Secret Server Cloud Change Log

This topic contains an unedited log of changes written by developers. The intent is to quickly provide information, not polished prose. The log is a release notes supplement for a technical audience, not a replacement for the release notes.

The line-item numbers are for internal tracking. They provide a unique reference when talking to Delinea support.

If you are on the Distributed Engine version 8.4.30.0, you must upgrade immediately to avoid any downtime. Engine version 8.4.30.0 has a token refresh issue which causes it to lose its connection to the Azure Service Bus Site Connector every 7 days. We resolved this issue (#568618) with the distributed engine version 8.4.31 upgrade as of May 3, 2024.

 

Friday, December 6, 2024

 

New Engine Version: 8.4.42 (optional upgrade)

  • 608674  - Enhanced logging of errors in Entra ID Password Changing.

 

Fixed Issues (2)

  • 599124 - Addressed an issue that could cause an error message to display when enabling or disabling QuantumLock on a secret with checkout enabled.

  • 614544 - Handled a case where during Discovery removing computer accounts could cause a timeout to occur.

 

Improvements (1)

  • 557770 - When Active Directory Directory synchronization is enabled in Secret Server, and Platform is connected with Platform Connector running for the same domain, there was a situation where if a new domain user logged in through Platform before that user was created through Secret Server Directory Synchronization, a duplicate was created. This will instead look for a matching Platform Native user when doing Directory Synchronization and convert that into a Hybrid Secret Server Active Directory account, preventing the duplicate user.

 

Friday, November 22, 2024

 

New Engine Version: 8.4.41 (optional upgrade)

  • 607120 - New installed Distributed Engines will generate an identification identifier in a more cryptographically secure fashion.

  • 589050 - Added better display parsing for the client version of Delinea Server Suite agents in Platform Inventory.

  • 603566 - New filters were added to the Entra ID Member Scanner to filter out external and On-Premises Synced Users.

     

Fixed Issues (12)

  • 545095 - In a secrets card view, under the shared users section, the initials allowed into the small colored Icon for each user was reduced from 3 to 2, as some combinations of letters were long enough to overflow the icon with 3 letters.

  • 548967 - Fixed issue with discovery take over creating secrets with the same name even when Allow duplicate secret names is set to false.

  • 585624 - TOTP history icons on the secret settings tab are now always visible and do not require hover to see.

  • 595555 - Downloading event subscriptions now includes the target column in csv.

  • 595576 - Bulk reactivation of disabled secrets that have deactivated templates will now work, consistent with the ability to activate them one by one with a disabled template.

  • 601841 - The API to create a group now has a flag to control behavior for pre-existing group names. The flag specifies whether the call should fail creating groups or if the API should generate a unique name by appending a suffix as it did historically.

  • 602588 - Added additional logging to clarify reasons for why a secret was skipped for remote password change.

  • 604097 - Increased the timeout period for Discovery scans to two days to allow longer running scans to complete without being cancelled.

  • 608229 - Opening a Secret in the side panel in platform when MFA is enabled will no longer throw a red banner.

  • 610542 - Fixed a timing issue that could cause localization keys to show instead of the actual text in platform.

  • 610768 - Added sorting to the Directory Account grid under the Discovery Network View.

  • 612788 - Fixed issue with being able to correct expired Azure AD Domain credentials for clients not yet using Sync Secrets

 

Improvements (7)

  • 603566 - New filters were added to the Entra ID Member Scanner to filter out external and On-Premises Synced Users.

  • 607408 - Improved logging for Resilient Secrets dates.

  • 609271 - Updated API to handle the "Quote Tokens" setting for Powershell Script Secret Dependencies.

  • 609923 - Improvement: Added a check to Platform configuration in Secret Server that prevents synchronization of Platform data (users, groups, roles, etc.) to Secret Server while migration from Secret Server to Platform is running.

  • 610216 - Details pages for Secret-associated Discovery accounts now include localized detailed messages below the Heartbeat failed error chip for all heartbeat failure statuses.

  • 610595 - Addressed an edge case where computers from a disabled Discovery source would still appear in Platform Inventory.

  • 611863 - Azure Active Directory renamed to Microsoft Entra domain on the directory services grid following Microsoft's renaming guidelines.

 

Friday, November 15, 2024

 

Fixed Issues (2)

  • 548022 - Updating roles on a group will no longer impact secret template permissions. Prior to this change the TemplateCreateSecret role would show on the roles tab and get removed on update of roles.

  • 558857 - New UI for selecting restricted lists on teams. Allows user to select and manage more than 60 lists.

 

Improvements (3)

  • 607689 - Accounts with heartbeat failure status on associated Secret, displaying an Error chip in the Network View, now show a Heartbeat failed chip and message on details tab.

  • 607694 - Fixed issue where some Computer accounts showed Computer scan error chip in detail but not in the Network View grid.

  • 609150 - Added support for French (Canadian), Italian, Dutch, and Polish

 

Wednesday, November 13, 2024

 

New Engine Version: 8.4.39 (optional upgrade)

  • 579357 - Updated third party libraries.

 

Fixed Issues (17)

  • 537407 - Improvement: Sorting by a secret field for which there are no secrets now indicates such instead of just displaying an unknown column.

  • 545648 - Secret list field search is now working when adding lists to a secret.

  • 554463 - Improved: Audit logging for user and group changes.

  • 560728 - The activity items in the list on session recording have been simplified and extended details now appear below the video when a user clicks.

  • 563529 - Fixed: UI issue on report schedule page where unchecking "send email" for report distribution blocked saving.

  • 584024 - Multiline text will now format correctly when exported to .csv.

  • 593023 - Fixed: Saving ticket system as publicly available now saves properly.

  • 593348 - Fixed: Entra ID discovery can now identify members of a role who are assigned to that role through a group.

  • 596532 - If a secret policy security tab is updated secrets using this policy will remain checked out unless the policy enforces checked out false. Prior to this checkout status would be cleared without applying any hooks or RPC on checkin.

  • 596663 - Fixed: An issue where certain usernames were unable to automatically sudo with SSH Proxy.

  • 598083 - Fixed: An issue where failed video conversions would not clean up temp files.

  • 599089 - Improvement: A new user experience setting has been added called, "Separate Secret Audit for Comment." When this is true, a secret that requires comment will have an additional audit entry with an action of "Comment."

  • This allows a secret to be commented on and checked out but not viewed. Without this setting the secret audit will show a "View" action with the comment text and then the checkout. Now you will see "Comment," "Checkout," and then "View" only once they have actually viewed the secret.

  • 599966 - Fixed: Platform/SSC to Onprem SS DR was unable to login as a Platform user. Added code to copy the custom URL from secret server every five minutes and send it over to platform as a valid redirect URL

  • 603969 - Report editor layout clipping issues fixed

  • 603971 - Report editor sql runner will update columns when the sql columns are updated.

  • 610193 - Fixed: Issue for creating vendor users when instance is already at maximum user licensed count.

  • 610621 - UserId fixed for internal vault accounts

     

Improvements (12)

  • 572584 - Improvement: Added security hardening report and warnings to discourage or prevent password type changers that rely on JScape libraries due to security vulnerability.

  • 595758 - Fixed: Secrets with checkout and require comment will now have a combined option in the secret grid options menu for a secret. You can configure these to be separate as prior to this release in admin/user experience.

  • 596388 - Added the data source version number to Resilient Secrets data replication logs.

  • 602371 - Improvement: Added security hardening report and warnings to discourage or prevent password type changers that rely on JScape libraries due to security vulnerability.

  • 603328 - Improvement: Added logging to capture specific failure codes from Entra ID when performing heartbeat.

  • 603978 - Improvement: Password changers grid now includes columns for can edit and Secret usage count. Some additional filters were also added.

  • 603980 - Improvement: VaultBroker updating a URL requires a valid connection with the Secret Server instance before allowing updates.

  • 604471 - Improvement: Added security hardening report and warnings to discourage/prevent password type changers that rely on JScape libraries due to security vulnerability.

  • 605427 - Addressed an issue where customers without outbound internet access could be unable to generate session recordings.

  • 607213 - Improvement: Secret view interval can now be set to 120 minutes.

  • 608833 - Several discovery pages properly localized

  • 609745 - Improved: Performance of launcher session cleanup

 

Wednesday, October 30, 2024

 

Fixed Issues (2)

  • 588627 - Byte values should not be used in file sizes.

  • 521501 - Addressed issue where PRA sessions could be prematurely disconnected when session recording is enabled and launched from Secrets.

 

Tuesday, October 29, 2024

 

New Engine Version: 8.4.38 (optional upgrade)

  • 605427 - Updated video library. 

 

New Protocol Handler Version: 6.0.3.31 (optional upgrade)

  • 605427 - Updated video library. 

 

Fixed Issues (17)

  • 521501 - Session Recording report shows Realtime Active session result when navigating.

  • 530798 - Fixed bug where child launchers are unable to be disabled if linked to a disabled parent "Session Connector Launcher".

  • 542176 - The enforced secret progress bar on the policy page will now show 100% with deactivated secrets.

  • 543113 - UI enhancements for Discovery.

  • 567966 - Secret Policy Approval now allows for selecting lower levels of security.

  • 572321 - The asterisk should not show on the label.

  • 575449 - RPC retry attempts are no longer reset continually unless user action taken.

  • 581021 - Improved auditing around secret checkout.

  • 584452 - Ras launcher now shows inline when user has no "secret launch" permission in platform.

  • 592557 - Updated SSHProxy and related components to use v6.3.0 (SBB 2024).

  • 600718 - Settings Export now has the same flow as Settings Import, with: Password dialog before export Summary dialog showing what Settings categories were exported and redirect back to Export / Import page.

  • 601664 - Users can no longer update membership for synchronized groups.

  • 602655 - UI Advanced session recording collection page should adapt based on user setting and collection defaults, depending on the configuration chosen

  • 603354 - Creating a new cloud tenant shows provisioning status message if going directly to create user route.

  • 605091 - Fixed bug in snowflake setup that occurred when there were two "all vault users" groups.

  • 605205 - Updated some legacy links in inbox messages to point to the updated page.

  • 605339 - Dates in discovery network view could cause an error when certain user defined date formats were selected. Empty dates also now say empty instead of "Invalid Date"

     

Improvements (11)

  • 596122 - Secret fields that require edit to view will now show up (if you have the proper edit level) in the secret grid expanded inline row and dashboard preview panel.

  • {id}/preview/ now returns these fields where it previously excluded all fields that required edit to view regardless of your share permissions on the secret.

  • 596414 - Accounts with the Added Manually flag no longer show as errors in the grid. Accounts where the Error chip in the grid is due to failed heartbeat on the associated Secret now have a Heartbeat failed chip in the detail.

  • 600398 - Data Retention Audit preview panel now shows Notes as formatted text, so that e.g. each "Removed ## records from [table name]" is on a new line instead of run together.

  • 603167 - All reports will only download at most 500 records at a time, even when the page size is set to all. This prevents some reports with millions of records from attempting to load all million into the browser. A new "Download CSV" option was added to reports that do not have parameters. This option will stream the report directly from the database to the web browser. This allows for very large reports to be downloaded without experiencing memory limits. Reports with parameters will be added in a future release.

  • 603977 - Resilient secrets handles additional conflict scenarios between the source and replica

  • 604591 - Errors when getting permissions are now returned to a higher level handler and logged as part of the migration flow.

  • 604850 - Updated translation values that were still in english.

  • 605337 - Several view legacy buttons removed from custom launcher and discovery configuration and scanner setup, discovery scan template legacy pages redirect to existing updated page, several legacy audit pages removed and redirect to existing updated page.

  • 605545 - Several discovery and other page localizations fixed.

  • 605608 - Spanish language support added.

  • 607514 - Dashboard padding styles updated and link to view the report was moved into the widget options menu.

 

Thursday, October 17, 2024

 

Bug Fixes (1)

  • 605472 - Addressed an issue that could prevent user creation and mapping of users from Platform when pre-existing users had been disabled by Automatic User Disabling.

 

Wednesday, October 16, 2024

 

New Engine Version: 8.4.37 (optional upgrade)

  • 600415 - Entra ID heartbeat can now handle accounts that are pending MFA Enrollment. Added enhanced error handling to Entra ID account heartbeat. 

 

Bug Fixes (15)

  • 451250 - Addressed an issue where when editing a User the Duo Multifactor authentication option would be missing when Radius and Duo had already been configured and the user had the Administer Users permission. Addressed an issue where saving a User with the Duo Multifactor authentication option would throw an error when Radius and Duo had already been configured and the user had the Administer Users permission.

  • 563367 - Addressed an issue where the video recording tab would display for session recordings that were Keystroke only.

  • 588500 - Addressed missing labels in Discovery logs for accessibility.

  • 595931 - Addressed some accessibility issues on the secret templates list page.

  • 595952 - Accessibility: Discovery analysis page skipped h2

  • 596835 - Accessibility: Secret template permissions grid had an empty column header

  • 596846 - Accessibility: Inbox notifications read status column heading was empty

  • 597621 - When on prem has a cluster issue the license pages will now be accessible from any web node.

  • 599034 - Resolved accessibility issues on workflow and custom ssh cipher suites.

  • 599035 - Accessibility: Team home page was missing team name h1 title

  • 600415 - Entra ID heartbeat can now handle accounts that are pending MFA Enrollment.Added enhanced error handling to Entra ID account heartbeat.

  • 602673 - Fixed two logic errors (one in the Easy Move path and one in the External User Mapping path) that was causing a null ref when trying to create a new user incorrectly. Domain users that are disabled by AutomaticUserManagement will no longer incorrectly cause a duplicate local user to be generated during migration and no null ref audit will be generated.

  • 603148 - Addressed an issue where an exceptionally large foreign key in tbStatusMessage could cause errors when inserting records.

  • 595553 - Some single edit dialog fields were not properly linked to their label.

  • 599386 - Fixed issue with updating workflow step names.

 

Improvements (13)

  • 541011 - Guide dialogs now properly focus the guide and trap tab.

  • 541015 - Accessibility: Secret panel now has a close button within the panel for keyboard accessibility.

  • 599937 - Converted the Disaster Recovery audit to the new grid component.

  • 600029 - Converted the Disaster Recovery Log to the new grid component.

  • 600425 - Converted Directory Services Domain Audit to the new grid component.

  • 600639 - Export-Import Settings Audit - convert to page with thy-data-view

  • 600797 - Converted the Secret Erase List grids to the new grid component.

