Secret Server Cloud Change Log

Overview

This topic contains an unedited log of changes written by developers. The intent is to quickly provide information, not polished prose. The log is a release notes supplement for a technical audience, not a replacement for the release notes.

The line-item numbers are for internal tracking. They provide a unique reference when talking to Delinea support.

Saturday, September 9, 2023

Bug Fixes (5)

506005 - AD Privilege Password changer now has Remote Password Change timeout minutes Advanced Setting.
524698 - Added query parameter for PipelineId to pass back when viewing specific pipeline activity
526057 - (Distributd Engine) Fixed a logging issue with Dependency changes being skipped due to conditions.
527952 - Generate Key endpoint generate ECDSA keys by default, can also generate RSA keys
529306 - Creating a User SSH Key in Platform downloads the private key with a proper filename

Improvements (5)

473089 - Improvement: Cipher Suite Configuration now allows configuration of allowed Host Key Algorithms.
478103 - Secrets that are set to change password on check in now have the Change Password Now button available for administering secrets while checked out.
519602 - Syslog/CEF logging enhanced to capture more detailed metadata for secrets.
526475 - Fixed an issue where Discovery Scanners could not be removed until the associated secrets had been edited.
526512 - Remote Password Changing: Check for DNS Mismatch now visible and functional in Cloud

Friday, September 1, 2023

Bug Fixes (4)

510839 - When a Secret is assigned to a site the user does not have access to due to Teams restriction they will see the word "Restricted" instead of "Site Name (Inactive)"
511114 - Mitigated issue in large bulk secret actions
512891 - Added Secret Field validation on the Template level to ensure users cannot create a "Secret Name" field on a template
526465 - Minimum Heartbeat interval reduced from 15 to 5 minutes.

Improvements (4)

522229 - The text for page title, breadcrumbs, and navigation for Secret Server Reporting have been updated in Platform to match.
525037 - Added configuration setting to determine which secret permission is required to change Remote Password Changing settings on a Secret. Owner or Edit
527137 - EventTime token is available in pipeline scripts. $EventTime - event date and time of the event ("yyyy'-'MM'-'dd'T'HH':'mm':'ss")
527616 - The preview chips for Multifactor on Secrets have been removed.

Wednesday, August 23, 2023

Bug Fixes (2)

524517 - API calls to /v[1/2]/secrets/{id} now update the Recents secrets data source.
524600 - When viewing Event Pipeline Activity details, selecting an Activity Detail record from the grid now displays the selected Activity's details.

Improvements (2)

519356 - Disaster Recovery Add-On Licensing handling added
523728 - Added more instructions regarding Disaster Recovery's data storage path configuration setting.

Thursday, August 17, 2023

Bug Fixes (17)

506528 - Distributed Engine 8.4.12: Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling
448978 - Setting custom expiration dates in all timezones now works correctly
484027 - Upgrade dependency to address potential security issue
501977 - Secrets with text field based URL lists are now searchable.
504992 - When Platform integration is active the integration page will now have a button to reset mappings from Delinea Platform.
506528 - Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling
509498 - Fix for a large number of SSH terminal connection history records causing timeouts
514320 - Fixed bug where Secrets aren't synced with DevOps in cloud with when triggered by pipelines.
518187 - Fixed a UI issue with the launcher popup window showing an option the user didn't have permission for.
522776 - Fixed a DSV sync issue for secret with file type fields and no file set.
522835 - Fixed localization issue on folder Metadata page.
523344 - The Secrets Quick Access link when collapsed now targets the correct destination.
523547 - The Platform Opt In modal styling has been adjusted to no longer display with scroll bars.
523727 - MFA on Secrets: Secret Check-in now resets view access for no pass through.
523755 - Fixed Sorting issue for Checkout User Id and Checkout User
524254 - Secret Share and Folder Permissions: Show disabled edit button until filters are loaded since split button does not yet support disabled.
524727 - Fixed an issue with ODBC password changing that broke postgres and mySQL changing.

Improvements (10)

509462 - User tooltips in both Secret Server and Delinea Platform now highlight the Platform Integration Types.
518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.
519981 - Live viewing has been added to the new session monitoring
521364 - Updated the Vault Settings and Vault User Detail Tabs with some UI changes
521430 - Converted the creation of a Password Changer when Create Password Changer is selected from the Password Changers list in Remote Password Changing.
521612 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId
521806 - Terminate, limit to 5 minutes, and message only have been added to live viewing in the new session monitoring
522040 - The heading for Vault within Platform User Management details has been updated to read its value from within Platform.
522953 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId
523270 - Added Search Groups column to Discovery Network View

Tuesday, August 1, 2023

The 7/13 release was rolled back, so this listing is very similar.

