Secret Server Cloud Change Log

Overview

This topic contains an unedited log of changes written by developers. The intent is to quickly provide information, not polished prose. The log is a release notes supplement for a technical audience, not a replacement for the release notes.

The line-item numbers are for internal tracking. They provide a unique reference when talking to Delinea support.

Friday, May 3, 2024

New Engine Version: 8.4.31 (optional upgrade)

568618 - Corrected issue where the issued Azure Service Bus token would expire after one week and not refresh.

Bug Fixes (15)

504819 - Handling secrets that fail heartbeat/password changes when using a powershell script and the MaxShellsPerUser exception is thrown For heartbeat: Added a new heartbeat status called "NeedsImmediateRetry" to
bypass the secret template retry interval.For Password Change: The retry attempts are not increased after fail.
508175 - Added same site attribute to cookies defined in card. Same Site attribute value set to lax
560213 - Significantly improved the performance of Secret Search when using Secret fields that are exposed for display.
561240 - Deleting computers from discovery network view now shows confirm delete dialog before continuing.
566118 - Removing fields from discovery scan templates no longer throws disableField error
566561 - Corrected key utilization within SOAP and REST api token generation.
567532 - Corrected some easy move edge cases and display issues.
567597 - Toggling favorite secret no longer triggers a grid refresh
567598 - Corrected the loader display when filtering a grid.
567715 - Corrected display issues where certain links that are only relevant for on-premises could display in Cloud.
568130 - Fixed an issue with Distributed Engines using the Amqp response bus in cloud that could lose connectivity after a SSC upgrade
568265 - Corrected typo on the Secret Server prompt message.
568333 - Updated data view height when using summary templates.
568618 - Corrected issue where the issued Azure Service Bus token would expire after one week and not refresh.
568907 - Error dialog showing when adding a dependency with associated secrets now doesn't show.

Improvements (8)

551238 - updated cipher grids to use components
556271 - Converted Secret import to the new UI.
557243 - Updated the Secret request page to show the Secret Name.
567012 - Updated custom SSH cipher suite button text.
567895 - Contact instructions for security issues are now available at ./well-known/Security as specified in RFC9116
568176 - Updated user interface logo labels.
568476 - SS user admin and role links are now on the top level all settings under the SS category header.
568583 - Added the cloud subscriptions link back into the site map.

Saturday, April 20, 2024

New Engine Version: 8.4.30 (optional upgrade)

463689 - Updated uninstaller to preserve the web-proxy.config file.
487237 - Updated Secure Blackbox to latest version. Secure Blackbox FIPS support updated into documentation.
543815 - Fixed an issue were a command would fail to enter vi or vim mode and would allow blocked commands. Also fixed an issue where using su before vi or vim would fail and would allow blocked commands.
554526 - Fixed issue when Distributed Engine is testing for windows capabilities.
406897 - Replaced deprecated packages for Azure Service Bus to new packages recommended by Microsoft.
547004 - SSH functionality through Secure Blackbox updated to address Terrapin
556432 - Updated Engine module loading to avoid a missing file causing an Engine to be unable to upgrade.
558092 - Upgraded Azure Service Bus Libraries

Bug Fixes (8)

487237 - Updated Secure Blackbox to latest version. Secure Blackbox FIPS support updated into documentation.
543815 - Fixed an issue were a command would fail to enter vi or vim mode and would allow blocked commands. Also fixed an issue where using su before vi or vim would fail and would allow blocked commands.
561354 - Fixed issue where the backup now button would disable and never re-enable.
562590 - Re-added the Secret export/import links to the All Settings Category view.
562698 - Removed unnecessary dividers between fields on the Secret Templates Launcher Mapping page.
563342 - Addressed issue where viewing Discovery sites with removed scanners would cause an error.
564162 - Addressed issue where searching for a quotation mark could cause an error.
566051 - Addressed issue where launching a Secret from the new Search experience would launch the first Secret from the results returned, not the clicked Secret.

Improvements (6)

547004 - SSH functionality through Secure Blackbox updated to address Terrapin
548094 - Created a password changer for Microsoft Azure/Entra ID accounts (including those with MFA enabled), so the passwords for these accounts can be rotated.
549242 - Changed casing from title casing to sentence casing.
555234 - Improved processing of user update messages.
558536 - Updated role assignment mechanism during migration.
563850 - Removed the word General from various settings labels.

Friday, April 12, 2024

Bug Fixes (1)

566422 - Corrected a critical security vulnerability in the SOAP webservice.

Friday, April 5, 2024

New Engine Version: 8.4.27 (optional upgrade)

561183 - Updated Password Changers library structure and flow to better support upcoming SaaS changers.

Bug Fixes (7)

475852 - Fixed an issue with adding discovery sources that match the domain of a current Secret and was unmatched in the Domain Name Index table.
535627 - Increased back end performance of EventQueue processing when there are a large number of inbox rules.
540958 - Only users who own a secret can view the TOTP backup codes now. Before it was only the TOTP keys that were hidden.
551472 - The OpenIdConnect flow has been adjusted to validate the redirection URI.
557935 - Addressed some issues that could cause incorrect group/user interactions between Secret Server and Platform.
558080 - Fixed issue where ticket number would not be present in SIEM logging.
562496 - Resolved policy validation issue if using a $itemvariable.variablename in Schedule Pipeline minutes.

Improvements (2)

560171 - Addressed an issue that could cause duplicate cached permission records.
562675 - Changed RPC label to "Remote Password Changing"

Wednesday, March 27, 2024

Bug Fixes (14)

512823 - Fixed issue with SecureCRT failing to connect to Terminal with Public Key and 2FA on.
528161 - The endpoint `/api/v1/secret-access-requests` has been adjusted to be more performant.
541496 - Going to Platform Groups and removing (disabling) a group, then searching Platform and re-adding that group will no longer make a duplicate and will instead enable the existing group. Additionally, Platform group synchronization will ignore all disabled groups when making membership changes.
542478 - Improved redirect validation.
542584 - (Security) Resource Key used in UserMessage.aspx redirect lookup is now sanitized to prevent xpath injection
547621 - Prevented an edge case that could rarely result in an infinite loop when processing a Secret Template field encryption state change.
548478 - If a group has been imported from Platform from an AD source, and then added into Directory Synchronization as an AD group, it will re-use that Platform group rather than create a new group.
552455 - When a syslog server is configured to use a DE and is having connection issues, it can trigger a restart of the DE interrupting proxy sessions. Now, the syslog circuit breaker will not trigger a restart of the DE.
554105 - Addressed issue where the launcher icon could show when launchers are not allowed.
557457 - Fix to cover some edge vaultbroker service account issues
557889 - Improved the handling of duplicate platform permissions and added a delta to clean up existing duplicates.
557985 - Fixed Start Date and Queue Date on the pipeline activity when viewing individual runs.
558034 - Reduced frequency of pre-audit validation errors.
558045 - Addressed an issue where in some circumstances RDP proxy keystrokes would not appear in the session recording viewer.

Improvements (3)

550148 - Improved performance of Secret Search when searching within the context of a folder.
554970 - Added configurable IP source - this allows the Secret Server admin to determine whether the IP address that Secret Server attributes to the request comes from the X-Forwarded-For header or from the externally visible IP Address that contacts the WAF.
562403 - Addressed a timing edge case where Platform Service accounts could be created as Hybrid instead of Native.

Friday, March 22, 2024

New Engine Version: 8.4.26 (optional upgrade)

512823 - Fixed issue with SecureCRT failing to connect to Terminal with Public Key and 2FA on.
545742 - DE Unhandled exception that disconnected all SSH Proxy users fixed.

Thursday, February 29, 2024

Bug Fixes (1)

552009 - Addressed back-end error when publishing audits to the Audit service.

Friday, February 23, 2024

Bug Fixes (4)

461433 - WPF allows launching to a freeform user input url.

503569 - Custom Proxied Launchers can now be mapped to Secret's list fields which behaves as an allow list restriction. Only allowed without the launchers Additional Field enabled. Only one list field can be used in

the mapping.

524551 - Max consecutive Character rules for passwords now work and are enforced as expected in the password field

548343 - Resolved Pre-checkout creating an extra pipeline policy activity entry that stayed in pending. .

Improvements (2)

550162 - Improved granularity of error handling when processing data as part of resilient Secrets.

551651 - Secret Template fields can now be passed-in as arguments to Ticket System scripts.