  • 601455 - The toggle expand and favorite star in the global right panel widget now properly have aria-labels, aria-controls, and aria-expanded tags.

  • 601459 - ITDR account created via OAuth Token or Messaging from Identity

  • 601917 - Updated grids on the Secret Erase approval and modal dialog.

  • 602245 - Updates to the opt-in flow. platform region field is now read only by default.

  • 603115 - Reduced Redis calls for many operations for performance purposes.

  • 601395 - Discovery pages are now accessible at /discovery instead of /admin/discovery. This change also decreases the pack size of the admin and discovery modules.

 

Monday, September 30, 2024

 

New Engine Version: 8.4.36 (optional upgrade)

  • 514188 - Fixed issue with MobaXterm launches and multiple credential save prompts.

     

Bug Fixes (21)

  • 513832 - Fixed an issue with sorting on the Groups tab in User Management

  • 514188 - Fixed issue with MobaXterm launches and multiple credential save prompts.

  • 543702 - Session Recording processing no longer causes a false Session Recording View event

  • 547577 - Event subscription language resource corrected for "Engine" and "Export Secrets" events.

  • 586528 - Resolved an issue where attempting to use a Session Connector launcher with `Open with Remote Access` would throw an error when attempting to launch

  • 587768 - Fixed a bug where the password changing field of discovery rules would not update. The password changing settings now persists for all discovery rules. 

  • 589194 - Fixed a bug where the source field of discovery rules would not update. Source settings now persist on all discovery rules 

  • 589824 - Fixed an issue where Entra ID Accounts could be mistakenly identified as Directory Accounts in the Discovery Network View.

  • 591870 - Migration work now takes into account users that have come from Platform (either Platform Native or Hybrid users) when migrating. It was indirectly ignoring them before under certain circumstances

  • 591954 - Fixed issue with connections remaining open with windows local account remote password changing.

  • 592981 - Password Dictionary uploads no longer fail due to unix line endings.

  • 593359 - Fixed issue that prevented Entra ID Roles from being automatically scanned by Discovery

  • 593909 - Attempting to log into an application account through the UI will no longer add a successful login audit for that user. Successful / failed login attempts are still logged. 

  • 595732 - Roles mapped to the "All Vault Users" group in Secret Server will now be mapped to the "Everybody" group in Platform after Migration runs if the "All Vault Users" group is selected for migration

  • 595945 - Accessibility: Report list page heading is now semantically correct

  • 595948 - Accessibility: Secret quick access page heading is now semantically correct

  • 596124 - In the SDK Client Management -> Client Onboarding Page, when viewing a user with an onboarding key required, if the key is visible in the side panel and you select another user with a key required, the key that is shown will now update to be the key associated with the most recently selected user. 

  • 596363 - Directory services will no longer appear in search when running in platform.

  • 596370 - Discovery computer scan results properly defaults to showing the last hour.

  • 599798 - Folder searches will now work when search text is in upper case. 

  • 600137 - Platform Users Metadata replicates fully to a Disaster Recovery replica instance.

 

Improvements (20)

  • 590933 - Discovery now has full detail pages for Entra entities and they also appear in the new larger panel.

  • 592264 - Added a precheck to ensure we don't try to migrate native/hybrid users that are missing their extended mapping, which likely would have resulted in strange duplication behavior

  • 592499 - Groups created in Platform now default to being set as Migrated for their migration state.

  • 592877 - The KB link for installing browser extensions takes you to the specific page and not just the documentation home.KB link fix when launching session without web password filler installed. Clicking OK should take you to the https://docs.delinea.com/online-help/secret-server/launcher-protocol-handler/launchers/procedures/web-launchers/wpf/index.htm?cshid=ChromeExtV2

  • 594831 - Convert the most used secrets grid to thy-grid

  • 595158 - Secret server reports can now be saved as a shortcut on the platform desktop.

  • 595160 - Report audit converted to the new grid.

  • 595730 - The team members list page has been updated for easier adding and removing of members. The entire domain inclusion option has been moved to the team general tab.

  • 596411 - Updated Platform Migration Prechecks Added new Information Precheck type

  • 596413 - QuantumLock audit grid updated to latest component

  • 596555 - Convert user secrets tab to thy-grid

  • 596585 - Convert password dictionary grid to thy-grid

  • 597484 - You can now pick values less than 4 in the min platform sync configuration

  • 597971 - ss grid to thy-grid conversion.

  • 599147 - Converted Team audit from ss-grid to thy-grid. 

  • 599421 - Creating new active directory discovery source is now full page instead of in a modal.

  • 599717 - Session monitoring routes updated to no longer include /admin.

  • 599735 - thy-data-view conversion completed

  • 600375 - Converted Data Retention audit from ss-grid to thy-grid. 

  • 600664 - For Secret Server Cloud customers integrated with Platform, disabled the underlying "Create Groups During Synchronization" setting which was previously able to be enabled, and already disabled for the vast majority of customers. This setting would automatically create domain groups during synchronization, which we now require to be specifically created. Platform Cloud groups are already automatically created and this behavior is unaffected.

 

Tuesday, September 10, 2024

 

New Engine Version: 8.4.35 (optional upgrade)

  • 502584 - Adjusted Secret Server and distributed engine to support 3.x versions of SAP .NET Connector.

  • 593302 - Changed Entra ID Discovery Scanner so it returns UPN for Account Name instead of Display Name.

 

New Protocol Handler Version: 6.0.3.29 (optional upgrade)

  • 472836 - Fixed: Session recordings appeared very zoomed out.

 

Bug Fixes (16)

  • 541150 - When Radius two factor authentication login page loads for secret server, focus is now set to the password box so you do not have to click it before typing.

  • 561895 - Fixed: Workflow Approval email "View this item" contained incorrect link, not directing users to a page where they can approve the request

  • 575589 - Disaster Recovery feature now replicates Open LDAP domain sync settings

  • 575896 - Enabled Entra ID Password Changer to appropriately handle heartbeat on accounts where MFA is applied through a Conditional Access Policy.

  • 578673 - Localization updates on the scripting pages.

  • 578682 - Inbox templates, rules, and resource grids converted to latest component grid.

  • 579434 - Not applicable, bug fix backend technical details only with no change to customer experience.

  • 580806 - Addressed issue where making changes to Teams members might not fully save.

  • 588497 - Improved accessibility on the Discovery Network view.

  • 589977 - Addressed red banner issue on Session monitoring page when using v2 grid filters

  • 592586 - Filter close and add button are now properly labelled for accessibility.

  • 593531 - In platform, the browse all link in the folder tree that appeared after 1000 folders were shown was missing /vault in the url.

  • 593947 - When you launch a secret that requires checkout you are no longer redirected to the secret detail page.

  • 594073 - Discovery scanner text had a typo in the scanner CID notation example text.

  • 595541 - Fixed typo in bulk record selection dialog.

  • 595556 - Inbox breadcrumb was going to a 404 and has been removed.

 

Improvements (7)

  • 584040 - User preferences moved from account tab to preferences tab in platform.

  • 590073 - OU column is now available on Discovery Network view.

  • 590111 - Discover log and computer scan logs filter updated to latest component for accessibility.

  • 591264 - Discovery network view now opens a larger panel with more information including the last error message. The large panel supports wider screen sizes as well to give side by side viewing of the grid and panel.

  • 592094 - Bulk Sync does 1 insert SQL for list of Users and not 1 per User.

  • 592713 - Category list converted to latest grid component

  • 594680 - Fixed a typo in Secret Erase Request

     

Wednesday, August 21, 2024

 

New Engine Version: 8.4.34 (optional upgrade)

  • 526057 - Fixed: Dependency run condition was not saved. Dependency changes run through distributed engine were not being logged due to conditions.

  • 588194 - Fixed: Distributed engine now respects the MaxShellsPerUser setting for PowerShell tasks. If the setting is set, engine will throttle tasks that leverage PowerShell and requeue messages that are over quota.

 

Bug Fixes (13)

  • 477012 - "What Secrets have failed heartbeat?" no longer shows secret with a failed heartbeat when their template has heartbeats turned off.

  • 563019 - Fixed: "Minimum Required Character Count Rules" on password requirements reverts when updating other things on password requirements.

  • 572635 - Fixed: RPC errors for SAP template secrets, which were occurring with SAP "systemuser" user types, even when using a privileged account during the RPC.

  • 580662 - Expanding the folder row in a secret grid informs the user inline if they lack access to see the folder owners instead of redirecting to a full access denied error page.

  • 586300 - When a date is downloaded from a grid it properly formats according to the selected download date format.

  • 586768 - Enhancement: SQL editor dialog is now full viewport height and width

  • 586770 - Change: Discovery accounts bulk action checkboxes removed on some pages where they were not necessary

  • 589002 - Token name wrapping issue fixed on secret dependency dialog.

  • 589949 - Fixed Component Library date range component so that the filtering works as expected.

  • 590045 - Prevented an issue for Platform customers when discovered Entra Roles would be seen under Platform Inventory as computers

  • 590058 - Fixed: Azure AD synchronization did not handle groups with null ADGuid fields. Added filter criteria in Thycotic.ActiveDirectory to filter out cases causing errors.

  • 590449 - Fixed: An issue where active users in inactive domains (an exceedingly rare edge case that we do not natively support) caused groups to fail importing valid users.

  • 592169 - Fixed: A duplicate group was created when Platform syncs back to SS after a group is migrated.

 

Improvements (3)

  • 564373 - Optimized storage calls.

  • 580552 - Fixed: Group sharing with Secret Server secrets for groups would not trigger a sync for all existing users in Secret Server.

  • 588435 - Enhancement: Converted grids on 3 Automatic Export pages (Audit, Log and Storage) to thy-data-view for consistent look/feel and functionality, such as allowing Notes field to be fully viewed in right panel on row click rather than via tooltip.

 

Monday, August 12, 2024

 

Bug Fixes (15)

  • 571356 - Adjusted the location of and query of the EventQueue cleanup process

  • 575347 - IBM code editor resources properly shared to allow editor to load

  • 575509 - Improved error reporting when activating Secrets.

  • 581802 - Addressed some edge cases related to Platform Federation that could result in a group losing its members in Secret Server.

  • 584012 - Addressed issue that could occur when adding certain categories of users via Platform migration.

  • 585562 - Centered the report editor dialog.

  • 585573 - Corrected links on the about page.

  • 585612 - A duplicate role assignment during migration was fixed so that the migration matches what was in SS.

  • 586275 - Addressed issue during Platform migration that could cause errors when large numbers of users were migrated.

  • 586525 - Updated Platform migration to allow AD users without an email to migrate.

  • 589332 - Resolved an issue wherein creating an access request with custom dates/times displayed an incorrect warning or had incorrect dates/times when approved.

  • 589821 - Addressed a very rare edge case where a synchronized AD or Azure AD group flagged as "SynchronizeNow" that is also inactive could block synchronization from running indefinitely.

  • 589974 - Resolved an issue that prevented creation of Empty Discovery Sources.

  • 590045 - Prevented an issue for Platform customers when discovered Entra Roles would be seen under Platform Inventory as computers .

  • 590585 - Fixed typo on the session monitoring page.

 

Improvements (8)

  • 481413 - Recording icon overlay added to the Open-with-RAS link.

  • 572307 - Added a RAS-linked Secret workflow that prompts for checkout.

  • 582196 - A setting to redirect all users to log in through platform was added to platform integration settings. This currently defaults to "Off".

  • 584579 - Sorting of sites will now be in alphabetical order in dropdowns, lists, etc

  • 584837 - Secret audits now have the ability to filter by audit action type via a multiselect filter.

  • 585410 - Increased the size of the panel used on the discovery network view.

  • 589245 - When Secret Server is integrated with Platform, and a federated user logs and connects to an AD user in Secret Server, the platform sync can remove AD groups (from Secret Server AD Synchronization) as this is not a supported configuration. Now we will prevent the removal of AD groups from a Secret Server user during Platform synchronization if the connected Platform user source is Federation. Platform synchronization of groups when a Platform user source is Active Directory/Connector and the Secret Server user is an Active Directory user will work as before. We are doing this as harm reduction until the configuration in Platform is set up to be compatible with supported scenarios.

  • 589326 - Converted Backup Audit grid to thy-data-view, allowing Notes field to be fully viewed in right panel on row click, rather than via tooltip. Replaced Advanced Session Recording Config Audit modal with new page & converted grid to thy-data-view as above.

 

Saturday, August 3, 2024

 

Bug Fixes (18)

  • 476311 - Corrected an issue where the ServiceNow integration could fail with a misleading error due to a space in the Domain Name.

  • 537896 - Fixed: Added support for Cisco devices when using a question mark after the command or partial command. This allows Cisco to work as normal, while not allowing the blocked commands.

  • 540664 - Enhancement: Added "RPC PRIVILEGED SECRET UPDATED" and "RPC PRIVILEGED SECRET REMOVED" events to audits.

  • 552696 - Fixed: Updated Discovery Network view to better handle extremely large record numbers.

  • 568507 - Addressed an issue where when viewing the access request inbox the request start date and requested date were transposed

  • 572035 - Fixed: Secret password compliance is now calculated when a password is updated to empty and the password is not required. Prior to this, the secret would maintain the compliance flag that was calculated when the password had a value. A password with some characters might fail compliance, but if there is no password and it is not required, then it is compliant.

  • 573135 - Resolved a UI issue with Discovery Import

  • 582550 - Addressed an issue where some administrative links could display in Secret Server Cloud even though they were only applicable to on-premises.

  • 584226 - Fixed: During forwarding of inventory data from discovery in Secret Server to Platform inventory, with large amounts of computers, the processes could time out. Made the database calls more efficient and the process no longer times out.

  • 584465 - Fixed the "view detail" link on the user detail panel.

  • 584799 - Fixed a check-in bug that caused a red banner warning.

  • 584801 - Fixed: Added null checks for username.

  • 584875 - Fixed main navigation alignment issues.

  • 585192 - Corrected an issue where the duplicate Secret dialog modal would not show the title.

  • 585251 - Addressed language resource not found issue on user, groups, and teams page.

  • 585268 - Suggested secret template toggle when creating an inline secret from new discovery source is now more closely positioned to the template list to be more clear.

  • 585834 - Resolved an issue that caused SAML logins to fail, resulting in a rollback of the previous update.

  • 586850 - Aria label added to inline secret preview copy buttons. Main search category toggles now keyboard accessible.

 

Improvements (12)

  • 575660 - Change: Admin breadcrumb renamed to Settings.

