||October 4, 2013
- Added:Support for SQL Native Client (SQLNCLI) using ODBC. Permits use of SQL Mirroring in HA mode.
- Added: Phone Factor two factor authentication via local agent
- Added: Phone Factor two factor authentication via cloud service
- Added: SafeNet two factor authentication
- Added: Generic RADIUS support for two factor authentication
- Added: Support for SafeNet hardware security module (HSM)
- Added: Additional compliance reports to the web interface, now in parity with the console.
- Added: Additional compliance reports to the console, now in parity with the web interface.
- Added: New explicit option to define which attribute should be pulled from Active Directory when querying for systems (FR‐261).
- Added: New default page option for new users logging into the website.This is configured through the web application settings.
- Added: Option for the secure file store to pre‐define what permissions to define for a file when uploaded(FR‐508).
- Added: Option to hide password is the password recovery page until shown (FR‐476).
- Added: New response file for Palo Alto devices.
- Added: New response file for Tandem systems.
- Added: New response file for Fortigate systems.
- Added: New response file for CiscoPriv15 login accounts.
- Changed: When performing an auto‐RDP sessions via the website, the target system will go full screen to the entire desktop resolution when the full screen option is selected.
- Changed: When logging into the website and integrated authentication is enabled, website will deselect the integrated authentication automatically if a different user account name is provided in the username field.
- Changed: When configuring the web application global delegation rules,the permissions will be auto‐applied when the highlighted identity loses focus or the user clicks OK.
- Changed: Management set will automatically ignore NULL values when using a DB query to discover systems.
- Changed: Default response file now uses all types of encryption (BlowFish still not supported).
- Changed: Default response file has new settings for changing non‐enable accounts.
- Changed: Various UI elements for date/time reporting.
- Updated: RSA enVision Package includes the 6000 series event sink IDs.
- Fixed: Memory leak in data access layer that could cause the deferred processing service to stop or produce “out of resources” messages.
- Fixed:Memory leak in data access layer that could cause the web site COM object to stop or produce“out of resources” messages.
- Fixed: Memory leak in data access layer that could cause the management console to produce “out of resources” messages.
- Fixed: Per account delegations did not work for anything other than Windows or Linux systems (B‐640).
- Fixed: Website would product function block errors if ‘Block password check‐in if password is in use’ was selected and user checked in a Linux system.
- Fixed: Website would product ‘500’errors if ‘Block password check‐in if password is in use’ was selected and ‘Log all password check‐outs to system’s event log’ were selected and user checked in a Windows system (B‐651).
- Fixed: SCSM ticket integration would not always properly verify ticket status.
- Fixed: HPSM ticket integration would not always properly verify ticket status.
- Fixed: BMC ticket integration would not always properly verify ticket status.
- Fixed: ServiceNow ticket integration would not always properly verify ticket status.
- Fixed: Website deployment bug that could cause the website deployment to fail when the .net framework was not properly registered on the target web server.
- Fixed: Website verification could fail when website was installed to a virtual directory that was not the default name.
- Fixed: Various typos in the website.
- Fixed: Various typos in the management console.
- Fixed: Improper username case comparison ‐ If user logged in as user X and checked out password,then checked logged back in as User x, he could not re‐view the same password.
- Fixed: Audit Logs exported with a .asp extension instead of .zip.
- Fixed: Scheduled refresh job comments do not persist in the jobs queue dialog.
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: Possibility for account lockout when a connection uses a cached credential for Windows authentication(different than alt‐admins or integrated authentication).
- Fixed: Checkout to Group disallows checkout extension for subsequent users.
- Fixed: SDK Login Procedure Fails When Using Integrated Authentication.
- Fixed: Password compartments cannot be edited from the dialog.
- Fixed: For compartmentalized passwords, the Show/Check in Password option for a password that is already checked out always re‐prompts the user to reenter their password recovery reason.
- Fixed: When using compartmentalization with check out to group, after the user recovers their segment of the compartmentalized password and checks it out to a group, no user can use the Extend Checkout or Check In buttons.
- Fixed: Account elevation ‐automatic de‐elevation occurs immediately when multiple zone processors are present.
- Fixed: Bug where disabled jobs could get re‐enabled.
- Fixed: Errors and asserts listed when ERPM configured with a bad AD /LDAP path.
- Fixed: Manual installation of web service had incorrect web service DLL.
- Fixed: Web.config files for web service had incorrect parameter when using SSL.
- Fixed: Numerous PowerShell CMDlets did not work.
- Fixed: Numerous web service calls did not return data as expected.
- Fixed: Web service calls to add various databases did not properly apply encryption to the password.
- Fixed: ERPM task discovery fails when target task was set to run as SYSTEM (B‐658).
