Secret Server 11.8.000001 Release Notes
Release Date: On-premises: May 7, 2025
This version is the result of that investigation and is essentially the same as 11.8.0.
Version Information
Component Versions
Distributed Engine and Advanced Session-Recording Agent: 8.4.51.0
Protocol Handler: 6.0.3.35
Important Technical Change for Secret Server 11.8
Overview
Prior to the 11.8 on-premises release, Secret Server On-Premises was delivered in a "dynamically-compiled" state. In this configuration, components of the website, particularly .aspx files, were compiled by IIS upon receiving the initial request.
Starting with the 11.8 release, the application is pre-compiled, which significantly enhances and accelerates application startup because it eliminates dynamic compilation.
As a result, some customers may experience startup issues. Please review the two items below prior to upgrading:
-
Pre-compiled applications cannot run in IIS if there is an "App_Code" folder present. Therefore, the version 11.8 upgrade renames this folder automatically on start-up to avoid issues. Please note:
-
In some cases the application pool may not have the permissions to rename the "App_Code" folder, resulting in start-up issues, specifically, the Web page does not load.
-
If the application pool does not have the permissions, you must rename the "App_Code" folder or give the account running the application pool "modify" permissions to the application folder.
-
When finished, perform an iisreset to restart Secret Server.
-
-
If you have manually modified any .aspx files, you will not be able to do so anymore, as those files are compiled already. Do not upgrade until you have verified you do not need the modifications going forward.
Support Articles
Please see the following technical articles for instructions:
-
How to prepare for upgrade to Secret Server version 11.8 or higher
-
After Upgrading to Secret Server 11.8, the Web Page is No Longer Loading
New Features
Azure Key Vault Integration
Azure Key Vault Integration (AKVI) simplifies management and governance of NHI's and secrets from the CSP's native vaults. With AKVI you can centrally manage and update secrets to one or more Azure Key Vaults and rotate passwords or values more frequently. With fine grained roles and permissions, audit and logging, AKVI provides increased governance, visibility, and awareness of secrets managed in Azure Key Vault without affecting development velocity or processes.
Additional Approval Workflow Type
A new approval workflow type is available, allowing owners to bypass approval while ensuring approvers still require it. The "Standard Including Editors and Approvers (Owners do not need approval)" option offers more flexibility in approval processes to meet organizational needs.
Bulk RPC on Secrets with Checkout Enabled
Bulk RPC actions are available to secrets with checkout enabled. This feature uses random passwords during bulk operations, ensuring that passwords remain secure and hidden, even during bulk updates, without compromising secret integrity.
Bulk Update Secret Fields
Bulk updates for secret fields are now available, enabling users to edit and update multiple fields across secrets in the folder view. This simplifies importing and formatting secrets, streamlining secret management for large datasets.
Change Password on Checkin Configurable Limitation
"Change Password on Check In" is now more flexible. Users can now configure the system to retry password changes a specific number of times before allowing the secret to be checked in without a change, streamlining access when password changes fail.
Global Manual Approver Workflow for Ticketing Systems
A manual approval workflow is now available for scenarios where the primary ticketing system, like ServiceNow, is unavailable. This fallback option ensures that users can still gain access to secrets through a manual approval process, maintaining workflow continuity even during system outages.
PowerShell 7 Support for Scripts
Secret Server now supports PowerShell 7 scripts, allowing users to run both legacy PowerShell scripts and PowerShell 7 scripts. This update ensures compatibility with the latest thycotic.secretserver module and helps avoid disruptions from version conflicts.
PowerShell Ticket Integration—User Information Passed as Arguments
PowerShell ticket integration has been enhanced to pass user information (userID, username, and email) as arguments in scripts. This update provides greater flexibility for ticket validation, enabling more customized and user-specific logic in ticket-related actions.
Pre-Compiled Version of Secret Server On-Premises
All Secret Server On-Premises releases from 11.8 onwards are pre-compiled. This change significantly enhances and accelerates application startup by eliminating the time required for dynamic compilation.
Secret Icons
Secret Icons allows you to display icons for secrets in the secret list, and secret details page. Icons can be set at both the secret and secret template levels.