  • 579389 - Create secret REST API now accepts optional parameters for privileged secret ID and associated secrets.

  • 580331 - Change: Platform now specifies "Secret Server" configuration.

  • 582019 - Adjusted numerous incorrect documentation links to point to delinea.center.

  • 582908 - swid/eulas updated

  • 583960 - Enhancement: Converted key management to the latest design and added a verification checkbox confirmation step.

  • 584585 - Change: Removed the color mode toggle from the top navigation as it is available under user preferences.

  • 584807 - Added correlation id to the authentication failed page for easier troubleshooting assistance.

  • 585086 - Remaining KB links now point to docs.delinea.com instead of delinea.center.

  • 585305 - Most KB links now point to docs.delinea.com instead of delinea.center for redirects to the KB article.

  • 585418 - RequirePlatformMfa field has been deprecated.

  • 585626 - User list detail link added back based on a lot of user feedback.

 

Friday, July 19, 2024

 

New Engine Version: 8.4.33 (optional upgrade)

  • 441099 - Multiple X11 applications can be used simultaneously. Prior version multiple apps or app reconnections would cause the app to crash.

  • 477780 - Fixed an issue where LDAP sync via distributed engines would not work when the base DN was different from DC.

  • 478300 - Addressed an issue with parameter binding for Oracle scripts.

  • 479769 - Improvement: Added support for LDAP RFC2307 group membership, used in OpenLDAP.

  • 486255 - Updated Oracle password changing to support different 'Is Sys' levels for changing and verification.

  • 489289 - Fixed issues related to RabbitMQ channel and queue growth and corruption-related issues due to connection interruption causing premature queue deletion.

  • 501125 - Fixed the default timestamp format for CEF.

  • 506005 - AD Privilege Password changer now has Remote Password Change timeout minutes Advanced Setting.

  • 506528 - Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling

  • 511167 - Fixed and issue where the SSH Proxy would stop processing new incoming connections.

  • 518679 - RDP over SSH Proxy bus timeout crash fixed

  • 534582 - Enhancement: Discovery port scanner now aborts if elapsed time expires prior to windows TCP handshake. Discovery port scanner will now also log a helpful message if the windows TCP stack aborts due to reaching the windows internal max syn retry count.

  • 535856 - Fixed an issue so the SSH Proxy's processing delay is now respected and defaults to 0, no delay.

  • 556226 - Fixed an issue where a distributed engine would not start when proxying was enabled.

  • 153498 - Distributed Engine installer will now always replace all files on upgrade.

  • 445544 - Enhancement: Applied several SSH Proxy optimizations to increase performance and throughput.

  • 473089 - Improvement: Cipher Suite Configuration now allows configuration of allowed Host Key Algorithms.

  • 514162 - Updated process for populating a forthcoming computer-centric view.

  • 524681 - Discovery forwarding to Asset updates, DN field added and duplicates are now handled.

  • 537145 - Fixed a bug where a distributed engine ignored the "tasks Should Respect MaxShells restrictions" setting.

  • 572895 - Fixed a bug where distributed engines ignored MaxShells restrictions.

  • 574681 - Enhancement: Improved startup logging for distributed engines.

  • 575093 - Fixed a bug where distributed engines ignored WinRM quota limits.

  • 584860 - Improved functionality around PowerShell throttling.

 

 

Friday, July 12, 2024

 

Bug Fixes (15)

  • 489272 - Fixed issue where the Maximum Log Length was not used to truncate the System Log.

  • 508176 - SSH keepalives sent to the proxy are now relayed to the endpoint server.

  • 548902 - Newer versions of safari should now be able to play session recordings in platform.

  • 572056 - Updated user sorting to cover Two Factor Auth.

  • 575512 - Addressed an issue during Platform Group synchronization where Groups with long names would cause an error.

  • 577469 - Fixed an issue where recorded sessions from secrets requiring checkout would be terminated before the checkout expired. This occurred when the secret also required MFA and the MFA passthrough time was less than the checkout time.

  • 577492 - Reduced situations where a check-in error could occur when already checked-in.

  • 577547 - Addressed an issue where the "All time" filter on the in box might not show all results.

  • 577798 - Added a "test syslog" button to the syslog pages in configuration.

  • 581360 - A secret with a list field that had no list entries will no longer cause an error when attempting to view the list field that is assigned on the secret list tab.

  • 581988 - Corrected localization for proxy in Platform.

  • 582184 - A user that did not have the view launcher password role permission was unable to create a secret that had a required password as the password field would be hidden on create.

  • 582321 - Addressed incorrect access checks around reports.

  • 582929 - When the left nav was collapsed the flyout menu did not scroll correctly.

  • 584008 - Site name now wraps instead of truncating on the sites and engine page so you can read the whole site name.

 

Improvements (2)

  • 582197 - Added landing page for when the user is unable to access secret server instead of showing banners.

  • 584146 - Removed links to legacy discovery create pages

 

Tuesday, July 2, 2024

 

Bug Fixes (7)

  • 551473 - CSP fields for frame-ancestors.

  • 570452 - SSL menu item removed as it is not an option that can be modified in cloud

  • 573165 - SSH key expiration configuration value now displays correctly

  • 578683 - Corrected some localization issues.

  • 578843 - Login SSH key menu showing properly in cloud when configured

  • 578940 - Heartbeat pending chip no longer shows when heartbeat is disabled on the template and the pending status did not complete before it was disabled.

  • 580728 - Mobile logo now properly showing

     

Improvements (8)

  • 561554 - There is now a direct link for launching connection manager

  • 564497 - Discovery runtime summary information now correctly accessible for screen readers

  • 572979 - Updated the User profile menu to have more consistent styling and include additional links to the account details page.

  • 573164 - The delinea.vault/secretserver/access has been removed. This no longer controls Secret Server access for platform users.

  • 574148 - Associated secrets will now show "No Access" in the secret name if you do not have access to it.

  • 575128 - Improved Delinea Workload Service search for Secrets to exclude Secrets that are restricted.

  • 575222 - On premise will now show a diagnostics section under settings in the left nav

  • 579212 - Added DSV links to the Platform settings page.

 

Friday, June 21, 2024

 

Bug Fixes (5)

  • 476386 - Fixed ServiceNow allowed status validation over Distributed Engine.

  • 574028 - Fixed a bug with running disaster recovery data replication from an older source to a newer replica

  • 575361 - Addressed an issue where a launcher type field that was replicated via resilient secrets would not function with all promptable field names.

  • 577931 - Resolved issue on Secret Permission when a lot of user and groups had been selected and only the 60 were saved when edited again. Resolved for teams selection as well.

  • 578910 - Addressed one scenario where a backend process that publishes session information would error.

 

Improvements (1)

  • 567150 - Improved error handling for Entra ID password changing.

 

Friday, June 14, 2024

 

NOTE: In Platform and when using the API, authentication errors will now be reported with a 401 status code (Unauthorized) instead of a 403 status code (Forbidden). This separates expired or invalid authentication errors from errors where an authenticated user does not have access to a resource.

 

Bug Fixes (20)

  • 542545 - Updated the category list pages to the latest design.

  • 555126 - Corrected issue with the Toggle Folder Panel in Platform.

  • 565938 - Fixed issue with "What folder permissions exist" report - Groups with no active users now properly included on the report

  • 566972 - Re-added the Test Archive Access button to the session recording page.

  • 568958 - Clear cached AD credentials button added in cloud.

  • 569959 - New import secret page allows you to import when global setting requires secrets in folders.

  • 570294 - Folder path now shows when specified in secret import preview

  • 570657 - The folder tree will now be updated when unlimited admin mode is toggled on / off

  • 572304 - Updated the Secret launch with computer layout to have the needed spacing.

  • 572942 - Secret import now correctly disables allowing duplicate secret names when configured globally.

  • 572981 - Favorite Star should properly fill in when an item is favorited.

  • 573201 - Unlimited admin mode audit dialog now correctly aligned

  • 574890 - Corrected an issue when 'migrating' AD users to Platform where their mapping records were not being added.

  • 575105 - Corrected color on the Opt-in button.

  • 575154 - In certain scenarios only the first 30 subfolders would be loaded on initial load for a single folder.

  • 575166 - In some scenarios the folder tree would not auto-expand when linking directly to a folder.

  • 575624 - Authentication errors will now be 401s for api requests and in platform.

  • 575751 - Customers who had Easy Move to Platform had duplicate groups created in Secret Server and the existing permissions from the original Secret Server group were not honored. It will now disable this new duplicate group and connect the original group to the platform group as originally expected.

  • 575761 - Corrected issue where the Platform guid was not always applied to non-AD groups during migration.

  • 576361 - Removed unnecessary migration pre-check that required email addresses on AD users.

 

Improvements (25)

  • 470439 - Added User Lockout Protection setting to Domain.

  • 555769 - Server nodes page converted and design updated

  • 563855 - Updated the include subfolders setting to be remembered across sessions.

  • 564496 - SQL report editor properly announced for accessibility.

  • 567849 - The left nav folder tree will now expand on focus to show longer folder names.

  • 567896 - Re-added the Test syslog button to the new config.

  • 568373 - For on prem installation the clear upgrade in progress button has been added to the diagnostics section

  • 569083 - Left nav will now default to open for new users.

  • 569704 - Updated padding on page title action buttons.

  • 570278 - Updated the style of the date time range picker.

  • 570289 - Grid filter preview available

  • 570589 - Adjusted Secret tab pending password change status to be a chip instead of a banner.

  • 570591 - Adjusted Secret overview tab to not use a banner for heartbeat failed.

  • 570825 - Pinned folders re-root the tree to the selected pinned folder.

  • 570937 - Searching in all secrets now shows the full folder path for folder search results.

  • 571192 - Updated the Secret picker to show that the Owner is required when necessary.

  • 571306 - When viewing folder targets for event pipeline policies the full path is now shown

  • 571314 - Updated SDK client page to be visible in platform.

  • 572977 - Corrected sorting issues with the Secret grid.

  • 572985 - Updated font size on search category buttons to be more consistent with the rest of the platform, and removed the checkmark when an option in selected.

  • 573107 - Updated password compliance label to a chip.

  • 574025 - Fixed incorrect Secret search totals when filtering by multiple templates.

  • 575819 - User list username is no longer a link. View details link is in menu and preview panel. Link was sometimes unusable.

  • 575860 - Heartbeat and password compliance notices now use chips instead of banners

  • 575912 - Updated Redis library for improved Redis operations.

 

Friday, May 31, 2024

 

Bug Fixes (4)

  • 542606 - The Secret Session table is now managed and part of the supported tables of the Data Retention feature. Secret session records will now be truncated in accordance to the existing Data Retention configuration

  • . Please make sure to review your organization's Data Retention "Max Record Age" settings.

  • 547002 - Updated Putty to version 0.81. Updated version addresses several Putty vulnerabilities, including the Terrapin vulnerability.

  • 561240 - Fixed an issue where deleting computers from the discovery network view failed to show a confirmation dialog box before continuing.

  • 572862 - Improved caching around unified mode enabling.

     

Improvements (4)

  • 411578 - Adjusted new tenant defaults to have data retention and session recording retention enabled and set to 1 year.

  • 566639 - When a Secret Server is integrated with a Platform tenant, any Platform cloud groups will automatically and quickly be created in Secret Server to be available for permission delegation.

  • 571089 - Users and Roles now always shows in SSC even if in unified mode, but still hidden when using platform

  • 574153 - Removed a variety of older Secret form pages that have been fully replaced with Angular.

 

Friday, May 17, 2024

 

New Engine Version: 8.4.32 (optional upgrade)

  • 560726 - AIX support for SSH Proxy su automatic password entry.

 

New Protocol Handler Version: 6.0.3.28.

  • Updates the included Putty to version 0.81 to address Terrapin.

 

Bug Fixes (7)

  • 517570 - Fixed issue with "su -id" command was failing when the user did not have access to view the password for the secret they were elevating to.

  • 560726 - AIX support for SSH Proxy su automatic password entry.

  • 561547 - Fixed issue where Secret server users with MFA enabled would be incorrectly sent to the home page on login, instead of the page they were attempting to access.

  • 561933 - Corrected text formatting issue on the Disaster Recovery page.

  • 563424 - Fixed "Secret Erase" translation in some non-English languages.

  • 571418 - Corrected link from the license expiration banner.

  • 571694 - Addressed caching issues related to enabling unified mode.

     

Improvements (1)

  • 571357 - Extended the Migration Center to migrate all active roles.

 

Monday, May 13, 2024

 

Bug Fixes (5)

  • 476748 - Reduced back-end erroneous errors when running the database cleanup job in Cloud.

  • 557611 - Updated the log message to clearly indicate when a password sets the next run time and is not doing a change attempt.

  • 563361 - Fixed UI issue where some site connectors were incorrectly showing as disabled.

  • 567283 - Fixed a bug when performing bulk User operations where the selected UserIds matched SecretIds that have Multifactor Authentication Enabled which prevented the bulk User operation.

  • 567513 - Fixed visual bug when checking out a secret.

Improvements (1)

  • 563589 - Corrected licensing for MFA on Secrets - a Professional license or higher is now required. Previously configured Secrets will continue to work even in Vault edition until disabled, but Secrets that do not have MFA configured will require Professional or above.

 

Friday, May 3, 2024

 

New Engine Version: 8.4.31 (optional upgrade)

  • 568618 - Corrected issue where the issued Azure Service Bus token would expire after one week and not refresh.

 

Bug Fixes (15)

  • 504819 - Handling secrets that fail heartbeat/password changes when using a powershell script and the MaxShellsPerUser exception is thrown For heartbeat: Added a new heartbeat status called "NeedsImmediateRetry" to

  • bypass the secret template retry interval.For Password Change: The retry attempts are not increased after fail.

  • 508175 - Added same site attribute to cookies defined in card. Same Site attribute value set to lax

  • 560213 - Significantly improved the performance of Secret Search when using Secret fields that are exposed for display.

  • 561240 - Deleting computers from discovery network view now shows confirm delete dialog before continuing.

  • 566118 - Removing fields from discovery scan templates no longer throws disableField error

  • 566561 - Corrected key utilization within SOAP and REST api token generation.

  • 567532 - Corrected some easy move edge cases and display issues.

  • 567597 - Toggling favorite secret no longer triggers a grid refresh

  • 567598 - Corrected the loader display when filtering a grid.

  • 567715 - Corrected display issues where certain links that are only relevant for on-premises could display in Cloud.

