-importing records from discovery process
• Fixed the issue with internal formatting of Mass Operations Log page

Release 2.3.202110171149 (October 17, 2021)

Features

• Added the option to save Users report column and filter configuration for quick access

Extensions

• Added support to display default port on record on the screen that allows user to select connection parameters when connecting to records with empty host
• Added the option to resolve dynamic credentials ($search:CRITERIA) in the user field when connecting or executing jobs for SSH remote hosts using Private Key authentication (Unix Host with Key and Unix Host with Private Key record types)
• Added tool-tips for Save Report, Refresh, Select Columns, Select ACL, Subscribe, Refresh buttons for Users, Inventory reports.
• Added tool-tip for Refresh button on the Record List page
• Added the option for the auditors to subscribe to system reports
• Added the option to define custom name patterns for records imported from discovery queries
• Submitted re-branded versions of the Browser Extension and Broker Browser Extension into the Chrome, FireFox and Edge WEB stores for approval

Fixes

• Fixed the issue with the form prompting users to overwrite host and credential information during the record connection conflict with the browser auto-complete feature
• Fixed the issue with Orphaned Objects search type in the application search center and the Search REST API
• Fixed the issue with access requester notifications sent about approval or rejection actions of already approved, rejected or completed request
• Fixed the issue with the Custom Page Title not used for Instant Video Playback
• Fixed the issue with default re-branding for WEB application window title
• Fixed the issue with system event logs for authentication key updates should be sent on the DEBUG level

Release 2.3.202110111449 (October 11, 2021)

Fixes

• Fixed the issue with accessing Inventory report using Internet Explorer browser

Release 2.3.202110102227 (October 10, 2021)

Features

• Added the option to save Inventory report column and filter configuration for quick access

Extensions

• Added audit log events for WEB Session connection errors
• Added system parameter xtam.proxy.port.rdp for RDP Proxy port for native clients to connect if different from configured with global parameter when re-mapped using load balancer

Fixes

• Improved system performance when service multiple sessions by changing database lock mechanism to in-memory when updating session heartbeats
• Fixed the issue with simultaneous job execution of different jobs scheduled for the same record
• Fixed issue with deleting referenced archived records by Archives records retention policy
• Fixed the issue with browser field auto-fillers interfere with Discovery Editing form
• Fixed the issue with resolving ${host} placeholder for the user accounts when auto-importing discovered data

Release 2.3.202110032253 (October 3, 2021)

Features

• Added WEB Sessions message banner option for users to acknowledge before starting the session
• Added Archived Objects Retention policy that deletes objects archived before specified number of days

Extensions

• Added the option to adjust database primary key sequence during application startup using system parameter xtam.sequence.adjust
• Updated license expiration and activation message to new branding
• Updated application Windows and PowerShell installers to new branding
• Updated Windows installer to include metadata in the file properties details screen
• Updated Federated Sign-In module to new branding

Fixes

• Fixed the issue with Oracle SQL Proxy connectivity for the uses that changed their passwords in the corresponding user directories
• Fixed the issue with first failed execution of password reset job on Windows record results in the successful last action reporting on the record view screen
• Fixed the issue with simultaneous job execution on the same remote host using different accounts
• Fixed the issue with the audit log message missing the record parent information when deleting records from Archived area
• Fixed the issue with the process that approves access requests by email could potentially block system to send email notifications

Release 2.3.202109262210 (September 26, 2021)

Features

• Added Archive area to display archived records with the option to restore them at the original location, to delete or to bulk delete from the system

Extensions

• Added Password option to custom form field when scheduling interactive jobs
• Added new branding to the WEB Application, Proxies, CLI Utility, Linux and PowerShell Installers
• Added Open Source Attribution Report distributed in a text format in the application folder templates

Fixes

• Fixed the issue with SSH Shell CIDRA MFA prompting Push (1) or OTP (2) methods to authenticate
• Fixed the issue with copy and cut actions on Favorites screen

Release 2.3.202109192223 (September 19, 2021)

Features

• Added Dry Run option when importing objects from CSV, KeePass, PuTTY or Remote Desktop Connection Manager files
• Added the option to spell passwords on the screen using NATO Phonetic Alphabet

Extensions

• Added the option to override Session Manager configuration for SQL Proxy connections for individual records
• Added the option to specify SSL ciphers for the WEB Session Manager listening port using command line or configuration file argument
• Added the option to query specific WEB Session Manager version to confirm the currently deployed build

Fixes

• Fixed the issue with displaying approver name on the TRACE level logging of the approve by email logic
• Fixed the issue with server redirect for Oracle SQL Proxy for the case when tns data comes with redirect packet instead of the data packet
• Fixed the issue when routing traffic through next hop session manager when detecting server version request for Oracle Proxy connections
• Improved detection of approver in the auto-approving process when approvers use Outlook email clients

Release 2.3.202109131006 (September 13, 2021)

Fixes

• Fixed the issue with exec command execution disabled by default if there is no command policy attached affecting such functions as scp

Release 2.3.202109122307 (September 12, 2021)

Features

• Added support for SQL Proxy to connect to end point servers in isolated networks through remote session managers

Extensions

• Added the option to restrict channels available through SSH Proxy connection
• Added PAM CLI function to retrieve database password in exchange to provided master password
• Added the option for system administrators to clear pending alerts and notifications queue as a part of system maintenance for deployments with external backend databases

Fixes

• Fixed the issue with email request approval process failure to process too long reasons for rejection
• Fixed the issue with too short email approval process execution timeout by increasing it from 5 to 50 minutes
• Fixed the issue with certificate bundle deployment during silent installation on Linux platforms
• Fixed the issue with certificate bundle deployment during interactive installation on Windows platforms using PowerShell script
• Fixed the issue with certificate bundle deployment during silent installation on Windows platforms using PowerShell script
• Added the option for system administrators to clear pending session event alerts queue as a part of system maintenance as part of the other notifications reset
• Fixed the issue with SQL Proxy connections to the database scheme with the password expiring soon
• Fixed the issue with the displaying XKCD password complexity formula on the On Demand password reset
• Added debug level system logging to troubleshoot notification process

Release 2.3.202109052240 (September 5, 2021)

Features

• Added Search Center GUI as well as REST API option to use OR criteria in search

Extensions

• Added Audit Log message when user types forbidden command for SSH Proxy sessions with enabled Command Control
• Added extra logging information in the audit log to get more insight into the dynamic credentials resolution
• Improved error processing when using custom XKCD dictionaries
• Improved detection of approver in the auto-approving process when approvers use Lotus email clients
• Added /ctrl-c and /ctrl-d meta-commands to send special sequences to Command Control SSH Proxy sessions
• Added monospace font for displaying and editing unlocked secured fields for better visibility of characters that look alike

