Secret Server Release Notes 10.5.000003

Release Date: 9/24/2018


Session Recording

  • Updated Session Recording to support H.264/MP4 video encoding with resolutions up to 4K (now the default).

    Customers are now able to configure the time when Session Recordings are moved from the database to disk to suit business needs. Previously this move was hard coded to run at 02:00 UTC. Time is configured through an AppSetting.

User Interface

  • Preview Mode for the new and improved redesign of Secret Server has been enabled. Please contact to gain access to the Preview Mode.
  • Included a "24 hours" option to the expiration Quick Picker.


  • Updated the UserCreateArgs to include AD Guid to account for possible duplicate users in Active Directory through the API.
  • Added API call for Check Out Secret.

Time Zone Enhancements

  • Enhanced time zone functionality on the backend to account for daylight savings time.

Bug Fixes

  • Fixed a bug where users with the "Administer Configuration" Role Permission could see but not access option settings under Admin > Configuration.
  • Fixed a bug where the Application Pool scanner and IIS tester do not properly initialize the ManagementScope for WMI calls to Local Machines.
  • Fixed a bug where only one Discovery Scanner worked when Active Directory had more than one local account scanner setup.
  • Fixed a bug where valid REST/SOAP API tokens did not permit login access.
  • Fixed an issue that allowed personal folders to be moved to the top level of the folder tree.
  • Fixed an issue where after adding and saving an identity provider in advance settings (SAML), the user observed an error stating 'Object reference not set to an instance of an object.'
  • Fixed a bug where a user was unable to delete an approved user from the Edit Secret Policy page.
  • Fixed a bug where there were inconsistencies in the time zone handling.
  • Fixed a bug where there was an error message of 'Connection Failed' during Custom Unix (SSH) Remote Password Changing but the password changed successfully.
  • Fixed a configuration issue with the SSH Key Rotation Privileged Account Password Changer that is used by the Unix Account (Privileged Account SSH Key Rotation) template and caused RPC to fail with an error saying Associated Secret is required.

Security Fixes

  • Fixed an issue with Request Access when set to be required for Owners and Approvers where an Approver could approve their own request through JavaScript manipulation. Note an email detailing the approval would have been sent to all other approvers.
  • Fixed a Security Vulnerability that allowed Cross-Site Scripting.