Secret Server: 10.9.000002 Release Notes
September 22, 2020
The system requirements last changed with version 10.7.000000. See Secret Server Release Notes 10.7.000000 for details.
Upgrade Notes
Delinea encourages all customers to upgrade at the earliest opportunity.
Security
Security update to resolve a SQL injection vulnerability that an authenticated administrative user could exploit to achieve remote code execution on the Secret Server host system.
Common Vulnerability Scoring System (CVSS) v3.1 score: 8.0 (High).
CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Secret Server Cloud has been updated to include this security fix.
New Features and Enhancements
None
Bug Fixes
The following bug fixes apply to non-cloud Secret Server only. Secret Server Cloud has not been updated to include these fixes.
- Fix to Discovery rules to correctly handle OUs with bracketed names.
- Secret names in reports are now links to the corresponding secret.
- Logout from Secret Server no longer sends the
Clear-Site-Dataheader, which could previously log users out of unrelated Web applications. - SSH connections via SSH proxy now close correctly.
- Fixed an SSH proxy connection timeout when connecting via a distributed engine.