Fixed Issues
Ticket | Description |
---|---|
405016 | Fixed: The RPC by Day report is now formatted to user's time zone. |
527950 | Fixed: Addressed an issue where cloud customers using PBA would see an erroneous error message indicating that the PBA site was not ready. |
530294 | Fixed: Key rotation failure. We now allow a particular password type to be set for account take-over when importing an account into Secret Server. |
537916 | Fixed: The folder-permission API now requires view or administer folder permissions to query by a folder ID. Previously, you could also do this with the personal folders role permission. |
539187 | Fixed: Secret access request viewing very slow. Bug fixed with loading large numbers of secret access requests. |
546108 | Fixed: Add a "Matches" tab on discovery account rules to show computer accounts that match the defined rule condition. This replaces the account rule filter on the network view that has been removed. |
549816 | Fixed: Fixed an issue where when using the Advanced Session Recording Agent, in certain situations the recording process would not be stopped. |
556742 | Fixed: An issue that prevented empty dependency groups from being deleted. |
557774 | Fixed: Errant heartbeat every five minutes. When creating a new secret template with heartbeat enabled, if you do not change the interval value it will now correctly assign heartbeat interval of 60 minutes. |
559102 | Fixed: An issue where large-item-count folder searching was broken. |
560138 | Fixed: The secret template fields grid would not always load all records properly if there were more than 60 fields on a template. |
564689 | Fixed: User appearing locked out after the lockout period. On the User General page (admin page), added an Unlock User button and chips and messages to reflect lockout interval for user locked out by failed logins. |
566423 | Fixed: Resolved an issue where downloaded report names appeared garbled when the language was set to Japanese or Simplified Chinese. |
567596 | Fixed: Resolved an intermittent issue during DR replication where foreign-key constraint errors occurred with categorized lists, ensuring successful replication across supported versions. |
571212 | Fixed: Test Script page not working. SQL parameters now work in the new UI. |
571231 | Fixed: Role audit log error. The Action field of role audit logs now display correctly when the log is created in a language that uses Unicode characters |
572558 | Fixed: api/v1/one-time-password-code call getting a 500 error. |
575503 | Fixed: A dependent library used in SAML in has been updated to close potential security vulnerabilities. It uses a different version of a saml.config when using the legacy SAML configuration, and a conversion process to update saml.config has been added to the upgrade system. Please see documentation "Troubleshooting SAML Configuration Errors After Upgrading" if using a saml.config file and having issues. |
578291 | Fixed: Session recording search times out. |
578890 | Fixed: Removing a launcher having multiple secrets linked will no longer fail. |
580156 | Fixed: Handled a case where cached Secure TPC connections to a Syslog server connected via domain name were not removed when no longer active. |
580299 | Fixed: An issue with /api/v1/launchers/secret endpoint throwing errors with complex URLs. |
581180 | Fixed: An error when checkout had expired, switching to the settings tab on a secret would throw a red banner error instead of redirecting the user to the checkout page. |
582171 | Fixed: Double email notifications for access approval request. Access request emails will now indicate a status of the workflow. Viewing a workflow online will also render a visualization of the workflow status. |
582538 | Fixed: An issue where session messages sent from would not show during RDP Proxy sessions. |
582728 | Fixed: An issue where users who had permission to edit secrets could not toggle auto-change using the bulk action on secrets that should have allowed it, based on the permission set in the secret's template. |
583939 | Fixed: Incorrect active session display. Secret active launcher sessions now updates list when a session is launched from the page. |
585609 | Fixed: error when removing scanners from a discovery source. Added a custom exception for "scanner X already added" and UI refresh to stay in synch with back end. |
591272 | Fixed: An issue with the Launcher template when modifying the field "Use SSH Tunneling with SSH Proxy." |
591708 | Fixed: Issue with scan template parent field where it showed a number instead of name. |
593801 | Fixed: An issue with SSH key integration expiration configuration. |
595169 | Fixed: An issue where there was no option to add a step in a workflow. It is no longer possible to delete the last step from a workflow. Existing workflows with no steps will now display a default starting step when opened to edit. |
595565 | Fixed: An issue where dependency changers in SSC were not passing arguments to scripts, resulting in empty output files. Dependency changers now correctly pass arguments, and the status no longer incorrectly shows as disabled. |
596179 | Fixed: Known issues around adding fields. Cancel button now works correctly. |
597088 | Fixed: Working as designed—no code changes. |
599173 | Fixed: In active sessions inside a launched secret, when the username that launched the secret contains Unicode characters, they displayed incorrectly. |