Security

• Added requirement to provide the Master Password to perform decrypted system export

Fixes

• Fixed the issue with detecting Approver in the default First-name Last-name (login) template format during auto-approval process using email
• Fixed incorrect displaying of groups instead of users in Principals column ​for extended ACL matrix version of inventory report
• Fixed the issue with enforcing Command Control configuration for SSH PRoxy execute channel

Release 2.3.202108292314 (August 29, 2021)

Features

• Added command filtering support for SSH Proxy sessions established using native clients

Extensions

• Added the option to specify ticket types with mandatory values in the workflow binding configuration
• Added context help for XKCD password generator on the password complexity formula editing screen

Fixes

• Fixed the issue with the colon sign in the file names of the scheduled reports
• Fixed product specific names in the GUI and server side messages as well as in report names, tab and window titles, and minimized left side menu
• Fixed the issue with certain cases of using custom xkcd dictionaries

Release 2.3.202108222254 (August 22, 2021)

Features

• Added integration with Imprivata OneSign® Identity Provider

Extensions

• Added the option to cancel formula editing operation
• Added the option to provide custom dictionary for XKCD password complexity formula
• Added spinning wheel animation during report export operations to indicate the progress

Security

• Updated MS SQL Driver to 9.2.1 for new installations
• Added EnableNonOpenMode command to the command line utility to restrict the redirect URL during authentication to the system using Federated Sign-in component

Fixes

• Fixed the issue with error message wording when validating passwords using XKCD complexity formula
• Fixed the issue with dynamic credentials resolving for pass-through records when connecting through SSH Proxy
• Fixed the issue with applying default formula validation rule to xkcd password validation
• Fixed the issue with on demand password generation respecting task Target Record (self, referenced or shadow) specification when selecting password complexity formula
• Fixed the issue with the blanket error message when converting non-secured IDs to Long-Secure IDs on the record view screen

Release 2.3.202108152240 (August 15, 2021)

Features

• Added XKCD generator option to password formula constructing passwords from several dictionary words separated with the provided delimiter

Extensions

• Added the option to use shadow account to reset passwords for credential reconciliation using AS/400 job execution strategy

Fixes

• Fixed the issue with the session cookie restrictions to support SSO authentication

Release 2.3.202108082228 (August 8, 2021)

Features

• Added the option to search records by record ID
• Added the option to search records by record ID

Extensions

• Added the option for password reset scripts to transfer encoded passwords to the remote computer
• Added password reset scripts for remote windows devices that conceal plain text passwords in the script code
• Added the option to click on record type name or on parent record type name in the record types list to navigate to the record type editing screen
• Added the option to Alt-, Ctrl-, Apple- click on the record type name in the record types list to open record type editing screen in a new window or tab
• Added the option to Alt-, Ctrl- or Apple-click on the record type name on the record view screen to open record type editing screen in a new window or tab
• Added color shading to Inventory Matrix report to indicate rows related to the same object
• Updated WEB Sessions connectivity error message to include the possibility that the account is locked
• Added audit log message about rejecting WEB or SSH Proxy Session connection caused by violation of allowed hosts constraint
• Added host and port information in the system error and audit log message about rejecting WEB or SSH Proxy Session connection caused by violation of allowed hosts constraint
• Added support for RDP Proxy CredSSP version 6 protocol to address the issue with RDP Proxy connectivity when the group policy CredSSP Encryption Oracle Remediation set to Force Update

Security

• Added SameSite attribute for session related cookies
• Added WEB Container SSL/TLS server cipher suite preference enforcement for new deployments

Fixes

• Fixed the issue with users with Unlock or Editor permission able to schedule interactive password reset jobs with user provided or visible password
• Fixed the issue with users bound by Unlock workflow access request able to schedule interactive password reset jobs with user provided or visible password on the password reset form
• Fixed the issue with incorrect label for Time column in Audit Log and Job History Reports
• Fixed the issue with WEB Session connection errors audit logging missed the error message detail for some classes of errors
• Fixed the issue with host name based (as opposed to IP-based for range and mask) enforcement of allowed hosts for SSH Proxy and WEB Sessions
• Fixed the issue with user unfriendly message when granting access without specifying the user on Grant Access form
• Fixed the issue with user unfriendly message when granting access by specifying the user in domain\user format on Grant Access form
• Fixed the issue with exporting Job History report to PDF format when the message data from the report contains unprintable characters
• Fixed the issue with column format of the PDF export of Job History report to accommodate for long values in the selected columns
• Fixed the issue with filtering archived records in the search results
• Fixed the issue with file name of the exported Inventory Matrix report

Release 2.3.202108012233 (August 1, 2021)

Features

• Added Matrix Inventory report to trace permissions grants across multiple objects

Extensions

• Added the option to search Session Events report using record name
• Added the option for access requests enforcing MFA to use encrypted MFA configuration parameters in the external properties file using {cipher} mechanism
• Added Private Key Password global parameter for RDP, SQL, HTTP and Universal proxies for the option to use client-provided key pair instead of the generated one
• Added link to the page in the help system on the Local Groups Membership report screen
• Added Transparent Perimeter settings to maintain the channel using keep alive packages using reserve and forward tunnel settings aliveInterval and aliveCountMax

Security

• Updated simple auxiliary encryption component to the latest version
• Added the option to control XSRF-TOKEN cookie SameSite attribute using system property xtam.api.xsrf-token.samesite=VALUE with VALUE is either none or strict or lax
• Added the option to control XSRF-TOKEN cookie Secure attribute using system property xtam.api.xsrf-token.secure=true
• Updated client side framework components in Federated Sign-In module in new installations (existing deployments require manual update)

Fixes

• Fixed the issue with the Local Group Membership report title
• Fixed the issue with the Universal proxy starting in case the system property is disabled
• Fixed the issue when some services failed to stop on manual application update
• Fixed the issue with Duo Security Push verification when enforcing Access Request MFA
• Fixed the issue with column names in the visibility field of the system and personal Report Subscriptions reports
• Fixed the issue with breadcrumbs path and a title on the Local Groups Membership report screen
• Fixed the issue with access request enforcing MFA for additional Duo Security configurations
• Fixed the issue with Last Rotated column name on the exports of the Inventory report
• Fixed the issue with deleting an object enforcing MFA if configured on the workflow binding
• Fixed the issue with PDF Export from Session Events report formatting when displaying events with long preview
• Fixed the issue with listing user group membership even in case of error accessing some of the groups

