Secret Server 11.8.000001 Release Notes

Release Date: On-premises: May 7, 2025

Secret Server 11.8.0 was rolled back while we investigated potential issues with Azure AD logins.
This version is the result of that investigation and is essentially the same as 11.8.0.

Version Information

Component Versions

Distributed Engine and Advanced Session-Recording Agent: 8.4.51.0

Protocol Handler: 6.0.3.35

If your protocol handler version is 6.0.3.26 or lower, you must manually upgrade to a higher version. Automatic upgrades will not work for versions 6.0.3.26 or below. However, if your protocol handler version is 6.0.3.27 or higher, the automatic upgrade will function properly.

Important Technical Change for Secret Server 11.8

Please carefully review this section prior to upgrading.
Applies to Secret Server On-Premises only.

Overview

Prior to the 11.8 on-premises release, Secret Server On-Premises was delivered in a "dynamically-compiled" state. In this configuration, components of the website, particularly .aspx files, were compiled by IIS upon receiving the initial request.

Starting with the 11.8 release, the application is pre-compiled, which significantly enhances and accelerates application startup because it eliminates dynamic compilation.

As a result, some customers may experience startup issues. Please review the two items below prior to upgrading:

  • Pre-compiled applications cannot run in IIS if there is an "App_Code" folder present. Therefore, the version 11.8 upgrade renames this folder automatically on start-up to avoid issues. Please note:

    • In some cases the application pool may not have the permissions to rename the "App_Code" folder, resulting in start-up issues, specifically, the Web page does not load.

    • If the application pool does not have the permissions, you must rename the "App_Code" folder or give the account running the application pool "modify" permissions to the application folder.

    • When finished, perform an iisreset to restart Secret Server.

  • If you have manually modified any .aspx files, you will not be able to do so anymore, as those files are compiled already. Do not upgrade until you have verified you do not need the modifications going forward.

Support Articles

Please see the following technical articles for instructions:

New Features

Azure Key Vault Integration

Azure Key Vault Integration (AKVI) simplifies management and governance of NHI's and secrets from the CSP's native vaults. With AKVI you can centrally manage and update secrets to one or more Azure Key Vaults and rotate passwords or values more frequently. With fine grained roles and permissions, audit and logging, AKVI provides increased governance, visibility, and awareness of secrets managed in Azure Key Vault without affecting development velocity or processes. AKVI is available on Secret Server Cloud, the Delinea Platform, and Secret Server On Premises.

Additional Approval Workflow Type

A new approval workflow type is available, allowing owners to bypass approval while ensuring approvers still require it. The "Standard Including Editors and Approvers (Owners do not need approval)" option offers more flexibility in approval processes to meet organizational needs.

Bulk RPC on Secrets with Checkout Enabled

Bulk RPC actions are available to secrets with checkout enabled. This feature uses random passwords during bulk operations, ensuring that passwords remain secure and hidden, even during bulk updates, without compromising secret integrity.

Bulk Update Secret Fields

Bulk updates for secret fields are now available, enabling users to edit and update multiple fields across secrets in the folder view. This simplifies importing and formatting secrets, streamlining secret management for large datasets.

Change Password on Checkin Configurable Limitation

"Change Password on Check In" is now more flexible. Users can now configure the system to retry password changes a specific number of times before allowing the secret to be checked in without a change, streamlining access when password changes fail.

Global Manual Approver Workflow for Ticketing Systems

A manual approval workflow is now available for scenarios where the primary ticketing system, like ServiceNow, is unavailable. This fallback option ensures that users can still gain access to secrets through a manual approval process, maintaining workflow continuity even during system outages.

PowerShell 7 Support for Scripts

Secret Server now supports PowerShell 7 scripts, allowing users to run both legacy PowerShell scripts and PowerShell 7 scripts. This update ensures compatibility with the latest thycotic.secretserver module and helps avoid disruptions from version conflicts.

PowerShell Ticket Integration—User Information Passed as Arguments

PowerShell ticket integration has been enhanced to pass user information (userID, username, and email) as arguments in scripts. This update provides greater flexibility for ticket validation, enabling more customized and user-specific logic in ticket-related actions.

Pre-Compiled Version of Secret Server On-Premises

All Secret Server On-Premises releases from 11.8 onwards are pre-compiled. This change significantly enhances and accelerates application startup by eliminating the time required for dynamic compilation.

Secret Icons

Secret Icons allows you to display icons for secrets in the secret list, and secret details page. Icons can be set at both the secret and secret template levels.

