Delinea Documentation - Secret Server - 11.4.x

Secret Server: 11.4.000000 EA Release Notes

Release Dates and Notes

On-Premises: February 21, 2023 Cloud: February 11, 2023

Component Versions

Distributed Engine and Advanced Session-Recording Agent:

Protocol Handler:

Known Issues

The distributed engine (DE) package that came with Secret Server (Cloud and On-Premise) 11.3.x prevents Secret Server from performing a DE auto-upgrade—making a manual upgrade necessary. See the Distributed Engine Auto-Upgrade Does Not Work bulletin for details.

New Features

User Interface Streamlining: Classic UI Removed

The classic UI is no longer available as an option, and can no longer be enabled. This followed notifications of phased deprecations in prior releases. Several improvements have been made to the UI based on feedback from customers regarding this change.

Checkout Extension Maximum Limit

We created a global configuration setting that allows administrators to set a maximum secret-checkout extension interval. This provides additional admin control by specifying granular limitations to users extending a checked out secret. The time limitation begins at the point of checkout extension and extension time defaults to the set checkout time

Disaster Recovery Enhancements

"Replicated User Status on Disaster Recovery Source" configuration can now be set to:

New Synchronization Items:

Discovery User Experience Improvements

We updated the discovery user experience to reflect the style and design of the application. The legacy pages are still available; however; the new interface items are ready for use, and we welcome feedback on these items. The legacy pages can be accessed by browsing to the relevant new interface and clicking the "View Legacy Page" button. The improvements are:

Generated and Created Password Improvements

Password Complexity Indicator

There is a new visual indicator in the password complexity rules that provides the user with a better understanding of the strength of their password. The combined score considers both entropy score (brute force defense) and character limitations (social engineering defense). In the case that the score is deemed too low, the UI provides recommendations to the user on how to increase password strength.

New Password Rules

We introduced character rules to password complexity selection to enhance the strength of generated and created passwords, if enabled. The new rules provide flexibility in the granularity of the rules. Each selection impacts both entropy and overall strength score. The rules include minimum characters from:

Opt-In Engine Upgrades

Distributed engine upgrades are no longer mandatory for every release. We added a new setting to the Distributed Engine Configuration page to set the minimum required engine version. Modifying this will trigger an automatic update for any engine below this version.

In the action menu for an engine on the Sites page, a manual upgrade can be triggered for individual engines below the latest version, which prompts the engine to update when it next calls in.

When changes are made needing an upgrade, the minimum required version is updated during the update process, and all engines update immediately.

"Run Scripts" Role Permission

We created a new "Run Scripts" role permissions to separate privileges in script management. Holders of the "View Scripts" role permission cannot execute test runs of scripts, and the new role permission must be assigned to perform this task.

Administer Scripts remains unchanged and allows view, edit, and run permissions.

Syslog Timestamps

There is a new setting in Syslog configuration allowing the selection of timestamp formatting. The standard for Syslog indicates that ISO timestamps should be used; however, some consumers use the legacy format. There is now a selection between Syslog and ISO format. Syslog will be the default for upgrades to allow current configurations to retain their behavior, and ISO format is the default in new instances.

Site-Specific FIPS Configuration

Individual sites are now configurable for FIPS compatibility. The setting is available on the Administration > Distributed Engine > Site configuration page, in the Engine Default Settings dialog box. All engines on a site will use this setting, overriding the global setting, which is configured at Administration > Configuration > Security.


Bug Fixes

Future and Recent Deprecations

Note: This section describes planned future deprecation of feature or platform support in Secret Server.