Release 2.3.202107261630 (July 26, 2021)

Fixes

• Fixed the issue with WEB RDP connectivity in certain network configurations

Release 2.3.202107252210 (July 25, 2021)

Features

• Added Oracle SQL Proxy to provide zero-trust native client access to Oracle RDBMS
• Added Local Group Membership Report that shows local groups and all members of the groups on global and folder levels
• Added the option to subscribe to generation of the system reports to a shared folder

Extensions

• Added support for custom column selection when exporting and subscribing to the system, folder and record level Sessions and Job History Reports
• Added support for custom column selection when exporting and subscribing to the system and folder level Inventory, Requests and Users Reports
• Added column visibility customization information to Subscriptions (reports) report and My Profile / Subscriptions(reports) pages

Security

• Updated internal scripting engine and MFA detection component to the latest version
• Updated compression component to the latest version
• Updated Google core utility component to the latest version

Fixes

• Fixed the issue with auto-sizing first column on the Excel exports of system reports
• Optimized performance of detection of MFA configuration for a user in case MFA configuration does not include groups references
• Fixed the issue with alerting the user and making an audit event when Instant Video player cannot locate the file to be played
• Added detailed report in the system log about fatal failure of resolving users while processing CAS audits
• Fixed English grammar and spelling issues in the context help balloons across the application GUI
• Fixed the issue with false positive response about some cases of failed password reset using SSH execution strategy by adding the option (xtam.ssh.exec.verify.feedback=true) to verify echo feedback in the verification routine
• Fixed the issue with password reset feedback processing for Cisco Switch 38xx series devices

Release 2.3.202107182259 (July 18, 2021)

Features

• Added the option to mass reschedule selected jobs using Jobs History Report for the repeated execution
• Added the option to cancel or defer periodically scheduled jobs to retain the password of a checked out record

Extensions

• Added support for forwarding both WEB and Native remote session manager traffic through the single Universal Proxy port with the option for client side authentication to remote WEB Session Manager
• Added support for forwarding HTTP Proxy traffic through the single Universal Proxy interface together with RDP and SQL Proxy
• Added support for custom column selection when exporting and subscribing to the system, folder and record level Audit Log report

Security

• Updated database access component to the latest minor version

Fixes

• Fixed the issue with possibility to save a task without script selected causing error condition in a browser screen
• Fixed the issue with default cell formatting of Excel export of system reports
• Fixed the issue with incorrect message in the audit log message about cancelled job
• Optimized performance of re-indexing of the folder hierarchy triggered only when adding new objects of changing parent folders for the existing objects
• Fixed the issue with user picture display on the user profile widget for Active Directory users when integration with the Active Directory is done through the Global Catalogue
• Fixed the issues with spelling and grammar of server side messages
• Fixed the issues with spelling and grammar of client side messages
• Fixed the issue with generating PDF export for the Audit Log report that contains unprintable characters in the message column for some rows
• Fixed the issue with video rendering continually attempting to process the file when it does not exist
• Fixed the issue with handling Restored records in the systems deployed with MySQL back-end database
• Fixed the issue with processing short-sized artificial Secure-ID identifiers
• Fixed the issue with generating PDF export for the Audit Log report that contains unprintable characters in the message column for some rows

Release 2.3.202107112243 (July 11, 2021)

Features

• Added request access option to delete object operations
• Added the option to reference tickets from external ticketing systems for the purpose of ticket tracking when requesting access

Extensions

• Added initially hidden column User to the Inventory report to display a user on record in case the User is defined as a non-secure indexed field
• Added initially hidden column Vault to the Inventory report to display active Vault link where the object is located
• Added support for Spnego backed authentication during RDP client authenticates in RDP proxy
• Added the option to specify default MFA service to use (using system property xtam.cas.mfa.default) in case of failure to detect user or group based MFA service (default is none for bypass)

Fixes

• Fixed the issue with verification state of the successful password reset in AS400 password reset strategy
• Fixed the issue with error message spelling about Unknown user login attempt to RDP Proxy
• Fixed the issue with system logging of HTTP return code from the WEB Rest Service detecting an MFA service to use during user login

Release 2.3.202107042314 (July 4, 2021)

Features

• Added Portuguese Brazil on screen keyboard for WEB sessions
• Added Approvers column to Access Requests report

Extensions

• Added vertical scrolling support for long object drop down menu in the record list, search query type selection and Bulk Actions menu when WEB GUI is run on the small monitors or small browser space
• Added Enabled From, Enabled To, Action and Requested Time columns to the Access Requests report to improve report readability and enable sort option
• Added extended approver information (approval time, approver user directory, approval status, reject reason) as well as Request Time, Action, Enabled From and Enabled To columns to the exported Requests report
• Added multi-line row format for PDF export of Requests report
• Added support for replies from Notes email client when handling Approve by Mail process
• Added global parameter Workflow / Approve by Mail Filter to limit the scope of IMAP folder scanning when searching for emails with request approval or rejection

Fixes

• Fixed the issue with blanket error message in the system log during application startup about WEB Container scanning of selected libraries
• Fixed the issue with Approve by Email message processing logic enabling combining detected parameters from different parts of a multi-part message

Release 2.3.202106272232 (June 27, 2021)

Features

• Added SQL Proxy beta support to communicate with Oracle Real Application Clusters (RAC)
• Added WEB Sessions on-screen keyboards for Danish, Swiss German, English - Great Britain, Japanese, Norwegian, Swedish and Turkish languages
• Adder the option to Alt-, Ctrl-, or Command-click on a record or a folder link to open a screen in a new browser tab or a window

Extensions

• Added text formatting to Excel exports of system reports: bold headers and italic metadata
• Updated on screen keyboard layout list in the WEB Sessions toolbar to display readable names
• Added Window Close Confirmation preference to enable the option to prompt a user before closing an application tab or a window

Security

• Updated the following system components to the latest version: XML, JSON parser and data binding, time scheduler, JSON WEB Tokens JWT generation and management, inter-node communications, PDF export, several utility components