Friday, February 16, 2024

Bug Fixes (4)

521462 - Addressed issue where the group members page was incorrectly showing a maximum of 59 users.
550168 - Adjusted the Secret Checkout page to handle a case where users checking out a Secret with a failed Remote Password Change would potentially see a loading icon indefinitely.
552914 - Updated Secret Permissions API to handle an edge case which could cause a null record to be incorrectly returned when the userid filter parameter was specified.
554053 - Addressed an issue where terminating all sessions except the current session would log the user out and report an error.

Improvements (2)

539602 - Added support for near-real-time processing of Platform user and group updates in Secret Server.
554408 - Updated user profile and Secret Server to Angular 17.

Saturday, February 10, 2024

New Engine Version: 8.4.23 (optional upgrade)

504819 - Handling secrets that fail heartbeat/password changes when using a powershell script and the MaxShellsPerUser exception is thrown For heartbeat: Added an new heartbeat status called "NeedsImmediateRetry" to bypass the secret template retry interval.For Password Change: The retry attempts are not increased after fail

Bug Fixes (4)

533967 - Enhancement: Added new optional parameter "nobus=true" to the healthcheck endpoint. This allows a faster response in situations where no lookup of the bus status is required.
543260 - Addressed an issue where discovery rules would not correctly display the selected secret template or password type.
549906 - Updated the Secret Import to handle a trailing whitespace in the folder path to prevent bug where created the child folder at the root level.
550776 - Fixed issue with QuantumLock Assign Users grid not displaying correctly after editing then cancelling.

Improvements (3)

DoubleLock is now QuantumLock - see full release notes for details.

548346 - Enhancement: The schedule pipeline task in event pipeline policies now supports using a variable for the schedule delay input.
548348 - Added a new setting to Ticket System Configuration to avoid prompting for a comment when "Comment not required" is configured.
549699 - Platform users can now use step-up MFA to validate their identity when resetting QuantumLock passwords.

Friday, January 26, 2024

New Engine Version: 8.4.22 (optional upgrade)

534582 - Discovery port scanner will now abort if elapsed time expires prior to windows TCP handshake. Discovery port scanner will now also log a helpful message if the windows TCP stack aborts due to reaching the windows internal max syn retry count.

Bug Fixes (3)

534582 - Discovery port scanner will now abort if elapsed time expires prior to windows TCP handshake. Discovery port scanner will now also log a helpful message if the windows TCP stack aborts due to reaching the windows internal max syn retry count.
545912 - Folder audit download now shows correct title.
548299 - Extended timeout for some indexing steps for customers with over one million secrets.

Improvements (2)

544948 - Add Note to Audit when System Disables a Secret Server User

Friday, January 19, 2024

Bug Fixes (14)

478003 - A new option has been added to the Distributed Engine page for configuring `Pending Engines` that allows a pending engine to be assigned to a site without activation.
502594 - Fixed an issue where the folder tree disappeared when there were more than 1,000 folders accessed and UAM was enabled.
532265 - Fixed display issue for Secret edit modal on Discovery scope page.
545234 - Fixed bug where changing the Client ID does not update unless the Client Secret is updated as well.
546047 - Password Compliance Validation job has been adjusted to process more secrets on each run.
547110 - Fixed UI issue that could occur when using RAS with an on-premises Secret Server and using the left nav drawer.
547626 - Fixed issue which caused folder permissions to not to update under specific circumstances.
547884 - Improved exception logging for certain scenarios related to launching.
548169 - Corrected an issue where enabled labels were not always shown next to State checkboxes in edit mode.
548265 - Fixed an issue that could cause the host name to not be passed correctly when launching RAS from Inventory view in Platform.
548952 - Discovery splash image margin corrected.
549159 - Corrected an issue where searching for a Secret name using a substring within a single word would not always return results.
549167 - Dashboard overview tab is selected by default again.
549245 - Corrected an issue where the new folder button would be incorrectly hidden in certain situations when displayed from Platform.

Improvements (5)

408565 - On-prem HSM pages converted to the new UI framework.
535382 - Updated files as required
542401 - Updated the ticket system detail page to the modern UI framework.
546998 - Added Computer Scan Results tab to Discovery.
548480 - The "Enable Audit Integration" on the Platform Configuration page can now be turned on

Wednesday, January 10, 2024

Bug Fixes (7)

495563 - Addressed an issue where enabling RPC on a template through the API could impair the template's functionality.
528038 - Fixed visual bug on Secret Templates, the password type dropdown will no longer appear as "None" if a password type has been set.
529368 - Queries executed in the Chart and SQL Editor for Custom Reports will now take the Use Database Paging setting into account so that the result is the same as if the query was being saved as a report.
541033 - Inventory forward from Secret Server to Platform will now forward new Platform type Zones
546055 - On the Proxying configuration page, you can now automatically generate new ssh proxy host keys.
547076 - Addressed an issue where Platform Synchronization was running too frequently in some cases.
545309 - Updated Launcher Settings page to remove character limit from Process Arguments for Mac Settings.

Improvements (4)

544993 - Secret search API now has a comma delimited filter parameter for template IDs which allows searching beyond IIS url limits compared to the existing array version. Both are still available.
546014 - Corrected the link to the subscription page from the banner.
546588 - Corrected the provisioning-in-progress message so that it does not endlessly reload.
538680 - The "Require Multifactor Authentication By Platform Login" option will now step up to multi-factor authentication if needed in platform when trying to access Secret Server, replacing the previous behavior of blocking access. However, OpenID Connection logins (the Platform link on the Secret Server login page) currently will still deny and not step up if the default login does not multi factor authenticate.

Monday, December 18, 2023

New Engine Version: 8.4.21 (optional upgrade)

541033 - Inventory forward from Secret Server to Platform will now forward new Platform type Zones.

Bug Fixes (18)

491848 - Improved error handling on OpenId configuration page.
502018 - Corrected an issue where the Distributed Engine page did not respect the "Deleted" filter.
503479 - Renaming or copying "Oracle Account (Template Ver 2)" secret template no longer causes password changes to fail.
513444 - Updated the EventDetails token within Event Subscriptions to correctly capture Secret comments.
526602 - Set the GET SDK Client Account, SDK Client Audit and SDK Client Rule API calls to set the operator parameter to 1 if it is not supplied by the caller when a User Id filter is specified.
533459 - Improve performance of secret search including secret search with extended fields.
533509 - The documentation generator, in removing the "api" string from the beginning of all routes, was also removing embedded occurrences. It now removes it only from the start of the route strings.
533728 - Session recordings in Secret Server Cloud shouldn't give errors of "The condition specified using HTTP conditional header(s) is not met." very often anymore.
538570 - Fixed edge case bug if SSH Block Listing causes duplicate sessions that break SSH Proxy.
540779 - Resilient Secrets (DR) will no longer send Secret Field Launchers across the wire unless appropriate tables have been modified
541521 - Upgrade banner was always showing when auto-update was off. Now shows only if at least one engine is lower version than latest. Banner text referenced only "engine", which was potentially confusing; now mentions Distributed Engine explicitly.
542029 - Corrected link to Dependency Templates on the Secret Dependency tab.
542170 - Updated diagnostics page to correctly handle non-US date patterns.
543398 - Corrected an issue where the child launcher type was not always visible on the new custom launcher page.
543468 - Fixed issue with folder permission editing when updating path directly.
543542 - Fixed logic error where the RAS flag was not being referenced before deciding to delete the database entry that reflected the additional users
545014 - IBM password tooltips and banner color contrast issues fixed in dark mode.
545100 - Fixed paging issue in secret sharing user selection.

Improvements (11)

537344 - Secret server was update to use the same player for session recordings as platform
540809 - Banner text referenced only "engine", which was potentially confusing; now mentions Distributed Engine explicitly.
542451 - Added Event Subscription for Disaster Recovery Replication Success
542454 - Fatal error is now persisted across the wire so the replica is aware that the source has a fatal error
542593 - The legacy bookmarklet pages have been disabled.
542623 - FeatureFlag logic added so that an additional 250 temporary users can be added for RAS cases
543199 - Enhanced auditing of Password Change schedules.
543298 - Launching a secret will open in a dialog allowing launch to occur without leaving the grid or current page. Restricted actions like checkout can be performed in the dialog.
543439 - Initial user page has been converted to Angular.
544952 - Event subscription and workflow grids updated grid ui
544985 - Distributed engine log UI updated and it remembers your last selected site, system log grid UI updated and it remembers the last selected log level

Monday, December 4, 2023

Bug Fixes (7)

491657 - Updated auditing for modifying allowed cipher suite algorithms.
513233 - Addressed issue where the upper right search bar would not always switch to the selected Secret when a selected Secret was on a tab other than the General tab.
536197 - Addressed an issue where the light mode collapsed toolbar showed the dark mode logo.
541546 - Corrected an issue where pinned folders would not be removed when the corresponding folder was deleted.
542465 - Corrected a client side error on the Secret Settings page when viewed from Platform.
542558 - Corrected an issue where the Preserve SSH Client Process setting did not correctly display as checked.
542589 - Corrected an issue wherein a Secret Erase Request could no longer be canceled.