599511 | Fixed: When submitting a secret access request with a custom duration, start values that are in the past are no longer permitted. |
601706 | Fixed: Intermittent Azure message loss. Implemented retry logic for publishing to Azure service bus queues. |
602389 | Addressed performance issues by optimizing database handling to resolve high deadlock rates (over 8,000 per hour) affecting the tbSecret and tbUser tables under heavy load. |
603681 | Fixed: Resolved a password display Issue (with "comment required" enabled) where, after waiting on the Overview tab for 5+ minutes, the password was displayed as [object Object] instead of prompting for a comment again. Users are now correctly required to re-enter a comment when accessing the password. |
603721 | Fixed: Enhanced Resilient secrets log text information and added operation progress percentage estimation Fixed issue where Resilient secrets operation was not interrupting on operation timeout |
603779 | Fixed: An issue with category and report permissions showing 0 items when permissions are assigned to users. |
605053 | Fixed: Heartbeat and password reset failures. Added more support for expired AD account password changers. Secrets that use an AD privileged password changer to rotate the password for an expired AD account will successfully complete the rotation process. Previous behavior involved rotating successfully and then failing the verify step, resulting in the new password not being saved on the side. Subsequent heartbeats may fail for the secret since the account is expired. Password Changes using a secrets own credentials may fail as well. |
607434 | Fixed: Discovery analysis SQL timeouts. The query that populates the discovered account metrics has been made more efficient. It should no longer have timeout issues. |
608342 | Fixed: PRA launcher shows on favorite and recent panel. |
608395 | Fixed: Columns that should have been hidden were selectable in the column selector. If selected, they would (incorrectly) display until page reload. The conditionally available columns are now correctly set visible or hidden in the column selector. |
612930 | Fixed: Fixed issue where users could select HSM settings without the “Administer HSM” permission |
614002 | Fixed: Turkish not displaying correctly in email. Turkish characters should publish correctly in email HTML. |
614465 | Fixed: Tooltip location on the Launcher Configuration page. |
616185 | Fixed: Resolved an issue where users could add members to a migrated group in SSC via individual user modifications. Now, all membership changes must be managed in the Platform, ensuring proper access control. |
616221 | Fixed: In SSC the from email address field in email configuration settings is restricted to the secretservercloud domain and the TLD excludes .co.uk as a valid option. On premises instances will only validate that it is a valid email address format but will allow any domain to be input. |
617344 | Fixed: An issue with password that contains username and added a new item to the local-user password configuration area that optionally prevents the password containing the username. |
617429 | Fixed: Issue where an invalid version number could cause Secret Server to become unresponsive. |
617445 | Fixed: Updated command sets to no longer add extra spacing between lines, and added validation around comments in command sets, instead of auto-removing extra comments, to reduce confusion on save. |
617607 | Fixed: Discovery services grid did not sort. Added computer Services API endpoint so the computer services component now has paging and sorting. |
618528 | Fixed: Resolved an issue where secret policy settings were not properly inherited by secrets, causing discrepancies in the Approval page. Additionally, the "Language Resource Not Found: OnlyOptionViaPolicy" message has been fixed. Secret policy settings now correctly apply as expected. |
618869 | Fixed: An error with "Default Only" on RPC schedule on an active secret policy. |
619554 | Fixed: On-Premises instances with PRA will now get emails to Secret Server instead of the Platform instance. |
620165 | Fixed: Display to show .delinea.app when opting into a prod instance. |
620268 | Fixed: The api/v1/secret-extensions/web-secret-templates endpoint now returns templates that contain URL list fields as well as URL fields. |
620338 | Fixed: An issue with "minimum required character count" rules options containing an invalid choice. |
621226 | Fixed: Resolved an issue where repeated execution of Entra ID secret heartbeats would cause a "Headers too long" error. |
621573 | Fixed: When running in Platform, the breadcrumb link on the platform group and configuration page is now correct. |
621935 | Fixed: Resolved an issue where viewing a secret with MFA enabled incorrectly logged "Password Displayed" in audit entries. Now, the audit log correctly records the action as "View" when no other interactions occur. |
622254 | Fixed: Resolved a bug where—when Platform is integrated with Cloud and Open ID Connect Platform login is used—in some situations, the redirected Platform login page would be incorrect. |
622479 | Fixed: Error during opt-in in PIC for Europe region. |
626465 | Fixed: Audit with no notes. Secret policies should no longer create an empty audit log when modifying launcher settings but reverting changes before saving. |
626702 | Fixed: An issue with users not being re-enabled when logging in through Platform after being disabled by automatic user management. |