Bug Fixes (16)

442349 - Pause times for ODBC Remote Password Changers are now adhered to. Before the pause times were ignored. If you feel your RPC's are running slowly, check the pause times and remove them if they are not needed for the RPC action.
474452 - Improved performance of Secret Search for customers with large numbers of Secrets.
484351 - Fixed issue with custom launchers through proxy set to only record keystrokes.
509989 - When creating a new send to syslog task you no longer get a default schedule. Most of the templates didn't create a schedule, now they're all consistent.
511127 - Fixed hidden days until deletion field when enabling deletion in the retention schedule. Added localization to error when trying to submit days less than or equal to the archive retention value.
512860 - Fixed passwords being uneditable if RPC is set to use a Privileged Secret to which the user has no access to. Restored explanatory banner.
514750 - Fixed issue in discovery where computer scans were sometimes throwing string truncation exceptions.
517836 - The Secrets grid now updates displayed data and selected columns simultaneously.
519229 - Quick access filters now both apply when updated.
519639 - Knowledge base links within Platform Vault now link to their intended location.
520031 - Corrected edge case that could result in a session view audit being placed on the incorrect Secret.
520248 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
520764 - If a secret is inactivated after initially viewing the secret, a user that cannot view inactive secrets will no longer get an error from secret heartbeat.
520851 - Clicking cancel when editing folder permissions will clear any active filters.
521200 - Corrected token caching for Platform tokens to expire properly.
521236 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Improvements (34)

510542 - The Secret Dependency Changers editor has been converted to the new UI.
510543 - Dependency Templates are now available in the new UI.
510545 - Session playback player UI has been updated.
514162 - Updated process for populating a forthcoming computer-centric view.
518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.
518568 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
518953 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
519355 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
519357 - Secret template fields table has been updated and has an improved drag and drop experience.
519358 - Secret panel is more mobile friendly.
519874 - The Security Audit Log page has been converted to the latest UI.
519978 - A doughnut chart showing different Operating Systems in discovery has been added to the Analysis tab of discovery.
520011 - The new UI Discovery Rules page now shows the correct Secret Template name.
520013 - Secret policy now links to the policy on the secret general tab.
520070 - A loading indicator now shows when opening the discovery add scanner dialog.
520073 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
520353 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
520626 - A preview chip has been added to Multifactor Authentication on Secrets and it's supporting configuration pages.
520758 - A new field "Full Name" has been added to the discovery network view to give a more detailed version of the item's name
520760 - Default columns have been added per Item Type in the discovery network view.
520866 - Dependency Tokens are now available on the dependency edit screen.
521182 - REST API documentation has links to individual services that load quickly.
521322 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
521630 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
521964 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
522078 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
522079 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
522081 - Default columns have been added per Item Type in the discovery network view.
522105 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
522111 - Secret template fields table has been updated and has an improved drag and drop experience.
522113 - Dependency Templates are now available in the new UI.
522582 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
522616 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
522621 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Thursday, July 13, 2023

Bug Fixes (15)

481511 - Updated data type to support frequent users of session recording that was crashing the encoding process.
509187 - Connect As Credentials on Secret works better with SSH Keys for su user switching
510165 - Session monitoring search now supports searching by a single secret.
512474 - The "Synchronization Running" message for DR will now only appear if there is a recorded start time for DR in the past and a finish time that is in the future.
513459 - Default values for Secret Fields such as port will now be replicated for Disaster Recovery.
513591 - A user with only direct access to a report and the "browse reports" role permission can now add that report to the dashboard.
515243 - The breadcrumbs within the RPC administration pages have been standardized. The links within Platform Vault Configuration Overview no longer cause the page to reload.
515295 - Report column preferences will be saved and applied when viewing a report.
519056 - Improved error logging and efficiency for calls coming from Delinea Platform.
518679 - DE (8.4.10.0) Fix for the service crashing and being disconnected with RDP proxy over SSH
509498 - Fix for a large number of SSH terminal connection history records causing timeouts
517923 - Fix for editing Session Connector Custom Launcher Port
518197 - Fix for creating a new Session Connector launcher not showing all possible child launcher types in New UI
518324 - Fix for being unbale to save edits to a Custom Launcher in New UI
519013 - Fix for users without view launcher passwords permission being able to view the password

Improvements (21)

453791 - Report number columns will now export as a number
482322 - New reports will only show the first 11 columns by default. All columns can be selected afterwards from the column selector.
489681 - Data replication will now create personal folders for replicated users in cases where the replica blocks or does not allow personal folders to be replicated. This is only if personal folders are enabled on the replica.
510536 - The Password Requirement Audit has been converted to the new UI.
510545 - Session playback player UI has been updated.
510554 - The Launcher Audits page has been migrated to the new UI.
512888 - Updated the group role assignment UI.
513079 - Group membership assignment UI updated.
513109 - Group role assignment UI updated.
514272 - Session recording search now uses updated filter pattern
514282 - The built-in "Everyone" group was renamed "All Vault Users."
514437 - Enhanced new Discovery Area to include some additional fields and added logic for the error chip being displayed
514638 - Added a Copy button for Data Source URL on Disaster Recovery - Outgoing Setup Steps modal.
514666 - New Vault User Details in the Platform overview for Users tab. It requires a Vault to be successfully connected and configured for the details to appear, otherwise the section does not appear.
518070 - Added banners to various Roles/Permissions pages in Secret Server Cloud and Platform with links to help navigate between the two
518125 - Fixed an issue where the folder permissions tab would load slowly with large numbers of users.
518513 - Updated group membership management pages to use new design patterns.
518671 - Analysis tab of Discovery no longer includes disabled Discovery Sources in managed/unmanaged counts.
519028 - View Log was hidden for Directory Accounts since there's no computer associated to show the log of.
519091 - Added Application from tbAuditSecret to session search results model and session model.
519165 - When discovery is running the network view performance would timeout depending on sql locks. This should no longer happen.

