Secret Server Release Notes 9.x
Release Notes 9.1.000001
Release Date: 10/13/2016
Enhancements
- It is required to upgrade to 9.1.000001 before Secret Server will upgrade to 10.0.000000
- Added installer enhancements to support the 10.0.000000 release. Release Notes 9.1.000000 Release Date: 7/13/2016 Enhancements
-
REST API
- REST based web services API for managing Secrets, Users, and Groups.
- For more information see the REST API Guide on the Secret Server documents page
-
Web Password Filler
- A new Chrome extension for website logins is available, for more info see this KB article.
- NOTE: After upgrade, Chrome users will be prompted automatically to install this extension. Firefox and Internet Explorer users will continue to use the existing add on or bookmarklet.
-
Site per OU in Discovery
- Assign an Engine Site at the OU level in Discovery
- Set a different Secret per OU in Discovery
- Added option to set owners on user accounts to delegate account management
- Added support for SCP through the SSH proxy
- Added additional options to the Secret Expiration event subscription
- Disabled dependencies are hidden by default on the Secret Dependency page
- Added additional option for windows password changers to help handle multiple IP addresses in DNS for a single machine
- Editing a password field on a Secret with password changing enabled now gives the user a dismissable prompt to help prevent mistaken password edits
- Domain user accounts can now be marked as Application Accounts for integrated auth web service access only
Bug Fixes
- ConnectWise integration now uses the API rather than database table integration. See this KB for information on setting up API access to ConnectWise.
- Fixed issue where multiple syslog destinations using the FQDN did not work
- Fixed issue where a user viewing a Secret after a password change within the Secret View interval after their last Secret View did not result in an audit.
- Fixed issue where Oracle error ORA-12170 was treated as heartbeat failed rather than unable to connect.
- System log truncation notification email goes to users with Administer System Log permission rather than Administer Configuration
- Fixed issue where commas in group names were not parsed correctly on AD Sync
- Fixed issue with AD sync when a group had more than 1500 members
- Fixed issue with AD sync when the OU has asterisks in the name
- Fixed issue where Session launchers did not trim spaces from username and machine fields
- Fixed syslog error when the event details exceeded 4000 characters
- Performance updates for the Recents Secrets widget and Secret Load when there are a large number of audit records on a Secret
- Check In web service method now respects the Force Checkin role permission.
- Fixed access denied message when doing a bulk operation for convert secret template without the view deleted secrets role permission
- Fixed potential licensing error when running the PowerShell password changer
- Fixed issue where setting AutoChange schedule through Secret Policy would not use UTC
- Added support for HMAC-SHA2-256 and HMAC-SHA-512 ciphers for SSH Heartbeat and Password Changing
- Fixed issue with SSH dependencies on Cisco devices where the setenv command was not available
- Added additional information to the Subscription Dependency failure email to include machine name and dependency name that failed
- Added additional logging for Heartbeat and Password Change monitors Mobile Updates
- The Delinea PAM Android app has been republished. Existing Android users will need to uninstall and re-install to get the new version.
Release Notes 9.0.000000
Release Date: 4/13/2016
Enhancements
-
Mac Session Launcher
- RDP, SSH, and Custom Launchers are now supported with the new Mac OS X protocol handler.
- For more information see this KB.
-
Geo Replication
- MS SQL Replication is now supported as an additional add on module. Contact your account rep if you are interested.
-
UNIX Privilege Manager
- Administrators can configure SSH command menus to limit what users can do with root and other privileged credentials.
- Requires a separate add on, contact your account rep if you are interested.
- Remember Me is now available for 2 factor.
- New option for SSH launchers to specify a Connect As Secret to make the initial connection before switching to the current Secret's user for cases when accounts are denied SSH login.
- Dependencies and Secret Audit are now copied to the new Secret when converting Secrets.
- The Tree View on Dashboard and Discovery Network View is now collapsible.
-
Windows Discovery now finds:
- If an account is Local Administrator
- If an account is in the Local Administrators Group
- Password last set date
- Password expiration date
- Password expiration status
Bug Fixes
- Fixed issue where domain FQDN wasn't populated during Active Directory Sync.
- Fixed issue with syncing an Active Directory Group with more than 1,500 members.
- Fixed issue where SSH proxy wouldn't restart after web server failover.
- Fixed issue where searching wouldn't work on Secret name's starting with ":"
- Fixed issue where selecting an approval user or group could cause an error on Secret Policy creation.
- Added optional remember me setting for two factor authentication.
Security Fixes
- The version of PuTTY shipped with Secret Server has been updated to version 0.67 to include the latest security fixes. For more information please refer to the PuTTY change log.