627109 | Fixed: Launchers filter was incorrectly labeled was "Template." |
627246 | Fixed: The field header example on secret import now wraps correctly. |
627291 | Fixed: The "All launchers" option of the launcher filter now returns all results as expected. |
627619 | Fixed: Changed database cleanup logic which was causing some heartbeat/RPC audit records for inactive secrets to be removed before the "Max Secret Log Length" was reached. |
627650 | Fixed: Addressed issue where an error would be thrown when editing a command set with an empty command field. |
627731 | Fixed: If an Entra discovery source is created in Secret Server, and Platform integration is configured with Inventory Forward enabled, there was a bug if deleting any roles from the Discovery Network View in Secret Server. It would cause Entra roles to show up in Platform inventory. |
628439 | Fixed: Corrected a typo on Launcher Mapping page. |
629517 | Fixed: Resolved an issue from the previous update where toggling an Active Directory account's expiration status could prevent verification after a password change. |
629584 | Fixed: An issue with the password compliance check notification on a secret. |
630728 | Fixed: A bug where saving an approval method for a secret does not persist correctly. |
631133 | Fixed: An issue introduced in engine version 8.4.47 where AD privileged password changing would erroneously report failure for accounts that had null values for the "accountExpires" attribute. |
632269 | Fixed: Secret Server API endpoint /v1/secrets/{ID}/settings now responds with TOTP values if conditions are correct. |
632693 | Fixed: A User who has only the List permission on a secret will no longer get an access denied redirect upon clicking the launcher icon. They will now see a descriptive error message instead. |
634286 | Fixed: Issues with dropdown options causing enum values to be displayed for the Secret Security Approval Type so that correct localized strings are displayed. |
634484 | Fixed: Excessive CPU usage by correcting the SessionKey parameter to varchar, eliminating implicit conversion. |
635135 | Fixed: The "Ignore permission errors" checkbox is now available without a page refresh. |
635550 | Fixed: Addressed erroneous exception in the background worker when updating valid redirect URIs. |
637136 | Fixed: Do not include azure domains or inactive AD domains in group-type precheck. |
637139 | Fixed: Users missing their ExtendedUserMapping will register as a warning in the precheck instead of an error. |
637373 | Fixed: Corrected regression where secrets were counted twice in some scenarios. Secrets grid count functionality restored. Count ("# Items") is the sum of the number of first-child subfolders and the number of secrets in the current folder. |
637690 | Fixed: Incorrect GUI label. Updated Log Level filter label from "Site" to "Log Level." |
638073 | Fixed: A bug that prevented the secure-Platform-access step in the PIC from auto-skipping. |
638238 | Fixed: Fixed NG0203 error preventing folder selection dialog from popping up . |
638317 | Fixed: In the Data Sync step of the PIC, a new column (pre-check) was added to the 'Add exclusions' and 'Select data' dialogs. In the 'Select data' dialog, you may no longer select and synch a group with a pre-check error. |
639151 | Fixed: Resolved issue with PostgresSQL password change functionality. |
640235 | Fixed: Corrected a regression which caused the secrets grid to show "999,999,999 Items". |
640554 | Fixed: LimitedMode no longer blocks functionality related to AD sync, creating and editing secrets, importing secrets, use of web services. |
640601 | Fixed: Grid now adds the file extension when it does not exist, so files are properly downloaded as .csv |
640808 | Fixed: Request force checkout button is now displayed while the secret is in a pending status and the request force checkout feature is enabled |
641566 | Fixed: The dates of tbPlatformIntegrationStep were either not being set or being reset in certain scenarios. This has been fixed for all of the steps except the Unification step which will be fixed in a separate card. |
641879 | Fixed: Replica now handles event where Disaster Recovery feature deletes folder(s) assigned to Automatic Export by disabling Automatic Export. |
642042 | Fixed: A PIC precheck error was added when a username in Secret Server does not follow the regular expression rules defined in Platform. |
642286 | Fixed: Addressed issue that could cause errors forwarding computers to inventory. |
643304 | Fixed: The status of the customize branding step in the PIC no longer resets from Skipped to Ready to start when the page is refreshed. |
643677 | Fixed: AFT token validation errors will now return an error code instead of just a 500 status code with no body. |
643841 | Fixed: A fix was made for the opt-in step of the PIC if the user refreshes the page once the opt-in process has begun. |
Improved
460275 | Improved: Updated session recording logic to allow already running processes to be recorded from after the point of the session launch if said process was listed in the "Additional Processes" list for the launcher. |
546156 | Improved: Logging in when MFA setup is required now immediately redirects the user to configure MFA. |
561827 | Improved: Changed methodology for handling the domain field in RDP Proxy credentials to avoid unnecessary Kerberos TGT DNS lookups. |
566484 | Improved: Reports page size minimum has increased to 60. |