Monday June 26, 2023

Bug Fixes (13)

446766 - Launching secrets with URL List and session recording enabled no longer shows a "Bad Request" message
510442 - Fixed an issue with Pinned Folder getting "Folder not Found" error
513591 - A user with only direct access to a report and the browse reports role permission can add that report to the dashboard.
513634 - CSS overflow issue resolved showing launchers on general tab
513847 - Updated the German localization for "Password Should Exclude"
514542 - Recently viewed Secrets are now tracked within Platform. Configuration settings are now refreshed via navigation within Vault in Platform.
514748 - Disaster Recovery Date Replication will now sync all SecretFieldLauncher items each time instead of just the updated ones.
501683 - Fix for Arithmetic Overflow Error for Expired Secrets when Template Expiration Days set to 999999999
508413 - Secret Server Pro - Fix for being unable to export an AzureAD Account
508414 - Secret Server Pro - Fix for Network view preview showing a licensing error
509204 - Update links in SS Security Hardening Report
226156 - Fixed being unable to RPC Service Dependency 'MSCRMSandboxService' from Microsoft Dynamics 365 Server v9
512371 - DR: Fix Launcher Error on Replicated Secrets

Improvements (14)

510294 - Platform Integration Configuration now has additional validations for Login URL.
511289 - Initial analysis tab added to discovery
511600 - Updated the text and product descriptions used during Platform Opt In experience.
512234 - Enhanced the User Audit Report to also exclude manually changed passwords.
512404 - A refresh button was added to the network view in order to refresh the data without having to refresh the entire page and lose the selected filtering.
512534 - Implemented Select All for Discovery Network View
512747 - Folder permission assignment UI updated
512888 - Group role assignment UI updated
512989 - There have been 2 columns added to the Secret Grid, Checked Out User Id and Checked Out User, to show who has the secret checked out if the secret has check out enabled.
513079 - Group membership assignment UI updated
513109 - Group role assignment UI updated
513527 - RPC heartbeat logs combined into a tabbed view with run buttons
513955 - Discovery analysis now links to a filtered network view.
514052 - Discovery scanner validation now indicates that a scanner requires information without having to click edit.

Saturday, June 3, 2023

Bug Fixes (15)

412112 - Corrected error that could occur when converting a Secret from a Secret Template with a file field to a Secret Template without one.
436208 - Fixed an issue where a secret template could be saved without RPC mappings configured.
461327 - Improvement: The PowerShell script timeout no longer defaults to 90 seconds. Instead, it now uses the value from the Event Pipelines Maximum Script Run Time (Minutes) setting in advanced configuration.
477807 - Fixed an issue where the API endpoint api/v1/secrets/{id}/fields/{slug}/ logged an audit that the password was displayed when the actual password was not returned to the user due to hide launcher password be
ing enabled.
484847 - Fixed an issue where the SubscriptionName condition for a notification rule would display the event subscription ID instead. It now correctly uses the name when the user has the appropriate roles to list the
subscriptions.
486876 - Fixed conditions that prevented users from being removed from a group due to the system incorrectly identifying that they would be unable to complete the same operation.
501435 - Corrected unique key constraint error for categorized lists that could occur very rarely.
502290 - Improvement: Added validation messages to password requirement rules for when password requirements are too complex to reliably generate a password.
503010 - Fixed an issue where all event subscriptions did not fire for secrets in subfolders of the target folder.
506363 - Fixed an issue with negative numbers exporting incorrectly when exporting a CSV.
508013 - Fixed an issue with secret search producing SQL errors for customers with a lot of secret templates.
509838 - IBM password tooltip background color adjusted
510446 - Fixed an issue where links on the Session Monitoring page while in grid mode would not correctly link to Secret Server Cloud with authentication.
511141 - Fixed an issue to improve Platform integration user sync if duplicate usernames were already in Secret Server.
511779 - Event notifications now show "Event Time" which is the time at which the event occurred.

Improvements (13)

501153 - Improvement: Introduced a new Launch Secret role permission, which is needed to use launchers. This permission is automatically granted to roles with the View Secret permission, which previously controlled t
his behaviour.
508756 - Improvement: There is now a pending RPC screen and a timer that checks you back in, blocking seeing secret info indefinitely.
508758 - Improvement: Users can no longer access secrets that have failed processing a password change. Instead, they are shown a message stating the change failed.
508759 - Improvement: We now allow a secret owner with the Force Check In role permission when checking in to take ownership of a checkout session that is currently in a failed password change state. The existing checkout is ended, and a new checkout is created for the owner.
509354 - Removes External Mappings to other identity providers when the user has PII removed for that user.
509527 - Fixed issues with user and group syncing between Secret Server Cloud and Platform.
510401 - Improvement: Added a Managed field to the Discovery Network view to show when a discovery item is managed.
510684 - Fixed usability on specific UI areas for a better user experience.
510773 - Improvement: Discovery service accounts detail page now shows services that run as the directory account as well as the computers on which that service runs
510792 - Improvement: Added a Quick Access link to see all Secrets you currently have checked out.
510819 - Improvement: The new folder icon in the secret panel no longer shows if the user does not have the Administer Folders role permission.
511645 - Improvement: Added integration support for Platform users matching local SS users that do not have an @ in their name. If platform user is username@local or username@tenantname then the username portion will
be used to match local users on the SS side.
511851 - Updated Createuser.aspx to redirect to the new user management.