Improvements (12)

530664 - Secrets grid on Secret Erase Request Approval page was in a modal opened via a link button that was non-obvious in dark mode and nearly indistinguishable in light mode. This is now an inline grid with auto-scroll. Secrets grid modal on Secret Erase Requests search page (~/app/#/admin/secret-erase/list) formerly required a "Load More" click; now auto-scrolls.
539332 - Ticket system list page updated
539354 - Dependency changes list page UI updated
539391 - Diagnostics page updated to the modern UI framework.
540983 - Updated the toast message displayed when saving user preferences to accommodate screen readers.
541012 - added aria labels to notification bell
541016 - Updated user preferences page for better accessibility.
541022 - Legacy ASPX pages for secret templates have been removed.
541224 - Ticket system list page updated
541225 - Dependency changes list page UI updated
541602 - Cloud subscription page UI updated
542401 - Updated the ticket system detail page to the modern UI framework.

Friday, November 17, 2023

New Engine Version: 8.4.20 (optional upgrade)

537658 - Fixed incorrect logging error in the AuthenticateWithAdConsumer.

Bug Fixes (16)

478923 - Fixed an issue where selecting Generate New SSH Key on a secret would not generate a new SSH key.
513045 - Tweaked the "Distributed Engine issues" warning visible on login so that it does not erroneously display login may be impacted when Engines are not at play in the possible login flows.
518373 - Corrected a display issue on the IP Address restrictions page.
518747 - Updated Password Requirement audits to correctly audit missed fields.
521138 - Addressed issue in directory sync where a search result with an attribute containing an empty list could cause an error.
521579 - Adjusted license tracking for session recording enabled Secrets so that Secrets which have no launchers are excluded.
522464 - Fixed issue with test script modal where reopening the modal would show the selected secret's id instead of its name.
524156 - Improved internal security checking around launchers.
537852 - Secret names on the RPC tab of a secret policy will now include "Inactive" if a secret is not active.
537934 - Centered mfa security view - now left aligned text with centered icon and button.
538405 - Fixed incorrect launcher edit field description.
538649 - System group in Secret Server Cloud can now have metadata deleted.
539172 - Corrected an error that could occur on the Advanced Session Recording page.
539331 - Run RPC Now can no longer be run when RPC is disabled. Run Heartbeat Now can no longer be ran when Heartbeat is disabled.
539341 - A link to configuration audits has been added to the Remote Password Changing page.
540771 - Corrected an issue where unnecessary audits could be written.

Improvements (5)

448852 - Clarified explanatory information on the Secret Import page to highlight that file fields are ignored.
533634 - Adjusted organization of some administrative menu items in configuration preview.
535620 - Extended editing functionality available on the user profile.
538603 - Legacy user and group management aspx pages removed
539098 - Legacy RPC admin page removed

Friday, November 3, 2023

New Engine Version: 8.4.19 (optional upgrade)

521138 - Addressed issue in directory sync where a search result with an attribute containing an empty list could cause an error.
537220 - Database test scripts can now be tested in distributed engine.

Bug Fixes (7)

478923 - Fixed an issue where selecting Generate New SSH Key on a secret would not generate a new SSH key.
514353 - HTML encoded kb link in discovery scanner corrected
527494 - Addressed issue where sorting launchers by name the list could display duplicates.
533914 - Fixed issue that could cause the Secret Picker to display with a horizontal scroll bar.
537220 - Database test script can be tested in distributed engine
537793 - Resolved an issue on Admin Roles page where the edit button for role permissions was mistakenly requiring "Administer Role Assignment" instead of "Administer Role Permission".
538094 - Addressed issue where a proper validation message may not display when trying to give a duplicate name to a group.

Improvements (4)

443834 - This is a parent task to organize kanban subtasks around removing smaller aspects and pieces of ServiceLocator
527627 - Platform Configuration settings added to Disaster Recovery.
530657 - Added "view all folders" link that appears when folders are filtered in a pin view.
537175 - Converted Dependency Template management section to new UI.

Tuesday, October 31, 2023

Bug Fix (1)

536170 - Reverted prematurely released report.

Friday, October 27, 2023

Bug Fixes (12)

395571 - Addressed issue where the web launcher would not respect the mapped URL field when multiple URL fields existed on the Secret.
501181 - Addressed issue where discovery import could result in an unhandled error.
518722 - The login policy now supports line breaks.
519051 - Folders in shared with me will now be filtered when searching.
520458 - Switching pinned folders will reset the text search.
520779 - Explicit definition of allowed http verbs.
526215 - Long secret template names will wrap better in folder edit
529283 - Folders in favorites quick access will now be filtered when searching.
529317 - Clear button was enabled for multi select version of the user and group filter
533379 - Can no longer click new secret multiple times when also uploading files
536860 - Addressed issue where the SSH custom cipher was not applied when missing a value from the section.
537074 - Addressed a missing localization key issue.

Improvements (8)

466699 - Disaster recovery now migrates teams.
523469 - Tweaked display of administrative items from Platform to avoid perceived duplication.
524443 - Secret Server user licensing is now visible via Platform.
526740 - Platform Permissions cached on Secret Server are now replicated so they will be respected on a replica instance
528164 - Addressed incorrect capitalization.
535178 - Added a running log to Disaster Recovery so progress and duration per table can be tracked during replication
536170 - Added a new report that highlights which users are business users vs. IT users.
536688 - Secret search performance improvements. The secret grid will only request extended fields that are showing. When column selections are updated a new request will be made if the extended field choices have changes.

Friday, October 20, 2023

Bug Fixes (10):

511655 - There was an issue where if a non-local site was used to send syslog to the syslog server, any failed would be queued back into the database (tbsyslogfailedmessage) and resent indefinitely. This has been resolved. Additionally, a syslog circuit breaker system has been implemented if a non-local site is used to prevent flooding the message queues with syslog messages if it is expected they will fail.
534271 - Addressed an edge case that could result in duplicate disabled user names, with possible DR conflict impact.
534728 - Fixed error that could occur when creating a new folder with the folder panel minimized.
534729 - Addressed an issue where the notification bell could show when there were no notifications.
535138 - Addressed an issue that could cause an incorrect error message to display when using the SQL Report Editor.
535489 - Addressed an issue where created hooks would not display on the Secret.
535740 - Prevented Thycotic One sync from syncing Platform Native users. Allowed Platform Native users to log in in the rare situation they synced with Thycotic One, then the administrator cleared the system Platform User Mappings.
535780 - Addressed an issue where localization load requests would await indefinitely in some cases.
535962 - Addressed an issue where the Everybody group from Platform wouldn't match up properly with the Everybody group from Platform User sync. Corrected the display name of the Platform "Everybody" group.
536336 - Fixed an issue when searching in Secret Share with the "Add from External Directory", using a search term that results in more than 2100 groups would throw an error.

Improvements (2):

534212 - Fixed query for obtaining services for a Directory Account in Discovery Fixed check on Discovery Source Name when creating an empty discovery source
536035 - Added new rest api patch method to controller which calls pre-existing latestversion.txt processing code

Friday, October 11, 2023

Bug Fixes (4):

473425 - Performance improvements have been made to the "What Secret Permissions Exist?" report.
480243 - Improved UI on the Collections management page for Advanced Session Recording Agents.
522734 - Users will no longer be redirected from licensing page
535182 - Fixed an issue where existing linked groups under the Platform Integration area, Groups tab would not load.