569459 | Improved: On the SAML Identity Providers page, we display the date and expiration status of the Identity Provider configured certificate. We also log if an expired certificate is used for a login in the SAML log. An explanation of why expired certificates will continue to work has been added to the Identity Providers page. |
575905 | Improved: Updated scanner template creation UI to combine both OU Input templates and non-OU Input templates into the same dropdown in categories. |
580253 | Improved: No dynamic update for active sessions. Active launchers section on secrets now updates every 30 seconds to show an updated list of active launchers. |
582378 | Improved: Updated grids using timestamps to use datetime in order to properly respect user preferences. |
586608 | Improved: Password validation failures for dictionary now indicate, "Dictionary words including common number substitutions." |
593543 | Improved: Removed time zone tooltips from reports to reduce confusion when time zones are set by the report. |
594323 | Improved: Empty pinned folders now inform users of the empty sections. |
595169 | Improved: It is no longer possible to delete the last step from a workflow. Existing workflows with no steps will now display a default starting step when opened to edit. |
603721 | Improved: Resilient secrets log text information and added operation progress percentage estimation. Fixed: An issue where resilient secrets operation was not interrupted on operation timeout. |
605210 | Improved: Performance of discovery scanner delete. Increased timeout to 24 hours, lowered isolation level where possible, and added logging for each delete operation. |
609101 | Improved: Added a non-configurable 30-second secret password timeout to improve security and reduce stale password issues. The timeout applies to: Show password—hides after 30 seconds (previously visible forever). Copy password—password value cached for 30 seconds only. Copy password icon clicks after that will trigger a fresh API call (to reduce stale password conflicts). Note that this does not affect the value that was already copied to the clipboard, only what will be copied when the user clicks the copy password icon. |
610739 | Improved: Performance improvements were made to the "Shared with me" Secret View, and the "Browse All Folders" view for customers with many folders in a highly nested structure. |
611190 | Improved: In the secret template list field, list and URL list now have their "dispose for display" boxes checked by default to denote the data's plaintext status. The expose for display control is also disabled so that it can not be unchecked by accident. |
611573 | Improved: Updates to Discovery Scan Status Report Query. |
612177 | Improved: Error handling for Platform credentials that become invalid. |
612739 | Improved: A new setting, "Disable Legacy Bookmark Pages," has been added the admin/user experience section. This setting is false by default. When true, the legacy bookmark pages used by legacy WPF will be disabled. This allows administrators to disable the setting and ensure they do not have any of these legacy clients that require it. This setting will default to disabled in a future release. |
614508 | Improved: Added the ability to view the Active Directory group type. This is displayed under the General tab of a group. If a group does not have a type, it will display as a hyphen. Otherwise, it will show one of the following: Global, Universal, or DomainLocal. |
615870 | Improved: Improve reliability when specifying the Platform Redirect URL. |
616620 | Improved: Secret export will now audit the current "Export" action and a new "Export retrieved" action to indicate that the user retrieved the file. Previously, you could close the browser window before retrieving the export file. |
618004 | Improved: Through the user experience settings, a user can use a new "COMMENT" audit action to separate the VIEW action of a checkout (or ITMS) protected secret from the required comment. |
619399 | Improved: Added an option on the Windows Service Discovery Scanner to use the Pre-Windows-2000 user logon name for discovered Windows services. |
619512 | Improved: Event pipeline set-custom-value tasks can now increment or decrement pipeline variables by custom values. |
619515 | Improved: Added additional group type validation (empty group types and DomainLocal group types) for the Data Sync step in the PIC. If empty group types are detected, users are prompted that there are empty group types and are instructed to run the directory services sync. For any DomainLocal groups found, an error message appears in the pre-check table within the Data Sync step stating that DomainLocal groups are not supported. |
620202 | Improved: Added additional response information when autofilling values. |
621513 | Improved: Grid columns are now all set to a fixed width at their current width when a user resizes any column. This makes resizing columns easier. |
626041 | Improved: Modifications to build pipeline to precompile, copy and overwrite precompiled assets to webroot folder. Packaging and installer remain as they were prior to PR. |
626668 | Improved: With Platform Integration, support for the setting "Create Groups during synchronization" is completely deprecated. Now, all Platform native groups will be created automatically and any directory groups through Platform need manual linking. |