Fixes

• Fixed the issue with the error message about deleting a folder that it used as an import folder in a discovery query
• Fixed the issue with self reset password of Active Directory user in the User Profile screen respecting AD password policies such as password complexity or password history
• Fixed the issue with column name and row flow for the Token column of the PDF export of the Tokens report
• Fixed the issue with missing and incorrectly named columns in the exports of the MFA report
• Fixed the issue with incorrectly named, missing columns and the column order in the exports of the Discovery Hosts and Requests reports
• Fixed the issue with missing folder information in the exports of the Custom report
• Fixed the issue with time restriction displayed on the Workflow Bindings list screen for all selected categories
• Fixed the issue with time restriction label display in the exports of the Workflows Bindings report
• Fixed the issue with double slash in managed path placeholders of the workflow templates preventing navigation from email to the appropriate WEB screen
• Changed the message about the job is deferred to another node to warning when executing the jobs on demand from the job history report
• Fixed the issue with navigating to a folder from Alert Subscription report
• Fixed the issue with navigating to a folder from Report Subscription report
• Fixed the issue with a thread leak during SSH Proxy communications caused by network transport or destination system failure
• Added system logging to troubleshoot threads leak during failed termination of SSH Proxy connections

Release 2.3.202106202233 (June 20, 2021)

Features

• Added support for active link displayed in the records list view for WEB Portal URLs
• Extended permissions of the a request approver to analyze approved recorded sessions
• Added support for Slovenian keyboard

Extensions

• Added the option to configure audio settings for WEB RDP Sessions using record-level field Audio (Choice: Enabled, Disabled)
• Added the option to configure glyph caching for WEB RDP Sessions using record-level field GlyphCaching (Choice: Enabled, Disabled) to improve connection performance when connecting to legacy Windows versions such as Windows Server 2008R2
• Added support for password reset for Unix Host account with SU and the key based primary account on record
• Added the option for the request approver to export or to subscribe to session events report generated for this session
• Added the option for the request approver with no Viewer permissions to start instant session playback for the approved session in My Sessions report
• Added the option for the request approver with no Viewer permissions to subscribe for the scheduled report delivery for the approved requests Sessions report
• Added the option for the request approver with no Viewer permissions to subscribe for the scheduled report delivery for the session events for the approved sessions
• Added Slovenian keyboard layout for WEB RDP sessions (requires WEB Session Manager update)
• Added the option for on-screen Slovenian keyboard in WEB sessions

Security

• Updated versions of client side libraries in the Federated Sign-In module

Fixes

• Fixed the issue with handling permissions granted to local groups with external user directory membership
• Fixed the issue with maintaining HTTP Proxy session following certain types of redirect during authentication
• Fixed the issue with authenticating users in WEB Portals accessed through HTTP Proxy using placeholders that contain special characters
• Fixed the issue with incorrect reporting of successful password reset for failed SSH reset with SU jobs
• Fixed the issue with preserving sufficient part of the error response of the failed SSH password reset strategy in job execution details
• Fixed the issue with double prompt to enter and then to select host from the list of hosts when connecting using native SSH clients through SSH Proxy to a record with Hosts field defining hosts selection list
• Fixed the issue with enforcing file transfer retention policy when failed to delete the transferred file should prevent removing the file transfer event from the database reports
• Fixed the issue with memory leak when recording HTTP Proxy sessions
• Fixed the issue with canceling active jobs in the job queue for the archived records
• Fixed the issue with too fast command restriction control communication with the remote server to accommodate for the slow devices
• Fixed the issue with using default fonts for Excel reports for both Windows and Linux deployments

Release 2.3.202106132252 (June 13, 2021)

Features

• Added the option to export system reports to MS Excel format including support for scheduled report delivery

Fixes

• Fixed the issue with thread leaks during establishing SSH Proxy communications caused by auto-repeated reconnecting
• Added information about SSH Proxy thread count in the performance log to troubleshoot operational characteristics
• Fixed the issue with SSH Proxy handling of the native client screen resize
• Fixed the issue with Granting access to a user bound by an automatic approval workflow
• Fixed the issue with remote PowerShell script execution with WinRM protocol injecting leading white spaces into HTTP headers
• Fixed the issue with RDP Proxy connections using native RDP clients trigger locks in the underlying user directories in case of failed login attempts
• Fixed the issue with database transactions during re-indexing of object hierarchy
• Fixed the issue with anchor links referenced from the right side menus in the help system to build from chapter name to stay permanent even after adding more menu topics to the page

Release 2.3.202106062305 (June 6, 2021)

Features

• Added the option to select destination host from the configured list for SSH Proxy Sessions
• Added the option to restrict destination hosts and networks for WEB and Native SSH connections

Extensions

• Added the option to explicitly specify one of the integrated user directory when assigning roles or permissions to a user
• Added explicit user directory qualification when selecting a users from the user search box

Security

• Added server side enforcement of white listed domains when injecting credentials to WEB Portals accessed through HTTP Proxy

Fixes

• Fixed the issue with detecting a blocked account for accounts that have the same name in different integrated user directories
• Fixed the issue with integrating additional Active Directories using UserPrincipalName field

Release 2.3.202105302246 (May 30, 2021)

Features

• Added PKCS#8 private key format support for WEB and SSH Proxy sessions and to SSH job executor strategy
• Added SSL support for SQL Proxy beta connections

Extensions

• Added Interactive SSH job execution strategy option to execute scripts using account with private key authentication
• Added SQL Proxy beta support to accept SSL connections from native Oracle clients
• Added SQL Proxy beta support to connect to destination Oracle RDBMS end-points using SSL connections
• Added test echo server to the Universal Proxy
• Added system parameter xtam.session.command.preinput.wait to control delay initiating the switch user command during Unix login with switch user
• Optimized performance of establishing SSH Proxy connections
• Added request reason to the session metadata in the caption of the video converted from the session recording

Fixes

• Fixed the issue with SSH Proxy connection in some cases when multiple connections open at the same time from the same client
• Fixed the issue with legacy REST API record/find function limiting search to folder scope
• Fixed the issue with generic localhost reported as the session manager host in the session report for any node in the multi-node high availability deployments
• Fixed the issue with Add Folder and Add Record buttons missing in empty containers for Managers
• Reduced font size of the session recording metadata embedded into subtitles of the converted videos
• Fixed the issue in SQL Proxy beta with connecting to Oracle record using tree-type connection string and service name
• Fixed the issue with case sensitive parameter names for tree-type connection string in SQL Proxy beta
• Fixed the issue with reconnecting to the record with empty host resolved by the user during initial connect when initial connect fails
• Fixed the issue with SSH Proxy connections to the destination servers that only support weak legacy Key Exchange algorithms
• Fixed the issue with audit log event about failed proxy connection using native clients caused by the lack of permissions
• Fixed the issue with Record Type label in the embedded record metadata caption in the converted video recording format

Release 2.3.202105232307 (May 23, 2021)