Friday, October 6, 2023

Bug Fixes (7):

511763 - Addressed an issue where the following endpoint did not utilize the NumberOfBookmarkletSecretsToSelect advanced configuration setting: /api/v1/secret-extensions/search-by-url When the value is not assigned, the code defaults to 500 setting to 0 returns 0 records
522887 - Corrected an issue where the synchronized groups displayed could sometimes return all the groups from the domain.
528354 - Addressed an issue where the checkout screen could briefly show while a Secret is loading.
529753 - UI performance issue when typing in text boxes on new secret has been resolved.
530827 - Limited Mode now goes to the correct link in SSC cloud
533769 - In prior upgrade file set for 11.6.3, fixed an issue with SQL Delta 11.5.000006. Removed a SQL hint on the SQL index that was incompatible with non-Enterprise editions prior to SQL Server 2016 SP1 due to a compatibility issue with data compression. The incompatible hint was not necessary so the delta was updated. Hashes for upgrade have been updated for this change.
533946 - Updated the logout.aspx page to avoid errors being generated in rare cases when executing the SAML SLO flow.

Improvements (4):

483752 - Updated Platform to show when the associated Secret Server Cloud instance has Unlimited Admin enabled.
523719 - When Secret Server Cloud is Platform integrated, there is now an "Add from External Directory" option in secret sharing allowing searching Directory sources from Platform to add users or groups
531310 - User profile allows for date / time format setting.
531978 - Adjusted permissions on Session Monitoring page so that users with View Own Session Recordings will only see their own

Friday, September 29, 2023

Bug Fixes (4)

513201 - If a user's encrypted TOTP reset Guid gets corrupted, an administrator is now able to reset their TOTP successfully.
520850 - If an Azure Active Directory configuration in Directory Services becomes corrupt, you can now view and update the credentials to fix it.
521505 - (DE 8.4.17) SSH Proxy: improved block command handling in VIM.
530828 - Removed link for managing licenses from Cloud Subscriptions page.
533527 - Fixed visual bug when removing current user's folder owner permissions.

Improvements (7)

518493 - Added integration with the Platform to create a new session.
519606 - New inbox notification bell with panel, allows for viewing and approving inbox items without having to navigate through the site.
523772 - Updated display for secret locked pages.
527777 - Update action handler secret launch dialog layout to reflect design changes.
528142 - Secret page UI updated for better consistency.
529579 - Added integration with the Platform to create a new session.
530058 - The download button for session recording is added in secret server, it will not appear for vault sessions in platform.

Saturday, September 9, 2023

Bug Fixes (5):

506005 - AD Privilege Password changer now has Remote Password Change timeout minutes Advanced Setting.
524698 - Added query parameter for PipelineId to pass back when viewing specific pipeline activity
526057 - (Distributd Engine) Fixed a logging issue with Dependency changes being skipped due to conditions.
527952 - Generate Key endpoint generate ECDSA keys by default, can also generate RSA keys
529306 - Creating a User SSH Key in Platform downloads the private key with a proper filename

Improvements (5):

473089 - Improvement: Cipher Suite Configuration now allows configuration of allowed Host Key Algorithms.
478103 - Secrets that are set to change password on check in now have the Change Password Now button available for administering secrets while checked out.
519602 - Syslog/CEF logging enhanced to capture more detailed metadata for secrets.
526475 - Fixed an issue where Discovery Scanners could not be removed until the associated secrets had been edited.
526512 - Remote Password Changing: Check for DNS Mismatch now visible and functional in Cloud

Friday, September 1, 2023

Bug Fixes (4):

510839 - When a Secret is assigned to a site the user does not have access to due to Teams restriction they will see the word "Restricted" instead of "Site Name (Inactive)"
511114 - Mitigated issue in large bulk secret actions
512891 - Added Secret Field validation on the Template level to ensure users cannot create a "Secret Name" field on a template
526465 - Minimum Heartbeat interval reduced from 15 to 5 minutes.

Improvements (4):

522229 - The text for page title, breadcrumbs, and navigation for Secret Server Reporting have been updated in Platform to match.
525037 - Added configuration setting to determine which secret permission is required to change Remote Password Changing settings on a Secret. Owner or Edit
527137 - EventTime token is available in pipeline scripts. $EventTime - event date and time of the event ("yyyy'-'MM'-'dd'T'HH':'mm':'ss")
527616 - The preview chips for Multifactor on Secrets have been removed.

Wednesday, August 23, 2023

Bug Fixes (2):

524517 - API calls to /v[1/2]/secrets/{id} now update the Recents secrets data source.
524600 - When viewing Event Pipeline Activity details, selecting an Activity Detail record from the grid now displays the selected Activity's details.

Improvements (2):

519356 - Disaster Recovery Add-On Licensing handling added
523728 - Added more instructions regarding Disaster Recovery's data storage path configuration setting.

Thursday, August 17, 2023

Bug Fixes (17):

506528 - Distributed Engine 8.4.12: Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling
448978 - Setting custom expiration dates in all timezones now works correctly
484027 - Upgrade dependency to address potential security issue
501977 - Secrets with text field based URL lists are now searchable.
504992 - When Platform integration is active the integration page will now have a button to reset mappings from Delinea Platform.
506528 - Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling
509498 - Fix for a large number of SSH terminal connection history records causing timeouts
514320 - Fixed bug where Secrets aren't synced with DevOps in cloud with when triggered by pipelines.
518187 - Fixed a UI issue with the launcher popup window showing an option the user didn't have permission for.
522776 - Fixed a DSV sync issue for secret with file type fields and no file set.
522835 - Fixed localization issue on folder Metadata page.
523344 - The Secrets Quick Access link when collapsed now targets the correct destination.
523547 - The Platform Opt In modal styling has been adjusted to no longer display with scroll bars.
523727 - MFA on Secrets: Secret Check-in now resets view access for no pass through.
523755 - Fixed Sorting issue for Checkout User Id and Checkout User
524254 - Secret Share and Folder Permissions: Show disabled edit button until filters are loaded since split button does not yet support disabled.
524727 - Fixed an issue with ODBC password changing that broke postgres and mySQL changing.

Improvements (10):

509462 - User tooltips in both Secret Server and Delinea Platform now highlight the Platform Integration Types.
518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.
519981 - Live viewing has been added to the new session monitoring
521364 - Updated the Vault Settings and Vault User Detail Tabs with some UI changes
521430 - Converted the creation of a Password Changer when Create Password Changer is selected from the Password Changers list in Remote Password Changing.
521612 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId
521806 - Terminate, limit to 5 minutes, and message only have been added to live viewing in the new session monitoring
522040 - The heading for Vault within Platform User Management details has been updated to read its value from within Platform.
522953 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId
523270 - Added Search Groups column to Discovery Network View

Tuesday, August 1, 2023

The 7/13 release was rolled back, so this listing is very similar.

Bug Fixes (16):

442349 - Pause times for ODBC Remote Password Changers are now adhered to. Before the pause times were ignored. If you feel your RPC's are running slowly, check the pause times and remove them if they are not needed for the RPC action.
474452 - Improved performance of Secret Search for customers with large numbers of Secrets.
484351 - Fixed issue with custom launchers through proxy set to only record keystrokes.
509989 - When creating a new send to syslog task you no longer get a default schedule. Most of the templates didn't create a schedule, now they're all consistent.
511127 - Fixed hidden days until deletion field when enabling deletion in the retention schedule. Added localization to error when trying to submit days less than or equal to the archive retention value.
512860 - Fixed passwords being uneditable if RPC is set to use a Privileged Secret to which the user has no access to. Restored explanatory banner.
514750 - Fixed issue in discovery where computer scans were sometimes throwing string truncation exceptions.
517836 - The Secrets grid now updates displayed data and selected columns simultaneously.
519229 - Quick access filters now both apply when updated.
519639 - Knowledge base links within Platform Vault now link to their intended location.
520031 - Corrected edge case that could result in a session view audit being placed on the incorrect Secret.
520248 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
520764 - If a secret is inactivated after initially viewing the secret, a user that cannot view inactive secrets will no longer get an error from secret heartbeat.
520851 - Clicking cancel when editing folder permissions will clear any active filters.
521200 - Corrected token caching for Platform tokens to expire properly.
521236 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Improvements (34):