  • 568130 - Fixed an issue with Distributed Engines using the Amqp response bus in cloud that could lose connectivity after a SSC upgrade

  • 568265 - Corrected typo on the Secret Server prompt message.

  • 568333 - Updated data view height when using summary templates.

  • 568618 - Corrected issue where the issued Azure Service Bus token would expire after one week and not refresh.

  • 568907 - Error dialog showing when adding a dependency with associated secrets now doesn't show.

Improvements (8)

  • 551238 - updated cipher grids to use components

  • 556271 - Converted Secret import to the new UI.

  • 557243 - Updated the Secret request page to show the Secret Name.

  • 567012 - Updated custom SSH cipher suite button text.

  • 567895 - Contact instructions for security issues are now available at ./well-known/Security as specified in RFC9116

  • 568176 - Updated user interface logo labels.

  • 568476 - SS user admin and role links are now on the top level all settings under the SS category header.

  • 568583 - Added the cloud subscriptions link back into the site map.

 

 

Saturday, April 20, 2024

 

New Engine Version: 8.4.30 (optional upgrade)

  • 463689 - Updated uninstaller to preserve the web-proxy.config file.

  • 487237 - Updated Secure Blackbox to latest version. Secure Blackbox FIPS support updated into documentation.

  • 543815 - Fixed an issue were a command would fail to enter vi or vim mode and would allow blocked commands. Also fixed an issue where using su before vi or vim would fail and would allow blocked commands.

  • 554526 - Fixed issue when Distributed Engine is testing for windows capabilities.

  • 406897 - Replaced deprecated packages for Azure Service Bus to new packages recommended by Microsoft.

  • 547004 - SSH functionality through Secure Blackbox updated to address Terrapin

  • 556432 - Updated Engine module loading to avoid a missing file causing an Engine to be unable to upgrade.

  • 558092 - Upgraded Azure Service Bus Libraries

 

Bug Fixes (8)

  • 487237 - Updated Secure Blackbox to latest version. Secure Blackbox FIPS support updated into documentation.

  • 543815 - Fixed an issue were a command would fail to enter vi or vim mode and would allow blocked commands. Also fixed an issue where using su before vi or vim would fail and would allow blocked commands.

  • 561354 - Fixed issue where the backup now button would disable and never re-enable.

  • 562590 - Re-added the Secret export/import links to the All Settings Category view.

  • 562698 - Removed unnecessary dividers between fields on the Secret Templates Launcher Mapping page.

  • 563342 - Addressed issue where viewing Discovery sites with removed scanners would cause an error.

  • 564162 - Addressed issue where searching for a quotation mark could cause an error.

  • 566051 - Addressed issue where launching a Secret from the new Search experience would launch the first Secret from the results returned, not the clicked Secret.

 

Improvements (6)

  • 547004 - SSH functionality through Secure Blackbox updated to address Terrapin

  • 548094 - Created a password changer for Microsoft Azure/Entra ID accounts (including those with MFA enabled), so the passwords for these accounts can be rotated.

  • 549242 - Changed casing from title casing to sentence casing.

  • 555234 - Improved processing of user update messages.

  • 558536 - Updated role assignment mechanism during migration.

  • 563850 - Removed the word General from various settings labels.

 

Friday, April 12, 2024

 

Bug Fixes (1)

  • 566422 - Corrected a critical security vulnerability in the SOAP webservice.

 

Friday, April 5, 2024

 

New Engine Version: 8.4.27 (optional upgrade)

  • 561183 - Updated Password Changers library structure and flow to better support upcoming SaaS changers.

 

Bug Fixes (7)

  • 475852 - Fixed an issue with adding discovery sources that match the domain of a current Secret and was unmatched in the Domain Name Index table.

  • 535627 - Increased back end performance of EventQueue processing when there are a large number of inbox rules.

  • 540958 - Only users who own a secret can view the TOTP backup codes now. Before it was only the TOTP keys that were hidden.

  • 551472 - The OpenIdConnect flow has been adjusted to validate the redirection URI.

  • 557935 - Addressed some issues that could cause incorrect group/user interactions between Secret Server and Platform.

  • 558080 - Fixed issue where ticket number would not be present in SIEM logging.

  • 562496 - Resolved policy validation issue if using a $itemvariable.variablename in Schedule Pipeline minutes.

 

Improvements (2)

  • 560171 - Addressed an issue that could cause duplicate cached permission records.

  • 562675 - Changed RPC label to "Remote Password Changing"

     

 

Wednesday, March 27, 2024

 

Bug Fixes (14)

  • 512823 - Fixed issue with SecureCRT failing to connect to Terminal with Public Key and 2FA on.

  • 528161 - The endpoint `/api/v1/secret-access-requests` has been adjusted to be more performant.

  • 541496 - Going to Platform Groups and removing (disabling) a group, then searching Platform and re-adding that group will no longer make a duplicate and will instead enable the existing group. Additionally, Platform group synchronization will ignore all disabled groups when making membership changes.

  • 542478 - Improved redirect validation.

  • 542584 - (Security) Resource Key used in UserMessage.aspx redirect lookup is now sanitized to prevent xpath injection

  • 547621 - Prevented an edge case that could rarely result in an infinite loop when processing a Secret Template field encryption state change.

  • 548478 - If a group has been imported from Platform from an AD source, and then added into Directory Synchronization as an AD group, it will re-use that Platform group rather than create a new group.

  • 552455 - When a syslog server is configured to use a DE and is having connection issues, it can trigger a restart of the DE interrupting proxy sessions. Now, the syslog circuit breaker will not trigger a restart of the DE.

  • 554105 - Addressed issue where the launcher icon could show when launchers are not allowed.

  • 557457 - Fix to cover some edge vaultbroker service account issues

  • 557889 - Improved the handling of duplicate platform permissions and added a delta to clean up existing duplicates.

  • 557985 - Fixed Start Date and Queue Date on the pipeline activity when viewing individual runs.

  • 558034 - Reduced frequency of pre-audit validation errors.

  • 558045 - Addressed an issue where in some circumstances RDP proxy keystrokes would not appear in the session recording viewer.

 

Improvements (3)

  • 550148 - Improved performance of Secret Search when searching within the context of a folder.

  • 554970 - Added configurable IP source - this allows the Secret Server admin to determine whether the IP address that Secret Server attributes to the request comes from the X-Forwarded-For header or from the externally visible IP Address that contacts the WAF.

  • 562403 - Addressed a timing edge case where Platform Service accounts could be created as Hybrid instead of Native.

     

Friday, March 22, 2024

 

New Engine Version: 8.4.26 (optional upgrade)

  • 512823 - Fixed issue with SecureCRT failing to connect to Terminal with Public Key and 2FA on.

  • 545742 - DE Unhandled exception that disconnected all SSH Proxy users fixed.

 

Thursday, February 29, 2024

 

Bug Fixes (1)

552009 - Addressed back-end error when publishing audits to the Audit service.

 

Friday, February 23, 2024

 

Bug Fixes (4)

461433 - WPF allows launching to a freeform user input url.

503569 - Custom Proxied Launchers can now be mapped to Secret's list fields which behaves as an allow list restriction. Only allowed without the launchers Additional Field enabled. Only one list field can be used in

the mapping.

524551 - Max consecutive Character rules for passwords now work and are enforced as expected in the password field

548343 - Resolved Pre-checkout creating an extra pipeline policy activity entry that stayed in pending. .

Improvements (2)

550162 - Improved granularity of error handling when processing data as part of resilient Secrets.

551651 - Secret Template fields can now be passed-in as arguments to Ticket System scripts.

 

Friday, February 16, 2024

 

Bug Fixes (4)

  • 521462 - Addressed issue where the group members page was incorrectly showing a maximum of 59 users.

  • 550168 - Adjusted the Secret Checkout page to handle a case where users checking out a Secret with a failed Remote Password Change would potentially see a loading icon indefinitely.

  • 552914 - Updated Secret Permissions API to handle an edge case which could cause a null record to be incorrectly returned when the userid filter parameter was specified.

  • 554053 - Addressed an issue where terminating all sessions except the current session would log the user out and report an error.

 

Improvements (2)

  • 539602 - Added support for near-real-time processing of Platform user and group updates in Secret Server.

  • 554408 - Updated user profile and Secret Server to Angular 17.

 

Saturday, February 10, 2024

 

New Engine Version: 8.4.23 (optional upgrade)

  • 504819 - Handling secrets that fail heartbeat/password changes when using a powershell script and the MaxShellsPerUser exception is thrown For heartbeat: Added an new heartbeat status called "NeedsImmediateRetry" to bypass the secret template retry interval.For Password Change: The retry attempts are not increased after fail

 

Bug Fixes (4)

  • 533967 - Enhancement: Added new optional parameter "nobus=true" to the healthcheck endpoint. This allows a faster response in situations where no lookup of the bus status is required.

  • 543260 - Addressed an issue where discovery rules would not correctly display the selected secret template or password type.

  • 549906 - Updated the Secret Import to handle a trailing whitespace in the folder path to prevent bug where created the child folder at the root level.

  • 550776 - Fixed issue with QuantumLock Assign Users grid not displaying correctly after editing then cancelling.

Improvements (3)

  • DoubleLock is now QuantumLock - see full release notes for details.

  • 548346 - Enhancement: The schedule pipeline task in event pipeline policies now supports using a variable for the schedule delay input.

  • 548348 - Added a new setting to Ticket System Configuration to avoid prompting for a comment when "Comment not required" is configured.

  • 549699 - Platform users can now use step-up MFA to validate their identity when resetting QuantumLock passwords.

 

Friday, January 26, 2024

 

New Engine Version: 8.4.22 (optional upgrade)

  • 534582 - Discovery port scanner will now abort if elapsed time expires prior to windows TCP handshake. Discovery port scanner will now also log a helpful message if the windows TCP stack aborts due to reaching the windows internal max syn retry count. 

 

Bug Fixes (3)

  • 534582 - Discovery port scanner will now abort if elapsed time expires prior to windows TCP handshake. Discovery port scanner will now also log a helpful message if the windows TCP stack aborts due to reaching the windows internal max syn retry count.

  • 545912 - Folder audit download now shows correct title.

  • 548299 - Extended timeout for some indexing steps for customers with over one million secrets.

Improvements (2)

  • 544948 - Add Note to Audit when System Disables a Secret Server User

 

Friday, January 19, 2024

 

Bug Fixes (14)

  • 478003 - A new option has been added to the Distributed Engine page for configuring `Pending Engines` that allows a pending engine to be assigned to a site without activation.

  • 502594 - Fixed an issue where the folder tree disappeared when there were more than 1,000 folders accessed and UAM was enabled.

  • 532265 - Fixed display issue for Secret edit modal on Discovery scope page.

  • 545234 - Fixed bug where changing the Client ID does not update unless the Client Secret is updated as well.

  • 546047 - Password Compliance Validation job has been adjusted to process more secrets on each run.

  • 547110 - Fixed UI issue that could occur when using RAS with an on-premises Secret Server and using the left nav drawer.

  • 547626 - Fixed issue which caused folder permissions to not to update under specific circumstances.

  • 547884 - Improved exception logging for certain scenarios related to launching.

  • 548169 - Corrected an issue where enabled labels were not always shown next to State checkboxes in edit mode.

  • 548265 - Fixed an issue that could cause the host name to not be passed correctly when launching RAS from Inventory view in Platform.

  • 548952 - Discovery splash image margin corrected.

  • 549159 - Corrected an issue where searching for a Secret name using a substring within a single word would not always return results.

  • 549167 - Dashboard overview tab is selected by default again.

  • 549245 - Corrected an issue where the new folder button would be incorrectly hidden in certain situations when displayed from Platform.

     

Improvements (5)

  • 408565 - On-prem HSM pages converted to the new UI framework.

  • 535382 - Updated files as required

  • 542401 - Updated the ticket system detail page to the modern UI framework.

  • 546998 - Added Computer Scan Results tab to Discovery.

  • 548480 - The "Enable Audit Integration" on the Platform Configuration page can now be turned on

 

Wednesday, January 10, 2024

Bug Fixes (7)

  • 495563 - Addressed an issue where enabling RPC on a template through the API could impair the template's functionality.

  • 528038 - Fixed visual bug on Secret Templates, the password type dropdown will no longer appear as "None" if a password type has been set.

  • 529368 - Queries executed in the Chart and SQL Editor for Custom Reports will now take the Use Database Paging setting into account so that the result is the same as if the query was being saved as a report.

  • 541033 - Inventory forward from Secret Server to Platform will now forward new Platform type Zones

  • 546055 - On the Proxying configuration page, you can now automatically generate new ssh proxy host keys.

  • 547076 - Addressed an issue where Platform Synchronization was running too frequently in some cases.

  • 545309 - Updated Launcher Settings page to remove character limit from Process Arguments for Mac Settings.

Improvements (4)

  • 544993 - Secret search API now has a comma delimited filter parameter for template IDs which allows searching beyond IIS url limits compared to the existing array version. Both are still available.

  • 546014 - Corrected the link to the subscription page from the banner.

  • 546588 - Corrected the provisioning-in-progress message so that it does not endlessly reload.

  • 538680 - The "Require Multifactor Authentication By Platform Login" option will now step up to multi-factor authentication if needed in platform when trying to access Secret Server, replacing the previous behavior of blocking access. However, OpenID Connection logins (the Platform link on the Secret Server login page) currently will still deny and not step up if the default login does not multi factor authenticate.

 

Monday, December 18, 2023

 

New Engine Version: 8.4.21 (optional upgrade)

  • 541033 - Inventory forward from Secret Server to Platform will now forward new Platform type Zones.

 

Bug Fixes (18)

  • 491848 - Improved error handling on OpenId configuration page.

  • 502018 - Corrected an issue where the Distributed Engine page did not respect the "Deleted" filter.

  • 503479 - Renaming or copying "Oracle Account (Template Ver 2)" secret template no longer causes password changes to fail.

  • 513444 - Updated the EventDetails token within Event Subscriptions to correctly capture Secret comments.

  • 526602 - Set the GET SDK Client Account, SDK Client Audit and SDK Client Rule API calls to set the operator parameter to 1 if it is not supplied by the caller when a User Id filter is specified.

  • 533459 - Improve performance of secret search including secret search with extended fields.

  • 533509 - The documentation generator, in removing the "api" string from the beginning of all routes, was also removing embedded occurrences. It now removes it only from the start of the route strings.

