Secret Server: 10.9.000002 Release Notes

September 22, 2020

The system requirements last changed with version 10.7.000000. See Secret Server Release Notes 10.7.000000 for details.

Upgrade Notes

Delinea encourages all customers to upgrade at the earliest opportunity.


Security update to resolve a SQL injection vulnerability that an authenticated administrative user could exploit to achieve remote code execution on the Secret Server host system.

Common Vulnerability Scoring System (CVSS) v3.1 score: 8.0 (High).

CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Secret Server Cloud has been updated to include this security fix.

New Features and Enhancements


Bug Fixes

The following bug fixes apply to non-cloud Secret Server only. Secret Server Cloud has not been updated to include these fixes.

  • Fix to Discovery rules to correctly handle OUs with bracketed names.
  • Secret names in reports are now links to the corresponding secret.
  • Logout from Secret Server no longer sends the Clear-Site-Data header, which could previously log users out of unrelated Web applications.
  • SSH connections via SSH proxy now close correctly.
  • Fixed an SSH proxy connection timeout when connecting via a distributed engine.