- Fixed: Incorrect permissions applied when using per account permissions for multiple accounts on the same system (B‐660).
- Fixed: IPMI node would not display more than 100 devices (B‐657).
- Fixed: Built‐in administrator password change job would not rename the administrator account – when elected to do so – until after the password was changed resulting in bad information in the website(B‐654).
- Fixed: Discovery of SQL Server instances was overwriting system information which resulted in alt‐admin information being incorrect (B‐653).
- Fixed: If retry policy is set to ‘STOP’, jobs that fail will never retry (expected) and never get rescheduled for next run time (unexpected) (B‐650).
- Fixed: Shared credentials list doesn’t send email notification on password recovery (B‐649).
- Fixed: Last login column in Windows Accounts view does not sort in chronological order (B‐647).
- Fixed: App crash could occur when using alternate administrators to manage an untrusting domain (B‐642).
- Fixed: Console delegation could permit users to bypass delegation rules (B‐641).
- Fixed: IIS reset happening when managing SharePoint even if no account usage was found (B‐639).
- Fixed: Personal password store would permit empty entries to be added to the list (B‐638).
- Fixed: RADIUS authentication not working all the time (B‐636, B‐637).
- Fixed:System rename would produce asserts (B‐635).
||June 25, 2013
- Added: Web Service Interface, exposes hundreds of functions via SOAP & WSDL
- Added: Powershell CMDLets to make use of new web service interface and functions
- Added: Password Compartmentalization - 4-Eyes password retrieval (FR 379, 380)
- Added: Standalone zone processor installer (FR 309)
- Added: Certified McAfee EPO integration - EPO can consume information from ERPM
- Added: Certified Qualys Integration
- Added: Service Now help desk system integration - event sinks and ticket verification
- Added: Support for customized SAP database - database information not at default/expected location
- Added: Cisco node now handles VTY and alternative login credentials (FR 465)
- Added: Password check-out to a group (FR 354)
- Added: Support for SQL native client - adds support for OLEDB and high availability database mirroring (FR 441)
- Added: ObserveIT integration point within password retrieval website
- Added: Additional heartbeat monitoring to handle more RPC timeout cases for unhealthy systems
- Added: Auto-Index support for MS SQL 2012
- Added: Log archiving
- Added: Each platform now has own default password checkout limits
- Added: Failure icon for Linux platform to help indicate troubled communications
- Changed: TN3270 node types now use Linux logic - old answer files and process will not work
- Changed: Cached database connection handling to account for intermittent database unavailability
- Changed: Oracle password change no longer automatically attempts an account unlock; option is selected on password settings tab at job creation
- Changed: Audit logs are exported as a zip file rather than a potentially large CSV file
- Updated: Cisco node and response files to reflect new password change options
- Updated: Handling of propagation subsystem code to better handle memory leaks found in O/S stack
- Updated: Oracle connection code for better scaling
- Updated: Oracle connection pool handling
- Updated: Oracle DB algorithms to improve performance when using an Oracle backend
- Updated: Dashboards now use .NET framework 4 (do not use .NET 3.5 SP1)
- Updated: Updated license checks algorithm to improve program start time
- Updated: Handling of string replacement propagation when field became too large
- Fixed: TN3270 support was broken
- Fixed: SAP support was broken
- Fixed: Account Elevation jobs could immediately de-elevate when multiple deferred processors were active (Case 629)
- Fixed: Sybase ASE would not use a custom defined (non-default) port (Case 628)
- Fixed: Auto-SSH functionality would not work when passwords contained custom characters (Case 609)
- Fixed: HP Service Manager integration was not working
- Fixed: File Store accessibility via SDK was not working as expected
- Fixed: IPMI scan was not properly associating credentials used during an IPMI scan when devices were found
- Fixed: IPMI did not commit IP address change when IP was changed on an existing device
- Fixed: System memory leak which led to system instability
- Fixed: System handle leak which led to system instability
- Fixed: Sorting the job queue could cause asserts
- Fixed: Function block error when checking in a non-Windows password and "Check if password in use option" enabled
- Fixed: Function block error when checking in a non-Windows password and "Log to application log if password in use option" enabled
- Fixed: Heartbeat monitor was not killing outstanding threads when enabled to do so
- Fixed: Account elevation comment could cause URL string to become to long and cause an operation to fail
- Fixed: Generate Stats Fullscan was not running against all DB tables
- Fixed: User supplied names for custom propagations were not persisting when propagation was created
- Fixed: When using cached credentials to connect to a Windows system, the account name provided was not fully qualified which could cause Windows to assume an incorrect credential leading to an account lockout
Click this Link for Complete Revision History