Features

• Added account-centered connect option for WEB Sessions including whitelisting of destination hosts
• Added the option to include session metadata and events as a Closed Caption stream into MOV or MP4 video recording
• Added Universal Proxy port listener to support RDP and SQL Proxy servers bound to the same port
• Added account management support for Brocade network devices

Extensions

• Added the option for vault and folder Managers to import objects from external files
• Added the option to configure MFA enforcement for task executions from the WEB GUI
• Added the option for system administrators to clear pending alerts and notification as a part of system maintenance
• Optimized performance of establishing SSH Proxy connections
• Added job details note Executed by SSHD driver to differentiate JSCH and SSHD executions in SSH and Interactive SSH strategies
• Added SQL Proxy beta support to connect to load balanced Oracle RDBMS instances
• Added the option to disable periodic Health Check using Health Check Process global parameter

Fixes

• Fixed the issue with user or group search performed by the folder owner when assigning users to workflow binding configuration
• Fixed the issue with cleanup of installation requests in the message queue causing the software to fail during startup because of attempted re-installation of the already missing binary update
• Fixed the issue with SSH Proxy shell connecting to the record excluding archived records from the search
• Fixed the issue with displaying endpoint host information on the WEB session toolbar when connecting to the records with empty of whitelisted hosts
• Fixed the issue with reporting permissions errors about the non-existing objects
• Removed aggregate statistic count about licensed users for the licenses with unlimited users to improve performance of daily summary aggregation for the deployments integrated with large active directories
• Fixed the issue with Interactive SSH job execution using SSHD driver over the high latency networks
• Improved database transaction processing during SSH Proxy session creation
• Fixed the issue with automatic collection of user fingerprint when browsing WEB GUI
• Fixed the issue with updating session recording video rendering script on Linux platforms with correct execute permissions

Release 2.3.202105162243 (May 16, 2021)

Features

• Added the option to embed session metadata and events into AVI, MOV or MP4 video recording
• Added public beta for Oracle SQL Proxy

Extensions

• Added the option to configure resolution and bit rate of AVI, MOV or MP4 video recordings

Fixes

• Fixed the issue with overriding default SSH Proxy session idle timeout for remote native client session managers
• Fixed the issue with SSH Proxy connections to destination end-points with inconsistently configured Hos Key and Key Exchange algorithms
• Fixed the issue with RDP Proxy responses to the clients negotiating several protocol options

Release 2.3.202105092220 (May 9, 2021)

Features

• Added random password generator screen accessible from any part of the WEB application
• Added the option for Yubikey OTP in Duo Security MFA in proxy servers and workflows

Extensions

• Added port to the end point host column on the session report in case the port was overwritten by the user during connection to the record with the empty host
• Added Archive and Restore actions to the record dropdown menu in the record list
• Added the option to pass system user, user and password on record, and session identifier in SSH Proxy as well as in the WEB sessions to the endpoint SSH servers
• Added the option to display Connection field in the Session report to correlate the session with the endpoint auditing data passed through the Prologue mechanism

Fixes

• Fixed the issue with the empty host set to record name when importing records from KeePass
• Fixed the issue with WEB session reconnection for the session with a user overwriting host and port information during initial connect to the records with the empty hosts
• Fixed the issue with non-numeric codes during Duo Security OTP MFA in proxy servers and workflows
• Fixed the issue with the title of Administration / Workflows / Binding page to indicate that the bindings are defined for the root folder
• Fixed the issue with Found a Number of Bindings message on the Administration / Workflows / Binding page screen

Release 2.3.202105022207 (May 2, 2021)

Features

• Added multiple Duo Security MFA providers support for Proxy Sessions
• Added support to exclude archived records from the search result
• Added support for an alternative SSH job execution provider using the extended cryptography framework

Extensions

• Added the option to schedule tasks to execute for referenced and shadow accounts as an alternative to the main account on record
• Added search-able quick selection control to pick a script on the task editing screen
• Added search-able quick selection control to pick a workflow template on the workflow binding editing screen
• Added search-able quick selection control to pick a parent record type on the record type editing screen
• Added support to Extract record information during Break Glass procedure using capitalized Secure-ID
• Added Check Status MS SQL Server script to the out of the box script library
• Added configuration parameters for SSH Proxy client-side keep alive interval and count with the option to disable keep alive mechanism

Security

• Updated cryptography framework to improve TLS v1.3 support
• Added custom error pages for WEB Container errors in new deployments to minimize server information disclosure through the browser

Fixes

• Improved support of RDP Proxy clients attempting to connect with legacy security protocols
• Fixed the issue with triggering After Update job when mass updating records
• Fixed the error message about violating password formula Whitespace rule when generating password on-demand
• Fixed the issue with Discovery auto-import with empty Use Provided Account option imports record with connected account instead
• Fixed the issue with scheduling multiple After-Update tasks after record update
• Fixed the issue with inappropriate log level during user authentication for the Proxy connections
• Optimized performance of displaying record view screen for the system with large number of records
• Optimized performance of displaying task editing screen for the system with large number of records
• Optimized performance of displaying task list screen for the system with large number of records
• Fixed the issue with KeePass import process mapping a KeePass entry with existing User field to Secrets record type instead of WEB Portal one
• Fixed the issue with deleting records that have associated anonymous links
• Fixed the issue with Key Exchange algorithm negotiation when establishing SSH Proxy connection to SSH servers with restricted set of advertised algorithms
• Added special warning message when saving workflow bindings with Duration

Release 2.3.202104252247 (April 25, 2021)

Features

• Added the option to batch extract secret data for multiple records in the Break Glass procedure

Extensions

• Optimized performance of establishing SSH Proxy connections
• Optimized application performance by caching root folder metadata to minimize database queries
• Optimized performance of MFA provider detection during user login to WEB GUI or Proxy servers
• Updated context help for SSH Proxy Ciphers, Key Exchange algorithms and MACs to include currently supported algorithms and the list of disabled but supported weak algorithms
• Added Pass-through Account option when auto-importing records from discovery queries
• Added context help balloon to describe possible options for the User field on the Record Editing screen

Security

• Updated the list of weak ciphers, key exchange algorithms and MACs for initial deployments to exclude these algorithms from SSH Proxy server

Fixes

• Fixed the issue with group name displaying on the Revoke User Permissions results screen
• Fixed the issue with Principal label representing both groups and users displaying on the Revoke User Permissions results screen
• Fixed the issue with non-English characters (extended Latin, Cyrillic) displayed in the Session Events report
• Added trace logging for com.pam.server.sshd package to troubleshoot performance of SSH Proxy connections for deployments with slow backend database
• Improved the error message about password failing Password Formula validation displayed on the On-Demand password reset job scheduling to be more readable
• Added more system logging messages on the trace level to troubleshoot unexpected RDP Proxy authentication mechanisms