Tuesday, May 23, 2023

Bug Fixes (3)

477780 - Fixed issue where LDAP sync via Distributed Engine would not work when the base DN was different from DC.
479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
510446 - Links on the Session Monitoring page while in grid mode now correctly link to Secret Server Cloud with authentication.

Improvements (4)

509527 - Improvements to user and group syncing between Secret Server Cloud and Platform.
510089 - Under Secrets > Admin > Platform Integration and then the Logs tab, there is now more detailed information for why a specific user could not access Vault (Secret Server Cloud). Common Cases:
- DuplicateUserMappedToDifferentProviderName - this user was initially setup to a different Platform source, the URL changed, or potentially a different userid (Provider Key) indicating the original use was deleted.
- MaxLicensedUsersException - Vault has reached the number of licensed users so additional cannot be added.
510684 - Fixed usability on specific UI areas for better user experience.
510819 - The new folder icon in the secret panel no longer shows if the user does not have the "Administer Folders" role permission.

Friday, May 12, 2023

Bug Fixes (7)

502104 - The Platform opt-in modal now populates the platform region dropdown list when navigating between steps via the step headers.
504867 - Fixed an issue where DR email alerts were not being sent out.
508479 - The CSS Styles for the Platform Opt In Modal have been adjusted to align with Angular15.
509400 - SecretItemValueTransitionHistory.aspx has been removed and replaced with an API endpoint .
510008 - Extended fields are properly exported to csv.
508507 - Fixed an issue with Secret Template name validation message not being shown.
509974 - Fixed an issue with new Platform trials not creating Personal Folders in Secret Server.

Improvements (5)

508760 - Within the details of the Syslog message, there will be a Username field with the value of the mapped username for the launcher.
508761 - Within the details of the Syslog message, there will be a Host field with the value of the mapped host for the launcher.
509475 - RPC heartbeat and password change log are now full screen instead of a dialog.
509947 - Passphrase can be configured as required for user public SSH keys.
508853 - Secret Server/Platform: Distributed Engines no longer need Directory Services enabled to perform Discovery.

Saturday, May 6, 2023

Bug Fixes (20)

446416 - Fixed an issue where an HSM could not be disabled.
461669 - Newly added columns to most grids will now default to 80px width
462179 - Updated the advanced session recording agent version label on the agent issues page to correctly state that it is the minimum required version, not the current version.
465660 - Fixed issue with the password compliance report updating very slowly or not refreshing after either a template or direct PasswordRequirement password field change.
470505 - Fixed issue with Session Connector where if switching windows, keystrokes can be missing from the session monitor.
481850 - Fixed an issue where OpenLDAP directory services group-search filter was not working.
490213 - Secret template names are now required to be unique.
490565 - Fixed an issue where trying to use autoCheckout and secretPath in the API could result in the call failing.
491424 - Addressed an issue where "additional" email addresses on an Event Subscription were sometimes not respected.
491675 - Fixed an issue where event pipeline email notifications were not sent if the email task had an email template selected.
501129 - A bug was fixed where certain advanced syslog options could not be saved unless the server or port was changed as well.
501142 - Fixed a bug where the Secret Name was not triggering a Viewed Edit audit.
501226 - Fixed a bug where the Event Pipeline Send Email Task was not getting the correct email template. Removed the notification rule requirement and fix the issue where the activity would not complete after a Send Email Task.
501227 - Fixed an issue where the pipeline activity status stopped updating after the "Send to Email" task
503652 - Fixed replication to allow duplicate names to be replicated individually during disaster recovery. Groups with the same name will still be consolidated during replication when they share values for AD Guid, IsPersonal, IsPlatform, and DomainId.
504130 - Fixed an issue where Secret PasswordComplianceCode was not updated after password field/PasswordReq change.
504453 - Permissions for root personal folder for Everyone group are replicated as part of Disaster Recovery.
504867 - Fixed an issue where DR email alerts were not being sent out.
505028 - RDPProxy.MillisecondsToWaitCleanup is now correctly localized.
509144 - Fixed links to various areas within Secret Server from Platform.