510542 - The Secret Dependency Changers editor has been converted to the new UI.
510543 - Dependency Templates are now available in the new UI.
510545 - Session playback player UI has been updated.
514162 - Updated process for populating a forthcoming computer-centric view.
518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.
518568 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
518953 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
519355 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
519357 - Secret template fields table has been updated and has an improved drag and drop experience.
519358 - Secret panel is more mobile friendly.
519874 - The Security Audit Log page has been converted to the latest UI.
519978 - A doughnut chart showing different Operating Systems in discovery has been added to the Analysis tab of discovery.
520011 - The new UI Discovery Rules page now shows the correct Secret Template name.
520013 - Secret policy now links to the policy on the secret general tab.
520070 - A loading indicator now shows when opening the discovery add scanner dialog.
520073 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
520353 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
520626 - A preview chip has been added to Multifactor Authentication on Secrets and it's supporting configuration pages.
520758 - A new field "Full Name" has been added to the discovery network view to give a more detailed version of the item's name
520760 - Default columns have been added per Item Type in the discovery network view.
520866 - Dependency Tokens are now available on the dependency edit screen.
521182 - REST API documentation has links to individual services that load quickly.
521322 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
521630 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
521964 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
522078 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
522079 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
522081 - Default columns have been added per Item Type in the discovery network view.
522105 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
522111 - Secret template fields table has been updated and has an improved drag and drop experience.
522113 - Dependency Templates are now available in the new UI.
522582 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
522616 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
522621 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Thursday, July 13, 2023

Bug Fixes (15):

481511 - Updated data type to support frequent users of session recording that was crashing the encoding process.
509187 - Connect As Credentials on Secret works better with SSH Keys for su user switching
510165 - Session monitoring search now supports searching by a single secret.
512474 - The "Synchronization Running" message for DR will now only appear if there is a recorded start time for DR in the past and a finish time that is in the future.
513459 - Default values for Secret Fields such as port will now be replicated for Disaster Recovery.
513591 - A user with only direct access to a report and the "browse reports" role permission can now add that report to the dashboard.
515243 - The breadcrumbs within the RPC administration pages have been standardized. The links within Platform Vault Configuration Overview no longer cause the page to reload.
515295 - Report column preferences will be saved and applied when viewing a report.
519056 - Improved error logging and efficiency for calls coming from Delinea Platform.
518679 - DE (8.4.10.0) Fix for the service crashing and being disconnected with RDP proxy over SSH
509498 - Fix for a large number of SSH terminal connection history records causing timeouts
517923 - Fix for editing Session Connector Custom Launcher Port
518197 - Fix for creating a new Session Connector launcher not showing all possible child launcher types in New UI
518324 - Fix for being unbale to save edits to a Custom Launcher in New UI
519013 - Fix for users without view launcher passwords permission being able to view the password

Improvements (21):

453791 - Report number columns will now export as a number
482322 - New reports will only show the first 11 columns by default. All columns can be selected afterwards from the column selector.
489681 - Data replication will now create personal folders for replicated users in cases where the replica blocks or does not allow personal folders to be replicated. This is only if personal folders are enabled on the replica.
510536 - The Password Requirement Audit has been converted to the new UI.
510545 - Session playback player UI has been updated.
510554 - The Launcher Audits page has been migrated to the new UI.
512888 - Updated the group role assignment UI.
513079 - Group membership assignment UI updated.
513109 - Group role assignment UI updated.
514272 - Session recording search now uses updated filter pattern
514282 - The built-in "Everyone" group was renamed "All Vault Users."
514437 - Enhanced new Discovery Area to include some additional fields and added logic for the error chip being displayed
514638 - Added a Copy button for Data Source URL on Disaster Recovery - Outgoing Setup Steps modal.
514666 - New Vault User Details in the Platform overview for Users tab. It requires a Vault to be successfully connected and configured for the details to appear, otherwise the section does not appear.
518070 - Added banners to various Roles/Permissions pages in Secret Server Cloud and Platform with links to help navigate between the two
518125 - Fixed an issue where the folder permissions tab would load slowly with large numbers of users.
518513 - Updated group membership management pages to use new design patterns.
518671 - Analysis tab of Discovery no longer includes disabled Discovery Sources in managed/unmanaged counts.
519028 - View Log was hidden for Directory Accounts since there's no computer associated to show the log of.
519091 - Added Application from tbAuditSecret to session search results model and session model.
519165 - When discovery is running the network view performance would timeout depending on sql locks. This should no longer happen.

Monday June 26, 2023

Bug Fixes (13):

446766 - Launching secrets with URL List and session recording enabled no longer shows a "Bad Request" message
510442 - Fixed an issue with Pinned Folder getting "Folder not Found" error
513591 - A user with only direct access to a report and the browse reports role permission can add that report to the dashboard.
513634 - CSS overflow issue resolved showing launchers on general tab
513847 - Updated the German localization for "Password Should Exclude"
514542 - Recently viewed Secrets are now tracked within Platform. Configuration settings are now refreshed via navigation within Vault in Platform.
514748 - Disaster Recovery Date Replication will now sync all SecretFieldLauncher items each time instead of just the updated ones.
501683 - Fix for Arithmetic Overflow Error for Expired Secrets when Template Expiration Days set to 999999999
508413 - Secret Server Pro - Fix for being unable to export an AzureAD Account
508414 - Secret Server Pro - Fix for Network view preview showing a licensing error
509204 - Update links in SS Security Hardening Report
226156 - Fixed being unable to RPC Service Dependency 'MSCRMSandboxService' from Microsoft Dynamics 365 Server v9
512371 - DR: Fix Launcher Error on Replicated Secrets

Improvements (14):

510294 - Platform Integration Configuration now has additional validations for Login URL.
511289 - Initial analysis tab added to discovery
511600 - Updated the text and product descriptions used during Platform Opt In experience.
512234 - Enhanced the User Audit Report to also exclude manually changed passwords.
512404 - A refresh button was added to the network view in order to refresh the data without having to refresh the entire page and lose the selected filtering.
512534 - Implemented Select All for Discovery Network View
512747 - Folder permission assignment UI updated
512888 - Group role assignment UI updated
512989 - There have been 2 columns added to the Secret Grid, Checked Out User Id and Checked Out User, to show who has the secret checked out if the secret has check out enabled.
513079 - Group membership assignment UI updated
513109 - Group role assignment UI updated
513527 - RPC heartbeat logs combined into a tabbed view with run buttons
513955 - Discovery analysis now links to a filtered network view.
514052 - Discovery scanner validation now indicates that a scanner requires information without having to click edit.

Saturday, June 3, 2023

Bug Fixes (15):

412112 - Corrected error that could occur when converting a Secret from a Secret Template with a file field to a Secret Template without one.
436208 - Fixed an issue where a secret template could be saved without RPC mappings configured.
461327 - Improvement: The PowerShell script timeout no longer defaults to 90 seconds. Instead, it now uses the value from the Event Pipelines Maximum Script Run Time (Minutes) setting in advanced configuration.
477807 - Fixed an issue where the API endpoint api/v1/secrets/{id}/fields/{slug}/ logged an audit that the password was displayed when the actual password was not returned to the user due to hide launcher password be
ing enabled.
484847 - Fixed an issue where the SubscriptionName condition for a notification rule would display the event subscription ID instead. It now correctly uses the name when the user has the appropriate roles to list the
subscriptions.
486876 - Fixed conditions that prevented users from being removed from a group due to the system incorrectly identifying that they would be unable to complete the same operation.
501435 - Corrected unique key constraint error for categorized lists that could occur very rarely.
502290 - Improvement: Added validation messages to password requirement rules for when password requirements are too complex to reliably generate a password.
503010 - Fixed an issue where all event subscriptions did not fire for secrets in subfolders of the target folder.
506363 - Fixed an issue with negative numbers exporting incorrectly when exporting a CSV.
508013 - Fixed an issue with secret search producing SQL errors for customers with a lot of secret templates.
509838 - IBM password tooltip background color adjusted
510446 - Fixed an issue where links on the Session Monitoring page while in grid mode would not correctly link to Secret Server Cloud with authentication.
511141 - Fixed an issue to improve Platform integration user sync if duplicate usernames were already in Secret Server.
511779 - Event notifications now show "Event Time" which is the time at which the event occurred.

Improvements (13):

501153 - Improvement: Introduced a new Launch Secret role permission, which is needed to use launchers. This permission is automatically granted to roles with the View Secret permission, which previously controlled t
his behaviour.
508756 - Improvement: There is now a pending RPC screen and a timer that checks you back in, blocking seeing secret info indefinitely.
508758 - Improvement: Users can no longer access secrets that have failed processing a password change. Instead, they are shown a message stating the change failed.
508759 - Improvement: We now allow a secret owner with the Force Check In role permission when checking in to take ownership of a checkout session that is currently in a failed password change state. The existing checkout is ended, and a new checkout is created for the owner.
509354 - Removes External Mappings to other identity providers when the user has PII removed for that user.
509527 - Fixed issues with user and group syncing between Secret Server Cloud and Platform.
510401 - Improvement: Added a Managed field to the Discovery Network view to show when a discovery item is managed.
510684 - Fixed usability on specific UI areas for a better user experience.
510773 - Improvement: Discovery service accounts detail page now shows services that run as the directory account as well as the computers on which that service runs
510792 - Improvement: Added a Quick Access link to see all Secrets you currently have checked out.
510819 - Improvement: The new folder icon in the secret panel no longer shows if the user does not have the Administer Folders role permission.
511645 - Improvement: Added integration support for Platform users matching local SS users that do not have an @ in their name. If platform user is username@local or username@tenantname then the username portion will
be used to match local users on the SS side.
511851 - Updated Createuser.aspx to redirect to the new user management.

