Get Started!


Release 2.3.201909152349 (September 15, 2019)

Features

  • Added command line SSH Proxy Shell commands to view and to unlock records

Fixes

  • Fixed the issue with GUI console timing out during active in-browser session to remote computer
  • Fixed the issue with respecting record permissions while auto–searching records in response to interactive commands in the SSH Proxy shell
  • Fixed the issue with using preferred encryption method when saving records

back to top


Release 2.3.201909082220 (September 8, 2019)

Features

  • Added support to use Oracle SQL Developer 19 as a remote application shared with high trust login and session recordings
  • Added support to import Unix Host with Key, Unix Host with Protected Key and Certificate records from KeePass XML export file for entries that contain file attachment treated as certificate in combination with User Name and Password fields

Extensions

  • Added support for separate parameters to logout from application and disconnect in-browser session after inactivity timeout
  • Added the option to allow non-unique records and folders when importing data from third party systems

Fixes

  • Fixed the issue when parsing xtam.http.proxy system parameter value containing spaces
  • Improved processing of system properties to include more variations in the values such as lower, upper case and trailing spaces
  • Improved the logic of connection close detection in WS-Management protocol
  • Improved internal error reporting, resource management, thread termination and interruption when handling unexpected situations
  • Fixed the issue with Week Year format used for formatting dates in exported reports, offline and custom reports generation, summary jobs report, HAR format http session recordings, SSH key management
  • Fixed the issue with reusing random number generator during the application up time
  • Fixed the issue with updating container level encryption utility when updating the application in Linux platforms
  • Fixed the issue with backward compatibility of the CLI utility with the legacy deployments
  • Fixed the issue with Search bar help icon when using Internet Explorer browsers

Labs

  • Internal Code Organization: Fixed the issue with using boxed numbers during system export
  • Internal Code Organization: Fixed the issue with sharing cached remote access token between multiple threads
  • Internal: Fixed the issue with detecting application path when deployed to the container root
  • Internal Code Organization: Fixed the issue with comparing with constants in the workflow service. Fixed the issue with internal server errors in case of not found actor and terminating non-existing sessions
  • Internal Code: Added hashCode method to USer Directory dictionary
  • Internal Code: excluded non-deploy-able drivers from the code analysis. White listed the code analysis error about the unused variables in JavaScript controllers
  • Internal Code: White listed the code analysis error about the unused variables in JavaScript controllers
  • Internal Code: White listed global pattern utility from code analysis
  • Internal Code: fixed the issue with equality compare in the heartbeat handler
  • Internal Code: White listed variable reuse and extra semi-columns in code analysis
  • Fixed the issue with resource management when listing export files, interrupting export process, recording rendering, updating software registration, importing system data, CLI utility operations, job execution, session management
  • Fixed the issue with reporting results of bulk operations for non-existing items
  • Fixed the issue with internal application error when deleting non-existing job queue record
  • Fixed the issue with alerting users about permissions modifications in case of undefined initial permissions
  • Fixed the issue with the internal application errors in case of executing jobs for non-existing tasks
  • Fixed the issue with detecting very old scans for summary aggregation, anonymous links expiration, users for de-duplication process, performance log generation schedule
  • Fixed the issue with thread termination during application shutdown and updates
  • Improved error reporting about failure to delete incompletely processed export file
  • Fixed the issue with incorrect completion of operation in case of failure to obtain Azure AD access token in Azure AD client
  • Fixed the issue with the server errors when encrypting or decrypting null messages
  • Fixed the issue with reporting the absence of the master password
  • Fixed the issue with reporting the errors with TLS connections to LDAP
  • Improved error reporting about failure to execute PowerShell commands on the remote host
  • Fixed the issue with the tag attribute detection in the HTTP proxy for non-compliant attributes
  • Fixed the issue with multi-threading operations of HTTP Proxy HAR recording
  • Fixed the issue with SSH Proxy connection to the Unix Host record with protected key without the password ever was on the record
  • Fixed the issue with detecting empty command control policy enforcement

back to top


Release 2.3.201909012238 (September 1, 2019)

Features

  • Added support to store Google Authenticator secret key in a record with the option to generate tokens
  • Added support to import selected accounts discovered on the remote Windows and Unix hosts

Extensions

  • Added support for native clipboard transfer using hot keys or menus for Internet Explorer
  • Added the option to refresh record view screen once a minute to display currently opened sessions
  • Added support to detect, display, select and import OS accounts when discovering Unix computers
  • Added feedback screen about importing selected discovered hosts

Fixes

  • Fixed the issue with establishing new session from the record view screen in the Exclusive Sessions mode to perform active session count
  • Fixed the issue with discrepancy in the jobs count in the Jobs Summary report and the details summary count of individual jobs
  • Fixed the issue with the reporting missing time limit on the workflow binding editing screen
  • Fixed the issue with created, modified and last accessed properties for the files uploaded to remote Windows computer during in-browser RDP session
  • Fixed the issue with session events recording for sessions established using native SSH clients respect configured permissions
  • Improved the logic of periodic audit log archiving to better handle multi-threading
  • Improved the logic of periodic system export to better handle multi-threading
  • Improved resource management when updating Federated Sign-In component configuration
  • Improved the logic of detecting discovered hosts for auto-import
  • Improved processing of server side feedback queue to the application GUI
  • Fixed the issue with SSH Proxy session losing ongoing recording after the system shutdown, restart of update during session
  • Fixed the issue with authorizing the user logged in through external email based SAML Identity Provider to a base Active Directory configured system

Labs

  • Internal Code Organization: removed duplicate declarations in the application menu builder
  • Internal Code Organization: identified false positive error about bitwise operation in client side code
  • Internal Code Organization: fixed the issue with extra statement in the columns selector directive
  • Internal Code Organization: Added doctype for error HTML pages
  • Internal Code Organization: identified false positive error reports about using emphasis tone for icons when using accessibility option
  • Internal Code Organization: identified false positive error reports about missing page titles for supportive pages
  • Internal Code Organization: identified false positive error reports about automatic database schema updates
  • Internal Code Organization: Removed unused ProxyServlet used in development of HTTP Proxy
  • Internal Code Organization: removed empty statements in directives declaration
  • Internal: added alternative image tag for workflow request checkbox

back to top


Release 2.3.201908252217 (August 25, 2019)

Features

  • Added record type Unix Host with Private Key to connect to corresponding accounts
  • Added visual feedback screen about system import process

Extensions

  • Added the option for system administrators to access users personal vault from the User report
  • Added qualification message to the audit log entries about deleting or unlinking items to include the specific operation (delete or unlink) and the parent folder
  • Added the option to provide Unix account private key in a text field instead of the file attachment using the Text field PrivateKey instead of File field Cert
  • Added master password verification result into the system import feedback screen
  • Added visual indicator with the error message and configured time limit on the access request form when selecting request duration restricted by the access workflow
  • Added the option to bypass group membership search for selected integrated user directories by specifying disabled clause in the role search parameter to optimize login performance in case groups from this directory are not used
  • Added protection against XML XXE attack during break-glass recovery process using command line utility
  • Added protection against XML XXE attack during remote PowerShell script executions

Fixes

  • Improved performance of online Users report display and export when building without slow calculating columns selected: Groups, Roles, Items and Log counts
  • Improved application resource management and threads control after logging out from the application deployed using Federated Sign In module
  • Improved application resource management and threads control during SSH Proxy sessions established using native SSH clients
  • Fixed the issue with password reset of locked accounts using LDAP strategy
  • Fixed the issue with HTTP Proxy initialization after failure to create folder chain for the generated certificate
  • Fixed the issue with overwriting HTTP Proxy port using locally defined property
  • Fixed the issue with reporting verification message about job execution at the end of the job execution status after the application version signature
  • Fixed the issue with terminating HTTP Proxy operating in a Worker component during re-deployment or service stop operations
  • Fixed the issue with remote SSH Proxy connection recovery for certain error cases
  • Fixed the issue with blanket duplicate audit log message about deleting or unlinking folders during mass item delete operation
  • Fixed the issue with the label Import Completed
  • Fixed the issue with leaving corrupted system export files in case of failed export operation
  • Improved system log message about application update failures to troubleshoot application updates
  • Improved troubleshooting system log messages to diagnose HTTP Proxy server startup
  • Improved the operation of exporting records with large attachments by limiting an export volume size
  • Improved performance of Access Request form by implementing asynchronous language translation mechanism
  • Improved system logging in binary content streaming service, remote PowerShell code execution, SSH Proxy operations, File Transfer, encryption operations, In-Browser Session services, and utility modules
  • Improved the application thread monitoring by naming data import thread for instrumentation identification
  • Improved error reporting in the process of updating system configuration across multiple nodes

Labs

  • Internal code organization: identified false positive reports about password related properties, attributes and place-holders
  • Internal code organization: encapsulated unnecessarily visible properties of the internal objects
  • Internal code organization: identified false positive reports application test drivers not included in the application build

back to top


Release 2.3.201908182213 (August 18, 2019)

Features

  • Added support for rotating password protected public SSH keys

Extensions

  • Added protection against XML XXE attack when importing XML-based data from KeePass, RDCMan and system export

Fixes

  • Fixed the issue with the intermittent initial connection drop when connecting to destination end-point using native SSH clients through remote SSH proxy
  • Fixed the issue with user name displaying in Workflow bindings tab of the workflow administration missing the user login
  • Fixed the issue with rotating SSH keys for long key size
  • Fixed the issue with completing HTTP session in API Authentication module
  • Fixed the issue with importing WEB Portal record types from CSV spreadsheets
  • Fixed the issue with resetting index with the newly selected indexed fields when changing record types for individual records of in bulk
  • Fixed the issue with HTTP Only cookie mark when initializing HTTP Proxy
  • Improved error reporting about deleting temporary files during the application update and check for latest version
  • Improved error reporting about downloading binary streams
  • Improved error reporting about system import and export
  • Improved error reporting about generating scheduled reports

Labs

  • Code organization: Removed dead code in the API authentication module
  • Code organization: Capitalize constant for service account
  • Code organization: Improved initialization strategy for policy definition storage
  • Code organization: Fixed the long data type constant in the anonymous link scheduled deletion mechanism
  • Code organization: Improved the logic of folder access by employing more reliable compare mechanism
  • Code organization: Fixed the long data type constant in user thumbnail upload logic
  • Code organization: Added false-positive markers for hard coded password use detection in password service, public key password, system configuration

back to top


Release 2.3.201908102242 (August 10, 2019)

Features

  • Added silent installer for Linux platforms

Extensions

  • Added the option to generate system administrator password during the system installation
  • Added a column to Sessions Report displaying a session manager host used to broker a connection
  • Added the option to reset blocking administrator actions in workflow bindings using command line utility command DBReleaseLockedAdmins
  • Added double warning message about saving workflow binding for administration functions bound to the currently logged in user to prevent system administrators to accidentally block themselves
  • Added support for non standard ports when connecting to devices using native clients through remote SSH Proxy