Secret website favicons are now pulled by Secret Server by default, even if secret icons are not enabled. This can cause unexpected traffic to hit the public internet as Secret Server gathers those flavicons. To change the behavior or disable it entirely, you can set the icons at the application, template, or secret level or you can toggle the "Enable icon gathering" setting to stop the process. That setting is enabled by default. See Secret Icons for details.

Fixed Issues

Ticket Description
405016 Fixed: The RPC by Day report is now formatted to user's time zone.
527950 Fixed: Addressed an issue where cloud customers using PBA would see an erroneous error message indicating that the PBA site was not ready.
530294 Fixed: Key rotation failure. We now allow a particular password type to be set for account take-over when importing an account into Secret Server.
537916 Fixed: The folder-permission API now requires view or administer folder permissions to query by a folder ID. Previously, you could also do this with the personal folders role permission.
539187 Fixed: Secret access request viewing very slow. Bug fixed with loading large numbers of secret access requests.
546108 Fixed: Add a "Matches" tab on discovery account rules to show computer accounts that match the defined rule condition. This replaces the account rule filter on the network view that has been removed.
549816 Fixed: Fixed an issue where when using the Advanced Session Recording Agent, in certain situations the recording process would not be stopped.
556742 Fixed: An issue that prevented empty dependency groups from being deleted.
557774 Fixed: Errant heartbeat every five minutes. When creating a new secret template with heartbeat enabled, if you do not change the interval value it will now correctly assign heartbeat interval of 60 minutes.
559102 Fixed: An issue where large-item-count folder searching was broken.
560138 Fixed: The secret template fields grid would not always load all records properly if there were more than 60 fields on a template.
564689 Fixed: User appearing locked out after the lockout period. On the User General page (admin page), added an Unlock User button and chips and messages to reflect lockout interval for user locked out by failed logins.
566423 Fixed: Resolved an issue where downloaded report names appeared garbled when the language was set to Japanese or Simplified Chinese. Fixed: An issue in the Platform where downloaded reports were incorrectly named "null." Reports now display the correct filenames based on the selected language.
567596 Fixed: Resolved an intermittent issue during DR replication where foreign-key constraint errors occurred with categorized lists, ensuring successful replication across supported versions.
571212 Fixed: Test Script page not working. SQL parameters now work in the new UI.
571231 Fixed: Role audit log error. The Action field of role audit logs now display correctly when the log is created in a language that uses Unicode characters
572558 Fixed: api/v1/one-time-password-code call getting a 500 error.
575503 Fixed: A dependent library used in SAML in has been updated to close potential security vulnerabilities. It uses a different version of a saml.config when using the legacy SAML configuration, and a conversion process to update saml.config has been added to the upgrade system. Please see documentation "Troubleshooting SAML Configuration Errors After Upgrading" if using a saml.config file and having issues.
578291 Fixed: Session recording search times out.
578890 Fixed: Removing a launcher having multiple secrets linked will no longer fail.
580156 Fixed: Handled a case where cached Secure TPC connections to a Syslog server connected via domain name were not removed when no longer active.
580299 Fixed: An issue with /api/v1/launchers/secret endpoint throwing errors with complex URLs.
581180 Fixed: An error when checkout had expired, switching to the settings tab on a secret would throw a red banner error instead of redirecting the user to the checkout page.
582171 Fixed: Double email notifications for access approval request. Access request emails will now indicate a status of the workflow. Viewing a workflow online will also render a visualization of the workflow status.
582538 Fixed: An issue where session messages sent from would not show during RDP Proxy sessions.
582728 Fixed: An issue where users who had permission to edit secrets could not toggle auto-change using the bulk action on secrets that should have allowed it, based on the permission set in the secret's template.
583939 Fixed: Incorrect active session display. Secret active launcher sessions now updates list when a session is launched from the page.
585609 Fixed: error when removing scanners from a discovery source. Added a custom exception for "scanner X already added" and UI refresh to stay in synch with back end.
591272 Fixed: An issue with the Launcher template when modifying the field "Use SSH Tunneling with SSH Proxy."
591708 Fixed: Issue with scan template parent field where it showed a number instead of name.
593801 Fixed: An issue with SSH key integration expiration configuration.
595169 Fixed: An issue where there was no option to add a step in a workflow. It is no longer possible to delete the last step from a workflow. Existing workflows with no steps will now display a default starting step when opened to edit.