Improvements (5)

489422 - Addressed an issue where Thales Luna HSM deprecated CKM_RSA_PKCS in their newer firmwares.
491192 - Added a knowledge base link for Platform Regions as part of the Platform Optin Experience
491757 - Added a setting on the Platform Integration page that allows the "Platform Login" option on the login page to be hidden.
502767 - Updated the Disaster Recovery log summary to more accurately display status numbers.
502936 - Updated Disaster Recovery to transmit all file attachments when no folder filters are applied.
504529 - Disaster Recovery replication summary now shows the duration.
505934 - Angular asset files now cache bust, preventing out-of-date files from running against newer back end code following an upgrade.
506255 - Modified text that displays during provisioning to more clearly indicate customers should start with their Platform login.
507903 - This fix prevents the ProtoDeletedFoldersProvider from running on initial replication.
508509 - Password changer list page is now used and legacy page removed.
508645 - Grid alignment and row spacing is now more consistent.

Wednesday, April 19, 2023

Bug Fixes (6)

471317 - When searching you should be able to find all items under your current levels. However when looking at a level you only see that level.
482250 - Bulk move to folder now disables on submit.
503198 - CSS issue fixed for browse all folders text wrapping.
505054 - Addressed an issue where activating an Engine and assigning it to a new Site in the same step could result in an error.
503285 - Get Folders API call once again returns all decedents. To retrieve direct children only, use the new LimitToDirectDescendents parameter.
504385 - Unable to Check the Templates in Allowable Folder Templates Modal

Improvements (5)

503363 - Upgrade to Angular 15
487132 - Unlimited admin page in configuration preview now has a link to open the unlimited admin audit.
491967 - Filter for discovery rule in network view functionality
502829 - Standardize login failure messages for various types of login attempts.
503925 - Configuration Items Appeared Twice in the new Configuration Preview

Friday, April 14, 2023

Bug Fixes (8)

479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
490228 - Data Retention under PII will no longer remove monitored recordings or user audits that are related to monitored recordings. Data Retention under Database Size Management will still remove monitored recordings and related user audit records.
502913 - The "Send Test Email" button can now function in read only mode.
488581 - SSH Proxy 'Tunnel RDP Connections' Degradation fix
501346 - Powershell Dependency Changer Arguments were not being passed into the script
503396 - The Preserve Client SSH Process should appear for process custom launchers
503714 - Show friendly error message launching a secret With Jumpbox Route with RDP that it is missing a SSH launcher
504491 - Bulk Action Applied to all Secrets when Select All is Checked but Template or Folder Filter is Applied.

Improvements (4)

500822 - An Advanced Configuration setting was added (default 3 hours) so that a long-running DR process will detect the configured amount of elapsed time and end the DR process, forcing the end user to run it again manually
486971 - Web Password Filler needs the ability to retrieve secrets filtered by templates that have a URL field or URL List field
491208 - If Platform is enabled, give an extra user license for the Platform admin user, and if disable don't count native platform users against the license count.
503650 - Give hybrid status to Platform CloudAdmin

Wednesday, April 5, 2023

Bug Fixes (10)

474639 - When accessing certain URLs, the system presents a default error page instead of a more technical error.
477322 - In the secret policy, the SSH command section no longer features table header controls for download and full screen.
479424 - The secret audit grid date displays in the selected timezone when the server time differs from the client time.
480832 - The secret session search date now appears in the selected timezone in both the grid and card, and the grid includes a timezone picker when relevant.
481175 - When editing secret template fields of the file type, the drop-down options no longer appear.
486679 - Pressing the Alt button by the CM link changes the "Create new Secret" page.
501098 - The Test Syslog button is located in the Configuration Preview.
502594 - If more than 1,000 folders are accessed and UAM is enabled, the folder tree will not disappear.
502670 - Creating a new onboarding rule no longer requires a Client SDK IP address. The "Details" field has been renamed to "Allowed IP Ranges."
503520 - The secret search in the grid now utilizes the v2 endpoint for template filtering.

Tuesday, March 28, 2023

Bug Fixes (1)

502132 - Left nav max folders default limit increased to 1,000. Setting dialog added to set the user preferred limit, folder browser now loads 100 records at a time on scroll instead of just 30.

Friday, March 24, 2023

Bug Fixes (19)

442059 - The column folderName is now bound to the secret grid instead of folderId as this allows folderName to be the value that is downloaded instead of folderId.
470930 - Discovery logs will now export more than 250 records
471679 - Logging into Terminal with an Azure Active Directory account using SSH Key Integration is now possible. AAD logins to Terminal via password cannot be done.
486557 - Addressed an issue with Disaster Recovery replication where replicated Custom Launchers would not be visible on their associated Secrets.
489896 - Bulk actions now disable the submit button to prevent multiple clicks
490686 - Handled Issue when replicating data for Disaster Recovery where pre-existing users on the Replica that do not exist on the Source could lose their Everyone group membership.
490974 - A link to the public SSH keys was added, when enabled, on both the user preference page and the administration tools section
491921 - Fixed issue where Secret field data over a certain length may be rejected by the database upon replication.
495567 - Fix several buttons in the new Configuration Preview
500538 - Optimizations to displaying large numbers of Folders
501141 - Expanded the User Setting size to resolve issue for some customers with lots of columns for a grid.
501322 - Data retention page background color fixed
485440 - DR Fix for Role to Group replication
485550 - Fix to allow Heartbeats even if the Secret has Checkout enabled
500545 - DR Fix for Password Requirement Character Set replication
501144 - Fix for database error when saving User Preferences