Fixes

  • Fixed the issue with disabled record type password formula editing for vault editions
  • Fixed the issue with disabled record level password formula editing for vault editions
  • Fixed the issue with enabled Bulk Request permissions in the licenses without enabled Workflows
  • Fixed the issue with reporting session manager used to broker the connection using SSH Proxy server
  • Fixed the issue with audit logging executed in the same transaction for folder related API functions
  • Fixed the issue with failure to process one entry in the computer listing from AD terminated computer listing completely
  • Improved system log messages on debug and trace level to troubleshoot listing computers from AD
  • Fixed the issue with processing double quotes in certain places of PowerShell scripts
  • Fixed the issue with using the double quote characters in the password reset using PowerShell execution strategy
  • Fixed the issue with Periodic in range task policy loosing second value when task inheritance broken
  • Fixed the issue with Time Window task policy loosing its value when task inheritance broken
  • Fixed the issue with Shadow record task policy loosing its value when task inheritance broken
  • Fixed the issue with Time Windows is enabled for editing in the task policy inherited from the record types
  • Fixed the issue with the field Users displayed without value in Workflows report and binding listings for entries with all users selected
  • Fixed the issue with executing multi-line PowerShell commands in the deployment built on Windows platforms
  • Fixed the issue with terminating active connections when archiving a record
  • Fixed the issue with menu item separator for an empty section visible at the bottom of the drop down menu for the archived records
  • Fixed the issue with record list horizontal scrolling on the mobile devices for both portrait and landscape mode
  • Fixed the error message about copy to clipboard on the devices without support for clipboard copy

back to top


Release 2.3.201908042210 (August 4, 2019)

Features

  • Added visual password strength indicator with recommendations how to improve weaker passwords
  • Added support for distributed SSH Proxy chaining serving native SSH clients to connect to devices in isolated networks

Extensions

  • Added the option to restore a record from its change history
  • Added system command line management utility command SSLPoke to test validity of the SSL certificate on the provided URL and port
  • Added system command line management utility command SSLImport to import a component of the certificate chain exposed by specified host and port to the system keystore or to the staging location
  • Added support to display password examples that can be generated with the currently defined password formula on the Password Formula Editor screen with the password strength indicator
  • Added logout confirmation window for deployments including Federated Sign-In components
  • Added the option to search by record indexed fields to the Inventory report
  • Added the option to search by record indexed fields to the Audit Log report

Fixes

  • Fixed the issue with executing generic multi-line PowerShell script using Windows Remote strategy
  • Fixed the issue with prompting about lost data when navigating from Password Formula editing form after some modifications
  • Fixed the issue with HTTP sessions recording interrupted by the application restart
  • Fixed the issue with updating a record with the empty password after non password reset job executed by the remote node
  • Fixed the issue with re-connection of remote application node in case of expired or reset connections
  • Fixed the issue with pass-through credentials option enabled for the default installations
  • Fixed the issue with the application logout using system with Federated Sign-In component deployed to redirect to a login form with the correct service URL
  • Improved HTTP Proxy component for multi-threaded operations
  • Fixed the issue with reporting changes in binary files or certificates on the record change history report
  • Fixed the issue with the field layout on the user profile screen

back to top


Release 2.3.201907282252 (July 28, 2019)

Features

  • Added the option to import data from KeePass Password Safe

Extensions

  • Added the option to mass update record type for multiple selected records
  • Added the option to filter Inventory report by folders or records only by using search string “folders” or “records”

Fixes

  • Fixed the issue with using Unicode characters in the PowerShell scripts parameters
  • Fixed the issue with using Unicode characters when resetting Windows passwords
  • Fixed the issue with the incorrect encoding of Unicode text export of system reports in IE browser
  • Fixed the issue with using comma in the old or new password during password reset using Cisco remote job execution strategy
  • Fixed the issue with using double quote characters in the PowerShell scripts
  • Fixed the issue with using double quote characters in the PowerShell scripts parameters
  • Fixed the issue with the incorrect link to a trial license download on the message about non activated software

Labs

  • Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and used application nodes in high availability or remote deployment scenarios
  • Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and used remote session manager nodes
  • Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed users as compare to the users that can access the system through granted global, object level permissions or roles
  • Internal: Added application license enforcement in the form of warning label on the record browsing screen to control number of licensed and available records

back to top


Release 2.3.201907212231 (July 21, 2019)

Features

  • Added support for HTTP(s) traffic recording of high-trust sessions from client side browsers to WEB Portals
  • Added the option to distribute large volume of job executions over long time range

Extensions

  • Added the option for case insensitive search in Sessions and Session Events reports
  • Added the option to control the command to elevate privilege in SSH/SU session
  • Added client IP address of the user created the session as a column to the session report
  • Added a WEB Portal category to the pie chart of distribution of records to major record types based on session managers
  • Added user directory label to the user information in report exports to PDF and CSV files

Fixes

  • Fixed the issue with time filter on Jobs History and Jobs Summary reports
  • Fixed the issue with the initial time filter on the job summary report
  • Fixed the issue with displaying session report for sessions with recordings saved into the database
  • Fixed the issue with continuous session recording after session reconnect event caused by losing connectivity
  • Fixed the issue with the system logging for Removing expired transfers to be on debug level
  • Fixed the issue with the system logging for using cached authenticator for remote node connections to be on debug level
  • Fixed the issue with reporting error status of non-password reset jobs executed by remote nodes
  • Fixed the issue with inheriting workflows from parent folder when purging reused record workflow manager entry
  • Fixed the issue with displaying session and job related information on global or item level permissions screen in the Vault only license
  • Fixed the issue with displaying session and job related information on grant permissions screen in the Vault only license
  • Fixed the issue with displaying session and job related information on Statistics Report screen in the Vault only license
  • Fixed the issue with SSH Proxy connection when the server runs on the system with specific (one-part) LANG specification
  • Added trace level system logging to troubleshoot Cicso job execution strategy

back to top


Release 2.3.201907142227 (July 14, 2019)

Features

  • Added system administrator and user manual
  • Added the option to pinch and zoom in-browser sessions on the mobile devices
  • Added the option to scroll zoomed screen on the mobile devices using two-fingers scroll operation
  • Added the option to zoom-in and zoom-out active in-browser session using plus, minus and restore buttons on the session toolbar
  • Added support to create session events for commands accepted by command control restrictions

Extensions

  • Added the option to open in-browser session toolbar with left to right swipe gesture on mobile devices
  • Added an audit log event about commands blocked using command control shell in active in-browser sessions

Fixes

  • Fixed the issue with joining a session in Tab starting mode
  • Fixed the issue with blanket error message in the browser console when navigating to API token management screen
  • Fixed the issue with improper total message of filtered objects on the system parameters, record types, MFA configurations, scripts and custom reports lists

back to top


Release 2.3.201907072217 (July 7, 2019)

Features

  • Added visibility to user selection for permissions and workflow configuration

Extensions

  • Added user directory information to the user formatting: Display Name (login) /Directory and for group formatting: Group Name /Directory to visualize the source of the principal in various places of the application
  • Added Apply to all Users checkbox to Workflow Binding screen to explicitly designate a workflow to apply to all users
  • Optimized performance of import operation
  • Added the option to trigger task execution policy for record creation during record import
  • Included more fields referencing other objects to auto-generated for custom reports when selecting object

Fixes

  • Fixed the issue with the auditors cannot see custom reports properties when building custom reports
  • Fixed the issue with purging Public Key and Report Subscription data storage in the existing databases before the import process
  • Fixed the issue with missing Report Subscription configuration to export and import process
  • Fixed the issue with the scheduled export process run before the system initialization
  • Fixed the issue with excessive authentication attempts by the remote job engine node
  • Fixed the issue with the empty list of templates when canceling add or edit binding screen on the workflow management page
  • Fixed the issue with extra component in the page breadcrumb on system level add or edit workflow binding screen
  • Fixed the issue with the user formatting: Display Name (login) /Directory for users displayed on the record view screen
  • Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the permissions list screen
  • Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the grant permissions screen
  • Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the permissions edit screen
  • Fixed the issue with user formatting: Display Name (login) /Directory for users and groups displayed on the Global Roles screen
  • Fixed the issue with job scheduling for periodic policies with unspecified time range
  • Added system logging information about initialization of SSL connector
  • Fixed the issue with starting in-browser sessions when failed to detect the load balancer settings
  • Fixed the issue with the error reporting about unknown user when checking MFA configuration
  • Added system logging information for personal folders de-duplication logic
  • Fixed the issue with user de-duplication logic for several system objects
  • Fixed the issue with displaying object breadcrumbs for certain locations

back to top


Release 2.3.201906302237 (June 30, 2019)

Features

  • Added support to design and generate custom reports with export options

Extensions

  • Added API documentation for alerts and job history scheme models
  • Added group by, user, identified by and dual keywords to the syntax highlighting option of the SQL scripts editor

Fixes

  • Fixed the issue with displaying session events for certain events without saved data
  • Fixed the issue with creating duplicate personal folders for some users
  • Added an automatic logic removing duplicated personal vaults accidentally created by the legacy software
  • Fixed the issue with Manager role reported in the PDF and CSV export of Access Report
  • Fixed an incidental issue with the user logout from the application deployed with Federated Sign-In component
  • Added native system method for both Windows and Unix environments to detect host name in case all previous methods failed
  • Added automatic cleanup of system nodes configuration that do not have host name defined
  • Improved application host name detection on Linux platforms
  • Fixed the issue with syntax highlighting for SQL scripts in the script library

back to top


Release 2.3.201906232230 (June 23, 2019)

Extensions

  • Added support for the application deployment to Linux platforms with updated systemd init manager (v237+) using non-privileged user
  • Improved application maintenance by exposing more details about internal threads operations
  • Added confirmation screen before revoking item or global permissions
  • Added message description for session termination event with IP location of the user duplicating the log IP location
  • Added the option to repair internal embedded database for stand-alone deployments to rebuild indexes and compress large tables
  • Added the option to mass select and unselect local group members for bulk operations
  • Added a sort order for local group members

Fixes

  • Improved the application thread management by switching to short-lived thread pools for job execution, discovery, notification, video rendering and summary processing
  • Fixed the issue with exporting very large data from the session event log
  • Improved thread management when discovering assets by executing asset discovery in small batches
  • Fixed the issue with failure to purge database with existing session file transfer data during import
  • Added support to export and import file transfer data during session events
  • Fixed the issue with excessive error reporting about loading missing LOB files when importing data
  • Fixed the issue with offset in the user count in Reports / User report
  • Increased shutdown timeout for Linux deployments to 60 seconds
  • Fixed the issue with services setup on Linux systems with updated (2018+) systemd init manager forbidding switch user from the service to the exec script
  • Fixed the issue with the Linux uninstall process continue when pressing enter on the uninstall prompt instead of confirming uninstallation
  • Increased copyright year on the Linux installation script
  • Fixed the issue with page size label on the records browser page
  • Fixed the issue with user search box for record owners on the command control assignment page
  • Fixed the issue with incorrect error message about deleting assigned command control policy
  • Fixed the issue with the header error message about deleting command control policy
  • Improved system log messaging about errors importing ADS objects
  • Improved procedure of adding members to a group by reducing a number of calls to the local user directory to a single operation adding all users together instead of updating a group with each member one at a time
  • Fixed the issue with enabled confirmation button on the user selection screen to update group membership, grant permissions or assign a policy (workflows, etc) when the button is already pressed to prevent multiple trigger of the same operation
  • Fixed the issue with displaying Unicode strings in the Sessions Events report for Clipboard transfers and Command executions
  • Fixed the issue with the confirmation message about canceling editing Command Control Policy after saving configuration
  • Fixed the issue with assigning a Command Control policy to a principal without selecting a policy
  • Fixed the issue with disappearing user profile control center in the top left navigation menu
  • Fixed the issue with adding multiple members to a local group in parallel using REST API
  • Fixed the issue with enabled Remove Members button after triggering remove operation
  • Fixed the issue with the error reporting when removing members of a local group

Labs

  • Internal: Added test framework for custom reports display engine

back to top


Release 2.3.201906162243 (June 16, 2019)

Features

  • Added the option to search records with the associated anonymous links using alinks: search criteria
  • Added the option to search by event type to the session event report
  • Added the option to filter by date to the system session event report