  • 533728 - Session recordings in Secret Server Cloud shouldn't give errors of "The condition specified using HTTP conditional header(s) is not met." very often anymore.

  • 538570 - Fixed edge case bug if SSH Block Listing causes duplicate sessions that break SSH Proxy.

  • 540779 - Resilient Secrets (DR) will no longer send Secret Field Launchers across the wire unless appropriate tables have been modified

  • 541521 - Upgrade banner was always showing when auto-update was off. Now shows only if at least one engine is lower version than latest. Banner text referenced only "engine", which was potentially confusing; now mentions Distributed Engine explicitly.

  • 542029 - Corrected link to Dependency Templates on the Secret Dependency tab.

  • 542170 - Updated diagnostics page to correctly handle non-US date patterns.

  • 543398 - Corrected an issue where the child launcher type was not always visible on the new custom launcher page.

  • 543468 - Fixed issue with folder permission editing when updating path directly.

  • 543542 - Fixed logic error where the RAS flag was not being referenced before deciding to delete the database entry that reflected the additional users

  • 545014 - IBM password tooltips and banner color contrast issues fixed in dark mode.

  • 545100 - Fixed paging issue in secret sharing user selection.

     

Improvements (11)

  • 537344 - Secret server was update to use the same player for session recordings as platform

  • 540809 - Banner text referenced only "engine", which was potentially confusing; now mentions Distributed Engine explicitly.

  • 542451 - Added Event Subscription for Disaster Recovery Replication Success

  • 542454 - Fatal error is now persisted across the wire so the replica is aware that the source has a fatal error

  • 542593 - The legacy bookmarklet pages have been disabled.

  • 542623 - FeatureFlag logic added so that an additional 250 temporary users can be added for RAS cases

  • 543199 - Enhanced auditing of Password Change schedules.

  • 543298 - Launching a secret will open in a dialog allowing launch to occur without leaving the grid or current page. Restricted actions like checkout can be performed in the dialog.

  • 543439 - Initial user page has been converted to Angular.

  • 544952 - Event subscription and workflow grids updated grid ui

  • 544985 - Distributed engine log UI updated and it remembers your last selected site, system log grid UI updated and it remembers the last selected log level

 

Monday, December 4, 2023

Bug Fixes (7)

  • 491657 - Updated auditing for modifying allowed cipher suite algorithms.

  • 513233 - Addressed issue where the upper right search bar would not always switch to the selected Secret when a selected Secret was on a tab other than the General tab.

  • 536197 - Addressed an issue where the light mode collapsed toolbar showed the dark mode logo.

  • 541546 - Corrected an issue where pinned folders would not be removed when the corresponding folder was deleted.

  • 542465 - Corrected a client side error on the Secret Settings page when viewed from Platform.

  • 542558 - Corrected an issue where the Preserve SSH Client Process setting did not correctly display as checked.

  • 542589 - Corrected an issue wherein a Secret Erase Request could no longer be canceled.

     

Improvements (12)

  • 530664 - Secrets grid on Secret Erase Request Approval page was in a modal opened via a link button that was non-obvious in dark mode and nearly indistinguishable in light mode. This is now an inline grid with auto-scroll. Secrets grid modal on Secret Erase Requests search page (~/app/#/admin/secret-erase/list) formerly required a "Load More" click; now auto-scrolls.

  • 539332 - Ticket system list page updated

  • 539354 - Dependency changes list page UI updated

  • 539391 - Diagnostics page updated to the modern UI framework.

  • 540983 - Updated the toast message displayed when saving user preferences to accommodate screen readers.

  • 541012 - added aria labels to notification bell

  • 541016 - Updated user preferences page for better accessibility.

  • 541022 - Legacy ASPX pages for secret templates have been removed.

  • 541224 - Ticket system list page updated

  • 541225 - Dependency changes list page UI updated

  • 541602 - Cloud subscription page UI updated

  • 542401 - Updated the ticket system detail page to the modern UI framework.

 

Friday, November 17, 2023

 

New Engine Version: 8.4.20 (optional upgrade)

  • 537658 - Fixed incorrect logging error in the AuthenticateWithAdConsumer.

Bug Fixes (16)

  • 478923 - Fixed an issue where selecting Generate New SSH Key on a secret would not generate a new SSH key.

  • 513045 - Tweaked the "Distributed Engine issues" warning visible on login so that it does not erroneously display login may be impacted when Engines are not at play in the possible login flows.

  • 518373 - Corrected a display issue on the IP Address restrictions page.

  • 518747 - Updated Password Requirement audits to correctly audit missed fields.

  • 521138 - Addressed issue in directory sync where a search result with an attribute containing an empty list could cause an error.

  • 521579 - Adjusted license tracking for session recording enabled Secrets so that Secrets which have no launchers are excluded.

  • 522464 - Fixed issue with test script modal where reopening the modal would show the selected secret's id instead of its name.

  • 524156 - Improved internal security checking around launchers.

  • 537852 - Secret names on the RPC tab of a secret policy will now include "Inactive" if a secret is not active.

  • 537934 - Centered mfa security view - now left aligned text with centered icon and button.

  • 538405 - Fixed incorrect launcher edit field description.

  • 538649 - System group in Secret Server Cloud can now have metadata deleted.

  • 539172 - Corrected an error that could occur on the Advanced Session Recording page.

  • 539331 - Run RPC Now can no longer be run when RPC is disabled. Run Heartbeat Now can no longer be ran when Heartbeat is disabled.

  • 539341 - A link to configuration audits has been added to the Remote Password Changing page.

  • 540771 - Corrected an issue where unnecessary audits could be written.

 

Improvements (5)

  • 448852 - Clarified explanatory information on the Secret Import page to highlight that file fields are ignored.

  • 533634 - Adjusted organization of some administrative menu items in configuration preview.

  • 535620 - Extended editing functionality available on the user profile.

  • 538603 - Legacy user and group management aspx pages removed

  • 539098 - Legacy RPC admin page removed

 

 

Friday, November 3, 2023

 

New Engine Version: 8.4.19 (optional upgrade)

  • 521138 - Addressed issue in directory sync where a search result with an attribute containing an empty list could cause an error.

  • 537220 - Database test scripts can now be tested in distributed engine.

 

Bug Fixes (7)

  • 478923 - Fixed an issue where selecting Generate New SSH Key on a secret would not generate a new SSH key.

  • 514353 - HTML encoded kb link in discovery scanner corrected

  • 527494 - Addressed issue where sorting launchers by name the list could display duplicates.

  • 533914 - Fixed issue that could cause the Secret Picker to display with a horizontal scroll bar.

  • 537220 - Database test script can be tested in distributed engine

  • 537793 - Resolved an issue on Admin Roles page where the edit button for role permissions was mistakenly requiring "Administer Role Assignment" instead of "Administer Role Permission".

  • 538094 - Addressed issue where a proper validation message may not display when trying to give a duplicate name to a group.

Improvements (4)

  • 443834 - This is a parent task to organize kanban subtasks around removing smaller aspects and pieces of ServiceLocator

  • 527627 - Platform Configuration settings added to Disaster Recovery.

  • 530657 - Added "view all folders" link that appears when folders are filtered in a pin view.

  • 537175 - Converted Dependency Template management section to new UI.

 

Tuesday, October 31, 2023

Bug Fix (1)

  • 536170 - Reverted prematurely released report.

 

Friday, October 27, 2023

Bug Fixes (12)

  • 395571 - Addressed issue where the web launcher would not respect the mapped URL field when multiple URL fields existed on the Secret.

  • 501181 - Addressed issue where discovery import could result in an unhandled error.

  • 518722 - The login policy now supports line breaks.

  • 519051 - Folders in shared with me will now be filtered when searching.

  • 520458 - Switching pinned folders will reset the text search.

  • 520779 - Explicit definition of allowed http verbs.

  • 526215 - Long secret template names will wrap better in folder edit

  • 529283 - Folders in favorites quick access will now be filtered when searching.

  • 529317 - Clear button was enabled for multi select version of the user and group filter

  • 533379 - Can no longer click new secret multiple times when also uploading files

  • 536860 - Addressed issue where the SSH custom cipher was not applied when missing a value from the section.

  • 537074 - Addressed a missing localization key issue.

Improvements (8)

  • 466699 - Disaster recovery now migrates teams.

  • 523469 - Tweaked display of administrative items from Platform to avoid perceived duplication.

  • 524443 - Secret Server user licensing is now visible via Platform.

  • 526740 - Platform Permissions cached on Secret Server are now replicated so they will be respected on a replica instance

  • 528164 - Addressed incorrect capitalization.

  • 535178 - Added a running log to Disaster Recovery so progress and duration per table can be tracked during replication

  • 536170 - Added a new report that highlights which users are business users vs. IT users.

  • 536688 - Secret search performance improvements. The secret grid will only request extended fields that are showing. When column selections are updated a new request will be made if the extended field choices have changes.

 

Friday, October 20, 2023

Bug Fixes (10):

  • 511655 - There was an issue where if a non-local site was used to send syslog to the syslog server, any failed would be queued back into the database (tbsyslogfailedmessage) and resent indefinitely. This has been resolved. Additionally, a syslog circuit breaker system has been implemented if a non-local site is used to prevent flooding the message queues with syslog messages if it is expected they will fail.

  • 534271 - Addressed an edge case that could result in duplicate disabled user names, with possible DR conflict impact.

  • 534728 - Fixed error that could occur when creating a new folder with the folder panel minimized.

  • 534729 - Addressed an issue where the notification bell could show when there were no notifications.

  • 535138 - Addressed an issue that could cause an incorrect error message to display when using the SQL Report Editor.

  • 535489 - Addressed an issue where created hooks would not display on the Secret.

  • 535740 - Prevented Thycotic One sync from syncing Platform Native users. Allowed Platform Native users to log in in the rare situation they synced with Thycotic One, then the administrator cleared the system Platform User Mappings.

  • 535780 - Addressed an issue where localization load requests would await indefinitely in some cases.

  • 535962 - Addressed an issue where the Everybody group from Platform wouldn't match up properly with the Everybody group from Platform User sync. Corrected the display name of the Platform "Everybody" group.

  • 536336 - Fixed an issue when searching in Secret Share with the "Add from External Directory", using a search term that results in more than 2100 groups would throw an error.

Improvements (2):

  • 534212 - Fixed query for obtaining services for a Directory Account in Discovery Fixed check on Discovery Source Name when creating an empty discovery source

  • 536035 - Added new rest api patch method to controller which calls pre-existing latestversion.txt processing code

Friday, October 11, 2023

Bug Fixes (4):

  • 473425 - Performance improvements have been made to the "What Secret Permissions Exist?" report.

  • 480243 - Improved UI on the Collections management page for Advanced Session Recording Agents.

  • 522734 - Users will no longer be redirected from licensing page

  • 535182 - Fixed an issue where existing linked groups under the Platform Integration area, Groups tab would not load.

Friday, October 6, 2023

Bug Fixes (7):

  • 511763 - Addressed an issue where the following endpoint did not utilize the NumberOfBookmarkletSecretsToSelect advanced configuration setting: /api/v1/secret-extensions/search-by-url When the value is not assigned, the code defaults to 500 setting to 0 returns 0 records

  • 522887 - Corrected an issue where the synchronized groups displayed could sometimes return all the groups from the domain.

  • 528354 - Addressed an issue where the checkout screen could briefly show while a Secret is loading.

  • 529753 - UI performance issue when typing in text boxes on new secret has been resolved.

  • 530827 - Limited Mode now goes to the correct link in SSC cloud

  • 533769 - In prior upgrade file set for 11.6.3, fixed an issue with SQL Delta 11.5.000006. Removed a SQL hint on the SQL index that was incompatible with non-Enterprise editions prior to SQL Server 2016 SP1 due to a compatibility issue with data compression. The incompatible hint was not necessary so the delta was updated. Hashes for upgrade have been updated for this change.

  • 533946 - Updated the logout.aspx page to avoid errors being generated in rare cases when executing the SAML SLO flow.

Improvements (4):

  • 483752 - Updated Platform to show when the associated Secret Server Cloud instance has Unlimited Admin enabled.

  • 523719 - When Secret Server Cloud is Platform integrated, there is now an "Add from External Directory" option in secret sharing allowing searching Directory sources from Platform to add users or groups

  • 531310 - User profile allows for date / time format setting.

  • 531978 - Adjusted permissions on Session Monitoring page so that users with View Own Session Recordings will only see their own

Friday, September 29, 2023

Bug Fixes (4)

  • 513201 - If a user's encrypted TOTP reset Guid gets corrupted, an administrator is now able to reset their TOTP successfully.

  • 520850 - If an Azure Active Directory configuration in Directory Services becomes corrupt, you can now view and update the credentials to fix it.

  • 521505 - (DE 8.4.17) SSH Proxy: improved block command handling in VIM.

  • 530828 - Removed link for managing licenses from Cloud Subscriptions page.

  • 533527 - Fixed visual bug when removing current user's folder owner permissions.

Improvements (7)

  • 518493 - Added integration with the Platform to create a new session.

  • 519606 - New inbox notification bell with panel, allows for viewing and approving inbox items without having to navigate through the site.

  • 523772 - Updated display for secret locked pages.

  • 527777 - Update action handler secret launch dialog layout to reflect design changes.

  • 528142 - Secret page UI updated for better consistency.

  • 529579 - Added integration with the Platform to create a new session.

  • 530058 - The download button for session recording is added in secret server, it will not appear for vault sessions in platform.

Saturday, September 9, 2023

Bug Fixes (5):

  • 506005 - AD Privilege Password changer now has Remote Password Change timeout minutes Advanced Setting.

  • 524698 - Added query parameter for PipelineId to pass back when viewing specific pipeline activity

  • 526057 - (Distributd Engine) Fixed a logging issue with Dependency changes being skipped due to conditions.

  • 527952 - Generate Key endpoint generate ECDSA keys by default, can also generate RSA keys

  • 529306 - Creating a User SSH Key in Platform downloads the private key with a proper filename

Improvements (5):

  • 473089 - Improvement: Cipher Suite Configuration now allows configuration of allowed Host Key Algorithms.

  • 478103 - Secrets that are set to change password on check in now have the Change Password Now button available for administering secrets while checked out.

  • 519602 - Syslog/CEF logging enhanced to capture more detailed metadata for secrets.

  • 526475 - Fixed an issue where Discovery Scanners could not be removed until the associated secrets had been edited.

