Secret Server Release Notes 9.x

Release Notes 9.1.000001

Release Date: 10/13/2016


  • It is required to upgrade to 9.1.000001 before Secret Server will upgrade to 10.0.000000
  • Added installer enhancements to support the 10.0.000000 release. Release Notes 9.1.000000 Release Date: 7/13/2016 Enhancements

    • REST based web services API for managing Secrets, Users, and Groups.
    • For more information see the REST API Guide on the Secret Server documents page
  • Web Password Filler

    • A new Chrome extension for website logins is available, for more info see this KB article.
    • NOTE: After upgrade, Chrome users will be prompted automatically to install this extension. Firefox and Internet Explorer users will continue to use the existing add on or bookmarklet.
  • Site per OU in Discovery

    • Assign an Engine Site at the OU level in Discovery
    • Set a different Secret per OU in Discovery
  • Added option to set owners on user accounts to delegate account management
  • Added support for SCP through the SSH proxy
  • Added additional options to the Secret Expiration event subscription
  • Disabled dependencies are hidden by default on the Secret Dependency page
  • Added additional option for windows password changers to help handle multiple IP addresses in DNS for a single machine
  • Editing a password field on a Secret with password changing enabled now gives the user a dismissable prompt to help prevent mistaken password edits
  • Domain user accounts can now be marked as Application Accounts for integrated auth web service access only

Bug Fixes

  • ConnectWise integration now uses the API rather than database table integration. See this KB for information on setting up API access to ConnectWise.
  • Fixed issue where multiple syslog destinations using the FQDN did not work
  • Fixed issue where a user viewing a Secret after a password change within the Secret View interval after their last Secret View did not result in an audit.
  • Fixed issue where Oracle error ORA-12170 was treated as heartbeat failed rather than unable to connect.
  • System log truncation notification email goes to users with Administer System Log permission rather than Administer Configuration
  • Fixed issue where commas in group names were not parsed correctly on AD Sync
  • Fixed issue with AD sync when a group had more than 1500 members
  • Fixed issue with AD sync when the OU has asterisks in the name
  • Fixed issue where Session launchers did not trim spaces from username and machine fields
  • Fixed syslog error when the event details exceeded 4000 characters
  • Performance updates for the Recents Secrets widget and Secret Load when there are a large number of audit records on a Secret
  • Check In web service method now respects the Force Checkin role permission.
  • Fixed access denied message when doing a bulk operation for convert secret template without the view deleted secrets role permission
  • Fixed potential licensing error when running the PowerShell password changer
  • Fixed issue where setting AutoChange schedule through Secret Policy would not use UTC
  • Added support for HMAC-SHA2-256 and HMAC-SHA-512 ciphers for SSH Heartbeat and Password Changing
  • Fixed issue with SSH dependencies on Cisco devices where the setenv command was not available
  • Added additional information to the Subscription Dependency failure email to include machine name and dependency name that failed
  • Added additional logging for Heartbeat and Password Change monitors Mobile Updates
  • The Delinea PAM Android app has been republished. Existing Android users will need to uninstall and re-install to get the new version.

Release Notes 9.0.000000

Release Date: 4/13/2016


  • Mac Session Launcher

    • RDP, SSH, and Custom Launchers are now supported with the new Mac OS X protocol handler.
    • For more information see this KB.
  • Geo Replication

    • MS SQL Replication is now supported as an additional add on module. Contact your account rep if you are interested.
  • UNIX Privilege Manager

    • Administrators can configure SSH command menus to limit what users can do with root and other privileged credentials.
    • Requires a separate add on, contact your account rep if you are interested.
  • Remember Me is now available for 2 factor.
  • New option for SSH launchers to specify a Connect As Secret to make the initial connection before switching to the current Secret's user for cases when accounts are denied SSH login.
  • Dependencies and Secret Audit are now copied to the new Secret when converting Secrets.
  • The Tree View on Dashboard and Discovery Network View is now collapsible.
  • Windows Discovery now finds:

    • If an account is Local Administrator
    • If an account is in the Local Administrators Group
    • Password last set date
    • Password expiration date
    • Password expiration status

Bug Fixes

  • Fixed issue where domain FQDN wasn't populated during Active Directory Sync.
  • Fixed issue with syncing an Active Directory Group with more than 1,500 members.
  • Fixed issue where SSH proxy wouldn't restart after web server failover.
  • Fixed issue where searching wouldn't work on Secret name's starting with ":"
  • Fixed issue where selecting an approval user or group could cause an error on Secret Policy creation.
  • Added optional remember me setting for two factor authentication.

Security Fixes

  • The version of PuTTY shipped with Secret Server has been updated to version 0.67 to include the latest security fixes. For more information please refer to the PuTTY change log.