595565 Fixed: An issue where dependency changers in SSC were not passing arguments to scripts, resulting in empty output files. Dependency changers now correctly pass arguments, and the status no longer incorrectly shows as disabled.
596179 Fixed: Known issues around adding fields. Cancel button now works correctly.
597088 Fixed: Working as designed—no code changes.
599173 Fixed: In active sessions inside a launched secret, when the username that launched the secret contains Unicode characters, they displayed incorrectly.
599511 Fixed: When submitting a secret access request with a custom duration, start values that are in the past are no longer permitted.
601706 Fixed: Intermittent Azure message loss. Implemented retry logic for publishing to Azure service bus queues.
602389 Addressed performance issues by optimizing database handling to resolve high deadlock rates (over 8,000 per hour) affecting the tbSecret and tbUser tables under heavy load.
603681 Fixed: Resolved a password display Issue (with "comment required" enabled) where, after waiting on the Overview tab for 5+ minutes, the password was displayed as [object Object] instead of prompting for a comment again. Users are now correctly required to re-enter a comment when accessing the password.
603721 Fixed: Enhanced Resilient secrets log text information and added operation progress percentage estimation Fixed issue where Resilient secrets operation was not interrupting on operation timeout
603779 Fixed: An issue with category and report permissions showing 0 items when permissions are assigned to users.
605053 Fixed: Heartbeat and password reset failures. Added more support for expired AD account password changers. Secrets that use an AD privileged password changer to rotate the password for an expired AD account will successfully complete the rotation process. Previous behavior involved rotating successfully and then failing the verify step, resulting in the new password not being saved on the side. Subsequent heartbeats may fail for the secret since the account is expired. Password Changes using a secrets own credentials may fail as well.
607434 Fixed: Discovery analysis SQL timeouts. The query that populates the discovered account metrics has been made more efficient. It should no longer have timeout issues.
608342 Fixed: PRA launcher shows on favorite and recent panel.
608395 Fixed: Columns that should have been hidden were selectable in the column selector. If selected, they would (incorrectly) display until page reload. The conditionally available columns are now correctly set visible or hidden in the column selector.
612930 Fixed: Fixed issue where users could select HSM settings without the “Administer HSM” permission
614002 Fixed: Turkish not displaying correctly in email. Turkish characters should publish correctly in email HTML.
614465 Fixed: Tooltip location on the Launcher Configuration page.
616185 Fixed: Resolved an issue where users could add members to a migrated group in SSC via individual user modifications. Now, all membership changes must be managed in the Platform, ensuring proper access control.
616221 Fixed: In SSC the from email address field in email configuration settings is restricted to the secretservercloud domain and the TLD excludes .co.uk as a valid option. On premises instances will only validate that it is a valid email address format but will allow any domain to be input.
617344 Fixed: An issue with password that contains username and added a new item to the local-user password configuration area that optionally prevents the password containing the username.
617429 Fixed: Issue where an invalid version number could cause Secret Server to become unresponsive.
617445 Fixed: Updated command sets to no longer add extra spacing between lines, and added validation around comments in command sets, instead of auto-removing extra comments, to reduce confusion on save.
617607 Fixed: Discovery services grid did not sort. Added computer Services API endpoint so the computer services component now has paging and sorting.
618528 Fixed: Resolved an issue where secret policy settings were not properly inherited by secrets, causing discrepancies in the Approval page. Additionally, the "Language Resource Not Found: OnlyOptionViaPolicy" message has been fixed. Secret policy settings now correctly apply as expected.
618869 Fixed: An error with "Default Only" on RPC schedule on an active secret policy.
619554 Fixed: On-Premises instances with PRA will now get emails to Secret Server instead of the Platform instance.
620165 Fixed: Display to show .delinea.app when opting into a prod instance.
620268 Fixed: The api/v1/secret-extensions/web-secret-templates endpoint now returns templates that contain URL list fields as well as URL fields.
620338 Fixed: An issue with "minimum required character count" rules options containing an invalid choice.
621226 Fixed: Resolved an issue where repeated execution of Entra ID secret heartbeats would cause a "Headers too long" error.
621573 Fixed: When running in Platform, the breadcrumb link on the platform group and configuration page is now correct.
621935 Fixed: Resolved an issue where viewing a secret with MFA enabled incorrectly logged "Password Displayed" in audit entries. Now, the audit log correctly records the action as "View" when no other interactions occur.