Improvements (4)

488666 - Discovery import added to new network viewer
491970 - Discovery rules and dependencies grid can now be filtered by discovery source. Rule grid now also has discovery source available as a column.
500816 - Allow Read-Only mode to be enabled in Cloud on the Disaster Recovery Configuration page.
501316 - Local Admin column added to new Discovery network view

Friday, March 17, 2023

Bug Fixes (13)

418329 - Discovery specific OUs now returns results when the page is initially loaded.
475003 - License server activation grid updated to resolve layout clipping issues.
478852 - Lookup Folders (api/v1/folders/lookup), and Search Folders (api/v1/folders) will not return only direct children when searching by parent ID. They will not longer return grandchildren.
478994 - Enabling heartbeat for the first time on a secret template will no longer subtract 1 minute the first time.
489232 - The secret search API now returns the folder path on the secret. Secret grid download now includes folder path on all records accordingly.
489480 - Fixed an issue with folder name collisions in Disaster Recovery synchronization.
491763 - The secret checkout page now specifies a page title.
500237 - MEK Rotation: support rotating Azure Active Directory domain Client Secrets.
482308 - All Secrets View Column Preference Once Saved Doesn't Stay After Page is refreshed.
488759 - DR: Intermittent Transaction Has Aborted Errors When Replicating Large Amount of Secrets with Custom Date.
490031 - Terminate launcher session from Platform is causing a 403.
490554 - X-AspNetMvc-Version header discloses .NET version.
500289 - Platform lint build error - Argument of type MonoTypeOperatorFunction

Improvements (8)

489755 - The password changers list / grid has been updated to the latest design.
490562 - Converted list options ss-grid to thy-grid. Allows for resizing of columns
492078 - The secret detail page now includes a button to copy the current url to the clipboard with rich text including the secret id and secret name.
484033 - Upgrade System.Linq.Dynamic
489754 - Convert CustomLauncherView.aspx to angular
491586 - Remove report aspx pages
492049 - Remove unused legacy code (folders, doublelock, ip address)
492116 - Remove redirects to dashboard.aspx on login

Tuesday, March 14, 2023

Bug Fixes (3)

490188 - Platform + SS + WPF launcher fix.
491879 - Secret Log length UI validation fix.
492041 - Initial Platform user should have full admin access in Secret Server.

Friday, March 10, 2023

Bug Fixes (21)

442402 - Folder permission now correctly shows "None" in secret role drop down when in edit mode.
447460 - After changing field properties on a secret template the UI cache is cleared to allow selectable columns in grids to be updated without requiring a browser refresh.
448752 - This bug occurred when there was a secret policy on a secret and it was converted or duplicated. Both the policy and the copy or convert template would try to apply secret settings for launchers multiple times which resulted in a UX constraint violation. The settings code constraint issue was resolved with bug 448486.This also helps usability with clarifying the new secret name on converting a single secret template.
448975 - An audit entry is made for the user that enabled maintenance mode during an upgrade (on prem only).
460309 - console diagnostics log level label made more clear to help indicate that it is the level of logging and not a filter for the grid.
466521 - Configuration Retention setting section description added
475215 - Secret dependency API variable name changed from id to secretDependencyId to help clarify which parameter is needed.
477458 - Deleting folders will now also indicate that subfolders will be removed as well.
480833 - The duration field on session monitoring now shows as a friendly time duration instead of just total seconds.
482562 - FOLDERPATH parameter now works with report schedules and running a report
484093 - Directory services icon alignment corrected and loader properly displays now.
484677 - The heartbeat status colors for pending are now more distinguishable on the dashboard overview doughnut chart.
485232 - Edit inbox rule condition dialog title now says "Edit Condition" instead of "Add Condition"
486497 - The password is cleared on secret export if the dialog is opened subsequent times.
487156 - Saving event subscriptions without making any changes no longer clears all events defined.
487290 - When there are more than 30 subfolders the expand row chevron will now show and load the subfolders 100 at a time. There is also a "Load More" and a "Load All" button
488530 - The report SQL editor no longer has options to download or configure columns on the report as it is not supported in that mode.
489226 - The most used secrets grid on dashboard overview now downloads the folder path instead of the folder id.
489896 - Bulk actions now disable the submit button to prevent multiple clicks
490388 - Creating and updating password requirement now requires unique names for password requirements.
490568 - The secret details view would show empty in some browsers after a checkout or approval and would require the user to click the tab to see the details. This would happen when the browser did not detect the route change from /secret to /secrets.

Improvements (4)

480100 - Save buttons are no longer disabled when a form is invalid. Clicking the button will show and trigger form validation messages now.
482897 - Color palette updated to improve accessibility and brand.
484891 - Launcher icons updated on secret general and inline secrets.
488666 - Discovery import added to new network viewer.