Release 2.3.202104182214 (April 18, 2021)

Features

• Added support for additional Ciphers, MACs, Key Exchange and Host Key Algorithms to SSH Proxy
• Added support for PEM/OpenSSH private key format for SSH Proxy and WEB SSH connections as well as for job execution
• Added the option to revoke user global and object permissions, global roles, and local group membership
• Added the option to delegate custom reports execution to folder owners

Extensions

• Added system parameter xtam.updates.proxy for remote node WEB Proxy configuration
• Added the option to show principals deleted from their user directories crossed out in the Reports / Users Report when groups column is selected
• Added Import button to the empty folder screen in addition to Add Folder and Add Record buttons to emphasize the import option
• Added fallback processing for tasks scheduled for record create and update events to handle the case of initial password set for imported records that would otherwise remain without the password
• Optimized performance of folder level reports to take advantage of folder hierarchy index
• Optimized performance of system and folder level Workflow Bindings report for the system with large number of objects

Fixes

• Improved handling of database transactions to make them shorter to reduce a chance of inter-thread lock conflicts in background Alerts generation and Discovery processes
• Fixed the issue with thread and lock object names for the background alert generation process to improve system troubleshooting
• Fixed the issue with the order of alerts generation to reduce the number of inter-thread lock conflicts
• Fixed the issue with number keys displayed as wrong graphical characters on the session events report
• Fixed the issue with non Latin symbols displayed as wrong graphical characters on the session events report
• Fixed the issue with failing Check Status and Password Reset jobs for Unix Hosts with SU with wrong second user password (su: incorrect password)

Release 2.3.202104112142 (April 11, 2021)

Features

• Added full path display when selecting folder for auto-import on Discovery Query editing screen
• Added full path display when selecting Reference Record for Auto-Import on Discovery Query editing screen
• Added full path display when selecting referenced record on the record editing screen
• Added full path display when selecting shadow record on the tasks editing screen

Extensions

• Added REST API option to specify the list of returned properties to limit or to extend the set of returned properties for object access functions
• Added session manager for Oracle Proxy and auto assigned it to Oracle record type to support future SQL Proxy option

Fixes

• Updated the version of video conversion utility in Windows WEB Session Manager package to match options of Linux version

Release 2.3.202104042252 (April 4, 2021)

Features

• Added the option to mass archive and restore records

Extensions

• Added the option to process non-numerical Radius MFA codes during SSH and RDP Proxy connections as well as workflows that require MFA

Fixes

• Fixed the issue with system import processing data that include certain XML escape sequences
• Fixed the issue with running jobs with shadow account for the record with no user
• Added exception handling option to Windows Local Administrators Group Cleanup script
• Fixed the issue with Twilio and AWS STS types and scripts data updates
• Fixed the issue with SMS Push generating failed result for Radius Devices returning Access-Challenge responses even when successfully generating an SMS message
• Moved a blanked error about password decryption from audit log to system error log
• Fixed database transaction issues when scheduling after-approval jobs
• Fixed spelling mistake in Session terminated because the connection to the Session Manager was lost message
• Fixed the issue with possibility to connect using RDP Proxy to archived records
• Fixed the issue with enabling HTTP Proxy in Firefox Broker browser Add-on
• Fixed the issue with errors on the add-on console caused by the TABS access permissions in Firefox browser Add-ons

Release 2.3.202103282220 (March 28, 2021)

Features

• Added support for Smart Card (X.509) authentication (for new deployments or requires Federated Sign-In module update)
• Added support for account management on Solaris OS
• Added support for account management on VMWare ESXi devices
• Added regular expressions and exception processing for Interactive SSH scripts

Extensions

• Added Norwegian keyboard layout for WEB RDP and RDP Proxy sessions (requires WEB Session Manager update)
• Added Switch User option for Interactive SSH scripts
• Added support for regular expressions in Interactive SSH scripts to response on multiple possible prompt options
• Added support for exception processing in Interactive SSH scripts to terminate script execution in response to specified prompts
• Added the option to use custom record and shadow record fields in Interactive SSH scripts
• Added -certbundle CERTBUNDLE parameter in the silent Linux installer to specify location of certificate bundle file for the session manager

Security

• Updated WEB Session Manager to include latest components for Windows, Linux x86 and Linux arm platforms

Fixes

• Fixed the issue with displaying Global Parameters page in Internet Explorer browser
• Fixed the issue with shell code type display for Interactive SSH script execution strategy scripts on the script editing form

Release 2.3.202103212230 (March 21, 2021)

Features

• Added assume role support in AWS STS Temporary key generation
• Added support for HTTPS transport in remote PowerShell script execution

Extensions

• Optimized search performance inside sub-folders
• Added the option to request return properties in REST API list and find functions to optimize performance of integrations
• Added the option to ignore certificate and trusted host check during remote PowerShell script executions using WinRM connections run over HTTPS channel controlled by TrustCertificate and TrustHost checkbox fields on record
• Added licensing enforcement for Advanced Scripting enabled by default for all existing licenses

Fixes

• Fixed the issue with right click on the Windows menu button caused disconnect of RDP WEB Session in Windows deployments of WEB Session Manager
• Fixed the issue with visible global parameters related to disabled RDP Proxy, SSH Proxy, HTTP Proxy modules
• Fixed the issue with Launch SSH Client, Launch RDP Client, Download Remote Desktop File controls in the licenses with disabled RDP Proxy module
• Fixed the issue with displaying old, new, shadow and system passwords in the output of the Interactive SSH password reset strategy for certain scripts
• Fixed the issue with the values in custom folder's fields are not copied in pasted folder
• Fixed the issue with logging specific unsupported RDP protocol during failed RDP Proxy connections
• Fixed the issue with certificate subject name mismatch warning when connecting to LDAPS user directories with wildcard certificate

Release 2.3.202103142258 (March 14, 2021)

Features

• Added custom fields support for vaults and folders

Extensions

• Added Password Reset Remote Netapp Shadow script as an Interactive SSH strategy to manage Netapp account using a shadow record
• Added support to execute check status jobs for the account on record instead of the shadow accounts when using the Interactive SSH job execution strategy.
• Added Tasks menu item to the records drop down menu in the records list to access record task list
• Added licensing enforcement for SSH Proxy enabled by default for all existing licenses
• Added licensing enforcement for RDP Proxy enabled by default for all existing licenses
• Added licensing enforcement for direct use of HTTP Proxy enabled by default for all existing licenses (HTTP Proxy as a second traffic hop continues to work without special license)