Extensions

  • Added host information display to the list of records in the folder browser
  • Added command line utility options to list system administrators, list system users and make a user an administrator all provided current master password
  • Added support for the application CLI management utility update during the general application update
  • Added version information to the application CLI management utility
  • Added an audit log message about summary data collection for aggregation reports

Fixes

  • Fixed the issue with extracting a referenced records when recovering sensitive information from the export files in case of break glass scenario using command line utility
  • Updated Telnet Host, CISCO, MS SQL Server and AS/400 record types to be hidden in the initial default installation with the option to enable them using Record Type screen
  • Added license enforcement for Jobs, Sessions, Discovery, MFA, API, Workflow and Tenants modules
  • Fixed the issue with Linux installer deployed XTAM CLI utility to WEB Container folder
  • Fixed the issue with missing log message after deleting individual records or folders
  • Improved the logic of identifying users in case of multiple user entries in system tables
  • Fixed the issue with REST API function that adds a member to a local group
  • Fixed the issue with the function to add a member to a local group adding a random member to a group in case no member is specified
  • Fixed the issue with item update and delete operations as well as with making unique permissions for the deployments based on Unix-hosted MySQL databases
  • Fixed default sort order for MFA configuration page to Ascending by principal
  • Fixed the issue with secured access for HTML templates, Java Script and locale files in the WEB application framework
  • Fixed the issue with the application startup on the back-end database with unsynchronized primary key sequence due to incomplete database replication

Labs

  • Internal: Added new product Vault to the licensing system to enforce vault-only deployment without the options to use sessions, execute jobs, use Workflows, configure API tokens, custom MFA or use discovery
  • Internal: Removed MSP-driven Multi-tenant option from the Labs mode replacing it with licensing module Tenants

back to top


Release 2.3.201906092258 (June 9, 2019)

Features

  • Added the option to share records or sensitive messages using destructible anonymous links with unique IDs and expiration terms viewable by the users outside of the system
  • Added support for file encryption of saved session recordings and transferred files

Extensions

  • Added the option to search recently created system objects using new:day, new:week, new:month, new:hour or new: (defaulted to hour) criteria
  • Added the option to decrypt encrypted object using command line utility
  • Added tool tips for icon buttons on the record view screen: Subscribe to Alerts, Add and Remove to Favorites
  • Added tool tips for icon buttons on the record list screen: Subscribe to Alerts, Add and Remove to Favorites as well as on the Share and Connect buttons for records and folders
  • Added Federated Sign-In (CAS) module that includes options to configure multiple MFA providers: Google Auth, Duo, Radius, Yubikey along with LDAP, AD and SAML integration

Fixes

  • Fixed the issue with populating WEB Browser form by browser extension in case when user field is given by email type field without name or id
  • Fixed the issue with populating WEB Browser form by browser extension for cases when a delay for the form processing is required when populating password field right after the user field
  • Fixed the issue with creating or importing WEB Portal type records (or any records with URL field) when URL is longer then 255 characters
  • Fixed the issue with non-ASCII encoded filenames when downloading file from session browser or session events view
  • Fixed the issue with non-Latin filenames when downloading file from session browser or session events view using Firefox browsers
  • Fixed the issue with spaces in filenames replaced with other characters when downloading file from session browser or session events view
  • Fixed the issue preserving correct filenames when downloading file from session browser or session events view using Internet Explorer / Edge browsers
  • Fixed the issue with file transfer event not saved when transferring empty files
  • Fixed the issue with global auditor ability to download session file transfers
  • Fixed the issue with permission-related error in the system log file when processing system alerts
  • Fixed the issue with incorrect reported total number of entries in the sessions report for non-global viewer displaying permissions-trimmed sessions list
  • Added the option _none_ to the transport security parameter of RDP connections to enable different negotiation algorithm to auto-select transport security during connection
  • Moved system log messages about throwing Access and API exceptions to trace level to reduce amount of blanket caught and handled access exceptions
  • Improved system debug logging for session recording video conversion
  • Fixed the issue with license verification using the framework with modified default keystore type
  • Fixed the issue with blanket warning message about missing logging component when running some command line utility command
  • Fixed the issue with extracting passwords that contain colon character from system export
  • Fixed the issue with extracting passwords that contain double quote character from system export

Labs

  • Internal: Removed unused deprecated code related to initial folder/record policies and record type/record reset strategies implementations replaced with the multiple tasks/jobs approach

back to top


Release 2.3.201906022218 (June 2, 2019)

Features

  • Added interactive application REST API documentation browser in OpenAPI format

Extensions

  • Added support for Mobile Device layout session on-screen keyboard with larger buttons
  • Added View button for auditors to review the scripts in a read only mode
  • Added the option to search for orphaned records and folders using orphaned: search criteria

Fixes

  • Improved isolation of operations with records and folders shared between multiple simultaneous transactions
  • Improved the application business logic related to handling parent folders of records and folders
  • Fixed the issue with availability of Reports button on the Saved Searches
  • Fixed the issue with folder- and session- level session events report
  • Fixed the issue with search on the session events report
  • Fixed the issue with Create, Delete and Edit buttons available for Auditors on the Scripts listing screen
  • Fixed the issue with the error reporting using referenced record blocked by the workflow requirement when creating or editing records
  • Fixed the issue with extra database connection consumption when deleting records
  • Fixed the issue with PDF and CSV export of system access report
  • Fixed the issue with Found N entries message on the permissions, task list, global roles, MFA and command control screens
  • Improved the logic of folder deletion by detaching the folder from its parents in an isolated operation
  • Added optimistic locking support for records and folders objects to enable database monitoring of the related entities and prevent simultaneous updates of items from several parallel threads
  • Switched system log message about sending report subscription to debug level
  • Fixed the issue with reusing items with database attachment in the offline reports
  • Fixed the issue with user name or password values contain double quote character in the Chrome and Firefox Form Filler and Broker extensions
  • Fixed the issue with file download using IE/11
  • Fixed the issue with blanked error message about scanning components in the system log during application startup
  • Fixed the issue with deleting item with no permissions from favorites
  • Added system logging messages to troubleshoot folder and record deletion or move process resulting to removing an item from its current parent location
  • Fixed the issue with the blanket error message when initializing the application after database rebuild

Labs

  • Internal: Added the option to monitor and enhance database operations performed by the application logic
  • Internal: Added OpenAPI documentation for Permissions interface
  • Internal: Added OpenAPI documentation for Password (Job Queue) interface
  • Internal: Updated Open API documentation about /user/whoami call to include reference to XSRF token
  • Internal: Removed mock transaction logic for queries
  • Internal: Moved the logic that checks item parents to a separate function
  • Internal: Removed deprecated functions related to old job execution before introduction of tasks

back to top


Release 2.3.201905262229 (May 26, 2019)

Features

  • Added support for logging content of the files transferred to or from remote servers accessible using File Transfer events of the in-browser or SSH Proxy session events log with the option to define retention policy to keep saved files content
  • Added System Access Report accessed from the Global Permissions screen displaying all users that can access any part or the object in the system

Extensions

  • Improved visual appearance and usability of the progress bar on the Instant Player for session recordings
  • Updated context help for Session RDP Screen Size parameter to include the MAX/CURRENT option for initial size of the session windows without consequent resize mechanism
  • Added the option to execute PowerShell scripts with shadow account place-holders
  • Improved visual appearance and usability of record archival status indicator on some monitors

Fixes

  • Fixed the issue with availability of Save Search button on the pre-built saved searches
  • Fixed the issue with respecting item-level permissions in the Object Access report
  • Fixed the issue with executing domain account password reset scripts with shadow accounts specified in domain\user notations
  • Fixed the issue with resetting password of domain account specified using UserPrincipalName using a domain shadow account
  • Fixed the issue with an Auditor role visibility of token management controls
  • Improved system logging about fallback executions of password reset commands printing results of the original failed executions to troubleshoot password reset issues
  • Improved system logging about failures to self-reset password for Windows domain account
  • Fixed the issue with reporting Secure-ID item ID on the export of Audit Log report
  • Fixed the issue with Linux installation EULA in the offline installer

Labs

  • Internal: Added OpenAPI comments for operations and parameters for the Application interface
  • Internal: Added OpenAPI comments for operations and parameters for the Discovery interface
  • Internal: Added OpenAPI comments for operations and parameters for the Directory interface
  • Internal: Added OpenAPI comments for operations and parameters for the Summary interface
  • Internal: Added OpenAPI comments for operations and parameters for the Audit Log interface
  • Internal: Added OpenAPI comments for operations and parameters for the Command Control interface
  • Internal: Added OpenAPI comments for operations and parameters for the Configuration interface
  • Internal: Added OpenAPI comments for operations and parameters for the Tasks and Scripts interface
  • Internal: Added OpenAPI comments for operations and parameters for the Users interface
  • Internal: Added OpenAPI comments for operations and parameters for the Stream Events interface
  • Internal: Added OpenAPI comments for operations and parameters for the Public Key interface
  • Internal: Added OpenAPI comments for operations and parameters for the Record Type interface
  • Internal: Added OpenAPI comments for operations and parameters for the Workflow interface
  • Internal: Added OpenAPI comments for operations and parameters for the Content interface
  • Internal: Added OpenAPI comments for operations and parameters for the File Transfer (Streams) interface
  • Internal: Added OpenAPI comments for operations and parameters for the User Preferences interface
  • Internal: Added OpenAPI comments for operations and parameters for the Sessions interface

back to top


Release 2.3.201905192222 (May 19, 2019)

Features

  • Added the option to archive records to stop job executions, job scheduling, editing and establishing sessions for archived records with the option to restore archived records in their original state
  • Added the option to save search queries for the later access using left side navigation menu
  • Added the option to chain job executions for a record based on job failure criteria

Extensions

  • Added the option to discover accounts using SSH protocol with password protected keys
  • Added the option to display current status of YubiKey token for a user in the Users Report
  • Added the option to reset YubiKey token for a user using the Users Report
  • Added the option to search for archived records using archived: or arch: search criteria
  • Added pre-built saved search queries for common searches such as Windows or Unix Hosts, WEB Portals, records with unique permissions, formulas or task lists, archived records or records accessed using SSH protocol

Fixes

  • Fixed the issue with disappearing progress control when loading large record level audit logs
  • Optimized performance o loading large record level audit logs
  • Fixed the issue with SMS Passcode integration using Radius protocol for Multi-Factor Authentication purposes
  • Optimized performance of in-browser sessions to remote computers by removing heart-beat and session termination detection logic from the main communication channel
  • Added alternative name for TrafficIntercepterHints field name as TrafficInterceptorHints to provide hints for SQL recording in SSH tunnels
  • Added monitoring and management of stale and abandoned connections to database connection pool for the new installations
  • Fixed the issue with the space necessary after ticketing systems integration pattern when submitting access requests
  • Fixed context help for system roles on the grant permissions screen
  • Fixed the issue with Editor and Manager roles accessing session events and recordings
  • Optimized shutdown procedure for internal cache cleanup process
  • Fixed the issue with the empty Manage button with no actions is rendered on the record view page for users who do not have any configuration to manage
  • Fixed the issue with sorting by principal on the MFA configuration screen
  • Fixed the issue with database connection leak and database conflicts when periodic checking for the system export schedule
  • Fixed the issue with the marking alerts as read and listing object alerts
  • Fixed the issue with the search modifiers without the search criteria causing search errors
  • Fixed the issue with permissions search or shared with me query total record count is off by one
  • Fixed the issue with positions of the button tooltips on the in-browser session toolbar
  • Fixed the issue with incorrect total object count when searching the Inventory Report

