Secret Server: 11.5.000001 GA Release Notes

This release has been temporarily delayed while we while we investigate a newly reported issue.
This note only contains changes between the EA and GA releases. Earlier changes and all the features are in the Secret Server: 11.5.000000 EA Release Notes).

Release Dates and Notes

On-Premises: July 6, 2023.

Component Versions

Distributed Engine and Advanced Session-Recording Agent:

The minimum required engine version is

Protocol Handler:

New Features

See the Secret Server: 11.5.000000 EA Release Notes) for features.


  • Improvement: A user with only direct access to a report and the "browse reports" role permission can add that report to the dashboard.
  • Improvement: Added a "Managed" field to the Discovery Network view to show when a discovery item is managed.
  • Improvement: Added a Quick Access link to see all secrets you currently have checked out.
  • Improvement: Added a refresh button to the Discovery Network view to refresh the data without having to refresh the entire page, losing the selected filtering.
  • Improvement: Added a WMI Service Timeout setting to the cloud advanced configuration page to help with dependency changes that take more time than the allotted 60 seconds.
  • Improvement: Added new tab to Discovery with overall metrics of discovered items and their statuses.
  • Improvement: Added two columns to the Secret Grid—Checked Out User Id and Checked Out User. These show who has the secret checked out if the secret has check out enabled.
  • Improvement: Added validation messages to password requirement rules for when password requirements are too complex to reliably generate a password.
  • Improvement: Clicking on graph elements in discovery analysis now links to a filtered network view.
  • Improvement: Disaster recovery date replication now syncs all SecretFieldLauncher items each time instead of just the updated ones.
  • Improvement: Discovery Service Accounts Detail Page now shows services that run as the directory account as well as the computers on which that service runs
  • Improvement: Enhanced the User Audit report to also exclude manually changed passwords.
  • Improvement: Group membership assignment UI updated.
  • Improvement: Group role assignment UI updated.
  • Improvement: Implemented "select all" for the Discovery Network View.
  • Improvement: Recently viewed secrets are now tracked within Platform. Configuration settings are now refreshed via navigation within Vault in Platform.
  • Improvement: RPC heartbeat logs are now combined into a tabbed view with run buttons.
  • Improvement: The breadcrumbs within the RPC administration pages have been standardized. The links within Platform Vault Configuration Overview no longer cause the page to reload.
  • Improvement: The built-in "Everyone" group was renamed "All Vault Users."
  • Improvement: The Delete folders function in disaster recovery can now delete more than 2100 folders or subfolders on the replica.
  • Improvement: The Delinea Platform integration configuration now has additional validations for Login URL.
  • Improvement: The PowerShell script timeout no longer defaults to 90 seconds. Instead, it now uses the value from the Event Pipelines Maximum Script Run Time (Minutes) setting in advanced configuration.
  • Improvement: Updated Createuser.aspx to redirect to the new user creation page.
  • Improvement: Updated group membership management pages to use new design patterns.
  • Improvement: Updated the folder permission assignment UI.
  • Improvement: Updated the group role assignment UI.
  • Improvement: Updated the text and product descriptions used during the Platform opt-In experience.

Bug Fixes

  • Fixed an issue where "Close launcher on check in" on the replication source would prevent sessions from being launched on the replica.
  • Fixed an issue where a secret template could be saved without RPC mappings configured.
  • Fixed an issue where all event subscriptions did not fire for secrets in subfolders of the target folder.
  • Fixed an issue where discovery import would incorrectly assign a secret as an associated account, as opposed to a privileged account.
  • Fixed an issue where existence of secrets set to expire over a hundred years in the future would cause expiration reports and event subscriptions to stop triggering.
  • Fixed an issue where heartbeat and RPC log downloads would save without an extension. Now correctly saves with a .csv extension.
  • Fixed an issue where launching secrets with URL List and session recording enabled displayed a "Bad Request" message.
  • Fixed an issue where OpenID Connect or SAML accounts could not export secrets as they did not have a password and were not licensed for doublelock. DoubleLock is now available in professional licenses.
  • Fixed an issue where the API endpoint api/v1/secrets/{id}/fields/{slug}/ logged an audit that the password was displayed when the actual password was not returned to the user due to "hide launcher password" being enabled. This could happen from some UI actions.
  • Fixed an issue where the Edit button for User Management => Groups appeared when you did not have "Administer Role Assignment" permission. The action was denied in the API, so this was a cosmetic change.
  • Fixed an issue where the folder audit page would unexpectedly show an access denied message.
  • Fixed an issue where the folder permissions tab would load slowly with large numbers of users.
  • Fixed an issue where the German localization for "Password Should Exclude" was incorrect.
  • Fixed an issue where the new Discovery Network View UI would display a license error in the Professional Edition.
  • Fixed an issue where the secret name would incorrectly display on the the New Discovery Import Rules page.
  • Fixed an issue where the SubscriptionName condition for a notification rule would display the event subscription ID instead. It now correctly uses the name when the user has the appropriate roles to list the subscriptions.
  • Fixed an issue where TOTP Secret Settings edit button was available to users who could not edit the settings.
  • Fixed an issue where unplayable session recording videos would display an infinite load instead of the appropriate error.
  • Fixed an issue with negative numbers exporting incorrectly when exporting to a CSV file.
  • Fixed an issue with pinning a folder returned a "Folder not Found" error.
  • Fixed an issue with secret search producing SQL errors for customers with a lot of secret templates.
  • Fixed an issue where the SSH Proxy would stop processing new incoming connections.
  • Fixed conditions that prevented users from being removed from a group due to the system incorrectly identifying that they would be unable to complete the same operation.
  • Fixed issues with user and group syncing between Secret Server Cloud and the Delinea Platform.
  • Fixed the TemplateCreateSecret role link.
  • Updated links on the Security Hardening Report to new UI pages.

Future and Recent Deprecations

This section describes planned future deprecation of feature or platform support in Secret Server.