Security

• Updated application framework to version 15.0.2
• Updated WEB Container to version 9.0.43

Fixes

• Fixed the issue with the folder search in certain sub-folders
• Improved the logic with handling error results as errors in Interactive SSH job execution strategy
• Fixed the issue with failed Unix password reset processed as successful for accounts with correct but expired passwords on record

Release 2.3.202103072241 (March 7, 2021)

Features

• Added support for escape sequences to Interactive SSH job execution strategy

Extensions

• Added Personal Vault Role option to govern the initial role of the user for the newly provisioned personal vault
• Renamed Interactive SSH job execution strategy to indicate its application for a generic use case
• Added the option to configure multiple Duo Security MFA providers for different users or groups

Fixes

• Fixed the issue with approver action (Approved or Rejected) reported in the audit log about workflow step approval could be confused with the workflow status (Approved, Rejected, Active, Completed)
• Fixed the issue with content search by a not system administrator user sensitivity to user login name capitalization
• Fixed the issue with the quick request approval and rejection forms launched from the request approval notification email forbid the access to the member of the approver group as opposed to the direct approver
• Fixed the issue with displaying groups on the workflow design fields on the quick approval forms
• Fixed the issue with configuration of the second integrated Active Directory server for direct authentication
• Fixed the issue with extra audit log event about zero-step request approval
• Fixed the issue with Active Directory password reset routine for the integrated Domain Controllers through global catalog applicable to both account management and self-password reset functions
• Added the option to automatically depress stuck ALT button in the WEB sessions
• Fixed the issue with not-functional script selection option on the Script Library screen

Release 2.3.202102282307 (February 28, 2021)

Features

• Extended Search Center WEB GUI visual interface to search by several combined criteria
• Added Browser Form Filler plugin option to populate non-credential fields based on the custom record field values
• Added Browser Extension Plugin option to auto-click login button on the authentication form when field PluginAutoSubmit field is present for a record with the name of the Login button control on HTML form

Extensions

• Added support to enforce global and record level Exclusive Session policy for RDP and SSH Proxy
• Added Plugin for HTTP Proxy global parameter for browser extension broker plugin with two modes: Pass Through - Browser Extension Broker Plugin will fill user and password fields from the selected record associated with the open WEB Portal and Zero Trust - Browser Extension Broker Plugin will fill user and password fields from the user and password place-holders for portals configured for HTTP Proxy
• Added PluginForHTTPProxy record level choice field with the options Pass Through or Zero Trust to override global Pass Through value to make form filler to fill user and password fields with place-holders. Note that global value Zero Trust is not override-able to preserve backward compatibility for global option
• Added HTTP Proxy Connect Timeout and HTTP Proxy Idle Connection Timeout global parameters to configure HTTP Proxy timeout behavior
• Added on screen indicator in WEB Sessions when ALT key is pressed
• Added the option to search records using several conditions based on name, description, or indexed fields joined by AND predicate
• Added system properties xtam.session.web.rdp.drive.name and xtam.session.web.rdp.drive.letter to define the indication for the mapped shared drive in WEB RDP session

Fixes

• Fixed the issue with accessing some WEB GUI fonts from the local WEB container
• Fixed the issue with processing AD groups that contain unbalanced parenthesis in the group name
• Fixed the issue with duplicated default cross button in Internet Explorer 10+ browsers in focused not empty search field

Release 2.3.202102212308 (February 21, 2021)

Features

• Added multiple criteria search option based on several combined conditions
• Added integration with OneLogin IdP

Extensions

• Added the option to use capitalized record IDs (ID-CAP) available on Record View and Quick View screens as an alternative to existing IDs to support native clients that capitalize connection parameters
• Added the option to update the logging module to improve integration with external SIEM

Fixes

• Fixed the issue with local group membership detection of external user or group in case of failure to query local user directory
• Fixed the issue with defaulting application protocol to HTTP2 to avoid conflicts with unreliable network connections including connections using VPN transport

Release 2.3.202102150012 (February 15, 2021)

Features

• Added status check and password reset scripts for NetApp devices
• Added status check and password reset scripts for Cisco Nexus devices

Extensions

• Added support for Active Directory servers operating on a non-standard port
• Added the option to change location of intermediate mapped drive file transfer storage for WEB RDP sessions
• Added the option to disable mapped drive initiation during WEB RDP Sessions
• Added the option to override global Exclusive Session configuration on a record or record type level
• Added support to launch remote snap-in controls on the remote RDS server using RemoteApp, RemoteAppArgs and RemoteAppDir fields
• Improved WEB Session connectivity support to RDS Farms through RDP Load Balancer using record level field RDPLoadBalanceInfo with the load balancing information or cookie which should be provided to the connection broker

Fixes

• Added user friendly messages for some errors appearing when changing Active Directory password in user profile
• Fixed the issue with shifted display of text on the request details form
• Fixed the issue with LDAP integration with user directories with cn attribute as a user identifier
• Fixed the issue with displaying requests to certain approvers that could not be found in the underlying user directory
• Fixed the issue with the WEB Session remained active after master node loosing connection with the session manager
• Fixed the issue with description for Exclusive Sessions parameter indicating that it is applicable for WEB sessions

Release 2.3.202102081004 (February 8, 2021)

Fixes

• Fixed the issue with record view and quick view screen displaying records with referenced records for users with Viewer and Editor roles

Release 2.3.202102072302 (February 7, 2021)

Features

• Added the option to display password expiration warning message for Active Directory users
• Added the option to add Virtual TOTP access field to any record for quick access to MFA code
• Added the option to add Virtual SMS access field to any record for quick access to MFA code

Extensions

• Added the option to display ENTER key in the session events report
• Added support to display reference record on the record view screen for record managers
• Added REST API function to update one record field
• Added the option to specify multiple comma-separated host mask patterns in a host based proximity group to combine several groups with the same configuration into a single entry

Fixes

• Improved transaction handling of the operation of mass approval of multiple requests

Release 2.3.202101312309 (January 31, 2021)

Features

• Added the option for Active Directory user to change their own password in Active Directory
• Added support for Delegated Approval workflow

Extensions

• Added the option to specify $user placeholder in the records User field to make the system to use user name as the login of the current user while still using the password on record to connect
• Added support to schedule event-based jobs with already present scheduled periodic job to enable frequent event-driven password reset while scheduling long term periodic password resets at the same time
• Added the option to respect Minimum Password Age defined on the record level field MinPasswordAge by updating the scheduled password reset (but not password set) job date when executing password reset jobs directly without shadow or reconciliation account
• Added digital signature to Remote Applications Launcher Shell executable to improve its compatibility with end-point protection software
• Added {{request.template.type}} and {{request.template.name}} place-holders to the email notifications about request approvals
• Added the option to convert session recordings to MP4 format
• Enabled HTTP2 support for new installations to improve WEB browsing performance and increase the limit of simultaneous WEB Sessions