Labs

  • Internal: Added support for documenting the application REST API using OpenAPI 3.0 standard
  • Internal: Added OpenAPI annotations for Folder, Record, MFA and Alert services

back to top


Release 2.3.201905122212 (May 12, 2019)

Features

  • Added traffic recording option for MySQL and MS SQL Server databases
  • Added the option to automatically archive old Audit Log entries based on specified policy
  • Added Multi-Factor Authentication option using Radius-based devices that require user authentication with credentials provided during 1st factor stage

Extensions

  • Added the option to provide host information when connecting to remote VNC servers without host on the record
  • Updated system Federated Sign-In module to add compatibility with Framework version 11 and improve system logging

Fixes

  • Fixed the issue with exporting Session Events report generated for a selected session
  • Fixed the issue with database resource management when processing system alerts
  • Added system logging to troubleshoot alert generation
  • Optimized the application performance by reducing a number of database connections when processing system message queue
  • Optimized the application performance by reducing unnecessary internal copy of records, folders, permissions, alerts and audit log objects
  • Optimized the application performance when saving system objects by reducing SQL updates to only modified fields in records and folders entities
  • Fixed the issue with reporting globally granted permissions as an item permissions on the item access report

back to top


Release 2.3.201905052219 (May 5, 2019)

Features

  • Added support for Multi-Factor Authentication using Yubi Keys
  • Added Manager role for object permissions that allows to create, delete and edit objects in addition to the existing permissions carried by the Editor role
  • Added the option to combine outputs from multiple jobs executed on different computers to a single text file

Extensions

  • Added the option to specify Time Window for periodic job executions using CRON expressions (including visual CRON expression builder) to task lists that could be defined for all records of a record type or overwritten by individual records
  • Added feedback log screen about copying, moving and linking objects
  • Added the option to export system or record job history report to text file to collect outputs from multiple jobs possibly executed on different computers

Fixes

  • Fixed the issue with deprecated sorting mechanism for record browsing
  • Switched system logging of record custom data to debug from trace level
  • Fixed the issue with the memory management when handling keep-alive tunneling in SSH Proxy when accessing remote systems using native SSH clients
  • Fixed the issue with preserving all details of the record including its connection to parent folders when handling task execution strategy and task lists
  • Fixed the issue with the application data updates performed on the system configured with Oracle backend databases
  • Fixed the issue with visibility of bulk copy, cut and delete options available for non-managers of the current folder
  • Fixed the issue with visibility of bulk execute action available for non-editors of the current folder
  • Fixed the issue with visibility of bulk share, inherit permissions and inherit workflows actions available for non-owners of the current folder
  • Fixed the issue with displaying user name with partially defined fields on the job history report
  • Fixed the issue with exporting or generating periodic notifications for inventory report
  • Fixed the issue with workflow restrictions enforcement when performing REST API copy, move and link operations on individual records
  • Fixed the issue with reporting item name during mass copy, move and link operations results
  • Fixed the issue with fallback job type display on the job history report export
  • Fixed the issue with unclear error message when executing AD password reset jobs failed to find a user or connect to a domain controller
  • Fixed the issue with the blanket error message in the system log after mass removing workflow bindings
  • Fixed the issue with several cases of Secured-IDs detection
  • Fixed the issue with records lists visibility for accounts in Split View and Service global roles
  • Fixed the issue with the folder unlink/delete option available for the account with Editor role using system REST API
  • Fixed the issue with the vault unlink/delete option available for the account with Manager or Owner roles
  • Fixed the issue with the group-based MFA configuration

back to top


Release 2.3.201904282239 (April 28, 2019)

Features

  • Added system workflow integration with ServiceNow ticketing system
  • Added profile picture support for local users
  • Added the option to schedule and execute jobs developed in the internal cross-platform scripting language Groovy

Extensions

  • Updated reports PDF export to generate in landscape format
  • Added tracking and displaying of reviewer and reviewed time columns for the sessions rating events on the session report with the option to export data in CSV and PDF formats
  • Added node name serving the session to the session creation audit log entry
  • Added the options to request Edit access and check request status for the record on the record list screen
  • Optimized performance of browsing and searching records and folders on Records View screen by implementing server- and database-level pagination
  • Added the option to restart running services dependent on the domain or local account after resetting the account password and updating the services with new password for quick password verification purposes

Fixes

  • Fixed the issue with adding AD user to a local group by cached sAMAccountName search after switching to UserPrincipalName
  • Fixed the issue with granting object, global permissions or global roles to accounts that used to access the system but now removed from the local or external user directory
  • Fixed the issue with confirming navigation after unsaved changes when switching tabs on the Administration / Settings page to prevent false-positive trigger without the option to continue
  • Fixed the issue with confirming navigation after unsaved changes when switching tabs on the Management / My Profile page to prevent false-positive trigger without the option to continue
  • Added detailed logging about incorrect cron expression saved in the node configuration
  • Fixed the issue with clear item ID reported in the Inventory report when Secure-IDs option is enabled
  • Fixed the issue with missing session rating comment in rating audit log events
  • Fixed the issue with new keyboard layouts for RDP sessions available in Linux-hosted session manager: English (Great Britain), Spanish, Portuguese (Brazil) and Turkish (using new layouts requires session manager upgrade)
  • Fixed the issue with the double backslash in the user name when updating password for dependent services and tasks for domain service accounts
  • Switched system logging of record custom data to trace from debug level
  • Fixed the issue with too large system logging of records custom data
  • Fixed the issue with Edit option available on the list of records in the record actions dropdown menu when the option is blocked by an active workflow
  • Fixed the issue with the system log configuration to enable daily rotating system log file for new installations to address the issue with log file rotation on Windows computers
  • Fixed the issue with missing Windows Remote Reset Dependent Services script in default installations
  • Fixed the issue with dynamic credentials option enforcing permissions of a referenced record
  • Fixed the issue with updating Windows services with new account password when encountering services with assigned empty account
  • Fixed the issue with uploading SSH keys or other binary files on the record edit screen when using Internet Explorer or Edge browsers
  • Fixed the issue with uploading personal SSH Proxy public key on the My Profile screen when using Internet Explorer or Edge browsers
  • Fixed the issue with printing troubleshooting message on the browser console when managing report columns
  • Added help message about different options for Active Directory integration to the Linux installation script
  • Fixed the issue with resetting worker Node Job Queue Time Window configuration when importing system data
  • Fixed the issue with failure to import a user or a group preventing the import of the rest of the local user directory when importing system data

back to top


Release 2.3.201904212227 (April 21, 2019)

Features

  • Added the option to provide host and user information when connecting to remote servers using native SSH clients
  • Added the option to switch application color scheme

Extensions

  • Added the option to bulk request unlock operation
  • Added the option to comment session rating with the option to review ratings with comments and export them to printable report
  • Added error messages explaining error codes during connection to remote system using in-browser sessions
  • Added new keyboard layouts for RDP sessions: English (Great Britain), Spanish, Portuguese (Brazil) and Turkish (using new layouts requires session manager upgrade)
  • Added column selector control for Record-level Audit Log report
  • Added column selector control to My Alerts view

Fixes

  • Fixed the issue with HTTP Proxy tunneling traffic not linked to an authorized active session
  • Fixed the issue with the blanket exception in the system log about displaying currently selected workflow template on the access request form for bulk request operations
  • Improved appearance of bulk operations actions menu by hiding Mass Unselect option when nothing is selected and hiding Mass Select and Mass Select Records options when something is selected
  • Fixed the issue with multiple file transfer events recording for SFTP transfers initiated using native SSH clients through SSH Proxy
  • Fixed the issue with accessing LDAP entries with attributes that have no values
  • Fixed the issue when no error reported when sending test email with mis-configured email server settings
  • Fixed the issue with the system import
  • Fixed the issue with missing column visibility settings in the system export and import
  • Fixed the issue in Linux install script with the autostart services on Ubuntu 18 servers with systemd init system
  • Fixed audit logging reporting in certain cases of moving and deleting folders
  • Fixed the issue with item name reporting for mass delete operation in cases of missing item permissions
  • Fixed the issue with the column selection on the Management->My Sessions view
  • Fixed the issue with root folder detection mechanism in cases with orphaned folders
  • Fixed the issue with prompt for host and user when connecting to a record Unix Host with user switch option without a user or a host field defined in in-browser session connect
  • Fixed the issue with the form exit confirmation message after new password generated on the record editing form
  • Fixed the issue with column selector column initialization to enable the option to hide columns in default configuration
  • Fixed the issue with displaying secured session ID in the exported session reports when Secure-IDs option is enabled
  • Fixed the issue with displaying secured request ID in the exported requests reports when Secure-IDs option is enabled
  • Fixed the issue with the displaying the star rating on My Sessions view

back to top


Release 2.3.201904142223 (April 14, 2019)

Features

  • Added dynamic column selection option to customize system reports
  • Added support for keep-alive request forwarding in SSH Proxy for the connections established by native SSH clients

Extensions

  • Added the option to navigate to the record when clicking on the object link in the object session specific events report
  • Added the option to delete records linked to multiple parents from the search results screen
  • Added the option to execute scheduled jobs on-demand using record jobs schedule report for the non-admin user with the execute permissions for the record
  • Added extended audit log event message about using overwrite or dynamic credentials when connecting to records using in-browser sessions

Fixes

  • Fixed the issue with Right-Control key operations during in-browser SSH sessions
  • Improved processing of session completion events by recovering from failed operations to archive recording in cases they are recoverable (for example, failure to delete original active recording after archiving)
  • Fixed the issue with the blanket error message in the system log when creating every RDP sessions caused by logging a file listing operation before the session is created
  • Improved periodic task scheduling error reporting mechanism by logging complete error stack to the exception about scheduling tasks into the system log
  • Fixed the issue with misspelled error message about deleting a folder with multiple parents from the search results
  • Improved the logic of deleting unique workflow bindings when deleting records
  • Fixed the issue with session reconnect metadata available only for record owners
  • Fixed the issue with forcing AD queries for recursing group membership search
  • Fixed the issue with forcing AD queries for group search
  • Fixed the issue with granting item or global permissions to multiple users or groups in one operation
  • Fixed the issue with displaying error when testing AD integration
  • Fixed the issue with the internal object lock when checking for automatic export process
  • Improved error reporting about failure to access users groups in the user report
  • Fixed the issue with processing local groups with duplicated cn attributes in the LDAP user directory
  • Fixed the issue with processing and reporting errors in the Windows password update script for service and tasks dependencies
  • Removed blanket session connect audit log message always recorded after session creation event
  • Fixed the issue when a user without Unlock (but with Execute) role can navigate to the password reset screen to specify new password for the password reset job
  • Fixed the issue with clearing the search field on the Grant access screen using x button
  • Fixed the issue with generating new passwords when creating new records of the type with no formula defined by using default local user password formula
  • Fixed the issue with generating new SSH public key for key-based native applications access
  • Fixed the issue with HTTP Proxy tunneling traffic originated from non-authorized sources

Labs

  • Internal: updated RDP server layout choice with GB, Turkey, Spanish and Portuguese keyboard layouts. The update is disabled pending session manager support update

back to top


Release 2.3.201904072223 (April 7, 2019)

Features

  • Added Microsoft Active Directory password self-reset script run without the use of the main integration or a shadow account using the existing password
  • Added the option to set MS Active Directory account password using a shadow account instead of default use of an AD integration account
  • Added check status option for MS AD User accounts executed using shadow AD user records