Tuesday, May 23, 2023

Bug Fixes (3):

477780 - Fixed issue where LDAP sync via Distributed Engine would not work when the base DN was different from DC.
479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
510446 - Links on the Session Monitoring page while in grid mode now correctly link to Secret Server Cloud with authentication.

Improvements (4):

509527 - Improvements to user and group syncing between Secret Server Cloud and Platform.
510089 - Under Secrets > Admin > Platform Integration and then the Logs tab, there is now more detailed information for why a specific user could not access Vault (Secret Server Cloud). Common Cases:
- DuplicateUserMappedToDifferentProviderName - this user was initially setup to a different Platform source, the URL changed, or potentially a different userid (Provider Key) indicating the original use was deleted.
- MaxLicensedUsersException - Vault has reached the number of licensed users so additional cannot be added.
510684 - Fixed usability on specific UI areas for better user experience.
510819 - The new folder icon in the secret panel no longer shows if the user does not have the "Administer Folders" role permission.

Friday, May 12, 2023

Bug Fixes (7):

502104 - The Platform opt-in modal now populates the platform region dropdown list when navigating between steps via the step headers.
504867 - Fixed an issue where DR email alerts were not being sent out.
508479 - The CSS Styles for the Platform Opt In Modal have been adjusted to align with Angular15.
509400 - SecretItemValueTransitionHistory.aspx has been removed and replaced with an API endpoint .
510008 - Extended fields are properly exported to csv.
508507 - Fixed an issue with Secret Template name validation message not being shown.
509974 - Fixed an issue with new Platform trials not creating Personal Folders in Secret Server.

Improvements (5):

508760 - Within the details of the Syslog message, there will be a Username field with the value of the mapped username for the launcher.
508761 - Within the details of the Syslog message, there will be a Host field with the value of the mapped host for the launcher.
509475 - RPC heartbeat and password change log are now full screen instead of a dialog.
509947 - Passphrase can be configured as required for user public SSH keys.
508853 - Secret Server/Platform: Distributed Engines no longer need Directory Services enabled to perform Discovery.

Saturday, May 6, 2023

Bug Fixes (20):

446416 - Fixed an issue where an HSM could not be disabled.
461669 - Newly added columns to most grids will now default to 80px width
462179 - Updated the advanced session recording agent version label on the agent issues page to correctly state that it is the minimum required version, not the current version.
465660 - Fixed issue with the password compliance report updating very slowly or not refreshing after either a template or direct PasswordRequirement password field change.
470505 - Fixed issue with Session Connector where if switching windows, keystrokes can be missing from the session monitor.
481850 - Fixed an issue where OpenLDAP directory services group-search filter was not working.
490213 - Secret template names are now required to be unique.
490565 - Fixed an issue where trying to use autoCheckout and secretPath in the API could result in the call failing.
491424 - Addressed an issue where "additional" email addresses on an Event Subscription were sometimes not respected.
491675 - Fixed an issue where event pipeline email notifications were not sent if the email task had an email template selected.
501129 - A bug was fixed where certain advanced syslog options could not be saved unless the server or port was changed as well.
501142 - Fixed a bug where the Secret Name was not triggering a Viewed Edit audit.
501226 - Fixed a bug where the Event Pipeline Send Email Task was not getting the correct email template. Removed the notification rule requirement and fix the issue where the activity would not complete after a Send Email Task.
501227 - Fixed an issue where the pipeline activity status stopped updating after the "Send to Email" task
503652 - Fixed replication to allow duplicate names to be replicated individually during disaster recovery. Groups with the same name will still be consolidated during replication when they share values for AD Guid, IsPersonal, IsPlatform, and DomainId.
504130 - Fixed an issue where Secret PasswordComplianceCode was not updated after password field/PasswordReq change.
504453 - Permissions for root personal folder for Everyone group are replicated as part of Disaster Recovery.
504867 - Fixed an issue where DR email alerts were not being sent out.
505028 - RDPProxy.MillisecondsToWaitCleanup is now correctly localized.
509144 - Fixed links to various areas within Secret Server from Platform.

Improvements (5):

489422 - Addressed an issue where Thales Luna HSM deprecated CKM_RSA_PKCS in their newer firmwares.
491192 - Added a knowledge base link for Platform Regions as part of the Platform Optin Experience
491757 - Added a setting on the Platform Integration page that allows the "Platform Login" option on the login page to be hidden.
502767 - Updated the Disaster Recovery log summary to more accurately display status numbers.
502936 - Updated Disaster Recovery to transmit all file attachments when no folder filters are applied.
504529 - Disaster Recovery replication summary now shows the duration.
505934 - Angular asset files now cache bust, preventing out-of-date files from running against newer back end code following an upgrade.
506255 - Modified text that displays during provisioning to more clearly indicate customers should start with their Platform login.
507903 - This fix prevents the ProtoDeletedFoldersProvider from running on initial replication.
508509 - Password changer list page is now used and legacy page removed.
508645 - Grid alignment and row spacing is now more consistent.

Wednesday, April 19, 2023

Bug Fixes (6):

471317 - When searching you should be able to find all items under your current levels. However when looking at a level you only see that level.
482250 - Bulk move to folder now disables on submit.
503198 - CSS issue fixed for browse all folders text wrapping.
505054 - Addressed an issue where activating an Engine and assigning it to a new Site in the same step could result in an error.
503285 - Get Folders API call once again returns all decedents. To retrieve direct children only, use the new LimitToDirectDescendents parameter.
504385 - Unable to Check the Templates in Allowable Folder Templates Modal

Improvements (5):

503363 - Upgrade to Angular 15
487132 - Unlimited admin page in configuration preview now has a link to open the unlimited admin audit.
491967 - Filter for discovery rule in network view functionality
502829 - Standardize login failure messages for various types of login attempts.
503925 - Configuration Items Appeared Twice in the new Configuration Preview

Friday, April 14, 2023

Bug Fixes (8):

479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
490228 - Data Retention under PII will no longer remove monitored recordings or user audits that are related to monitored recordings. Data Retention under Database Size Management will still remove monitored recordings and related user audit records.
502913 - The "Send Test Email" button can now function in read only mode.
488581 - SSH Proxy 'Tunnel RDP Connections' Degradation fix
501346 - Powershell Dependency Changer Arguments were not being passed into the script
503396 - The Preserve Client SSH Process should appear for process custom launchers
503714 - Show friendly error message launching a secret With Jumpbox Route with RDP that it is missing a SSH launcher
504491 - Bulk Action Applied to all Secrets when Select All is Checked but Template or Folder Filter is Applied.

Improvements (4):

500822 - An Advanced Configuration setting was added (default 3 hours) so that a long-running DR process will detect the configured amount of elapsed time and end the DR process, forcing the end user to run it again manually
486971 - Web Password Filler needs the ability to retrieve secrets filtered by templates that have a URL field or URL List field
491208 - If Platform is enabled, give an extra user license for the Platform admin user, and if disable don't count native platform users against the license count.
503650 - Give hybrid status to Platform CloudAdmin

Wednesday, April 5, 2023

Bug Fixes (10):

474639 - When accessing certain URLs, the system presents a default error page instead of a more technical error.
477322 - In the secret policy, the SSH command section no longer features table header controls for download and full screen.
479424 - The secret audit grid date displays in the selected timezone when the server time differs from the client time.
480832 - The secret session search date now appears in the selected timezone in both the grid and card, and the grid includes a timezone picker when relevant.
481175 - When editing secret template fields of the file type, the drop-down options no longer appear.
486679 - Pressing the Alt button by the CM link changes the "Create new Secret" page.
501098 - The Test Syslog button is located in the Configuration Preview.
502594 - If more than 1,000 folders are accessed and UAM is enabled, the folder tree will not disappear.
502670 - Creating a new onboarding rule no longer requires a Client SDK IP address. The "Details" field has been renamed to "Allowed IP Ranges."
503520 - The secret search in the grid now utilizes the v2 endpoint for template filtering.