  • 526512 - Remote Password Changing: Check for DNS Mismatch now visible and functional in Cloud

Friday, September 1, 2023

Bug Fixes (4):

  • 510839 - When a Secret is assigned to a site the user does not have access to due to Teams restriction they will see the word "Restricted" instead of "Site Name (Inactive)"

  • 511114 - Mitigated issue in large bulk secret actions

  • 512891 - Added Secret Field validation on the Template level to ensure users cannot create a "Secret Name" field on a template

  • 526465 - Minimum Heartbeat interval reduced from 15 to 5 minutes.

Improvements (4):

  • 522229 - The text for page title, breadcrumbs, and navigation for Secret Server Reporting have been updated in Platform to match.

  • 525037 - Added configuration setting to determine which secret permission is required to change Remote Password Changing settings on a Secret. Owner or Edit

  • 527137 - EventTime token is available in pipeline scripts. $EventTime - event date and time of the event ("yyyy'-'MM'-'dd'T'HH':'mm':'ss")

  • 527616 - The preview chips for Multifactor on Secrets have been removed.

Wednesday, August 23, 2023

Bug Fixes (2):

  • 524517 - API calls to /v[1/2]/secrets/{id} now update the Recents secrets data source.

  • 524600 - When viewing Event Pipeline Activity details, selecting an Activity Detail record from the grid now displays the selected Activity's details.

Improvements (2):

  • 519356 - Disaster Recovery Add-On Licensing handling added

  • 523728 - Added more instructions regarding Disaster Recovery's data storage path configuration setting.

Thursday, August 17, 2023

Bug Fixes (17):

  • 506528 - Distributed Engine 8.4.12: Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling

  • 448978 - Setting custom expiration dates in all timezones now works correctly

  • 484027 - Upgrade dependency to address potential security issue

  • 501977 - Secrets with text field based URL lists are now searchable.

  • 504992 - When Platform integration is active the integration page will now have a button to reset mappings from Delinea Platform.

  • 506528 - Better handling of unexpected heartbeat behavior to mitigate reported Distributed Engine stalling

  • 509498 - Fix for a large number of SSH terminal connection history records causing timeouts

  • 514320 - Fixed bug where Secrets aren't synced with DevOps in cloud with when triggered by pipelines.

  • 518187 - Fixed a UI issue with the launcher popup window showing an option the user didn't have permission for.

  • 522776 - Fixed a DSV sync issue for secret with file type fields and no file set.

  • 522835 - Fixed localization issue on folder Metadata page.

  • 523344 - The Secrets Quick Access link when collapsed now targets the correct destination.

  • 523547 - The Platform Opt In modal styling has been adjusted to no longer display with scroll bars.

  • 523727 - MFA on Secrets: Secret Check-in now resets view access for no pass through.

  • 523755 - Fixed Sorting issue for Checkout User Id and Checkout User

  • 524254 - Secret Share and Folder Permissions: Show disabled edit button until filters are loaded since split button does not yet support disabled.

  • 524727 - Fixed an issue with ODBC password changing that broke postgres and mySQL changing.

Improvements (10):

  • 509462 - User tooltips in both Secret Server and Delinea Platform now highlight the Platform Integration Types.

  • 518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.

  • 519981 - Live viewing has been added to the new session monitoring

  • 521364 - Updated the Vault Settings and Vault User Detail Tabs with some UI changes

  • 521430 - Converted the creation of a Password Changer when Create Password Changer is selected from the Password Changers list in Remote Password Changing.

  • 521612 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId

  • 521806 - Terminate, limit to 5 minutes, and message only have been added to live viewing in the new session monitoring

  • 522040 - The heading for Vault within Platform User Management details has been updated to read its value from within Platform.

  • 522953 - Added a filter of secretIds to the Secret Search endpoint to that Secrets can be filtered by SecretId

  • 523270 - Added Search Groups column to Discovery Network View

Tuesday, August 1, 2023

The 7/13 release was rolled back, so this listing is very similar.

Bug Fixes (16):

  • 442349 - Pause times for ODBC Remote Password Changers are now adhered to. Before the pause times were ignored. If you feel your RPC's are running slowly, check the pause times and remove them if they are not needed for the RPC action.
  • 474452 - Improved performance of Secret Search for customers with large numbers of Secrets.
  • 484351 - Fixed issue with custom launchers through proxy set to only record keystrokes.
  • 509989 - When creating a new send to syslog task you no longer get a default schedule. Most of the templates didn't create a schedule, now they're all consistent.
  • 511127 - Fixed hidden days until deletion field when enabling deletion in the retention schedule. Added localization to error when trying to submit days less than or equal to the archive retention value.
  • 512860 - Fixed passwords being uneditable if RPC is set to use a Privileged Secret to which the user has no access to. Restored explanatory banner.
  • 514750 - Fixed issue in discovery where computer scans were sometimes throwing string truncation exceptions.
  • 517836 - The Secrets grid now updates displayed data and selected columns simultaneously.
  • 519229 - Quick access filters now both apply when updated.
  • 519639 - Knowledge base links within Platform Vault now link to their intended location.
  • 520031 - Corrected edge case that could result in a session view audit being placed on the incorrect Secret.
  • 520248 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
  • 520764 - If a secret is inactivated after initially viewing the secret, a user that cannot view inactive secrets will no longer get an error from secret heartbeat.
  • 520851 - Clicking cancel when editing folder permissions will clear any active filters.
  • 521200 - Corrected token caching for Platform tokens to expire properly.
  • 521236 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Improvements (34):

  • 510542 - The Secret Dependency Changers editor has been converted to the new UI.
  • 510543 - Dependency Templates are now available in the new UI.
  • 510545 - Session playback player UI has been updated.
  • 514162 - Updated process for populating a forthcoming computer-centric view.
  • 518097 - Secret Share tab UI has been updated to match the permission setting experience for setting folder permissions. Domain name is now displayed for users on the secret share tab.
  • 518568 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
  • 518953 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
  • 519355 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
  • 519357 - Secret template fields table has been updated and has an improved drag and drop experience.
  • 519358 - Secret panel is more mobile friendly.
  • 519874 - The Security Audit Log page has been converted to the latest UI.
  • 519978 - A doughnut chart showing different Operating Systems in discovery has been added to the Analysis tab of discovery.
  • 520011 - The new UI Discovery Rules page now shows the correct Secret Template name.
  • 520013 - Secret policy now links to the policy on the secret general tab.
  • 520070 - A loading indicator now shows when opening the discovery add scanner dialog.
  • 520073 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
  • 520353 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
  • 520626 - A preview chip has been added to Multifactor Authentication on Secrets and it's supporting configuration pages.
  • 520758 - A new field "Full Name" has been added to the discovery network view to give a more detailed version of the item's name
  • 520760 - Default columns have been added per Item Type in the discovery network view.
  • 520866 - Dependency Tokens are now available on the dependency edit screen.
  • 521182 - REST API documentation has links to individual services that load quickly.
  • 521322 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
  • 521630 - Discovery scanners added an option to "Add child scanner" which filters available scanners to show only applicable child scanners.
  • 521964 - The main top left logo will link to the users preferred login home if it is the dashboard or all secrets.
  • 522078 - Added filter on recorded-sessions endpoint to filter out applications, particularly 'RemoteAccessService' when in platform
  • 522079 - The Parent Scan Template will be filtered to the type and will default to the first item in the list on create. The proper fields will be shown based on the type.
  • 522081 - Default columns have been added per Item Type in the discovery network view.
  • 522105 - The COM+ scanner will be able to be added, but there will be a note in the preview panel letting the user know that the scanner will not work for a site that is set to UseWebsite.
  • 522111 - Secret template fields table has been updated and has an improved drag and drop experience.
  • 522113 - Dependency Templates are now available in the new UI.
  • 522582 - Administration Configuration Launcher Settings now displays the Enable Protocol Handler Auto-Update setting in cloud.
  • 522616 - The display name of the secret Vault is now set via the Platform. The Vault subcategories for Reporting, Inbox, and administration have been updated to reflect Secret Server.
  • 522621 - Editing folder permissions now has a split button that allows for directly entering edit or add group/user mode.

Thursday, July 13, 2023

Bug Fixes (15):

  • 481511 - Updated data type to support frequent users of session recording that was crashing the encoding process.
  • 509187 - Connect As Credentials on Secret works better with SSH Keys for su user switching
  • 510165 - Session monitoring search now supports searching by a single secret.
  • 512474 - The "Synchronization Running" message for DR will now only appear if there is a recorded start time for DR in the past and a finish time that is in the future.
  • 513459 - Default values for Secret Fields such as port will now be replicated for Disaster Recovery.
  • 513591 - A user with only direct access to a report and the "browse reports" role permission can now add that report to the dashboard.
  • 515243 - The breadcrumbs within the RPC administration pages have been standardized. The links within Platform Vault Configuration Overview no longer cause the page to reload.
  • 515295 - Report column preferences will be saved and applied when viewing a report.
  • 519056 - Improved error logging and efficiency for calls coming from Delinea Platform.
  • 518679 - DE (8.4.10.0) Fix for the service crashing and being disconnected with RDP proxy over SSH
  • 509498 - Fix for a large number of SSH terminal connection history records causing timeouts
  • 517923 - Fix for editing Session Connector Custom Launcher Port
  • 518197 - Fix for creating a new Session Connector launcher not showing all possible child launcher types in New UI
  • 518324 - Fix for being unbale to save edits to a Custom Launcher in New UI
  • 519013 - Fix for users without view launcher passwords permission being able to view the password

Improvements (21):

  • 453791 - Report number columns will now export as a number
  • 482322 - New reports will only show the first 11 columns by default. All columns can be selected afterwards from the column selector.
  • 489681 - Data replication will now create personal folders for replicated users in cases where the replica blocks or does not allow personal folders to be replicated. This is only if personal folders are enabled on the replica.
  • 510536 - The Password Requirement Audit has been converted to the new UI.
  • 510545 - Session playback player UI has been updated.
  • 510554 - The Launcher Audits page has been migrated to the new UI.
  • 512888 - Updated the group role assignment UI.
  • 513079 - Group membership assignment UI updated.
  • 513109 - Group role assignment UI updated.
  • 514272 - Session recording search now uses updated filter pattern
  • 514282 - The built-in "Everyone" group was renamed "All Vault Users."
  • 514437 - Enhanced new Discovery Area to include some additional fields and added logic for the error chip being displayed
  • 514638 - Added a Copy button for Data Source URL on Disaster Recovery - Outgoing Setup Steps modal.
  • 514666 - New Vault User Details in the Platform overview for Users tab. It requires a Vault to be successfully connected and configured for the details to appear, otherwise the section does not appear.
  • 518070 - Added banners to various Roles/Permissions pages in Secret Server Cloud and Platform with links to help navigate between the two
  • 518125 - Fixed an issue where the folder permissions tab would load slowly with large numbers of users.
  • 518513 - Updated group membership management pages to use new design patterns.
  • 518671 - Analysis tab of Discovery no longer includes disabled Discovery Sources in managed/unmanaged counts.
  • 519028 - View Log was hidden for Directory Accounts since there's no computer associated to show the log of.
  • 519091 - Added Application from tbAuditSecret to session search results model and session model.
  • 519165 - When discovery is running the network view performance would timeout depending on sql locks. This should no longer happen.

Monday June 26, 2023

Bug Fixes (13):

  • 446766 - Launching secrets with URL List and session recording enabled no longer shows a "Bad Request" message
  • 510442 - Fixed an issue with Pinned Folder getting "Folder not Found" error
  • 513591 - A user with only direct access to a report and the browse reports role permission can add that report to the dashboard.
  • 513634 - CSS overflow issue resolved showing launchers on general tab
  • 513847 - Updated the German localization for "Password Should Exclude"
  • 514542 - Recently viewed Secrets are now tracked within Platform. Configuration settings are now refreshed via navigation within Vault in Platform.
  • 514748 - Disaster Recovery Date Replication will now sync all SecretFieldLauncher items each time instead of just the updated ones.
  • 501683 - Fix for Arithmetic Overflow Error for Expired Secrets when Template Expiration Days set to 999999999
  • 508413 - Secret Server Pro - Fix for being unable to export an AzureAD Account
  • 508414 - Secret Server Pro - Fix for Network view preview showing a licensing error
  • 509204 - Update links in SS Security Hardening Report
  • 226156 - Fixed being unable to RPC Service Dependency 'MSCRMSandboxService' from Microsoft Dynamics 365 Server v9
  • 512371 - DR: Fix Launcher Error on Replicated Secrets

Improvements (14):

  • 510294 - Platform Integration Configuration now has additional validations for Login URL.
  • 511289 - Initial analysis tab added to discovery
  • 511600 - Updated the text and product descriptions used during Platform Opt In experience.
  • 512234 - Enhanced the User Audit Report to also exclude manually changed passwords.
  • 512404 - A refresh button was added to the network view in order to refresh the data without having to refresh the entire page and lose the selected filtering.
  • 512534 - Implemented Select All for Discovery Network View
  • 512747 - Folder permission assignment UI updated
  • 512888 - Group role assignment UI updated
  • 512989 - There have been 2 columns added to the Secret Grid, Checked Out User Id and Checked Out User, to show who has the secret checked out if the secret has check out enabled.
  • 513079 - Group membership assignment UI updated
  • 513109 - Group role assignment UI updated
  • 513527 - RPC heartbeat logs combined into a tabbed view with run buttons
  • 513955 - Discovery analysis now links to a filtered network view.
  • 514052 - Discovery scanner validation now indicates that a scanner requires information without having to click edit.

Saturday, June 3, 2023

Bug Fixes (15):

  • 412112 - Corrected error that could occur when converting a Secret from a Secret Template with a file field to a Secret Template without one.
  • 436208 - Fixed an issue where a secret template could be saved without RPC mappings configured.
  • 461327 - Improvement: The ​PowerShell script timeout no longer defaults to 90 seconds. Instead, it now uses the value from the Event Pipelines Maximum Script Run Time (Minutes) setting in advanced configuration.
  • 477807 - Fixed an issue where the API endpoint api/v1/secrets/{id}/fields/{slug}/ logged an audit that the password was displayed when the actual password was not returned to the user due to hide launcher password be
  • ing enabled.
  • 484847 - Fixed an issue where the SubscriptionName condition for a notification rule would display the event subscription ID instead. It now correctly uses the name when the user has the appropriate roles to list the
  • subscriptions.
  • 486876 - Fixed conditions that prevented users from being removed from a group due to the system incorrectly identifying that they would be unable to complete the same operation.
  • 501435 - Corrected unique key constraint error for categorized lists that could occur very rarely.
  • 502290 - Improvement: Added validation messages to password requirement rules for when password requirements are too complex to reliably generate a password.
  • 503010 - Fixed an issue where all event subscriptions did not fire for secrets in subfolders of the target folder.
  • 506363 - Fixed an issue with negative numbers exporting incorrectly when exporting a CSV.
  • 508013 - Fixed an issue with secret search producing SQL errors for customers with a lot of secret templates.
  • 509838 - IBM password tooltip background color adjusted
  • 510446 - Fixed an issue where links on the Session Monitoring page while in grid mode would not correctly link to Secret Server Cloud with authentication.
  • 511141 - Fixed an issue to improve Platform integration user sync if duplicate usernames were already in Secret Server.
  • 511779 - Event notifications now show "Event Time" which is the time at which the event occurred.