Extensions

  • Added the option to verify auto-imported records matching the actual host name of the discovered computer with the DNS name of the host retrieved from AD query based on the Auto-Import Name Check parameter in the AD Discovery Queries
  • Added details about failed discovery including failure to connect or failure to resolve name during PowerShell or SSH discovery process displayed by the discovered hosts report
  • Added scrollable record types selector with filter option on the Add New Record buttons on the records list toolbar and on the empty folder view as well as on the change record type control on the record editing screen
  • Added confirmation message about losing changes in the form fields when canceling editing or navigating out of the following objects creation or editing screens: Command Control, Settings (node configuration, session manager group, license activation, parameters, mail server, AD and syslog integration), management profile and preferences.
  • Added confirmation message about deleting a session manager proximity group
  • Added refresh button to Administration / Settings / mail server configuration screen to cancel changes
  • Added Executed By signature including user name, node name, node type and the application version to each job execution result details
  • Added password verification method to connecting to the destination services for test possibly failed password reset attempt in MS Active Directory
  • Added verbose script result from AD/LDAP script execution strategy to indicate the exact logic of the password reset or validation used during the job execution

Fixes

  • Fixed the issue with displaying Tasks Report in sub-folders
  • Fixed the issue with the daily rolling file appender extra unused max file size and backup index parameters in the default installation
  • Fixed the issue with using Unix and Windows Console Strategies
  • Fixed the issue with missing record column to the exported discovery host report
  • Fixed the message about error deleting a folder that contains items
  • Fixed the issue with renewing cross-site scripting token during continuous operation of remote worker nodes
  • Fixed the issue with search by template on the workflow report
  • Fixed the issue with creating duplicate users in the user cache table sometimes causing lost user permissions
  • Fixed the issue with missing record types in the change record type selector when editing record second time after editing and saving a record when changing its record type
  • Fixed the password verification routine messages to indicate the method of password verification
  • Fixed the issue with missing Add to Favorites icon on the folder listing
  • Fixed the issue with displaying informative error message when failure to create or update local user

Labs

  • Internal: Updated version of UI Bootstrap library to 2.5.0 to prevent navigation from unsaved form in tab

back to top


Release 2.3.201903312230 (March 31, 2019)

Features

  • Added system-, vault- and folder- level Tasks Report displaying records with the associated tasks, their policies, shadow accounts and the task list inheritance status from the correspondent record type
  • Added the option to access the system using Microsoft Azure AD (Office 365) authentication

Extensions

  • Added separate configuration idle timeout parameter for SSH Proxy for the sessions established using native SSH clients with the option to disable SSH Proxy sessions idle timeout
  • Added confirmation message about losing changes in the form fields when canceling editing or navigating out of the following objects creation or editing screens: Local Users, Local Groups, updating or creating Records, Discovery Query, Script, Record Type, Field, Workflow Template, Workflow Binding
  • Added system log messages about HTTP Proxy start including its listening port
  • Added the option to map Identity Provider user domain to the system user domain after SAML-based authentication using system parameter xtam.saml.upn.adjust=@domain.com

Fixes

  • Fixed the issue with break-glass command line utility Extract option to support record search by Secured-IDs
  • Fixed the issue with the available application GUI for the unknown user by forcing the logout process in the situation when the user is authenticated but could not be found by user directory integration queries
  • Fixed the issue with interactive or automated SSH Proxy connections established using native SSH clients remain connected to the destination server after session disconnect

back to top


Release 2.3.201903242218 (March 24, 2019)

Features

  • Added support for controlling font smoothing option for RDP sessions. Use System Preference Session RDP Font Smoothing or record type field named FontSmoothing for record level control
  • Added support for Windows Task Scheduler updates after resetting passwords for local or domain accounts
  • Added Check Status job for LDAP and Active Directory records

Extensions

  • Added Session Clipboard Hotkeys preference to optionally enable Ctrl-C/Ctrl-V (Cmd-C/Cmd-V) hotkeys for in-browser sessions clipboard
  • Added default system export configuration as a daily automatic export with a weekly retention time
  • Added current user information to the system and task logging of the PowerShell script execution strategy
  • Added the option to enable application performance logging for troubleshooting purposes. Use system parameter xtam.perflog.enabled=true to enable performance logging
  • Added the option to enable application system environments logging for troubleshooting purposes. Use system parameter xtam.perflog.dump_attributes=true to enable performance logging
  • Added remote worker node name to the audit log entries generated by this node

Fixes

  • Fixed the issue with the error reporting including a user and a host about failure to verify host name when executing PowerShell command on a remote computer
  • Fixed the issue with the sorting user report by the last activity time displaying users without the activity on the bottom of the report
  • Fixed the issue with operations of an isolated remote worker node deployed without GUI module
  • Fixed the issue with accidental session reconnection, lost session recording and application instability issues in certain data and operational situations
  • Fixed the issue with creating audit log entries related to specific records from remote worker node set up with Secure-IDs enabled
  • Fixed the issue with time zone difference when reporting current time for the remote worker node on the Node Configuration screen
  • Fixed the issue with completing message queue requests such as application download and update from the remote worker node
  • Fixed the issue with remote worker node operations with Secure-IDs option enabled on both remote and main nodes
  • Fixed the issue with naming First Activity field on the Users report to better reflect its meaning in the system
  • Fixed the issue with inheriting binary files such as SSH keys from referenced records
  • Switched log level of troubleshooting messages from CAS MFA detection script to debug
  • Fixed the issue with the node state, version and downloaded version reporting from the remote worker node

Labs

  • Labs: Added the option to overwrite remote node name with the one given by parameter xtam.remote.node
  • Internal: Fixed the issue with POST requests from the remote worker node
  • Internal: Added the option (currently disabled) to use client side IP address in MFA decision process
  • Internal: added the option to use real client IP address in the CAS IP-based logic instead of IP of the reversed proxy

back to top


Release 2.3.201903172234 (March 17, 2019)

Features

  • Added the option to auto-unlock locked screen in VNC sessions with the password on-record
  • Added support for scheduled report notifications for individual users My Sessions View report

Extensions

  • Added the option to filter scripts on the Script Library screen
  • Added the option to filter record types on the Record Types management screen
  • Added information about current host, current time, OS, OS version and the framework version to the application health check page (https://{server}/xtam/healthcheck)
  • Added the option to filter Requests Report by the status of the request (Approved, Rejected, Completed or Active)
  • Added the option to search records using multiple comma separated session managers criteria
  • Added configuration property (xtam.session.command.input.wait) in milliseconds to control delay before password input in privileged sessions.
  • Added support for reporting node IP address and node name as an audit log IP and Object on the Audit Log report for background activities
  • Added the option to specify {ENTER} as a key in the key-sequence Prologue combination sent to the channel during in-browser connections
  • Added the option to define VNC Host password in VNCPassword parameter to enable referencing unlock user password or the OS user from the other record
  • Added the option to specify placeholders for {PASSWORD}, {USER} and {VNCPASSWORD} in the Prologue key-sequence sent to the destination server in the beginning of the in-browser connection
  • Added context help links to help pages on the Script Library screen, Record and Record Type Task Manager screen as well as to Task Execution Policy screen

Fixes

  • Fixed the issue with HTTP(s) Proxy popup balloon indicator when browsing using IE 11 browser
  • Fixed the issue with displaying records with SSH/SU session manager in the list of records in the SSH Proxy Shell
  • Fixed the issue with null session manager host reported for HTTP(s) Proxy connections
  • Fixed the issue with displaying request related sessions
  • Improved performance of in-browser sessions by disposing executed and unused filters
  • Improved performance of in-browser remote application sessions by disposing executed script injectors
  • Fixed the issue with intercepting Unix privilege elevation mechanism by disabling user input while performing privilege elevation
  • Fixed the issue with the possibility to return back to the unprivileged session when connecting to Unix shells using privilege elevation
  • Improved the troubleshooting logging for remote applications stream injectors
  • Fixed the issue with the changing user permissions when sending report subscriptions
  • Fixed the issue with password generation function when creating new records
  • Fixed the issue when SSH Proxy session failing to close when using tunnels
  • Improved performance of user authenticating in SSH Proxy by enabling caching mechanism for user DN detection
  • Fixed the issue with inheriting password formula from the record type to a record without the formula defined
  • Fixed the issue with generating pass-phrase for the records of the record type Unix Host with Protected Key
  • Fixed the issue with split-view secret segregation should apply to any secret string field
  • Fixed the issue with a user without a system administrator or an auditor global role accessing System Settings, Discovery, Scripts, Local Users and Groups and Record Type pages with their controls using URLs in the browser even without the ability to see or change data

back to top


Release 2.3.201903102229 (March 10, 2019)

Extensions

  • Added support to report tunnel parameters when establishing SSH tunnels through SSH proxy
  • Improved a file name convention of a generated scheduled reports by adding a date to the report name to resolve caching issues with some of the email clients
  • Added support for item.* related placeholders for scheduled report notification templates. Added support for the following placeholders: {{item.name}}, {{item.description}}, {{item.type}} (Record, Folder, System), {{item.url}}, {{item.id}}

Fixes

  • Fixed the issue with displaying workflow report if accessed first after the browser refresh
  • Improved portability of Linux installation procedure by eliminating dependency from realpath application, removing incompatible parameters from df command, resolving assumption of the path to /sbin and introducing an explicit check for pidof command
  • Fixed the issue with reconnecting to a joined session
  • Fixed the issue with terminating SSH Proxy tunnel sessions using GUI or request expiration process
  • Fixed the issue with links to records and folders in the alert notification templates
  • Fixed the issue with using object IDs in the alert notification templates in situations with Secure-IDs enabled
  • Fixed the issue with enforcement of currently set permissions when sending scheduled reports based on the report subscription

back to top


Release 2.3.201903040842 (March 4, 2019)

Features

  • Added the option to subscribe to system, vault-, folder- or record-level reports with specified filter criteria to receive daily, weekly or monthly reports as PDF or CSV file attachment
  • Added the option to mass share multiple items with selected users or groups
  • Added support for temporary local accounts with the account expiration time after which the system locks the account

Extensions

  • Added the option for vault and folder owners to view vault reports without system-wide Auditor role
  • Added support for dropdown parameters in custom scripts given in the form of $${Parameter:Value1,Value2,Value3} placeholder
  • Added the option to use an Auto-Deny workflow template in a duration-based binding as a fall-back mechanism for long time requests
  • Added information about session manager selected for a specific session to the audit and the system logs
  • Added the fixed size option for RDP sessions to initially re-size to fill the complete browser screen instead of using the specified dimensions by defining empty Session RDP Screen Size preference with Fixed Session RDP Resize Method
  • Added the option to search Job History report by job execution type (Periodic, etc) for both system-wide and record-scoped reports

Fixes

  • Fixed the issue with short expiration time for the newly generated HTTPS Proxy certificate
  • Fixed the issue with detecting successful connection in in-browser sessions in certain network situations
  • Fixed the issue with recording in-browser sessions in certain network situations
  • Fixed the issue with using Vault-based proximity groups selection for Session Manager groups configuration in Secure-IDs enabled deployment
  • Fixed the issue with the Java helper file missing in the Remote Application host distribution package
  • Fixed the issue with searching records with square brackets in the search criteria in the deployments with MS SQL Server as a back end database
  • Fixed the issue with navigating to parent folder using screen breadcrumbs navigation from the vault- or folder-scoped Requests Report
  • Fixed the issue with navigating to parent folder using screen breadcrumbs navigation from the vault- or folder-scoped Inventory Report
  • Fixed the issue with displaying vault- or folder-scoped session report with enabled Secure-IDs
  • Fixed the issue with simultaneous execution of password reset jobs for an account and for its shadow account causing conflicts by executing queued jobs for accounts without shadow first

back to top


Release 2.3.201902242229 (February 24, 2019)