Friday, March 3, 2023

Bug Fixes (8)

469860 - Event subscription publishes the event for when a user is enabled or disabled.
478837 - The endpoint that returned the report name, description, category, and other details is now protected by dual control. The actual report data was always protected.
487523 - Clicking cancel when sorting event pipelines in a policy now exits sort mode
488612 - Disaster Recovery data replication errors caused by out of sync encryption keys are now automatically resolved properly.
489427 - version.xml is no longer available via HTTP to avoid exposing the version of the application.
489477 - Resolved an issue with Disaster Recovery folder synchronization selection. Personal folders can now be selected for either allow or block lists.
489766 - User audit is obfuscating properly after grid was updated.
490244 - Fixed older character sets that failed to replicate when running Disaster Recovery

Improvements (8)

468023 - Refactoring handling of Secret ACLs in Disaster Recovery to be more efficient and less error-prone.
468837 - Cloud diagnostic logging will now correlate the Datadog telemetry trace for easier support troubleshooting.
472665 - DR: Secret Items from the Source are combined with ones from the replica when they have matching SecretIDs and SecretFieldIds
482898 - Added option to duplicate a discovery scanner
486793 - Secret panel is now always open when on any Secret section page
487334 - Secret configuration audit converted to standard grid
488665 - Unlimited admin chip will show on aspx pages when it is enabled
489530 - SDK Client Management pages have been converted
486751 - Platform Opt-in Region Improvements
487261 - Add menuId to every thy-context-button to assist with automation testing
488523 - Show more helpful error message creating a discovery source name that already exists
489734 - Fix for Secret Export of a specific folder not exporting child folder secrets if selected.

Friday, February 24, 2023

Bug Fixes (5)

418167 - A purge of inactive sessions longer than 3 minutes was occurring when the Sessions Monitoring page was displayed. It did not take into account the SSH proxy timeout. The page now obeys the timeouts.
434346 - Changed Export Secrets to become an Async Job. The export now kicks off a job and polls until the job is complete. User should wait for job to complete before navigating away from the page. This mitigates the issue with timeouts.
482044 - Updated Secret object to treat CheckOutTime as a nullable value so that DR can handle it properly and prevent checkout consumer errors after DR.
488594 - Corrected issue where certain accounts would not show correctly in the new network view.
488772 - Addressed issue where the Secret grid's total count would incorrectly include subfolders when searching.

Improvements (1)

1488801 - Converted user audit to the standard grid component.

Friday, February 17, 2023

Bug Fixes (4)

482255 - Added documentation in a tooltip to point users to audit on Proxy page
484939 - Inline row added to secret dependency log dialog to expand
480944 - "Automatic Sudo or Su Privilege Elevation" was fixed to work with Solaris
486982 - Fixed an issue with New UI Configuration option searching

Improvements (3)

Discovery converted to New UI
487097 - A new checkbox is added which enables requiring all users who log in through Platform to have used Platform's multi factor authentication when logging in.
430883 - Disaster Recovery: Replica cannot be a higher version than Primary

Saturday, February 11, 2023

Bug Fixes (11)

422242 - Fixed an issue with excessive CPU usage for RDPWin.exe. We no longer track or record processes using WMI. Instead, we use native Windows calls, reducing the CPU usage of the Windows WMI Provider. However, if "Run as secret credentials" is used, we still use the WMI process tracking.
468584 - Fixed an issue where manual backup did not work in maintenance mode.
477382 - Added a layer of backwards compatibility so that releases to the cloud ahead of installed updates will not break.
478174 - The maximum allowable default checkout time is now 365 days (previously 9999 days).
478490 - Bulk changing permissions no longer checks for permissions on the first server selected. If the user lacks access to any secret that was selected, they receive an error message upon completion of the bulk change.
483400 - The add permission button, when editing role permissions, no longer gets clipped off screen.
483522 - Resolved a situation where, after an upgrade, the page would give an error 500 and require an iisreset to continue.
483909 - Buttons now correctly align on configuration pages in the platform.
483912 - Any error present in the sync log coming back from an AAD sync is treated as no action regarding disabling groups.
484059 - The default layout for the admin page is by category.
484288 - Added a check to ensure that the user calling the affected endpoint has access to the secretId being passed in.
486488 - Improved performance impact of retrieving custom SSH algorithms in Discovery.

Improvements (8)

436107 - Added endpoints for Update Password Type Auth, Get Password Type Auth, and Create Password Type Auth. These allow you to create and update records for the command arguments on RPC command set up.
477562 - CEF Timestamp format added to Configuration > Application. This sets the format of the timestamps at the beginning of syslog messages. The Syslog format is the default for updates, while the ISO format is selected for new installs. The syslog implementation might format the timestamp in Syslog format regardless of the format of the header sent over the wire. You can confirm this by running a trace on the syslog port.
482856 - Updated the Discovery scanner secret search filter settings selection UI.
483107 - Updated the process for updating credentials on a Discovery scanner UI.
483864 - Display a banner message informing the user that engines with a specific version range are unable to auto-update.
484670 - Adjusted the Opt In Flow to calculate the value for Platform region based on Secret Server Cloud's top-level domain.
484842 - The "Generate API Token" option on the user preferences page now correctly audits that a token was generated.
486287 - Updated the REST API documentation.