Tuesday, March 28, 2023

Bug Fixes (1):

502132 - Left nav max folders default limit increased to 1,000. Setting dialog added to set the user preferred limit, folder browser now loads 100 records at a time on scroll instead of just 30.

Friday, March 24, 2023

Bug Fixes (19):

442059 - The column folderName is now bound to the secret grid instead of folderId as this allows folderName to be the value that is downloaded instead of folderId.
470930 - Discovery logs will now export more than 250 records
471679 - Logging into Terminal with an Azure Active Directory account using SSH Key Integration is now possible. AAD logins to Terminal via password cannot be done.
486557 - Addressed an issue with Disaster Recovery replication where replicated Custom Launchers would not be visible on their associated Secrets.
489896 - Bulk actions now disable the submit button to prevent multiple clicks
490686 - Handled Issue when replicating data for Disaster Recovery where pre-existing users on the Replica that do not exist on the Source could lose their Everyone group membership.
490974 - A link to the public SSH keys was added, when enabled, on both the user preference page and the administration tools section
491921 - Fixed issue where Secret field data over a certain length may be rejected by the database upon replication.
495567 - Fix several buttons in the new Configuration Preview
500538 - Optimizations to displaying large numbers of Folders
501141 - Expanded the User Setting size to resolve issue for some customers with lots of columns for a grid.
501322 - Data retention page background color fixed
485440 - DR Fix for Role to Group replication
485550 - Fix to allow Heartbeats even if the Secret has Checkout enabled
500545 - DR Fix for Password Requirement Character Set replication
501144 - Fix for database error when saving User Preferences

Improvements (4):

488666 - Discovery import added to new network viewer
491970 - Discovery rules and dependencies grid can now be filtered by discovery source. Rule grid now also has discovery source available as a column.
500816 - Allow Read-Only mode to be enabled in Cloud on the Disaster Recovery Configuration page.
501316 - Local Admin column added to new Discovery network view

Friday, March 17, 2023

Bug Fixes (13):

418329 - Discovery specific OUs now returns results when the page is initially loaded.
475003 - License server activation grid updated to resolve layout clipping issues.
478852 - Lookup Folders (api/v1/folders/lookup), and Search Folders (api/v1/folders) will not return only direct children when searching by parent ID. They will not longer return grandchildren.
478994 - Enabling heartbeat for the first time on a secret template will no longer subtract 1 minute the first time.
489232 - The secret search API now returns the folder path on the secret. Secret grid download now includes folder path on all records accordingly.
489480 - Fixed an issue with folder name collisions in Disaster Recovery synchronization.
491763 - The secret checkout page now specifies a page title.
500237 - MEK Rotation: support rotating Azure Active Directory domain Client Secrets.
482308 - All Secrets View Column Preference Once Saved Doesn't Stay After Page is refreshed.
488759 - DR: Intermittent Transaction Has Aborted Errors When Replicating Large Amount of Secrets with Custom Date.
490031 - Terminate launcher session from Platform is causing a 403.
490554 - X-AspNetMvc-Version header discloses .NET version.
500289 - Platform lint build error - Argument of type MonoTypeOperatorFunction

Improvements (8):

489755 - The password changers list / grid has been updated to the latest design.
490562 - Converted list options ss-grid to thy-grid. Allows for resizing of columns
492078 - The secret detail page now includes a button to copy the current url to the clipboard with rich text including the secret id and secret name.
484033 - Upgrade System.Linq.Dynamic
489754 - Convert CustomLauncherView.aspx to angular
491586 - Remove report aspx pages
492049 - Remove unused legacy code (folders, doublelock, ip address)
492116 - Remove redirects to dashboard.aspx on login

Tuesday, March 14, 2023

Bug Fixes (3):

490188 - Platform + SS + WPF launcher fix.
491879 - Secret Log length UI validation fix.
492041 - Initial Platform user should have full admin access in Secret Server.

Friday, March 10, 2023

Bug Fixes (21):

442402 - Folder permission now correctly shows "None" in secret role drop down when in edit mode.
447460 - After changing field properties on a secret template the UI cache is cleared to allow selectable columns in grids to be updated without requiring a browser refresh.
448752 - This bug occurred when there was a secret policy on a secret and it was converted or duplicated. Both the policy and the copy or convert template would try to apply secret settings for launchers multiple times which resulted in a UX constraint violation. The settings code constraint issue was resolved with bug 448486.This also helps usability with clarifying the new secret name on converting a single secret template.
448975 - An audit entry is made for the user that enabled maintenance mode during an upgrade (on prem only).
460309 - console diagnostics log level label made more clear to help indicate that it is the level of logging and not a filter for the grid.
466521 - Configuration Retention setting section description added
475215 - Secret dependency API variable name changed from id to secretDependencyId to help clarify which parameter is needed.
477458 - Deleting folders will now also indicate that subfolders will be removed as well.
480833 - The duration field on session monitoring now shows as a friendly time duration instead of just total seconds.
482562 - FOLDERPATH parameter now works with report schedules and running a report
484093 - Directory services icon alignment corrected and loader properly displays now.
484677 - The heartbeat status colors for pending are now more distinguishable on the dashboard overview doughnut chart.
485232 - Edit inbox rule condition dialog title now says "Edit Condition" instead of "Add Condition"
486497 - The password is cleared on secret export if the dialog is opened subsequent times.
487156 - Saving event subscriptions without making any changes no longer clears all events defined.
487290 - When there are more than 30 subfolders the expand row chevron will now show and load the subfolders 100 at a time. There is also a "Load More" and a "Load All" button
488530 - The report SQL editor no longer has options to download or configure columns on the report as it is not supported in that mode.
489226 - The most used secrets grid on dashboard overview now downloads the folder path instead of the folder id.
489896 - Bulk actions now disable the submit button to prevent multiple clicks
490388 - Creating and updating password requirement now requires unique names for password requirements.
490568 - The secret details view would show empty in some browsers after a checkout or approval and would require the user to click the tab to see the details. This would happen when the browser did not detect the route change from /secret to /secrets.

Improvements (4):

480100 - Save buttons are no longer disabled when a form is invalid. Clicking the button will show and trigger form validation messages now.
482897 - Color palette updated to improve accessibility and brand.
484891 - Launcher icons updated on secret general and inline secrets.
488666 - Discovery import added to new network viewer.

Friday, March 3, 2023

Bug Fixes (8):

469860 - Event subscription publishes the event for when a user is enabled or disabled.
478837 - The endpoint that returned the report name, description, category, and other details is now protected by dual control. The actual report data was always protected.
487523 - Clicking cancel when sorting event pipelines in a policy now exits sort mode
488612 - Disaster Recovery data replication errors caused by out of sync encryption keys are now automatically resolved properly.
489427 - version.xml is no longer available via HTTP to avoid exposing the version of the application.
489477 - Resolved an issue with Disaster Recovery folder synchronization selection. Personal folders can now be selected for either allow or block lists.
489766 - User audit is obfuscating properly after grid was updated.
490244 - Fixed older character sets that failed to replicate when running Disaster Recovery

Improvements (8):

468023 - Refactoring handling of Secret ACLs in Disaster Recovery to be more efficient and less error-prone.
468837 - Cloud diagnostic logging will now correlate the Datadog telemetry trace for easier support troubleshooting.
472665 - DR: Secret Items from the Source are combined with ones from the replica when they have matching SecretIDs and SecretFieldIds
482898 - Added option to duplicate a discovery scanner
486793 - Secret panel is now always open when on any Secret section page
487334 - Secret configuration audit converted to standard grid
488665 - Unlimited admin chip will show on aspx pages when it is enabled
489530 - SDK Client Management pages have been converted
486751 - Platform Opt-in Region Improvements
487261 - Add menuId to every thy-context-button to assist with automation testing
488523 - Show more helpful error message creating a discovery source name that already exists
489734 - Fix for Secret Export of a specific folder not exporting child folder secrets if selected.

Friday, February 24, 2023

Bug Fixes (5):

418167 - A purge of inactive sessions longer than 3 minutes was occurring when the Sessions Monitoring page was displayed. It did not take into account the SSH proxy timeout. The page now obeys the timeouts.
434346 - Changed Export Secrets to become an Async Job. The export now kicks off a job and polls until the job is complete. User should wait for job to complete before navigating away from the page. This mitigates the issue with timeouts.
482044 - Updated Secret object to treat CheckOutTime as a nullable value so that DR can handle it properly and prevent checkout consumer errors after DR.
488594 - Corrected issue where certain accounts would not show correctly in the new network view.
488772 - Addressed issue where the Secret grid's total count would incorrectly include subfolders when searching.