Features

  • Added Secure-IDs option to hash internal object IDs in both GUI and API interfaces to prevent an external observer to enumerate or scan system objects by IDs

Extensions

  • Enabled Secure-IDs as a default option for new deployments
  • Added Secure-IDs option for existing deployments
  • Added context help for FAQ to the Object Access Report
  • Added placeholders for log level of various system components for the new deployments to simplify enabling troubleshooting logging

Fixes

  • Fixed the issue with new record type creating with tasks list enabled to simplify further management of tasks for the newly created records of this record type
  • Fixed the issue with connecting to local directory services from command line tool using non-standard LDAP port
  • Fixed the issue with the blanket message in the system log about scanning some infrastructure libraries for annotations on some operating systems
  • Fixed the issue with loosing web-sockets request when establishing sessions with configured web-sockets enabled after screen refresh on the record view
  • Fixed the issue with the empty element on object access report breadcrumb navigation for the root folder
  • Fixed the issue with sending an authentication token as an URL query parameter instead of request header when authenticating Remote Worker process
  • Fixed the issue with supporting cross-site scripting token for Remote Worker node
  • Fixed the issue with remote worker communicating with the server without Secured-IDs enabled
  • Fixed the issue with the remote worker node communication with the master vault node when both nodes set up with Secured-IDs option
  • Fixed the issue with creating or modifying data in the main vault from the Remote Worker process
  • Fixed the issue with remote execution of non-password reset jobs using Remote Worker process
  • Fixed the issue with the blanket error on developers console about workflows when opening a local group editing screen
  • Fixed the issue with the displaying local group update errors on the GUI screen
  • Fixed the issue with the incorrect error message feedback about failing to create local groups
  • Fixed the issue with loosing privileges granted to a group by group members after renaming a local group until the server restart by resetting the internal LDAP cache after the group rename
  • Fixed the issue with creating a new local group using the old name of just renamed local group
  • Fixed the issue with renaming local groups by changing letter case (upper or lower) of the group name
  • Fixed the pagination issue for consequent pages when accessing job queue from the Remote Worker process run with enabled Secured-IDs option
  • Improved the error handling during the WEB application startup after re-deployment, application update or regular start
  • Fixed the issue with discovery query invalidates host connection status using second account on the query definition right after successful discovery with the first account
  • Fixed the issue with the password reset verification for Windows computers using PowerShell method by attempting to login to a remote computer using new password even in cases when the previously executed password reset fails with certain false negative messages.
  • Fixed the issue with availability of discovered Windows artifacts during auto-import of first time discovered endpoints for artifact filtering option
  • Fixed the issue with the main vault job execution process executes jobs tagged for remote workers service accounts
  • Fixed the issue with the error reporting on the WEB GUI when removing users or groups from the Global Roles
  • Fixed the issue with transactional consistency of discovering, creating, providing feedback to a discovery process and triggering the policy event for a discovered record auto-import process
  • Fixed the issue with discovery host duplication during Active Directory discovery process

back to top


Release 2.3.201902172217 (February 17, 2019)

Features

  • Added Object Access report displaying the list of all users who have access to the selected object with the list of access level (global role, global permission or an object ALC) and an access path through the local or external user directory group available on the object permissions screen and as a drill down option on the inventory report
  • Added SSH Proxy dynamic credentials support for the native SSH clients allowing to use different privileged credentials configured for different users
  • Added SSH Proxy pass-through credentials support for the native SSH clients allowing to use current user credentials when accessing the remote system

Extensions

  • Added support to connect using a record name or a host name to the SSH Proxy Shell connect command used by native SSH clients in case of a single available record found. SSH Proxy Shell connect command will display a list of available records filtered by the provided search criteria in case of multiple records found.
  • Added the option to choose an algorithm and a key size while generating private/public key pair for SSH native clients connected using SSH Proxy
  • Added the option to use ${host} placeholder for discovered host name in the provided account for discovery auto-import process
  • Added the option to use ${connected.user} placeholder for using user name without domain qualification in the discovered account for discovery auto-import process
  • Added the option to specify a password for the provided account during auto-import process for the discovery queries

Fixes

  • Fixed the issue with exposing software error stack to the client API caller in case of server generated errors
  • Fixed the issue with the port conflict in the default system installed on Windows Server 2016+ computers
  • Fixed the issue with the language translation for the Ssh2 public key and Certificate fields on the My Profile screen
  • Fixed the issue with processing session recording for native SSH clients connected through SSH Proxy without shell channel (for instance, for pure scp, sftp, tunnel connections)
  • Fixed the issue with including custom MFA configuration to system export and import processes
  • Fixed the issue with including public/private key setup to use by native SSH clients to system export and import processes
  • Fixed the issue with LDAP integration certificate compatibility with JRE version 8.181+ for new system installations
  • Fixed the issue with the command control policy resolution for the users without detected LDAP groups
  • Improved system operation with back end database
  • Fixed the issue with the option to use dynamic credentials for the records stored in different vaults
  • Improved the logic of installing an external security provider to ensure it takes a preference execution to better handle remote SSH job execution as well as connecting with native SSH applications to servers using high-bit authentication keys (typically Solaris OS)
  • Fixed the issue with overwriting record fields with referenced record fields that contain empty values
  • Fixed the issue with missing reference to the auto-imported record in the discovered host
  • Fixed the issue with exporting system reports using IE or Edge browsers
  • Fixed the issue with parallel execution of discovery process
  • Improved memory management of internal cache during the application update
  • Fixed the issue with detecting host name of the remote Windows device during discovery process in case of failed computer information call
  • Fixed the issue with failure to successfully discover a Windows device in case of failure to list local administrators and services on this device
  • Added system logging to troubleshoot creating and updating discovery host records

back to top


Release 2.3.201902102231 (February 10, 2019)

Features

  • Added support for public key authentication to personal accounts in XTAM SSH Proxy server when establishing high trust connections to remote devices using native SSH applications such as SSH shell, Secure CRT or PuTTY

Fixes

  • Improved support for job execution time window applicable only to periodic, weekly or monthly job executions
  • Improved processing of background jobs
  • Improved the logic of discovering hosts using AD query to avoid duplicate entries
  • Added system log messages to troubleshoot detecting new hosts during discovery process
  • Fixed the issue with overriding a record name with the hostname when discovering hosts in Amazon Web Services EC2 tenants
  • Fixed the issue with remote SSH job execution as well as connecting with native SSH applications to servers using high-bit authentication keys (typically Solaris). Use xtam.transport.security.bc=true system parameter to enable the security provider capable to accept high-bit keys
  • Fixed the issue with duplicating discovered hosts at Amazon Web Services EC2 tenants

back to top


Release 2.3.201902032213 (February 3, 2019)

Features

  • Added support for automatic re-execution of failed periodic jobs
  • Added task execution policy to trigger a job at the time of request expiration

Extensions

  • Added the option to customize password attribute for the LDAP password reset strategy
  • Added configurable RDP session resize tolerance limits parameter to control the degree of browser window resize to trigger session resize for windows session with default value of 3×65. The parameter primarily introduced to handle temporary browser status bars such as downloads status bar appearing during the sesions.
  • Added the option to support system logs retention with the default value of 30 days
  • Added Session WebSocket parameter to enable WebSockets protocol for in-browser sessions
  • Added the option to select specific transport security level for RDP connections using choice record type fields TransportSecurity with values rdp,nla,tls,any
  • Added job processing time on the job details screen
  • Added job processed time to the Job History report

Fixes

  • Fixed the issue with the Session Request Enforcement parameter appeared in the user preferences. Moved the parameter into Access parameters group
  • Fixed the issue with Oracle DB password reset procedure for the passwords started with a number
  • Fixed the issue with scheduling a periodic (once in a number of days) job at the beginning of the current day instead of the last scheduled date
  • Fixed the issue with missing session recordings for SSH Proxy interactive sessions in certain cases of session termination
  • Fixed the issue with periodic, one-a-week and one-a-month policy schedule is based on the scheduled day of the last event instead of last execution date
  • Disabled continuous clipboard synchronization to avoid logging of local clipboard events unrelated to opened session
  • Fixed the issue with inheriting tasks from the parent record preserving tasks of the original record type in case of no other records of this record type
  • Fixed the issue with inheriting tasks from the parent record when changing record type while editing record
  • Added troubleshooting system logging messages for periodic job scheduling
  • Fixed the issue with scheduling periodic jobs even with existing in-process jobs
  • Fixed the issue with handling errors when scheduling jobs for AD Query records that do not include queries
  • Fixed the issue with scheduling periodic job executions after failing to process some of the polices

Labs

  • Internal: Fixed the issue with creating unnecessary display related database columns for Parameters model

back to top


Release 2.3.201901272252 (January 27, 2019)

Features

  • Added the option to specify flexible time window for workflow binding using cron expressions
  • Added visual custom time window expression builder to job queue execution as well as workflow binding time window specification

Extensions

  • Added host name detection during discovery process to some types of devices accessible by SSH protocol
  • Added context help button for the node configuration parameters on the Administration / Settings / Application Nodes / Edit screen instead of the highlighted label with help
  • Added the option to type master password when importing master password to the system using command line tool instead of including it as a command line parameters
  • Added the option to update existing Personal Vault records of a type not supported by the Personal Vaults anymore to improve backwards compatibility with the legacy situation when all record types were available in the personal vault
  • Added WEB Portal record type to a list of personal vaults record types for new installations
  • Added foreign language translations support with the translation to the supported languages for the system parameters group names
  • Added the option to filter system parameters by group

Fixes

  • Fixed the issue with the application copyright year on the About screen and in the application footer
  • Fixed the issue with reporting record update errors on the application GUI
  • Fixed the issue with reporting error saving workflow binding on the application GUI
  • Fixed the issue with enabling out-of-the-box support of MFA GUI configuration
  • Fixed the issue with host name detection during discovery process on the devices that do not support hostname command replacing host name with the device IP address instead of using shell output about non-existing command
  • Fixed the issue with password reset on Unix endpoints with new or old passwords including dollar characters

Labs

  • Internal: Reduced an expiration time of an unactivated application to one week (7 days)
  • Internal: Fixed the issue with JRE 11+ compatibility for unused LDAP TLS factory provider
  • Internal: Removed Azure strategy as well as Azure record types from all new installations to maintain compatibility with the future (JRE 11+) framework versions
  • Labs: Fixed the issue with system logging of Secured-IDs during alert processing
  • Labs: Fixed the issue with authenticating to SSH Proxy using REST API fallback when using Secured-IDs

back to top


Release 2.3.201901202225 (January 20, 2019)

Features

  • Added support for job execution time window limiting activities triggered on the remote computers by certain hours or days of the week
  • Added action-able path-based navigation system to folders and records browser
  • Added the option for a user to review the status of this user’s approved requests

Extensions

  • Added the option for UID based group membership search in the integrated user directory instead of DN-based one
  • Added the option to execute scripts and password resets for SQL endpoints (such as Oracle RDBMS, MS SQL Server or Informix DB) using shadow record with administrative privileges
  • Added support to display permission trimmed paths to the folder and to the record view screen
  • Added the option to use back button of the browser to step back in the folder navigation
  • Added support to connect to remote hosts using either a sequential number from the list of records or a record ID when using SSH Proxy Shell
  • Added the option for language translation of system parameters
  • Added translation of system parameters to the supported languages
  • Added support to display requests approved by the current user in the Manage / My Workflows / My Requests report
  • Added time selection defaulted to the Last Day to Manage / My Workflows / My Requests report
  • Added Requester column to Manage / My Workflows / My Requests report
  • Added WS-Management Timeout system parameter to control network as well as command execution timeout for PowerShell? script executions on remote Windows computers
  • Added WS-Management Delay system parameter to control command execution delay to allow WS-Management Host subsystem to initialize to Opened state
  • Added help message for GenerateCASCipher option of XTAM command line management tool
  • Added context help for the node configuration parameters on the Administration / Settings / Application Nodes / Edit screen
  • Added support for Radius MFA for the system login using Federated Sign-In module without the option to perform Radius authentication on the login page

