Current Version |
Build |
Released On |
| 4.83.5 |
121021 |
October 21, 2012 |
- Removed: Support for Windows Server 2003 as a hosting platform
- Added: Additional user interface languages: Danish, Dutch, Finnish, Hebrew, Hindi, Japanese, Korean, Norwegian, Russian, Swedish, Tagalog
- Added: SAP Certified password management via SAP NetWeaver Gateway (We are now an SAP Partner)
- Added: More event sinks
- Added: Additional permissions for viewing password history
- Added: Additional permissions for viewing account activity
- Added: SDK options for file vault management
- Added: SDK options for shared password lists
- Added: Automatic Index Creation deadlock resolution via index deletion
- Added: Add account lockout for web access (website options)
- Added: Dialog to monitor user lockout status and reset logouts selectively
- Added: Control for number of rows to export when exporting audit logs from website (web site options)
- Added: Active Directory domain account restrictions to target OUs for user discovery or exclusion from discover
- Added: OLEDB timer override (Datastore Config) to aid in slow databases and long running queries
- Added: RPC Kill timer to help deal with hung RPC calls to unhealthy Windows systems
- Added: Password change provides new option to unlock an account (Windows)
- Added: SOAP web service interface
- Added: Explicit impersonation in the SOAP web service
- Added: OData web service interface
- Added: Support for international characters in email messages
- Added: For non-Windows systems, password jobs can now load any stored credential
- Added: Password history for shared password lists
- Added: Can now specify SSH port on auto-SSH connection per system
- Added: Can now auto-SSH for custom account store types that use SSH
- Added: Wild card search in website for account names when mandatory account search requirement is enabled
- Added: SDK option to retrieve stored passwords and ignore password checkout flags
- Added: Email field cache for password requests in the web interface when users do not have a pre-defined email address
- Changed: When a system is added to the restricted systems list after being added to a job, the job will remove the restricted system on subsequent run
- Changed: Cloned job status and last run are set to has not run rather than the cloned job's status
- Changed: Certain logging functions and heuristics to try and avoid confusing log messages
- Changed: Startup algorithm to improve console launch time when management set objects have overlapping ranges (duplicated systems)
- Changed: Installation routines for Dashboard visualization installations
- Changed: SDK password set command will add passwords to shared list if not found
- Changed: Changed several file vault logging messages to include the symbolic name of the file affected as well as the fileID
- Changed: When setting auto-logins, system will check for target computer's bit level (32 v 64) to write to the correct registry location
- Changed: When selecting multiple accounts to create a password change job and choosing the run immediately option, jobs get scheduled to run now rather than actually attempting to run immediately
- Updated: IntegrationComponents supplemental installer can now choose proper installation path for zone processor installations
- Updated: Microsoft RDP ActiveX component updated to version 5.2.3790.4252
- Updated: Updated EasyMail SMTP & SSL components to version 6.5
- Updated: ARCSight CEF output and parsing
- Fixed: Windows 2008 R2 systems OS TYPE was incorrectly reported as Windows 7 systems in web interface
- Fixed: Systems added to restricted systems list after being added to a job would cause job to fail
- Fixed: Cross-site scripting exploits
- Fixed: Performing an IP scan for systems when OS type is set for Linux and the system responds could cause crash
- Fixed: Default button on website login page did not function
- Fixed: Integrated authentication in website did not work automatic login was not also enabled
- Fixed: Syslog CEF output of heartbeat monitor event sink would cause error rather than log
- Fixed: Certain scenarios could cause the job thread dispatcher to prematurely delete state resulting in memory leaks
- Fixed: When management set type was set to Linux, objects under the Linux/UNIX node would be added or removed simply because the management set was updated
- Fixed: Upgrade code when dealing with custom schemas
- Fixed: Database migration steps not present in v4.83.4 could cause basic password change jobs to fail
- Fixed: Database migration steps not present in v4.83.4 could cause propagation steps to fail from previously existing jobs
- Fixed: File store problems when using custom schemas
- Fixed: Compliance Database problems when using custom schemas
- Fixed: Custom LDAP filters for Active Directory domains were not working
- Fixed: Oracle password changes were not propagating
- Fixed: Oracle instances page would not show all correct oracle instances unless account had all access
- Fixed: Deleting a password from password history would delete all entries from the history for that computer/system
- Fixed: Could not enter the same system name into multiple custom account stores
- Fixed: RSA Login page in the web interface prevented set pin mode to work correctly
- Fixed: RSA SecurID did not work in next PIN mode
- Fixed: Displayed number of targets in a management set was not including custom account stores
- Fixed: Saving new passwords to the password store with encryption disabled would log asserts
- Fixed: Web interface account filters would not work if the user also had account masks defined in their delegations
- Fixed: Alternate administrator accounts access and stored credential access not working in certain scenarios
- Fixed: Web application would not show account filter if a non-All access user was logged in
- Fixed: Password recovery email alert used incorrect email template for notification
- Fixed: Main dialog would exit when admin reporting job could not be verified
- Fixed: Importing delegation identities and permissions to fail because it expected the import file to contain extra columns
- Fixed: Scenario where users could not create new delegation permissions on files in the file store
- Fixed: Text for requesting a password list password showed deny request
- Fixed: SDK (COM version) GetStatusSettings would fail
- Fixed: Users without grant all access cannot see accounts other than Windows
- Fixed: "Run job on new systems" was being erroneously set
Previous Version |
Build |
Released On |
| 4.83.4 |
120702 |
July 2, 2012 |
- Added: Per user definable dashboards
- Added: Dashboard configuration control
- Added: Dashboard data audit drill down and visualization
- Added: Pure certificate based authentication and authorization
- Added: CAC/PIV card support
- Added: Website support for automatic login after user-certificate identification
