Secret Server Cloud Release Notes for August 3, 2024

Release Date and Notes

Cloud Release - All Regions August 3, 2024

For changes pushed to cloud between major releases, see the Secret Server Change Log.

Component Versions

Distributed Engine and Advanced Session-Recording Agent: 8.4.33.0

Protocol Handler: 6.0.3.28

With this version, protocol handler has received changes to core internal functionality that prevents automatically updating to version 6.0.3.27 from a prior version. In environments with protocol handler automatic update enabled, the protocol handler will automatically update to version 6.0.3.26. To use the latest functionality and fixes of protocol handler, you must redeploy or install version 6.0.3.27 to end-user machines. Following that update, the automatic update will continue to work as before.

New Features

Entra ID Discovery

We are excited to introduce Entra ID discovery in Delinea's Secret Server! This enhancement expands our current discovery feature by adding support for Microsoft's Entra ID, alongside our existing AWS and GCP discovery types.

With Entra ID discovery, Secret Server can now scan Microsoft Entra ID for roles and users, importing users as secrets based on the Entra ID User Account template. This completes the suite of features necessary for Secret Server to discover and manage accounts from Microsoft's Entra ID.

Bug Fixes, Changes, and Enhancements

Bug Fixes

Fixed: Discovery runtime summary information is now correctly accessible for screen readers.

Fixed: Mobile logo now displaying properly.

Fixed: The SSH key-expiration configuration value now displays correctly.

Fixed: Updated the distributed engine service to persist the current the web-proxy.config file upon update. When upgrading to version from version 8.4.29.0 or lower, the web-proxy.config will be overwritten, but any upgrades afterwards will preserve it.

Fixed “Secret Erase” translation in some non-English languages.

Fixed a bug where a distributed engine ignored the “tasks Should Respect MaxShells restrictions” setting.

Fixed a bug where distributed engines ignored MaxShells restrictions.

Fixed a bug where distributed engines ignored WinRM quota limits.

Fixed a bug with running disaster recovery data replication from an older source to a newer replica.

Fixed a bug with the export/import settings where it was not resetting after leaving the page.

Fixed a check-in bug that caused a red banner warning.

Fixed an issue during Platform group synchronization where groups with long names would cause an error.

Fixed an issue so users and roles now always show in SSC, even if in unified mode, but still are hidden when using platform.

Fixed an issue to restore configurability of secrets associated with custom launchers.

Fixed an issue where deleting computers from the discovery network view failed to show a confirmation dialog box before continuing.

Fixed an issue where enabling QuantumLock on a secret threw the error “The partner transaction manager has disabled its support for remote/network transactions.”

Fixed an issue where stored data growth impacted proxy sessions. The secret session table is now managed and part of the supported tables of the data retention feature. Secret session records are now truncated in accordance with the existing data retention configuration. Please make sure to review your organization's Data Retention “Max Record Age” settings.

Fixed an issue where the “All time” filter on the inbox might not show all results.

Fixed an issue where users with MFA enabled would be incorrectly sent to the home page on login, instead of the page they were attempting to access.

Fixed content security policy fields for frame-ancestors.

Fixed incorrect access checks concerning reports.

Fixed incorrect Secret search totals when filtering by multiple templates.

Fixed issue where the “su -id” command was failing when the user did not have access to view the password for the secret they were elevating to.

Fixed issue where the maximum log Length was not used to truncate the tbSystemLog.

Fixed issue with “What folder permissions exist” report. Groups with no active users now properly included on the report

Fixed main navigation alignment issues.

Fixed ServiceNow allowed status validation over distributed engine.

Fixed the “view detail” link on the user detail panel.

Fixed The folder tree is now updated when unlimited admin mode is toggled.

Fixed timeouts for large amounts of data—paging for user audits is now done in the database.

Fixed: A user that did not have the “view launcher password” role permission was unable to create a secret that had a required password because the password field was hidden.

Fixed: Added null checks for username.

Fixed: Added support for Cisco devices when using a question mark after the command or partial command. This allows Cisco to work as normal, while not allowing the blocked commands.

Fixed: Addressed an issue where a launcher type field that was replicated via resilient secrets would not function with all prompt-able field names.

Fixed: Addressed one scenario where a backend process that publishes session information would error.

Fixed: Adjusted secret overview tab to not use a banner for heartbeat failed.

Fixed: Adjusted Secret tab pending password change status to be a chip instead of a banner.

Fixed: Audit handler was missing the “View Configuration Unlimited Admin” permission as an option.

Fixed: Authentication errors are now 401s for API requests and in Platform.

Fixed: Customers who had Easy Move to Platform had duplicate groups created in Secret Server and the existing permissions from the original Secret Server group were not honored. It now disables this new duplicate group and connects the original group to the Platform group as originally expected.

Fixed: During forwarding of inventory data from discovery in Secret Server to Platform inventory, with large amounts of computers, the processes could time out. Made the database calls more efficient and the process no longer times out.

Fixed: Extended the Migration Center to migrate all active roles.

Fixed: Folder path now shows when specified in secret import preview.