Fixes

  • Fixed the issue with inheriting or making unique permissions for the folders with circular containment
  • Fixed the issue with the option to disable MFA for individual users during authentication using native SSH clients through SSH Proxy
  • Fixed the issue with the typo in success message when adding new principals to MFA configuration
  • Fixed the issue with the requirement to maintain a special user to activate the option for granular MFA configuration
  • Fixed the issue with missing scheduling of once-per-week and once-per-month events
  • Fixed the issue with event scheduling started from the beginning of the day
  • Fixed the issue with downloading recorded SSH Proxy sessions in zipped type-script format
  • Improved performance of left-side navigation menu rendering on the screen
  • Fixed the issue with the location of SSH Proxy produced recordings
  • Fixed the issue with deleting a record with unique formula or with formula inheritance in cases when unique formula is assigned to other records
  • Fixed the issue with deleting records in case of unique workflow manager is assigned to other records
  • Fixed the issue with not-functional restart button from the screen with discovery query
  • Fixed the issue with the Join option available for record Viewer on the sessions report screen
  • Improved system logging mechanism for remote PowerShell commands execution to trace both input and output traffic
  • Fixed the issue with enabling command execution and tunneling using SSH Proxy without shell enabled for users that require second-factor authentication

back to top


Release 2.3.201901141010 (January 14, 2019)

Features

  • Added Multi-Factor Authentication option for native SSH clients connecting through SSH Proxy
  • Added Python example to access XTAM REST API
  • Added the option to enforce single sessions established for the same record

Extensions

  • Added the option to enforce Google Authenticator MFA for SSH Proxy logins using native clients
  • Added the option to enforce System generated MFA token for SSH Proxy logins using native clients
  • Added the option to specify custom terminal type for in-browser SSH sessions
  • Added the option to verify remote Windows host name match with the host name on the record before executing any script on the remote computer to detect mis-configured or attacked name resolution service. The option is enabled by the presence of unchecked checkbox field HostNameDNS in the record type of the record describing destination computer. Checking the field disables the option to verify host for the specific record.
  • Added xtam.ssh.proxy.mfa.disable parameter to disable MFA request for SSH Proxy connections
  • Added the option to the User Profile / Preferences to generate temporary short lived XTAM MFA code to access remote hosts using native clients through SSH Proxy for MFA providers not supported by SSH Proxy directly or for SAML based user authentication schemes
  • Extended the option to see active sessions for record viewers that have connect permissions to a record
  • Changed default time range filter for the Audit Log report to the Last Day
  • Changed default time range filter for the Job History report to the Last Day
  • Changed default time range filter for the Requests report to the Last Day
  • Improved stability of in-browser sessions for slow or unreliable networks

Fixes

  • Fixed the issue with creating new task lists for newly created record types
  • Improved Federated Sign-In authentication process for the cases of deploying Federated Sign-In module after the initial installation
  • Fixed the issue with occasional missing file in the very large file listings in the in-browser file manager for SSH sessions
  • Fixed the issue with timing for initial in-browser sessions resize interfering with establishing an SSH connection to certain remote servers
  • Fixed the issue with detecting MFA configured for groups
  • Fixed the issue with the detection of the connection type for in-browser sessions based on the session manager instead of previously record type to support custom record types
  • Fixed the issue with displaying XTAM Tool button on the in-browser SSH session toolbar for the records of custom record types with SSH session managers
  • Fixed the issue with displaying record checkout status right after requesting access with checkout
  • Fixed the issue with displaying active sessions on the record view screen after initiating a session from this screen
  • Fixed the issue with limiting number of hosts discovered by the Active Directory query by a page size limitation
  • Fixed the issue with limiting the sampling of Active Directory hosts in the discovery query specification
  • Fixed the issue with SSH Proxy allowing empty password pass to the validation routine when logging in using native SSH clients
  • Fixed the issue with the error message about saving fields with non-compliant names

back to top


Release 2.3.201901071011 (January 7, 2019)

Features

  • Added the option to run the application on OpenJDK 11 framework
  • Added support for fixed screen size for in-browser SSH or Telnet sessions configured on the individual record level controlled by ScreenSize field

Extensions

  • Added the option to specify delay time for the script execution for the After Unlock event policy in minutes
  • Added support for disabling screen resize for in-browser SSH or Telnet sessions configured on the individual record level controlled by ResizeOnConnectDelay field
  • Added context help FAQ button for the default Record List page

Fixes

  • Fixed the issue with the task policies screen looks like disabled when navigating to the screen from the task list
  • Added browser console log messages to troubleshoot logout problems resulting in the init screen
  • Added support for initial resize delay for in-browser SSH or Telnet sessions configured on the individual record level controlled by ResizeOnConnectDelay field
  • Fixed the issue with deleting objects from the search results screen in case they are linked to a single parent

back to top


Release 2.3.201812302233 (December 30, 2018)

Extensions

  • Added the option to display record IDs when querying records in the SSH Proxy interactive shell
  • Added the option to connect by record ID in the SSH Proxy interactive shell
  • Updated default periodic job scheduler process to run every 5 minutes
  • Added the option to disable request for file transfer protocol during Unix sessions controlled by the record field FileTransferDisabled
  • Added the option to disable cross-vault shadow record check following the system variable xtam.shadow.crossvault.disable=true

Fixes

  • Fixed the issue with verifying PowerShell job execution results as successful after password reset job failed as a part of the ambient script
  • Fixed the issue with cleaning up orphaned task managers when inheriting tasks or deleting records in case of legacy data with single task manager associated with several records
  • Fixed the issue with recording an audit log event in case of opening new SSH Proxy channel
  • Fixed the issue with periodic job scheduler taking in consideration previously executed jobs scheduled for different events
  • Fixed the issue with time filters in the Sessions report to include entries created after initial navigation to a report
  • Fixed the issue with Every Sunday policy event does not display a number
  • Added system logging messages to troubleshoot the process of automatic completion of the disconnected sessions

Labs

  • Added the option to run the application on OpenJDK 11 framework

back to top


Release 2.3.201812232242 (December 23, 2018)

Features

  • Added interactive MFA configuration with the options to define multiple MFA providers for different principals, default MFA provider and group or user-based exceptions
  • Added support to display a list of linked folders for each object on the list of records and on the search screens
  • Added the option to discover Windows hosts with specified service accounts in services
  • Added precise search option to locate exact record match

Extensions

  • Added the option to define a subset of record types that could be used in Personal Vaults
  • Updated default time range selection for the session report to be the Last Day
  • Improved performance of mass copy, cut, paste and import from discovery operations
  • Added an FAQ help button to the Search bar on the record list
  • Added the option to reset Windows domain account password using Windows host and shadow domain administrator
  • Added the option to search records as well as shadow and reference records for exact criteria instead of wildcard search by enclosing a search criteria in double quotes
  • Improved the mechanism to maintain local group membership of external (such as Microsoft Active Directory) users and groups by allowing object reorganization in the external user directories while still maintaining the local group membership. The option is disabled by default but could be enabled by using configuration property xtam.ad.members.search=true

Fixes

  • Fixed the issue with inheriting permissions to a linked item affected unrelated items in the original folder
  • Fixed the issue with moving an item item affected unrelated items in the original folder
  • Fixed the issue with the blanked debug message on the browser console
  • Fixed the issue with establishing sessions for the browsers with disabled clipboard support
  • Fixed the issue with accumulated resources during periodic purge of export files
  • Fixed the issue with deleting records with unique task managers in certain situations
  • Fixed the issue with orphaned non-executed tasks left in the job queue after deleting of a record
  • Fixed the issue with Editor is allowed to delete objects when using the Bulk Delete option
  • Fixed the issue with executing scripts using shadow records located in different vaults
  • Fixed the issue with the script updating windows services with the new account and password for domain accounts
  • Fixed the issue with the background process start up in case of failure to apply data patches
  • Fixed the issue with frequent blanket message about execution of retention process
  • Fixed the issue with mass executing tasks on-demand for selected records
  • Fixed the issue with reporting object name on the list of the results about mass scheduled tasks for selected objects
  • Fixed the issue with some periodic task policies are not executing for records with reused task lists
  • Fixed the issue with displaying Users Reports for users in certain groups in eDirectory

Labs

  • Internal: Restructured multi-language translation files to better maintain translations to different languages
  • Labs: Fixed the issue with notification subscriptions using Secure-IDs option

back to top


Release 2.3.201812162247 (December 16, 2018)

Features

  • Added the option to enforce workflow restrictions for the sensitive administration functions
  • Added the option to enforce workflow restrictions for folder and record level permissions and workflow bindings to delegate Administration roles to object management
  • Added the option to trigger task execution for dependent records after successful completion of the task executed for a master record (#XTAM TRIGGER REF _Script Name to Trigger_)

Extensions

  • Added the option to apply dual control workflow to the Global Role configuration
  • Added the option to apply dual control workflow to the Global Permissions configuration
  • Added the option to apply dual control workflow to the item Permissions configuration access including granular control on the nesting folder hierarchy following workflow binding inheritance
  • Added the option to apply dual control workflow to the function to change password of a local user
  • Added the option to apply dual control workflow to the function to add a local group member
  • Added the option to apply dual control workflow to the publishing of workflow templates
  • Added the option to apply dual control workflow to the system workflow binding configuration
  • Added the option to apply dual control workflow to the folder and record level workflow binding configuration including granular control on the nesting folder hierarchy following workflow binding inheritance
  • Added the option to apply dual control workflow to import and export functions
  • Added the option to apply dual control workflow to change values of system parameters
  • Added audit log event about changing a value of a system parameter
  • Added out of the box script to reset password of accounts linked to Windows services
  • Added context FAQ page to the Global Roles screen
  • Added context FAQ page to the Password Formula screen

Fixes

  • Fixed the issue with deleting folders with inherited workflow bindings
  • Fixed the issue with executing After Create or Update Policy Event after auto-importing records from discovery query
  • Fixed the issue with displaying of the folder objects on list of requests for approval
  • Fixed the issue with session management in Internet Explorer file browser
  • Fixed the issue with adding a group with circular dependencies to the system permissions, workflows or roles
  • Fixed the issue with displaying users in the users report even in case of no connectivity to underlying user directories
  • Fixed the issue with stability of remote applications executed on the remote application host
  • Improved developer console logging to troubleshoot issues occurred during opened sessions
  • Fixed the issue with scheduling a task for a record that already include the same active task scheduled
  • Fixed the issue with re-initiating logout procedure in case there is no active system user detected on the application initialization page

Labs

  • Labs: Fixed the issue with creating new workflow templates using Secure-IDs option

back to top


Release 2.3.201812121821 (December 12, 2018)

Features

  • Added support to collect and report details about protocol used during high-trust session including specific channel requested by native clients (such as Shell, SFTP, Tunnel or Exec)

Extensions

  • Added support to disable File Transfer option for all system users
  • Added support to limit location of originator of token based REST API calls by IP Filter
  • Added context help to the Comment field on the Token generation screen