Improvements (1):

1488801 - Converted user audit to the standard grid component.

Friday, February 17, 2023

Bug Fixes (4):

482255 - Added documentation in a tooltip to point users to audit on Proxy page
484939 - Inline row added to secret dependency log dialog to expand
480944 - "Automatic Sudo or Su Privilege Elevation" was fixed to work with Solaris
486982 - Fixed an issue with New UI Configuration option searching

Improvements (3):

Discovery converted to New UI
487097 - A new checkbox is added which enables requiring all users who log in through Platform to have used Platform's multi factor authentication when logging in.
430883 - Disaster Recovery: Replica cannot be a higher version than Primary

Saturday, February 11, 2023

Bug Fixes (11):

422242 - Fixed an issue with excessive CPU usage for RDPWin.exe. We no longer track or record processes using WMI. Instead, we use native Windows calls, reducing the CPU usage of the Windows WMI Provider. However, if "Run as secret credentials" is used, we still use the WMI process tracking.
468584 - Fixed an issue where manual backup did not work in maintenance mode.
477382 - Added a layer of backwards compatibility so that releases to the cloud ahead of installed updates will not break.
478174 - The maximum allowable default checkout time is now 365 days (previously 9999 days).
478490 - Bulk changing permissions no longer checks for permissions on the first server selected. If the user lacks access to any secret that was selected, they receive an error message upon completion of the bulk change.
483400 - The add permission button, when editing role permissions, no longer gets clipped off screen.
483522 - Resolved a situation where, after an upgrade, the page would give an error 500 and require an iisreset to continue.
483909 - Buttons now correctly align on configuration pages in the platform.
483912 - Any error present in the sync log coming back from an AAD sync is treated as no action regarding disabling groups.
484059 - The default layout for the admin page is by category.
484288 - Added a check to ensure that the user calling the affected endpoint has access to the secretId being passed in.
486488 - Improved performance impact of retrieving custom SSH algorithms in Discovery.

Improvements (8):

436107 - Added endpoints for Update Password Type Auth, Get Password Type Auth, and Create Password Type Auth. These allow you to create and update records for the command arguments on RPC command set up.
477562 - CEF Timestamp format added to Configuration > Application. This sets the format of the timestamps at the beginning of syslog messages. The Syslog format is the default for updates, while the ISO format is selected for new installs. The syslog implementation might format the timestamp in Syslog format regardless of the format of the header sent over the wire. You can confirm this by running a trace on the syslog port.
482856 - Updated the Discovery scanner secret search filter settings selection UI.
483107 - Updated the process for updating credentials on a Discovery scanner UI.
483864 - Display a banner message informing the user that engines with a specific version range are unable to auto-update.
484670 - Adjusted the Opt In Flow to calculate the value for Platform region based on Secret Server Cloud's top-level domain.
484842 - The "Generate API Token" option on the user preferences page now correctly audits that a token was generated.
486287 - Updated the REST API documentation.

Friday, January 20, 2023

Bug Fixes (7):

464914 - Bulk edit share now has a "None" permission, which will allow removing permissions.
465303 - Updated logging around Azure AD Sync to make it clearer when the sync stops due to configured groups missing in Azure AD.
466186 - A configuration option to disable the SMB heartbeat fallback check was added.
466323 - Folder permissions once again can no longer be saved if there is no user or group with Secret Owner permission.
468425 - Failing Syslog/SIEM messages do not respect updated Syslog Server configuration.
477833 - Addressed an issue with the SearchSecretsByFieldValue SOAP API function that caused it to return a 500 error.
480672 - Heartbeat status by day shows incorrect values.
481005 - Corrected logic that allowed password requirement consumer to bypass non-replicated Secrets.
481676 - OIDC Platform Connection Fails for previously imported users after domain change.
482041 - Platform 2 - Customers with samaccountname username in Secret Server do not get linked to Platform UPN-based user.
482064 - Adjusted the logic related to generating the platform URL to account for a trailing forward slash.

Improvements (3):

432222 - Distributed Engine Sites now have an Enable FIPS setting on a per-site basis.
467244 - Publish Audit Data from Event Subscriptions to the Platform Audit Service.
478600 - Add an option to sort the admin menu alphabetically.
481388 - Adjusted the Auto Pilot Test gate to have the agent clear the workspace folder prior to each run.

Friday, January 13, 2023

Bug Fixes (2):

481152 - Repeating Opt-in on for an SS instance causes connections from Platform to SS to permanently break for that instance.
481335 - RAS Launcher is not showing in grid for secret expand.

Improvements (1):

478709 - Added an alternative splash screen on the All Secrets page within platform/vault targeting thecloudadminuser. Triggering a Platform instance provisioning via the Opt-In flow will now create a corresponding audit log entry.

Monday, January 9, 2023

Bug Fixes (2):

472793 - Added in logic to split larger Secret Item Values back into ItemValue and ItemValue2 fields on save to database.
475160 - Now setting domain id of replicated duplicate user to null domain so it can be reassigned with found domain later during replication.

Improvements (5):

478703 - Text copy for Opt-In provisioning step has been adjusted.
478706 - Text copy for the first step of Platform Opt-In flow has been adjusted.
478707 - Text copy for step two and three of the Opt-In flow was updated.
478708 - Platform Admin Username has been added as a copyable field on the Opt-In success modal.
480814 - The logic to determine the Platform login url has been adjusted to account for both url patterns.

Tuesday, January 3, 2023

Bug Fixes (1):

480099 - Fixed an issue where OIDC logins would display "Session Expired" when AllowRememberMe was enabled and the user was configured with 2FA.

Friday, December 30, 2022

Bug Fixes (5):

472820 - Session recordings which are invalid due to no data will be recorded as an error to prevent failure upon playback.
476779 - Prevent 500 errors when calling healthcheck.aspx for instances that are scheduled for deletion in cloud.
476929 - User permissions on replica instances will no longer be removed erroneously when data replication runs.
478168 - Improve mapping logic between Platform and Secret Server so that unique emails are no longer required.
478497 - Addressed assembly load error in Azure AD processing.

Improvements (1):

478458 - Adjusted the opt-in button to display the textNEW!and its tooltip to displayExperience the next generation of Secret Server.

Friday, December 16, 2022

Bug Fixes (3):

447140 - Mitigated a possible error in SSH Proxy command processing
475159 - Created an update to more efficiently handle bulk deletion within DR replication.
476818 - Fixed an issue with editing a file in single-edit dialogs.

Improvements (7):

466705 - We now include character sets in DR replication.
467244 - We now support publishing audit data to the audit service when enabled.
475117 - Improved users logging into Secret Server through Platform—the Platform settings for MFA are now used and Secret Server MFA settings are ignored.
476799 - Corrected the capitalization of "Active Directory" in the opt-in flow.
477383 - The secret audit and general log windows now use an updated preview panel component. This allows for keyboard navigation to switch records in the grid.
477846 - We now optionally support a SSH key without a passphrase in bulk change passwords.

Thursday, December 8, 2022

Bug Fixes (7):

435312 - Updated discovery to handle messages coming back without the stdout marker
474320 - Local-site advanced settings can now be edited while distributed engine is off.
474429 - Corrected situation that could cause a null reference error when resolving the FQDN.
474819 - Resolved an issue within the Secret Folder navigation panel on Platform where clicking "Add Folder" would result in an error.
474820 - Resolved an issue in the Secret Folder navigation panel where changing to the "All Secrets" pin did not update the selected pin name.
475131 - Corrected confusing error message related to SMTP servers when creating event subscriptions.
475301 - Addressed issue where saving a specific folder permission could return "Invalid Request"

Improvements (6):

163844 - Increased the max length of SecretNameShort.
418207 - Updated the new UI to allow new generated SSH keys with a blank passphrase to match legacy UI functionality.
471343 - We now automatically back up the key management configuration file when saving a new key management configuration
473076 - Site Connectors are now configurable per site in Secret Server Cloud, however you can't configure a site connector if it already has 250 sites in cloud.
475958 - New configuration setting "Allow Files without Extension" has been added to the configuration preview.
476777 - Legacy UI disabled the weekend of December 10th 2022.