Secret Server 11.7.000002 Release Notes
Release Date (On-premises): May 15, 2024
This Security Release corrects the encryption key used in identity token generation to prevent third party decryption and modification of the authentication token, with a CVSS score of 7.5, with vector AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L.
This vulnerability was identified internally during our investigation of any earlier vulnerability that was resolved in version 11.7.000001.
Delinea Platform and Secret Server Cloud
Delinea Platform and Secret Server Cloud have been patched and are no longer vulnerable.
Step Upgrade Process
-
A Step Upgrade is required from versions prior to 11.5.2 (11.5.000002) before you can upgrade to 11.7.2 (11.7.000002).
-
The automatic downloads in the product will get the right versions for the step upgrade and then allow the 11.7.000002 upgrade.
-
If offline and using the file upload method, versions prior to 11.5.2 will get an error message saying, "Integrity Check failed - Security Catalog is signed by thumbprint that is not specifically trusted." The remedy is to first upgrade to 11.5.000002 (or 11.5.000003) and then upgrade to 11.7.000002.
For instructions on upgrading in general, go to Upgrading Secret Server