622254 Fixed: Resolved a bug where—when Platform is integrated with Cloud and Open ID Connect Platform login is used—in some situations, the redirected Platform login page would be incorrect.
622479 Fixed: Error during opt-in in PIC for Europe region.
626465 Fixed: Audit with no notes. Secret policies should no longer create an empty audit log when modifying launcher settings but reverting changes before saving.
626702 Fixed: An issue with users not being re-enabled when logging in through Platform after being disabled by automatic user management.
627109 Fixed: Launchers filter was incorrectly labeled was "Template."
627246 Fixed: The field header example on secret import now wraps correctly.
627291 Fixed: The "All launchers" option of the launcher filter now returns all results as expected.
627619 Fixed: Changed database cleanup logic which was causing some heartbeat/RPC audit records for inactive secrets to be removed before the "Max Secret Log Length" was reached.
627650 Fixed: Addressed issue where an error would be thrown when editing a command set with an empty command field.
627731 Fixed: If an Entra discovery source is created in Secret Server, and Platform integration is configured with Inventory Forward enabled, there was a bug if deleting any roles from the Discovery Network View in Secret Server. It would cause Entra roles to show up in Platform inventory.
628439 Fixed: Corrected a typo on Launcher Mapping page.
629517 Fixed: Resolved an issue from the previous update where toggling an Active Directory account's expiration status could prevent verification after a password change.
629584 Fixed: An issue with the password compliance check notification on a secret.
630728 Fixed: A bug where saving an approval method for a secret does not persist correctly.
631133 Fixed: An issue introduced in engine version 8.4.47 where AD privileged password changing would erroneously report failure for accounts that had null values for the "accountExpires" attribute.
632269 Fixed: Secret Server API endpoint /v1/secrets/{ID}/settings now responds with TOTP values if conditions are correct.
632693 Fixed: A User who has only the List permission on a secret will no longer get an access denied redirect upon clicking the launcher icon. They will now see a descriptive error message instead.
634286 Fixed: Issues with dropdown options causing enum values to be displayed for the Secret Security Approval Type so that correct localized strings are displayed.
634484 Fixed: Excessive CPU usage by correcting the SessionKey parameter to varchar, eliminating implicit conversion.
635135 Fixed: The "Ignore permission errors" checkbox is now available without a page refresh.
635550 Fixed: Addressed erroneous exception in the background worker when updating valid redirect URIs.
637136 Fixed: Do not include azure domains or inactive AD domains in group-type precheck.
637139 Fixed: Users missing their ExtendedUserMapping will register as a warning in the precheck instead of an error.
637373 Fixed: Corrected regression where secrets were counted twice in some scenarios. Secrets grid count functionality restored. Count ("# Items") is the sum of the number of first-child subfolders and the number of secrets in the current folder.
637690 Fixed: Incorrect GUI label. Updated Log Level filter label from "Site" to "Log Level."
638073 Fixed: A bug that prevented the secure-Platform-access step in the PIC from auto-skipping.
638238 Fixed: Fixed NG0203 error preventing folder selection dialog from popping up .
638317 Fixed: In the Data Sync step of the PIC, a new column (pre-check) was added to the 'Add exclusions' and 'Select data' dialogs. In the 'Select data' dialog, you may no longer select and synch a group with a pre-check error.
639151 Fixed: Resolved issue with PostgresSQL password change functionality.
640235 Fixed: Corrected a regression which caused the secrets grid to show "999,999,999 Items".
640554 Fixed: LimitedMode no longer blocks functionality related to AD sync, creating and editing secrets, importing secrets, use of web services.
640601 Fixed: Grid now adds the file extension when it does not exist, so files are properly downloaded as .csv
640808 Fixed: Request force checkout button is now displayed while the secret is in a pending status and the request force checkout feature is enabled
641566 Fixed: The dates of tbPlatformIntegrationStep were either not being set or being reset in certain scenarios. This has been fixed for all of the steps except the Unification step which will be fixed in a separate card.
641879 Fixed: Replica now handles event where Disaster Recovery feature deletes folder(s) assigned to Automatic Export by disabling Automatic Export.
642042 Fixed: A PIC precheck error was added when a username in Secret Server does not follow the regular expression rules defined in Platform.
642286 Fixed: Addressed issue that could cause errors forwarding computers to inventory.
643304 Fixed: The status of the customize branding step in the PIC no longer resets from Skipped to Ready to start when the page is refreshed.
643677 Fixed: AFT token validation errors will now return an error code instead of just a 500 status code with no body.
643841 Fixed: A fix was made for the opt-in step of the PIC if the user refreshes the page once the opt-in process has begun.