- Added: RDP account pass-thru accounts can be used for any system
- Added: SSH account pass-thru accounts can be used for any system
- Added: Multi-RDP Gateway support
- Added: Configuration to enable/disable multiple per-user simultaneous RDP sessions
- Added: Configuration to enable/disable multiple per-user simultaneous SSH sessions
- Added: Configuration to enable/disable multiple per-user simultaneous telnet sessions
- Added: Additional telnet support for Linux/UNIX node
- Added: Additional telnet support for custom account store node
- Added: SSH/Telnet support sixth new replacement variable for target system
- Added: Multi-language support for web interface including Chinese (traditional and simplified), Arabic, German, French, Italian, Hungarian, and more
- Added: Multi-language support configurations per user profile
- Added: Scheduled refresh operations for system enumeration
- Added: Scheduled refresh operations for account enumeration
- Added: Self-service account elevation jobs now provide for an elevation comment
- Added: Pre-populated list of common groups to the arbitrary account elevation page so a user can choose a group instead of typing one in
- Added: Password confirmation field for static passwords in password change jobs
- Added: Progress indicators for jobs in progress in the web application
- Added: Automatic Oracle database detection for Windows systems
- Added: Test connection option for MS SQL databases
- Added: Test connection option for Oracle databases
- Added: Job Queue dialog for determining which job is running, what job is next, and other job information
- Added: Zone processors can now handle parts of password propagation jobs for propagation targets that are within their zone
- Added: Zone processors can now perform account elevation jobs
- Added: Zone processors can now perform system refresh operations
- Added: Zone processors can now perform password verification reports
- Added: Orphaned job unlock code to the scheduling service to unlock and reschedule jobs that are found locked by the current system when the owning process no longer exists
- Added: Compliance snapshot jobs as a supported type of job that can be run by a zone processor
- Added: Unique event sink message for adding/changing managed passwords through the web app
- Added: Password verification for accounts on non-Windows systems managed by SU or SUDO
- Added: SSH/Telnet target types configuration option to always load stored password
- Added: Security option on website configuration to block session if more than N number of requests per second is received from session
- Added: Oracle database password verification
- Added: Compliance report for all stored shared credentials
- Added: Password history accessible via website
- Added: Support for asset tag in the management console
- Added: Asset tags are visible and searchable in the web interface
- Added: Custom account store systems can now be imported via text file import
- Added: On-demand token code support for RSA SecurID token checks
- Added: Support for system-generated RSA SecurID PIN codes for the web application
- Added: Option to disable LDAP servers for use as authentication servers
- Added: Account elevation jobs filters available in the jobs page filter list in the web interface
- Added: Various interstitial dialogs in web application to indicate work being done
- Added: Various interstitial dialogs in management console to indicate work being done and actual progress
- Changed: Deferred processors will examine jobs left in a partially complete state to determine if they need to be completed
- Changed: Management set database query string length updated to support 1024 characters (up from 255)
- Changed: Web application schedule permission restriction code to allow daily restrictions to carry over from PM to the next day's AM times
- Changed: Users attempting to login when their login permission was restricted by schedule to a schedule restriction message
- Changed: LDAP password change jobs would always use the managed account to change its own password
- Changed: Input method for SSH/Telnet connections now passes a single character at a time
- Changed: Tab order various dialogs
- Updated: Mnemonic controls in various places in the management console (Section 508 compliance)
- Fixed: Password cache population problems for Cisco password changes
- Fixed: Password cache population problems for LDAP password changes
- Fixed: Password cache population problems for Oracle password changes
- Fixed: Password cache population problems for Sybase password changes
- Fixed: Password cache population problems for MySQL password changes
- Fixed: Password cache population problems for MS SQL password changes using explicit accounts
- Fixed: Password cache population problems for IPMI password changes
- Fixed: Known passwords discovered as valid for IPMI devices were not associated with IPMI device
- Fixed: Date time pickers in website filters for account elevation
- Fixed: Service propagation did not propagate to services configured with UPNs if service and account had not already been previously enumerated
- Fixed: Text file discovery on non-Windows systems
- Fixed: Text file propagation on non-Windows systems
- Fixed: Process initiation on non-Windows systems
- Fixed: Adding a personal password was not associated with the correct menu sections in the web interface
- Fixed: Password cache concurrency issues during multi-threaded SSH operations
- Fixed: Bug in the web interface that was causing false positive errors to be logged on some page loads
- Fixed: RDP sessions could create duplicate log entries per connection
- Fixed: HTML markup characters in password list entries caused the password list pages to fail on various operations
- Fixed: Password check-in comments were not required even when enabled
- Fixed: Event sink logging was not always including the web logins responsible for the event
- Fixed: The system page of the job sheet showed incorrect next retry times for jobs that were partially complete
- Fixed: Generate full stats on all tables would fail if a custom tablespace name was used
- Fixed: LDAP connection would error if integrated auth was used and a user login name was not provided
- Fixed: Permissions on password list check would fail if one of the identities that had permissions assigned has been deleted
- Fixed: Windows integrated auth could bypass Oath token checks
- Fixed: DB2 custom connection strings were not working
- Fixed: Errors on SQL server refresh if the name-case (upper-case) was incorrect in the program data store
- Fixed: Could not add new credentials to an existing password list for Password Spread Sheet Manager feature
- Fixed: Certain delegation import features opened the export dialog
- Fixed: Certain delegation export features opened the import dialog
Click this link for complete revision history.