Improvements (13):

  • 501153 - Improvement: Introduced a new Launch Secret role permission, which is needed to use launchers. This permission is automatically granted to roles with the View Secret permission, which previously controlled t
  • his behaviour.
  • 508756 - Improvement: There is now a pending RPC screen and a timer that checks you back in, blocking seeing secret info indefinitely.
  • 508758 - Improvement: Users can no longer access secrets that have failed processing a password change. Instead, they are shown a message stating the change failed.
  • 508759 - Improvement: We now allow a secret owner with the Force Check In role permission when checking in to take ownership of a checkout session that is currently in a failed password change state. The existing checkout is ended, and a new checkout is created for the owner.
  • 509354 - Removes External Mappings to other identity providers when the user has PII removed for that user.
  • 509527 - Fixed issues with user and group syncing between Secret Server Cloud and Platform.
  • 510401 - Improvement: Added a Managed field to the Discovery Network view to show when a discovery item is managed.
  • 510684 - Fixed usability on specific UI areas for a better user experience.
  • 510773 - Improvement: Discovery service accounts detail page now shows services that run as the directory account as well as the computers on which that service runs
  • 510792 - Improvement: Added a Quick Access link to see all Secrets you currently have checked out.
  • 510819 - Improvement: The new folder icon in the secret panel no longer shows if the user does not have the Administer Folders role permission.
  • 511645 - Improvement: Added integration support for Platform users matching local SS users that do not have an @ in their name. If platform user is username@local or username@tenantname then the username portion will
  • be used to match local users on the SS side.
  • 511851 - Updated Createuser.aspx to redirect to the new user management.

Tuesday, May 23, 2023

Bug Fixes (3):

  • 477780 - Fixed issue where LDAP sync via Distributed Engine would not work when the base DN was different from DC.
  • 479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
  • 510446 - Links on the Session Monitoring page while in grid mode now correctly link to Secret Server Cloud with authentication.

Improvements (4):

  • 509527 - Improvements to user and group syncing between Secret Server Cloud and Platform.
  • 510089 - Under Secrets > Admin > Platform Integration and then the Logs tab, there is now more detailed information for why a specific user could not access Vault (Secret Server Cloud). Common Cases:

    • DuplicateUserMappedToDifferentProviderName - this user was initially setup to a different Platform source, the URL changed, or potentially a different userid (Provider Key) indicating the original use was deleted.
    • MaxLicensedUsersException - Vault has reached the number of licensed users so additional cannot be added.
  • 510684 - Fixed usability on specific UI areas for better user experience.
  • 510819 - The new folder icon in the secret panel no longer shows if the user does not have the "Administer Folders" role permission.

Friday, May 12, 2023

Bug Fixes (7):

  • 502104 - The Platform opt-in modal now populates the platform region dropdown list when navigating between steps via the step headers.

  • 504867 - Fixed an issue where DR email alerts were not being sent out.

  • 508479 - The CSS Styles for the Platform Opt In Modal have been adjusted to align with Angular15.

  • 509400 - SecretItemValueTransitionHistory.aspx has been removed and replaced with an API endpoint .

  • 510008 - Extended fields are properly exported to csv.

  • 508507 - Fixed an issue with Secret Template name validation message not being shown.

  • 509974 - Fixed an issue with new Platform trials not creating Personal Folders in Secret Server.

Improvements (5):

  • 508760 - Within the details of the Syslog message, there will be a Username field with the value of the mapped username for the launcher.

  • 508761 - Within the details of the Syslog message, there will be a Host field with the value of the mapped host for the launcher.

  • 509475 - RPC heartbeat and password change log are now full screen instead of a dialog.

  • 509947 - Passphrase can be configured as required for user public SSH keys.

  • 508853 - Secret Server/Platform: Distributed Engines no longer need Directory Services enabled to perform Discovery.

Saturday, May 6, 2023

Bug Fixes (20):

  • 446416 - Fixed an issue where an HSM could not be disabled.
  • 461669 - Newly added columns to most grids will now default to 80px width
  • 462179 - Updated the advanced session recording agent version label on the agent issues page to correctly state that it is the minimum required version, not the current version.
  • 465660 - Fixed issue with the password compliance report updating very slowly or not refreshing after either a template or direct PasswordRequirement password field change.
  • 470505 - Fixed issue with Session Connector where if switching windows, keystrokes can be missing from the session monitor.
  • 481850 - Fixed an issue where OpenLDAP directory services group-search filter was not working.
  • 490213 - Secret template names are now required to be unique.
  • 490565 - Fixed an issue where trying to use autoCheckout and secretPath in the API could result in the call failing.
  • 491424 - Addressed an issue where "additional" email addresses on an Event Subscription were sometimes not respected.
  • 491675 - Fixed an issue where event pipeline email notifications were not sent if the email task had an email template selected.
  • 501129 - A bug was fixed where certain advanced syslog options could not be saved unless the server or port was changed as well.
  • 501142 - Fixed a bug where the Secret Name was not triggering a Viewed Edit audit.
  • 501226 - Fixed a bug where the Event Pipeline Send Email Task was not getting the correct email template. Removed the notification rule requirement and fix the issue where the activity would not complete after a Send Email Task.
  • 501227 - Fixed an issue where the pipeline activity status stopped updating after the "Send to Email" task
  • 503652 - Fixed replication to allow duplicate names to be replicated individually during disaster recovery. Groups with the same name will still be consolidated during replication when they share values for AD Guid, IsPersonal, IsPlatform, and DomainId.
  • 504130 - Fixed an issue where Secret PasswordComplianceCode was not updated after password field/PasswordReq change.
  • 504453 - Permissions for root personal folder for Everyone group are replicated as part of Disaster Recovery.
  • 504867 - Fixed an issue where DR email alerts were not being sent out.
  • 505028 - RDPProxy.MillisecondsToWaitCleanup is now correctly localized.
  • 509144 - Fixed links to various areas within Secret Server from Platform.

Improvements (5):

  • 489422 - Addressed an issue where Thales Luna HSM deprecated CKM_RSA_PKCS in their newer firmwares.
  • 491192 - Added a knowledge base link for Platform Regions as part of the Platform Optin Experience
  • 491757 - Added a setting on the Platform Integration page that allows the "Platform Login" option on the login page to be hidden.
  • 502767 - Updated the Disaster Recovery log summary to more accurately display status numbers.
  • 502936 - Updated Disaster Recovery to transmit all file attachments when no folder filters are applied.
  • 504529 - Disaster Recovery replication summary now shows the duration.
  • 505934 - Angular asset files now cache bust, preventing out-of-date files from running against newer back end code following an upgrade.
  • 506255 - Modified text that displays during provisioning to more clearly indicate customers should start with their Platform login.
  • 507903 - This fix prevents the ProtoDeletedFoldersProvider from running on initial replication.
  • 508509 - Password changer list page is now used and legacy page removed.
  • 508645 - Grid alignment and row spacing is now more consistent.

Wednesday, April 19, 2023

Bug Fixes (6):

  • 471317 - When searching you should be able to find all items under your current levels. However when looking at a level you only see that level.
  • 482250 - Bulk move to folder now disables on submit.
  • 503198 - CSS issue fixed for browse all folders text wrapping.
  • 505054 - Addressed an issue where activating an Engine and assigning it to a new Site in the same step could result in an error.
  • 503285 - Get Folders API call once again returns all decedents. To retrieve direct children only, use the new LimitToDirectDescendents parameter.
  • 504385 - Unable to Check the Templates in Allowable Folder Templates Modal

Improvements (5):

  • 503363 - Upgrade to Angular 15
  • 487132 - Unlimited admin page in configuration preview now has a link to open the unlimited admin audit.
  • 491967 - Filter for discovery rule in network view functionality
  • 502829 - Standardize login failure messages for various types of login attempts.
  • 503925 - Configuration Items Appeared Twice in the new Configuration Preview

Friday, April 14, 2023

Bug Fixes (8):

  • 479769 - Added support for LDAP RFC2307 group membership, used in OpenLDAP.
  • 490228 - Data Retention under PII will no longer remove monitored recordings or user audits that are related to monitored recordings. Data Retention under Database Size Management will still remove monitored recordings and related user audit records.
  • 502913 - The "Send Test Email" button can now function in read only mode.
  • 488581 - SSH Proxy 'Tunnel RDP Connections' Degradation fix
  • 501346 - Powershell Dependency Changer Arguments were not being passed into the script
  • 503396 - The Preserve Client SSH Process should appear for process custom launchers
  • 503714 - Show friendly error message launching a secret With Jumpbox Route with RDP that it is missing a SSH launcher
  • 504491 - Bulk Action Applied to all Secrets when Select All is Checked but Template or Folder Filter is Applied.

Improvements (4):

  • 500822 - An Advanced Configuration setting was added (default 3 hours) so that a long-running DR process will detect the configured amount of elapsed time and end the DR process, forcing the end user to run it again manually
  • 486971 - Web Password Filler needs the ability to retrieve secrets filtered by templates that have a URL field or URL List field
  • 491208 - If Platform is enabled, give an extra user license for the Platform admin user, and if disable don't count native platform users against the license count.
  • 503650 - Give hybrid status to Platform CloudAdmin

Wednesday, April 5, 2023

Bug Fixes (10):

  • 474639 - When accessing certain URLs, the system presents a default error page instead of a more technical error.
  • 477322 - In the secret policy, the SSH command section no longer features table header controls for download and full screen.
  • 479424 - The secret audit grid date displays in the selected timezone when the server time differs from the client time.
  • 480832 - The secret session search date now appears in the selected timezone in both the grid and card, and the grid includes a timezone picker when relevant.
  • 481175 - When editing secret template fields of the file type, the drop-down options no longer appear.
  • 486679 - Pressing the Alt button by the CM link changes the "Create new Secret" page.
  • 501098 - The Test Syslog button is located in the Configuration Preview.
  • 502594 - If more than 1,000 folders are accessed and UAM is enabled, the folder tree will not disappear.
  • 502670 - Creating a new onboarding rule no longer requires a Client SDK IP address. The "Details" field has been renamed to "Allowed IP Ranges."
  • 503520 - The secret search in the grid now utilizes the v2 endpoint for template filtering.

Tuesday, March 28, 2023

Bug Fixes (1):

  • 502132 - Left nav max folders default limit increased to 1,000. Setting dialog added to set the user preferred limit, folder browser now loads 100 records at a time on scroll instead of just 30.

Friday, March 24, 2023

Bug Fixes (19):

  • 442059 - The column folderName is now bound to the secret grid instead of folderId as this allows folderName to be the value that is downloaded instead of folderId.
  • 470930 - Discovery logs will now export more than 250 records
  • 471679 - Logging into Terminal with an Azure Active Directory account using SSH Key Integration is now possible. AAD logins to Terminal via password cannot be done.
  • 486557 - Addressed an issue with Disaster Recovery replication where replicated Custom Launchers would not be visible on their associated Secrets.
  • 489896 - Bulk actions now disable the submit button to prevent multiple clicks
  • 490686 - Handled Issue when replicating data for Disaster Recovery where pre-existing users on the Replica that do not exist on the Source could lose their Everyone group membership.
  • 490974 - A link to the public SSH keys was added, when enabled, on both the user preference page and the administration tools section
  • 491921 - Fixed issue where Secret field data over a certain length may be rejected by the database upon replication.
  • 495567 - Fix several buttons in the new Configuration Preview
  • 500538 - Optimizations to displaying large numbers of Folders
  • 501141 - Expanded the User Setting size to resolve issue for some customers with lots of columns for a grid.
  • 501322 - Data retention page background color fixed
  • 485440 - DR Fix for Role to Group replication
  • 485550 - Fix to allow Heartbeats even if the Secret has Checkout enabled
  • 500545 - DR Fix for Password Requirement Character Set replication
  • 501144 - Fix for database error when saving User Preferences

Improvements (4):

  • 488666 - Discovery import added to new network viewer
  • 491970 - Discovery rules and dependencies grid can now be filtered by discovery source. Rule grid now also has discovery source available as a column.
  • 500816 - Allow Read-Only mode to be enabled in Cloud on the Disaster Recovery Configuration page.
  • 501316 - Local Admin column added to new Discovery network view

Friday, March 17, 2023

Bug Fixes (13):

  • 418329 - Discovery specific OUs now returns results when the page is initially loaded.
  • 475003 - License server activation grid updated to resolve layout clipping issues.
  • 478852 - Lookup Folders (api/v1/folders/lookup), and Search Folders (api/v1/folders) will not return only direct children when searching by parent ID. They will not longer return grandchildren.
  • 478994 - Enabling heartbeat for the first time on a secret template will no longer subtract 1 minute the first time.
  • 489232 - The secret search API now returns the folder path on the secret. Secret grid download now includes folder path on all records accordingly.
  • 489480 - Fixed an issue with folder name collisions in Disaster Recovery synchronization.
  • 491763 - The secret checkout page now specifies a page title.
  • 500237 - MEK Rotation: support rotating Azure Active Directory domain Client Secrets.
  • 482308 - All Secrets View Column Preference Once Saved Doesn't Stay After Page is refreshed.
  • 488759 - DR: Intermittent Transaction Has Aborted Errors When Replicating Large Amount of Secrets with Custom Date.
  • 490031 - Terminate launcher session from Platform is causing a 403.
  • 490554 - X-AspNetMvc-Version header discloses .NET version.
  • 500289 - Platform lint build error - Argument of type MonoTypeOperatorFunction

Improvements (8):

  • 489755 - The password changers list / grid has been updated to the latest design.
  • 490562 - Converted list options ss-grid to thy-grid. Allows for resizing of columns
  • 492078 - The secret detail page now includes a button to copy the current url to the clipboard with rich text including the secret id and secret name.
  • 484033 - Upgrade System.Linq.Dynamic
  • 489754 - Convert CustomLauncherView.aspx to angular
  • 491586 - Remove report aspx pages
  • 492049 - Remove unused legacy code (folders, doublelock, ip address)
  • 492116 - Remove redirects to dashboard.aspx on login

Tuesday, March 14, 2023

Bug Fixes (3):

  • 490188 - Platform + SS + WPF launcher fix.
  • 491879 - Secret Log length UI validation fix.
  • 492041 - Initial Platform user should have full admin access in Secret Server.