Improved

460275 Improved: Updated session recording logic to allow already running processes to be recorded from after the point of the session launch if said process was listed in the "Additional Processes" list for the launcher.
546156 Improved: Logging in when MFA setup is required now immediately redirects the user to configure MFA.
561827 Improved: Changed methodology for handling the domain field in RDP Proxy credentials to avoid unnecessary Kerberos TGT DNS lookups.
566484 Improved: Reports page size minimum has increased to 60.
569459 Improved: On the SAML Identity Providers page, we display the date and expiration status of the Identity Provider configured certificate. We also log if an expired certificate is used for a login in the SAML log. An explanation of why expired certificates will continue to work has been added to the Identity Providers page.
575905 Improved: Updated scanner template creation UI to combine both OU Input templates and non-OU Input templates into the same dropdown in categories.
580253 Improved: No dynamic update for active sessions. Active launchers section on secrets now updates every 30 seconds to show an updated list of active launchers.
582378 Improved: Updated grids using timestamps to use datetime in order to properly respect user preferences.
586608 Improved: Password validation failures for dictionary now indicate, "Dictionary words including common number substitutions."
593543 Improved: Removed time zone tooltips from reports to reduce confusion when time zones are set by the report.
594323 Improved: Empty pinned folders now inform users of the empty sections.
595169 Improved: It is no longer possible to delete the last step from a workflow. Existing workflows with no steps will now display a default starting step when opened to edit.
603721 Improved: Resilient secrets log text information and added operation progress percentage estimation. Fixed: An issue where resilient secrets operation was not interrupted on operation timeout.
605210 Improved: Performance of discovery scanner delete. Increased timeout to 24 hours, lowered isolation level where possible, and added logging for each delete operation.
609101 Improved: Added a non-configurable 30-second secret password timeout to improve security and reduce stale password issues. The timeout applies to: Show password—hides after 30 seconds (previously visible forever). Copy password—password value cached for 30 seconds only. Copy password icon clicks after that will trigger a fresh API call (to reduce stale password conflicts). Note that this does not affect the value that was already copied to the clipboard, only what will be copied when the user clicks the copy password icon.
610739 Improved: Performance improvements were made to the "Shared with me" Secret View, and the "Browse All Folders" view for customers with many folders in a highly nested structure.
611190 Improved: In the secret template list field, list and URL list now have their "dispose for display" boxes checked by default to denote the data's plaintext status. The expose for display control is also disabled so that it can not be unchecked by accident.
611573 Improved: Updates to Discovery Scan Status Report Query.
612177 Improved: Error handling for Platform credentials that become invalid.
612739 Improved: A new setting, "Disable Legacy Bookmark Pages," has been added the admin/user experience section. This setting is false by default. When true, the legacy bookmark pages used by legacy WPF will be disabled. This allows administrators to disable the setting and ensure they do not have any of these legacy clients that require it. This setting will default to disabled in a future release.
614508 Improved: Added the ability to view the Active Directory group type. This is displayed under the General tab of a group. If a group does not have a type, it will display as a hyphen. Otherwise, it will show one of the following: Global, Universal, or DomainLocal.
615870 Improved: Improve reliability when specifying the Platform Redirect URL.
616620 Improved: Secret export will now audit the current "Export" action and a new "Export retrieved" action to indicate that the user retrieved the file. Previously, you could close the browser window before retrieving the export file.
618004 Improved: Through the user experience settings, a user can use a new "COMMENT" audit action to separate the VIEW action of a checkout (or ITMS) protected secret from the required comment.
619399 Improved: Added an option on the Windows Service Discovery Scanner to use the Pre-Windows-2000 user logon name for discovered Windows services.
619512 Improved: Event pipeline set-custom-value tasks can now increment or decrement pipeline variables by custom values.
619515 Improved: Added additional group type validation (empty group types and DomainLocal group types) for the Data Sync step in the PIC. If empty group types are detected, users are prompted that there are empty group types and are instructed to run the directory services sync. For any DomainLocal groups found, an error message appears in the pre-check table within the Data Sync step stating that DomainLocal groups are not supported.
620202 Improved: Added additional response information when autofilling values.
621513 Improved: Grid columns are now all set to a fixed width at their current width when a user resizes any column. This makes resizing columns easier.
626041 Improved: Modifications to build pipeline to precompile, copy and overwrite precompiled assets to webroot folder. Packaging and installer remain as they were prior to PR.