626881 | Improved: Updated discovery import rules to prevent duplicate account creation and unintended unlinking of service and Active Directory accounts. Added broader test coverage, including integration tests, to ensure correct matching, unmatching, and unchanged behavior when re-running imports. |
627169 | Improved: Updated discovery analysis layout to emulate dashboard styles and to better accommodate large datasets. |
627297 | Improved: Added a new date and time range filter to Session Monitoring. |
627303 | Improved: Added a new state flag to indicate whether the Delinea enablement code has been entered. |
627304 | Improved: Added a new state flag to indicate the customer has completed the Platform integration. |
627344 | Improved: The inbox template editor now includes options to select message properties by selecting which message. This helps clarify that only message properties on the targeted message are available to merge into the template. |
627607 | Improved: Added Computer Services API endpoint; Computer Services component now has paging and sorting. |
628034 | Improved: Removed Transloco dependency. |
628761 | Improved: Added request force checkout feature |
628801 | Improved: Delinea's new code signing certificate is now trusted when validating upgrade versions for the future. Protocol handler releases before 6.0.3.34 will upgrade to 6.0.3.34 before newer versions to ensure the auto upgrade process will work. |
631776 | Improved: The application picker that appears when both Secret Server and Privilege Manager are installed has an updated design. This slightly increases the speed of the login process. |
631811 | Improved: When clicking the option inside of a user's secrets tab you will be redirected to the Secret Templates settings page that lists all of the secret templates. |
633054 | Improved: Optimized memory management to reduce latency buildup in the US BGW, preventing performance degradation over time. Restored ASP.NET metrics for better visibility into garbage collection and CPU usage. |
633244 | Improved: Additional logging added during the enabling of unified mode in the PIC . |
633996 | Improved: PowerShell Core (6+) support added to the scripts page. |
634022 | Improved: A new bulk secret action was added to allow for updating a field across multiple secrets. The value can be prepended, appended, or replace the existing value. |
634158 | Improved: Improved memory utilization of the background worker in Cloud. |
634668 | Improved: Updated Secret Server to use the new shared clipboard service. Updated shared clipboard service to use fallback when on non-secure contexts. Removed clipboard plugin use from clipboard service. |
635475 | Improved: Enhancements to ticket system configuration, allowing for more nuanced interactions between ticket validation and require approval flows. |
635732 | Improved: Added PasswordTypeIds as a filter on the api/v1/secret-templates-list endpoint. |
635803 | Improved: Only the users that are migrated are validated. |
635963 | Improved: Added an Advanced Configuration setting that will restrict the amount of secret Item History that will be replicated due to the sheer size of that table with relation to the value of replicating a history beyond a certain point. The default number of item histories to be replicated is set to 3. |
635970 | Improved: Updated libraries to achieve more control when inter-operating with Platform users. |
636130 | Improved: When enabled, "Show secret icons" in User Experience will display icons for secrets in grid, card, and detail view. |
638653 | Improved: Secret components on Dashboard (Favorites, Recent etc.) will now only cache Secret passwords for 30 seconds on copy to clipboard, as in other Secret views. |
638678 | Improved: Administrators can configure the DCM experience for non-business users |
638730 | Improved: Updated platform integration center TOTP message to clarify which users TOTP information will be migrated. |
638911 | Improved: Removed legacy CustomLauncherEdit/View.aspx pages |
638915 | Improved: Legacy SimpleHome.aspx page removed |
638928 | Improved: Removed legacy secret access request aspx pages. |
639164 | Improved: The legacy license aspx pages have been removed. |
639851 | Improved: Added caching to improve container configuration, API performance and reliability. |
640213 | Improved: legacy discovery, secret import, and script pages now have a note indicating they will be removed in a future release. |
640556 | Improved: Admins of systems exceeding licenses limits will be notified via UI banner. |
640783 | Improved: $SECRETID / $[x]$SECRETID are now available for scripting |
642250 | Improved: Platform Integration can no longer be disabled when unified mode is enabled and all users are sourced from Platform. This prevents users from locking themselves out of their instance. If Platform Integration can be disabled, a dialog warns the user of the consequences. |
Known Issues
-
After upgrading to version 11.8, users might see "Language Resource Not Found (admin.external-secrets)" on the Secrets tab. This was caused by old language files that were cached and not updated for the new menu item. The solution to this issue is to:
-
Clear their cache for the Secret Server URL or for their entire browser
-
Incognito can also be used if the cache can't be cleared
-
A "hard refresh" (CTRL + Shift + R) that bypasses the cache does not fix this issue
Refer to the following support article for more information.
-