Secret Server: 11.1.000012 Release Notes

Release date:

May 13, 2022 (On-Premises)

Important: We recommend all affected Secret Server on-premise customers upgrade immediately to version 11.1.000012.

The 11.1.000012 update resolves a security vulnerability that was discovered internally. The Common Vulnerability Scoring System (CVSS) rates the issue high (7.6). It impacts Secret Server On-Premises up to 11.1.000011.

This vulnerability has been patched in Secret Server Cloud, so there is no additional update to address it.

This vulnerability is patched in the version 11.2.000000 Early Adopter release.

This release also includes some high priority bug fixes that have been through our full QA process.


  • Added a DataDeliveryTolerance application setting for distributed engines for troubleshooting proxy keystroke-recording issues.

  • Fixed an issue where column headings would disappear on the group membership assignment page.

  • Fixed an issue with reports failing with a "not valid for reporting" error with older versions of SQL Server.

  • Fixed an issue where master encryption key rotation would fail if RDP proxy credentials were created but not used.

  • Fixed an issue where "hide password from SSH keystroke capture" was always enabled.

  • Fixed an issue where the login page would load slowly when using HSM integration.

  • Fixed an issue where extend checkout would fail for users with view permission.

  • .Fixed an issue where mapping a launcher port field would fail with the error "This field must be a number."

  • Fixed a bug where updating node records during an upgrade upon application start or restart would log a "value cannot be null" error logs.

  • Fixed an issue where launcher restrictions were not letting users restrict user input in some scenarios.

  • Fixed an issue with SSH proxy performance related to the "hide Passwords from SSH keystroke capture" setting.

  • Fixed an issue where the jumpbox route connection forwarding could not forward across different network segments.

  • Fixed an issue that caused proxied launchers to stop working if modified after creation. A port field in the template was not visible in UI.

  • Fixed an issue where attempting to cancel a character set validation rule and then saving resulted in an error.

  • Fixed an issue where attempting to save a secret after the require comment timeout had expired would cause the interface to hang.

  • Fixed an issue where the port would be removed from a secret template launcher mapping when edited. To restore the port to affected launchers, users had to edit the mapping and re-save it.

  • Fixed an issue where applying a policy with the "web Launcher requires Incognito mode" setting during secret creation using the API would cause the creation to fail.

  • Made changes to stop SSH terminal from freezing when a secret heartbeat is failing.

  • Fixed an issue where an empty "items" property existed on api/v1/lists/{categorizedListid}.

  • Fixed an issue where a CredSSP generic error would be returned when a ticketing system integration script failed. This now returns a more specific error.

  • Fixed an issue where an incorrect identifying IP address was sent to Duo. This now sends the client address.

  • Fixed an issue a single malfunctioning site would cause messages to stop processing for multiple sites.

  • Fixed an issue where using HSM integration without having performed a master encryption key rotation would cause slow responsiveness.

  • To address performance issues, we reduced the number of folders displayed in a folder tree when there are more than 1000 items.

  • Updated the time zone database library with the latest time zone information.

  • Optimized the distributed engine administration page.