626668 Improved: With Platform Integration, support for the setting "Create Groups during synchronization" is completely deprecated. Now, all Platform native groups will be created automatically and any directory groups through Platform need manual linking.
626881 Improved: Updated discovery import rules to prevent duplicate account creation and unintended unlinking of service and Active Directory accounts. Added broader test coverage, including integration tests, to ensure correct matching, unmatching, and unchanged behavior when re-running imports.
627169 Improved: Updated discovery analysis layout to emulate dashboard styles and to better accommodate large datasets.
627297 Improved: Added a new date and time range filter to Session Monitoring.
627303 Improved: Added a new state flag to indicate whether the Delinea enablement code has been entered.
627304 Improved: Added a new state flag to indicate the customer has completed the Platform integration.
627344 Improved: The inbox template editor now includes options to select message properties by selecting which message. This helps clarify that only message properties on the targeted message are available to merge into the template.
627607 Improved: Added Computer Services API endpoint; Computer Services component now has paging and sorting.
628034 Improved: Removed Transloco dependency.
628761 Improved: Added request force checkout feature
628801 Improved: Delinea's new code signing certificate is now trusted when validating upgrade versions for the future. Protocol handler releases before 6.0.3.34 will upgrade to 6.0.3.34 before newer versions to ensure the auto upgrade process will work.
631776 Improved: The application picker that appears when both Secret Server and Privilege Manager are installed has an updated design. This slightly increases the speed of the login process.
631811 Improved: When clicking the option inside of a user's secrets tab you will be redirected to the Secret Templates settings page that lists all of the secret templates.
633054 Improved: Optimized memory management to reduce latency buildup in the US BGW, preventing performance degradation over time. Restored ASP.NET metrics for better visibility into garbage collection and CPU usage.
633244 Improved: Additional logging added during the enabling of unified mode in the PIC .
633996 Improved: PowerShell Core (6+) support added to the scripts page.
634022 Improved: A new bulk secret action was added to allow for updating a field across multiple secrets. The value can be prepended, appended, or replace the existing value.
634158 Improved: Improved memory utilization of the background worker in Cloud.
634668 Improved: Updated Secret Server to use the new shared clipboard service. Updated shared clipboard service to use fallback when on non-secure contexts. Removed clipboard plugin use from clipboard service.
635475 Improved: Enhancements to ticket system configuration, allowing for more nuanced interactions between ticket validation and require approval flows.
635732 Improved: Added PasswordTypeIds as a filter on the api/v1/secret-templates-list endpoint.
635803 Improved: Only the users that are migrated are validated.
635963 Improved: Added an Advanced Configuration setting that will restrict the amount of secret Item History that will be replicated due to the sheer size of that table with relation to the value of replicating a history beyond a certain point. The default number of item histories to be replicated is set to 3.
635970 Improved: Updated libraries to achieve more control when inter-operating with Platform users.
636130 Improved: When enabled, "Show secret icons" in User Experience will display icons for secrets in grid, card, and detail view.
638653 Improved: Secret components on Dashboard (Favorites, Recent etc.) will now only cache Secret passwords for 30 seconds on copy to clipboard, as in other Secret views.
638678 Improved: Administrators can configure the DCM experience for non-business users
638730 Improved: Updated platform integration center TOTP message to clarify which users TOTP information will be migrated.
638911 Improved: Removed legacy CustomLauncherEdit/View.aspx pages
638915 Improved: Legacy SimpleHome.aspx page removed
638928 Improved: Removed legacy secret access request aspx pages.
639164 Improved: The legacy license aspx pages have been removed.
639851 Improved: Added caching to improve container configuration, API performance and reliability.
640213 Improved: legacy discovery, secret import, and script pages now have a note indicating they will be removed in a future release.
640556 Improved: Admins of systems exceeding licenses limits will be notified via UI banner.
640783 Improved: $SECRETID / $[x]$SECRETID are now available for scripting
642250 Improved: Platform Integration can no longer be disabled when unified mode is enabled and all users are sourced from Platform. This prevents users from locking themselves out of their instance. If Platform Integration can be disabled, a dialog warns the user of the consequences.

Known Issues

  • After upgrading to version 11.8, users might see "Language Resource Not Found (admin.external-secrets)" on the Secrets tab. This was caused by old language files that were cached and not updated for the new menu item. The solution to this issue is to:

    • Clear their cache for the Secret Server URL or for their entire browser

    • Incognito can also be used if the cache can't be cleared

    • A "hard refresh" (CTRL + Shift + R) that bypasses the cache does not fix this issue

    Refer to the following support article for more information.