Fixed: Heartbeat listed as “pending” when the heartbeat is actually disabled. This occurred when the pending status did not resolve before the secret was disabled.

Fixed: Improved compatibility with Windows high contrast mode.

Fixed: Improved “Regenerate Platform Credentials” to attempt to forward credentials to connected Secret Server Cloud automatically (behind feature flag).

Fixed: In some scenarios only the first 30 subfolders were loaded on initial load for a single folder.

Fixed: In some scenarios the folder tree would not auto-expand when linking directly to a folder.

Fixed: Left navigation expand/collapse toggle incorrectly labeled for screen readers.

Fixed: Login SSH key menu showing properly in cloud when configured.

Fixed: Newer versions of Safari can now play session recordings in Platform.

Fixed: Pinned folders now re-root the tree to the selected pinned folder.

Fixed: Reduced situations where a check-in error could occur when already checked-in.

Fixed: Removed links to legacy create discovery wizard pages.

Fixed: Resolved secret permission issue when many user and groups had been selected and only the 60 were saved when edited again. Resolved for teams selection as well.

Fixed: Searching in all secrets now shows the full folder path for folder search results.

Fixed: Secret password compliance is now calculated when a password is updated to empty and the password is not required. Prior to this, the secret would maintain the compliance flag that was calculated when the password had a value. A password with some characters might fail compliance, but if there is no password and it is not required, then it is compliant.

Fixed: Site name now wraps instead of truncating on the “sites and engines” page so you can read the whole site name.

Fixed: SQL report editor is now properly announced for accessibility.

Fixed: SSH keep-alives sent to the proxy are now relayed to the endpoint server.

Fixed: Teams group membership removed when more than 60 items in Team.

Fixed: Thycotic One Login Link.

Fixed: Unlimited admin mode audit dialog box is now correctly aligned.

Fixed: Updated all the logs to be warnings and information and to state whether they retried or not.

Fixed: Updated Discovery Network view to better handle extremely large record numbers.

Fixed: User username link was sometimes unusable. It is no longer a link. View details link is in menu and preview panel.

Fixed: When viewing folder targets for event pipeline policies the full path is now shown.

Fixed: Remaining KB links now point to docs.delinea.com instead of delinea.center.

Fixed: About page links not working.

Fixed: Resolved an issue where approvals that cross a day threshold from UTC could not be requested.

Fixed: Resolved a UI issue with discovery import.

Fixed: Resolved an issue that caused SAML logins to fail, resulting in a rollback of the previous update.

 

Changes

Change: Admin breadcrumb renamed to Settings.

Change: Corrected license expiration banner link.

Change: Platform now specifies “Secret Server” configuration.

Change: Removed the color mode toggle from the top navigation as it is available under user preferences.

Change: The delinea.vault/secretserver/access permission has been removed. This no longer controls secret server access for Platform users.

Change: The SSL menu item is removed as it is not an option that can be modified in cloud.

Change: RequirePlatformMfa field is now deprecated.

Enhancements

Enhancement: Added “RPC PRIVILEGED SECRET UPDATED” and “RPC PRIVILEGED SECRET REMOVED” events to audits.

Enhancement: Added “User Lockout Protection” setting to domain.

Enhancement: Added a “Clear cached AD credentials” button in cloud.

Enhancement: Added a “test syslog” button to syslog pages in configuration.

Enhancement: Added a direct link for launching connection manager.

Enhancement: Added AIX support for SSH Proxy su automatic password entry.

Enhancement: Added an OOB RPC template for Okta. Okta requires an “Generic API” secret as the RPC privileged account.

Enhancement: Added an OOB RPC template for ServiceNow. ServiceNow requires an account to have Admin or write permissions to the password field, or an account with those permissions as its RPC privileged account to change the password.

Enhancement: Added DSV links to the Platform settings page.

Enhancement: Added landing page for when the user is unable to access secret server instead of showing banners.

Enhancement: Associated secrets will now show “No Access” in the secret name if you do not have access to it.

Enhancement: Converted key management to the latest design and added a verification checkbox confirmation step.

Enhancement: Heartbeat and password-compliance notices now use chips instead of banners.

Enhancement: Improved startup logging for distributed engines.

Enhancement: New import secret page allows you to import when global setting requires that secrets are in folders.

Enhancement: On premise now shows a diagnostics section under settings in the left navigation panel.

Enhancement: The left navigation folder tree now expands on focus to show longer folder names.

Enhancement: Updated password compliance label to a chip.

Enhancement: Updated Putty to version 0.81. Updated version addresses several Putty vulnerabilities, including the Terrapin vulnerability.

Enhancement: Updated Redis library for improved Redis operations.

Enhancement: Updated the server nodes page.

Enhancement: Updated the user profile menu to have more consistent styling and include links to the account details page.

Enhancement: Updated user experience for adding custom logos to Platform instances.

Enhancement: Updated user sorting to cover 2FA.

Enhancement: When a Secret Server is integrated with a Platform tenant, any Platform cloud groups are now automatically and quickly be created in Secret Server to be available for permission delegation.

Enhancement: Aria label added to inline secret-preview copy buttons. Main search category toggles now keyboard accessible.