Friday, March 10, 2023

Bug Fixes (21):

  • 442402 - Folder permission now correctly shows "None" in secret role drop down when in edit mode.
  • 447460 - After changing field properties on a secret template the UI cache is cleared to allow selectable columns in grids to be updated without requiring a browser refresh.
  • 448752 - This bug occurred when there was a secret policy on a secret and it was converted or duplicated. Both the policy and the copy or convert template would try to apply secret settings for launchers multiple times which resulted in a UX constraint violation. The settings code constraint issue was resolved with bug 448486.This also helps usability with clarifying the new secret name on converting a single secret template.
  • 448975 - An audit entry is made for the user that enabled maintenance mode during an upgrade (on prem only).
  • 460309 - console diagnostics log level label made more clear to help indicate that it is the level of logging and not a filter for the grid.
  • 466521 - Configuration Retention setting section description added
  • 475215 - Secret dependency API variable name changed from id to secretDependencyId to help clarify which parameter is needed.
  • 477458 - Deleting folders will now also indicate that subfolders will be removed as well.
  • 480833 - The duration field on session monitoring now shows as a friendly time duration instead of just total seconds.
  • 482562 - FOLDERPATH parameter now works with report schedules and running a report
  • 484093 - Directory services icon alignment corrected and loader properly displays now.
  • 484677 - The heartbeat status colors for pending are now more distinguishable on the dashboard overview doughnut chart.
  • 485232 - Edit inbox rule condition dialog title now says "Edit Condition" instead of "Add Condition"
  • 486497 - The password is cleared on secret export if the dialog is opened subsequent times.
  • 487156 - Saving event subscriptions without making any changes no longer clears all events defined.
  • 487290 - When there are more than 30 subfolders the expand row chevron will now show and load the subfolders 100 at a time. There is also a "Load More" and a "Load All" button
  • 488530 - The report SQL editor no longer has options to download or configure columns on the report as it is not supported in that mode.
  • 489226 - The most used secrets grid on dashboard overview now downloads the folder path instead of the folder id.
  • 489896 - Bulk actions now disable the submit button to prevent multiple clicks
  • 490388 - Creating and updating password requirement now requires unique names for password requirements.
  • 490568 - The secret details view would show empty in some browsers after a checkout or approval and would require the user to click the tab to see the details. This would happen when the browser did not detect the route change from /secret to /secrets.

Improvements (4):

  • 480100 - Save buttons are no longer disabled when a form is invalid. Clicking the button will show and trigger form validation messages now.
  • 482897 - Color palette updated to improve accessibility and brand.
  • 484891 - Launcher icons updated on secret general and inline secrets.
  • 488666 - Discovery import added to new network viewer.

Friday, March 3, 2023

Bug Fixes (8):

  • 469860 - Event subscription publishes the event for when a user is enabled or disabled.
  • 478837 - The endpoint that returned the report name, description, category, and other details is now protected by dual control. The actual report data was always protected.
  • 487523 - Clicking cancel when sorting event pipelines in a policy now exits sort mode
  • 488612 - Disaster Recovery data replication errors caused by out of sync encryption keys are now automatically resolved properly.
  • 489427 - version.xml is no longer available via HTTP to avoid exposing the version of the application.
  • 489477 - Resolved an issue with Disaster Recovery folder synchronization selection. Personal folders can now be selected for either allow or block lists.
  • 489766 - User audit is obfuscating properly after grid was updated.
  • 490244 - Fixed older character sets that failed to replicate when running Disaster Recovery

Improvements (8):

  • 468023 - Refactoring handling of Secret ACLs in Disaster Recovery to be more efficient and less error-prone.
  • 468837 - Cloud diagnostic logging will now correlate the Datadog telemetry trace for easier support troubleshooting.
  • 472665 - DR: Secret Items from the Source are combined with ones from the replica when they have matching SecretIDs and SecretFieldIds
  • 482898 - Added option to duplicate a discovery scanner
  • 486793 - Secret panel is now always open when on any Secret section page
  • 487334 - Secret configuration audit converted to standard grid
  • 488665 - Unlimited admin chip will show on aspx pages when it is enabled
  • 489530 - SDK Client Management pages have been converted
  • 486751 - Platform Opt-in Region Improvements
  • 487261 - Add menuId to every thy-context-button to assist with automation testing
  • 488523 - Show more helpful error message creating a discovery source name that already exists
  • 489734 - Fix for Secret Export of a specific folder not exporting child folder secrets if selected.

Friday, February 24, 2023

Bug Fixes (5):

  • 418167 - A purge of inactive sessions longer than 3 minutes was occurring when the Sessions Monitoring page was displayed. It did not take into account the SSH proxy timeout. The page now obeys the timeouts.
  • 434346 - Changed Export Secrets to become an Async Job. The export now kicks off a job and polls until the job is complete. User should wait for job to complete before navigating away from the page. This mitigates the issue with timeouts.
  • 482044 - Updated Secret object to treat CheckOutTime as a nullable value so that DR can handle it properly and prevent checkout consumer errors after DR.
  • 488594 - Corrected issue where certain accounts would not show correctly in the new network view.
  • 488772 - Addressed issue where the Secret grid's total count would incorrectly include subfolders when searching.

Improvements (1):

  • 1488801 - Converted user audit to the standard grid component.

Friday, February 17, 2023

Bug Fixes (4):

  • 482255 - Added documentation in a tooltip to point users to audit on Proxy page
  • 484939 - Inline row added to secret dependency log dialog to expand
  • 480944 - "Automatic Sudo or Su Privilege Elevation" was fixed to work with Solaris
  • 486982 - Fixed an issue with New UI Configuration option searching

Improvements (3):

  • Discovery converted to New UI
  • 487097 - A new checkbox is added which enables requiring all users who log in through Platform to have used Platform's multi factor authentication when logging in.
  • 430883 - Disaster Recovery: Replica cannot be a higher version than Primary

Saturday, February 11, 2023

Bug Fixes (11):

  • 422242 - Fixed an issue with excessive CPU usage for RDPWin.exe. We no longer track or record processes using WMI. Instead, we use native Windows calls, reducing the CPU usage of the Windows WMI Provider. However, if "Run as secret credentials" is used, we still use the WMI process tracking.
  • 468584 - Fixed an issue where manual backup did not work in maintenance mode.
  • 477382 - Added a layer of backwards compatibility so that releases to the cloud ahead of installed updates will not break.
  • 478174 - The maximum allowable default checkout time is now 365 days (previously 9999 days).
  • 478490 - Bulk changing permissions no longer checks for permissions on the first server selected. If the user lacks access to any secret that was selected, they receive an error message upon completion of the bulk change.
  • 483400 - The add permission button, when editing role permissions, no longer gets clipped off screen.
  • 483522 - Resolved a situation where, after an upgrade, the page would give an error 500 and require an iisreset to continue.
  • 483909 - Buttons now correctly align on configuration pages in the platform.
  • 483912 - Any error present in the sync log coming back from an AAD sync is treated as no action regarding disabling groups.
  • 484059 - The default layout for the admin page is by category.
  • 484288 - Added a check to ensure that the user calling the affected endpoint has access to the secretId being passed in.
  • 486488 - Improved performance impact of retrieving custom SSH algorithms in Discovery.

Improvements (8):

  • 436107 - Added endpoints for Update Password Type Auth, Get Password Type Auth, and Create Password Type Auth. These allow you to create and update records for the command arguments on RPC command set up.
  • 477562 - CEF Timestamp format added to Configuration > Application. This sets the format of the timestamps at the beginning of syslog messages. The Syslog format is the default for updates, while the ISO format is selected for new installs. The syslog implementation might format the timestamp in Syslog format regardless of the format of the header sent over the wire. You can confirm this by running a trace on the syslog port.
  • 482856 - Updated the Discovery scanner secret search filter settings selection UI.
  • 483107 - Updated the process for updating credentials on a Discovery scanner UI.
  • 483864 - Display a banner message informing the user that engines with a specific version range are unable to auto-update.
  • 484670 - Adjusted the Opt In Flow to calculate the value for Platform region based on Secret Server Cloud's top-level domain.
  • 484842 - The "Generate API Token" option on the user preferences page now correctly audits that a token was generated.
  • 486287 - Updated the REST API documentation.

Friday, January 20, 2023

Bug Fixes (7):

  • 464914 - Bulk edit share now has a "None" permission, which will allow removing permissions.

  • 465303 - Updated logging around Azure AD Sync to make it clearer when the sync stops due to configured groups missing in Azure AD.

  • 466186 - A configuration option to disable the SMB heartbeat fallback check was added.

  • 466323 - Folder permissions once again can no longer be saved if there is no user or group with Secret Owner permission.

  • 468425 - Failing Syslog/SIEM messages do not respect updated Syslog Server configuration.

  • 477833 - Addressed an issue with the SearchSecretsByFieldValue SOAP API function that caused it to return a 500 error.

  • 480672 - Heartbeat status by day shows incorrect values.

  • 481005 - Corrected logic that allowed password requirement consumer to bypass non-replicated Secrets.

  • 481676 - OIDC Platform Connection Fails for previously imported users after domain change.

  • 482041 - Platform 2 - Customers with samaccountname username in Secret Server do not get linked to Platform UPN-based user.

  • 482064 - Adjusted the logic related to generating the platform URL to account for a trailing forward slash.

Improvements (3):

  • 432222 - Distributed Engine Sites now have an Enable FIPS setting on a per-site basis.

  • 467244 - Publish Audit Data from Event Subscriptions to the Platform Audit Service.

  • 478600 - Add an option to sort the admin menu alphabetically.

  • 481388 - Adjusted the Auto Pilot Test gate to have the agent clear the workspace folder prior to each run.

Friday, January 13, 2023

Bug Fixes (2):

  • 481152 - Repeating Opt-in on for an SS instance causes connections from Platform to SS to permanently break for that instance.

  • 481335 - RAS Launcher is not showing in grid for secret expand.

Improvements (1):

  • 478709 - Added an alternative splash screen on the All Secrets page within platform/vault targeting thecloudadminuser. Triggering a Platform instance provisioning via the Opt-In flow will now create a corresponding audit log entry.

Monday, January 9, 2023

Bug Fixes (2):

  • 472793 - Added in logic to split larger Secret Item Values back into ItemValue and ItemValue2 fields on save to database.
  • 475160 - Now setting domain id of replicated duplicate user to null domain so it can be reassigned with found domain later during replication.

Improvements (5):

  • 478703 - Text copy for Opt-In provisioning step has been adjusted.
  • 478706 - Text copy for the first step of Platform Opt-In flow has been adjusted.
  • 478707 - Text copy for step two and three of the Opt-In flow was updated.
  • 478708 - Platform Admin Username has been added as a copyable field on the Opt-In success modal.
  • 480814 - The logic to determine the Platform login url has been adjusted to account for both url patterns.

Tuesday, January 3, 2023

Bug Fixes (1):

  • 480099 - Fixed an issue where OIDC logins would display "Session Expired" when AllowRememberMe was enabled and the user was configured with 2FA.

Friday, December 30, 2022

Bug Fixes (5):

  • 472820 - Session recordings which are invalid due to no data will be recorded as an error to prevent failure upon playback.
  • 476779 - Prevent 500 errors when calling healthcheck.aspx for instances that are scheduled for deletion in cloud.
  • 476929 - User permissions on replica instances will no longer be removed erroneously when data replication runs.
  • 478168 - Improve mapping logic between Platform and Secret Server so that unique emails are no longer required.
  • 478497 - Addressed assembly load error in Azure AD processing.

Improvements (1):

  • 478458 - Adjusted the opt-in button to display the textNEW!and its tooltip to displayExperience the next generation of Secret Server.

Friday, December 16, 2022

Bug Fixes (3):

  • 447140 - Mitigated a possible error in SSH Proxy command processing
  • 475159 - Created an update to more efficiently handle bulk deletion within DR replication.
  • 476818 - Fixed an issue with editing a file in single-edit dialogs.

Improvements (7):

  • 466705 - We now include character sets in DR replication.
  • 467244 - We now support publishing audit data to the audit service when enabled.
  • 475117 - Improved users logging into Secret Server through Platform—the Platform settings for MFA are now used and Secret Server MFA settings are ignored.
  • 476799 - Corrected the capitalization of "Active Directory" in the opt-in flow.
  • 477383 - The secret audit and general log windows now use an updated preview panel component. This allows for keyboard navigation to switch records in the grid.
  • 477846 - We now optionally support a SSH key without a passphrase in bulk change passwords.

Thursday, December 8, 2022

Bug Fixes (7):

  • 435312 - Updated discovery to handle messages coming back without the stdout marker
  • 474320 - Local-site advanced settings can now be edited while distributed engine is off.
  • 474429 - Corrected situation that could cause a null reference error when resolving the FQDN.
  • 474819 - Resolved an issue within the Secret Folder navigation panel on Platform where clicking "Add Folder" would result in an error.
  • 474820 - Resolved an issue in the Secret Folder navigation panel where changing to the "All Secrets" pin did not update the selected pin name.
  • 475131 - Corrected confusing error message related to SMTP servers when creating event subscriptions.
  • 475301 - Addressed issue where saving a specific folder permission could return "Invalid Request"

Improvements (6):

  • 163844 - Increased the max length of SecretNameShort.
  • 418207 - Updated the new UI to allow new generated SSH keys with a blank passphrase to match legacy UI functionality.
  • 471343 - We now automatically back up the key management configuration file when saving a new key management configuration
  • 473076 - Site Connectors are now configurable per site in Secret Server Cloud, however you can't configure a site connector if it already has 250 sites in cloud.
  • 475958 - New configuration setting "Allow Files without Extension" has been added to the configuration preview.
  • 476777 - Legacy UI disabled the weekend of December 10th 2022.