Fixes

• Fixed the issue with audit log archival process for large number (more than a million) of audit log events
• Fixed the issue with incorrect display of Join and Terminate buttons on workflow details form when changing screen size

Release 2.3.202101242305 (January 24, 2021)

Features

• Added dynamic permission support for request approvers to review, join and terminate sessions of this request
• Added the option to mass request unlock access and report request status by using wildcard at the end of the record name in SSH Proxy Shell

Extensions

• Added global parameter Access / Window Title to customize page title prefix displayed in the browser window
• Added the option to identify a column as record_id in the custom report to make it to navigate to the appropriate record
• Added archival date to Record objects to use in custom reports
• Added the option to specify user name for VNC connections (requires Session Manager published after November, 6 2020)

Security

• Improved security of the REST API function retrieving request instance by limiting the access to object owners, managers, requesters, actual and configured approvers

Fixes

• Fixed the issue with Secured Host or URL value is displaying in the Record List view
• Fixed the issue with old version and signature of Uninstall.exe for PowerShell headless Windows installer
• Fixed the issue with initial data loading into request related sessions report
• Fixed the issue with incorrect error message when starting a session from the record list for a record restricted by bound workflow
• Fixed the issue with incorrect error message when sharing a record from the record list for a record restricted by bound workflow
• Improved failed SSH Proxy Shell request command feedback message to indicate the reason of the failure

Release 2.3.202101172323 (January 17, 2021)

Features

• Added the option to mass request access by using wildcard at the end of the record name in SSH Proxy Shell
• Added the option to filter discovered local accounts during auto-import
• Added support for Unix, Windows and XTAM Groovy scripts to reference values from any record field

Extensions

• Added support for zero-trust authentication to devices using Telnet protocol with non-standard authentication prompts
• Added support for correct completion of SSH proxy sessions caused by termination of intermediate network transport such as VPN disconnection by maintaining network level keep-alive communication between proxy and the client
• Added Password Set Remote Windows script to the Script Library as an example of script to set Windows account password without updating service dependencies
• Added the option for a task to trigger another task for the same record after successful completion

Security

• Improved security of Password Reset Remote SSH using Shadow with Prompt script by removing unnecessary permissions from the temporary generated file

Fixes

• Fixed the issue with RDP Proxy using session event based inactivity timeout replacing it with recently introduced protocol level inactivity timeout. Session events based timeout remains an option for SSH Proxy.
• Fixed the issue with Unix Host with SU record with Use SUDO option using the first account password during WEB or Proxy connections
• Fixed the issue with special characters support in Password Reset Remote SSH using Shadow with Prompt script
• Fixed the issue when native client to RDP Proxy connection closed incorrectly during idle timeout routine
• Fixed the issue with incorrectly applied switch user operations when connecting to Unix Hosts records converted from Unix Host with SU records
• Fixed the issue with updating correct secret field on the record after password or certificate update for records with updated record type that include switch user, reconcile, certificate or private key fields before
• Fixed the issue with misplaced Auto-Import Name Check context help popup balloon on the discovery query editing form
• Fixed spelling error in Discovery Query Type for Accounts context help balloon
• Fixed the issue with the screen bread-crumbs navigation when adding or editing workflow binding
• Fixed the issue with the screen bread-crumbs navigation when selecting new password for the on demand password reset
• Fixed the issue with FAILED trigger in the script schedules another task in case of successful task completion

Release 2.3.202101102317 (January 10, 2021)

Features

• Added inactivity timeout option to automatically terminate idle RDP Proxy sessions
• Added account management option for remote PostgreSQL and MS SQL Server application

Extensions

• Added the option for the record owner to terminate sessions created for this record
• Added the option to aggregate remote PosgreSQL command execution on Unix Hosts with the password reset for database account on record
• Added the option to aggregate remote MS SQL Server command execution on Unix Hosts with the password reset for database account on record
• Added shortcut to Workflow configuration for objects drop-down menu in the records list
• Added audit log messages for events of failed password decryption during Pass-Through access activation

Security

• Added MD5, SHA512 and PGP signatures for application components for users to verify integrity and authenticity of the downloaded binaries

Fixes

• Fixed the issue with losing HTTP Proxy sessions recordings under certain conditions when completing sessions in multi-node deployments
• Fixed the issue with the blanket system log error message when RDP Proxy user disconnects after unsuccessful authentication
• Fixed the issue with the blanket system log error message when opening bulk access request form
• Fixed the issue with Frequently Used request reasons drop down selection displayed on the bulk access request form
• Fixed the issue with issuing access request for the Connect, Execute or Unlock actions a user does not have permissions to using bulk request form
• Fixed the issue with sample REST API access scripts compatibility with PowerShell Core 6+
• Fixed the issue with SSH Proxy keystroke event recordings for unrecognized character
• Fixed the issue with using the password from Re-Enable RDP Proxy storage in case of issues decrypting the user password obtained from the WEB login when resolving pass-through credentials
• Added system logging message about failure to resend packet from server to client in RDP Proxy for troubleshooting purposes
• Fixed the issue with bulk actions available after bulk selection option applied to an empty folder
• Fixed the issue with access request expiration terminating RDP Proxy sessions

Release 2.3.202101032321 (January 3, 2021)

Features

• Added quick password reconciliation option for local shadow accounts on Unix hosts
• Added support for zero trust access to VMWare vSphere through HTTP Proxy

Extensions

• Improved performance of RDP Proxy sessions with recordings for Windows Server 2012+
• Added information about total, free and usable hard drive space in bytes to the Performance section of the Management / About screen for system administrators
• Updated Copyright year for Linux, Windows and Windows PowerShell installer
• Updated Copyright year in the application page footer, About screen, Federated Sign-In Login form, and command line utility

Fixes

• Fixed the issue with RDP Proxy session completion following fatal network errors such as disconnects of VPN or SSH Tunnel used to transport RDP traffic
• Fixed the issue with visual artifacts appearing when rendering Windows Server 2008 RDP Proxy session recording for quick play or convert to video format
• Fixed the issue with cursor rendering for Windows Server 2008 RDP Proxy session recording
• Fixed the issue with HTTP Proxy overwriting requests to set cookie by the upstream WEB Portal during redirect to another page