Friday, January 20, 2023

Bug Fixes (7)

464914 - Bulk edit share now has a "None" permission, which will allow removing permissions.
465303 - Updated logging around Azure AD Sync to make it clearer when the sync stops due to configured groups missing in Azure AD.
466186 - A configuration option to disable the SMB heartbeat fallback check was added.
466323 - Folder permissions once again can no longer be saved if there is no user or group with Secret Owner permission.
468425 - Failing Syslog/SIEM messages do not respect updated Syslog Server configuration.
477833 - Addressed an issue with the SearchSecretsByFieldValue SOAP API function that caused it to return a 500 error.
480672 - Heartbeat status by day shows incorrect values.
481005 - Corrected logic that allowed password requirement consumer to bypass non-replicated Secrets.
481676 - OIDC Platform Connection Fails for previously imported users after domain change.
482041 - Platform 2 - Customers with samaccountname username in Secret Server do not get linked to Platform UPN-based user.
482064 - Adjusted the logic related to generating the platform URL to account for a trailing forward slash.

Improvements (3)

432222 - Distributed Engine Sites now have an Enable FIPS setting on a per-site basis.
467244 - Publish Audit Data from Event Subscriptions to the Platform Audit Service.
478600 - Add an option to sort the admin menu alphabetically.
481388 - Adjusted the Auto Pilot Test gate to have the agent clear the workspace folder prior to each run.

Friday, January 13, 2023

Bug Fixes (2)

481152 - Repeating Opt-in on for an SS instance causes connections from Platform to SS to permanently break for that instance.
481335 - RAS Launcher is not showing in grid for secret expand.

Improvements (1)

478709 - Added an alternative splash screen on the All Secrets page within platform/vault targeting the cloudadmin user. Triggering a Platform instance provisioning via the Opt-In flow will now create a corresponding audit log entry.

Monday, January 9, 2023

Bug Fixes (2)

472793 - Added in logic to split larger Secret Item Values back into ItemValue and ItemValue2 fields on save to database.
475160 - Now setting domain id of replicated duplicate user to null domain so it can be reassigned with found domain later during replication.

Improvements (5)

478703 - Text copy for Opt-In provisioning step has been adjusted.
478706 - Text copy for the first step of Platform Opt-In flow has been adjusted.
478707 - Text copy for step two and three of the Opt-In flow was updated.
478708 - Platform Admin Username has been added as a copyable field on the Opt-In success modal.
480814 - The logic to determine the Platform login url has been adjusted to account for both url patterns.

Tuesday, January 3, 2023

Bug Fixes (1)

480099 - Fixed an issue where OIDC logins would display "Session Expired" when AllowRememberMe was enabled and the user was configured with 2FA.

Improvements (0)

Friday, December 30, 2022

Bug Fixes (5)

472820 - Session recordings which are invalid due to no data will be recorded as an error to prevent failure upon playback.
476779 - Prevent 500 errors when calling healthcheck.aspx for instances that are scheduled for deletion in cloud.
476929 - User permissions on replica instances will no longer be removed erroneously when data replication runs.
478168 - Improve mapping logic between Platform and Secret Server so that unique emails are no longer required.
478497 - Addressed assembly load error in Azure AD processing.

Improvements (1)

478458 - Adjusted the opt-in button to display the text NEW! and its tooltip to display Experience the next generation of Secret Server.

Friday, December 16, 2022

Bug Fixes (3)

447140 - Mitigated a possible error in SSH Proxy command processing
475159 - Created an update to more efficiently handle bulk deletion within DR replication.
476818 - Fixed an issue with editing a file in single-edit dialogs.

Improvements (7)

466705 - We now include character sets in DR replication.
467244 - We now support publishing audit data to the audit service when enabled.
475117 - Improved users logging into Secret Server through Platform—the Platform settings for MFA are now used and Secret Server MFA settings are ignored.
476799 - Corrected the capitalization of "Active Directory" in the opt-in flow.
477383 - The secret audit and general log windows now use an updated preview panel component. This allows for keyboard navigation to switch records in the grid.
477846 - We now optionally support a SSH key without a passphrase in bulk change passwords.

Thursday, December 8, 2022

Bug Fixes (7)

435312 - Updated discovery to handle messages coming back without the stdout marker
474320 - Local-site advanced settings can now be edited while distributed engine is off.
474429 - Corrected situation that could cause a null reference error when resolving the FQDN.
474819 - Resolved an issue within the Secret Folder navigation panel on Platform where clicking "Add Folder" would result in an error.
474820 - Resolved an issue in the Secret Folder navigation panel where changing to the "All Secrets" pin did not update the selected pin name.
475131 - Corrected confusing error message related to SMTP servers when creating event subscriptions.
475301 - Addressed issue where saving a specific folder permission could return "Invalid Request"

Improvements (6)

163844 - Increased the max length of SecretNameShort.
418207 - Updated the new UI to allow new generated SSH keys with a blank passphrase to match legacy UI functionality.
471343 - We now automatically back up the key management configuration file when saving a new key management configuration
473076 - Site Connectors are now configurable per site in Secret Server Cloud, however you can't configure a site connector if it already has 250 sites in cloud.
475958 - New configuration setting "Allow Files without Extension" has been added to the configuration preview.
476777 - Legacy UI disabled the weekend of December 10th 2022.