Fixes

  • Fixed the issue with initiating SFTP connections using native clients through SSH Proxy server
  • Fixed the issue with adding a Tab option to the Session Start Mode global parameter
  • Fixed the issue with using script parameters including new passwords with a single quote (ampersand) in PowerShell scripts
  • Fixed the issue with in-browser session file listing of the folders that contain object names with unprintable characters
  • Fixed the issue with removing unique workflow binding when deleting folders
  • Fixed the issue with removing unique workflow binding, unique task lists and unique formulas when deleting records
  • Fixed the issue with orphaned task lists left after deleting records with unique task managers preventing deletion of shadow records
  • Fixed the issue with establishing connection with LDAP directories that do not have certain properties
  • Fixed the issue with the application initialization page appears in certain cases after logging off the application
  • Fixed the issue with resolving the users form external directories using the search criteria of the external directory
  • Fixed the issue with masking all secured fields when printing debug messages into the system log
  • Added application version to the system log during application start-up
  • Fixed the issue with initializing in-browser session screen in certain situations
  • Fixed the issue with the missing IP address in some session completion audit log records
  • Fixed the issue with occasional problems accessing data in systems deployed with PostgreSQL backend database
  • Fixed the issue with the password reset function in the systems deployed with PostgreSQL backend database
  • Fixed the issue with completing SSH Proxy sessions established by native clients using open multiple channels
  • Fixed the issue with completing port forwarding only SSH Proxy session established by native clients
  • Fixed the issue with displaying large text in records String fields on the record view screen
  • Improved server- and client-side logging mechanism to troubleshoot folder listing in the in-browser sessions file browser
  • Fixed the issue with too quick execution of switch user command when connecting to Unix user with switch user account

Labs

  • Internal: reorganized code to simplify development of external membership
  • Labs: Fixed the issue with creating new task list using Secure-IDs option
  • Labs: Fixed the issue with several generic GUI operations using Secure-IDs option
  • Labs: Fixed the issue with enabling API tokens using Secure-IDs option
  • Labs: Added framework for configurable MFA authentication

back to top


Release 2.3.201812051058 (December 5, 2018)

Fixes

  • Fixed the issue with session resize timeout for RDP sessions

back to top


Release 2.3.201812031019 (December 3, 2018)

Features

  • Added the option to open a session in a browser tab as an alternative to full screen or popup window
  • Added ASCII mode when transferring files during in-browser sessions
  • Added the option to search for records by shadow accounts specified in the search criteria using shadow:QUERY search

Extensions

  • Added auto-pagination support for listing large folders in the in-session file browser
  • Added the option to allow users other that system administrators to use the Bulk Cut, Copy and Delete options enforcing permissions check when processing individual objects
  • Added reference to a user in an error message about script execution or password reset for Windows strategy to better communicate the issue with either on-record or shadow account
  • Added workflow design scheme to the list of user requests
  • Added the current step to the list of user requests during request approval process
  • Added direct LDAP authentication as a primary mechanism for SSH Proxy server leaving system API authentication as fallback method to simplify SSH Proxy deployment and performance of authentication
  • Added support to disable Personal Vault option for all system users
  • Added the option to extend number of the choice field selection items

Fixes

  • Improved event processing by disabling caching and buffering by intermediate proxies
  • Fixed the issue when event processing failed with Federated Sign-In module (CAS) filters
  • Fixed the issue with deleting orphaned records
  • Fixed the issue with adding multiple users to a local group at the same time
  • Fixed the issue with the ticket generation for PostgreSQL database backend
  • Fixed the issue with duplication of discovered hosts in Active Directory based discovery queries
  • Fixed the issue with errors on the developer console and participants reporting during in-browser sessions in non-secure ids configuraiton
  • Added server- and client-side logging mechanism to troubleshoot folder listing in the in-browser sessions file browser
  • Added Debug Mode user preference to troubleshoot specific client cases
  • Increased timeout for the session screen resize to improve the initial connectivity to certain computers
  • Fixed the issue with initiating workflow requests with the TO date in the future but FROM date in the past
  • Fixed the issue with the ability to make a record type parent as the same record type or a record type that has the current type in its parent hierarchy resolving circular dependency in the record type inheritance
  • Fixed the issue with accessing record types with circular parent relationships created by the old versions of the application
  • Fixed the issue with accessibility of the application initialization page in certain situations
  • Fixed the issue with re-initiating logout procedure in case there is no active system user detected on the application initialization page
  • Fixed the issue with navigating to the record listing in case the application has been already initialized on the application initialization page
  • Fixed the issue with Cut and Copy actions unavailable for record owner without connection permissions
  • Fixed the issue with the confirmation screen after restoring a script to a factory default

Labs

  • Labs: Fixed the issue with creating new workflow binding using Secure-IDs option

back to top


Release 2.3.201811252222 (November 25, 2018)

Features

  • Added Query Execution Frequency system parameter to control execution of discovery queries
  • Added the option to clean currently discovered hosts from the discovery query

Extensions

  • Added optional parameters xtam.cas.registry.sqlCasJwtSigningKey, xtam.cas.registry.sqlCasJwtUpdateService, xtam.cas.registry.sqlCasJwtUpdateProperty to customize CAS registry storage in different databases
  • Added system architecture (64-bit) check for Linux installs
  • Added the option to execute jobs and to reset password on network devices with Shell script sequence strategy using shadow account

Fixes

  • Fixed the issue with adding or updating record type fields with not allowed characters in field name when using REST API
  • Fixed the issue with removing group membership when deleting local users
  • Fixed the issue with file upload for both Windows and Unix sessions with enabled API token verification
  • Fixed the issue with exporting and consecutive importing of job execution strategy objects
  • Fixed the issue with creating new discovery queries
  • Fixed the issue with error during auto-importing records during discovery process preventing the discovery query to complete
  • Improved debug level system logging to troubleshoot record loading and decryption of record secret data as well as PowerShell and SSH strategy script execution
  • Improved error processing for the operation of updating discovered hosts for Active Directory and Amazon EC2 queries
  • Fixed the issue with inheriting the task lists from records parent record type in case there were jobs run on the unique tasks in certain backend database configurations
  • Fixed the issue with deleting records in certain backend database configurations
  • Added system log message to better troubleshoot mass delete operations
  • Fixed the issue with update queue state for PostgreSql backend
  • Fixed the issue with SSH session view file browser unable to display files if user does not have read permissions to one of the elements of the home parent path by adding support for HomeLocation optional field to override default user home location with custom setting including {User} and other placeholders for record type fields
  • Fixed the issue with freezing of import records view progress bar on certain race conditions

Labs

  • Labs: Added Secured-IDs encryption for audit logging
  • Labs: Fixed the issue with updating system password formula using Secured-IDs
  • Labs: Fixed the issue with displaying discovered hosts with enabled Secured-IDs option
  • Labs: Fixed the issue with mass deleting, moving and copying objects with enabled Secured-IDs option
  • Labs: Fixed the issue with saving discovery query record type for auto-import with Secured-IDs option enabled
  • Internal: Added development build instruction to deploy worker in a safe manner
  • Labs: Added strict mode boolean flag to system property xtam.secured.ids.strict to enforce Secures-IDs option

back to top


Release 2.3.201811191811 (November 19, 2018)

Features

  • Added an interactive terminal shell for native SSH clients to browse and filter the list of available assets as well as to initiate connections using interactive commands
  • Added the option to search for objects referencing records specified in the search criteria
  • Added support for fixed-sized RDP sessions created with Full-Screen option initially opened to fill the complete session screen

Extensions

  • Added enforcement of XTAM REST API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability
  • Added /healthcheck end-point to indicate the online status of the system (https://{server}/xtam/healthcheck)
  • Added examples of Shell and PowerShell XTAM REST API call including API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability
  • Added on option on the user report to remove duplicated user entries
  • Added the option to execute Unix shell scripts forcing pseudo-TTY in case the script starts with sudo command

Fixes

  • Fixed the issue with API Token generation causing operation failure using the legacy application installations without CAS HA configuration embedded
  • Fixed the issue with audit log message about unlocking a local user
  • Fixed the issue with incorrectly updating new password in the vault after various issues connecting to a destination server
  • Fixed the issue with locking currently logged in local user
  • Fixed the issue with deleting currently logged in local user
  • Fixed the issue with infinite account lock for local users after several unsuccessful login attempts with the wrong password by limiting the automatic lock to 10 minutes
  • Fixed the issue with deleting folders that have associated subscriptions
  • Fixed the issue with deleting (unlinking) an object from its parent when the user has permissions to the object but not the parent
  • Fixed the issue with records browsing for the systems setup with PostgreSQL as a back-end database
  • Fixed the issue with occasional blocking of permissions inherited from root folder while browsing system objects resulting in hiding otherwise visible objects from the view of the user caused by short-term database cache overwriting when calculating global permissions
  • Fixed the issue with workflow bindings report displaying its data when workflow is bound to non-enxisting item
  • Fixed the issue with reporting workflow bindings unique for folders using system Workflows report
  • Fixed the issue with database selection prompt during Linux setup
  • Fixed the issue with creating an audit log event about record deletion at the end (not at the beginning) of the operation
  • Fixed the issue with Linux install script when using PostgreSQL as a database server
  • Fixed the issue with multi-threading interference during various background operations
  • Fixed the issue with orphaned session objects created during failed connections using native SSH clients
  • Fixed the issue with blanket error message in the system log about checking global permissions
  • Fixed the issue with occasional runspace is in Opening state error when executing remote PowerShell commands on Windows computers
  • Added debug level system logging to troubleshoot record loading and decryption of record secret data
  • Added debug level system logging to troubleshoot no host error when executing PowerShell or SSH Shell commands
  • Added debug level system logging to troubleshoot execution of SSH Shell commands

Labs

  • Labs: Added optional support for secured-IDs in the system GUI and API exposing randomized ID for all system functions instead of the real ones to prevent ID enumeration technique

back to top


Release 2.3.201811120904 (November 12, 2018)

Features

  • Added the option to mass inherit permissions from the current folder to multiple selected items
  • Added the option to mass inherit workflow binding from the current folder to multiple selected items

Extensions

  • Added message screen confirming removing users or groups from global roles
  • Added error message display in case of failure to remove users or groups from global roles

Fixes

  • Fixed the issue with inheriting permissions for the item linked from several different folders
  • Fixed the issue with inheriting workflows for the item linked from several different folders
  • Fixed the issue with detecting valid password reset on Windows computer using PowerShell script in case of timing out connecting to a remote computer
  • Fixed the issue with removing last system administrator
  • Fixed the issue with the emergency restore of default system administrator during application startup in case of removing all system administrators

Labs

  • Internal: Added mechanism for Cross-Site Request Forgery (CSRF) protection using generated API token for POST/PUT/DELETE API requests modifying application data. Temporary API token is generated using /rest/user/whoami function. The token enforcement is disabled by default in this update, and could be enabled by xtam.api.token.verification=true parameter
  • Internal: Added examples of Shell XTAM REST API call including API tokens to prevent Cross-Site Request Forgery (CSRF) vulnerability

back to top


Release 2.3.201811042134 (November 4, 2018)

Features

  • Added retention policy enforcement for scheduled system exports
  • Added the option to search any connected user directory for users and groups on permissions, roles, groups and workflow related principal selection screens

Extensions

  • Added the option to configure server keyboard layout for RDP sessions
  • Added password reset verification routine by attempting to log in to a remote system using new password in PowerShell and SSH password reset strategies
  • Added support for grouping parameters on the administration settings screen
  • Added the option to filter parameters by name on the system settings screen
  • Added user login, principal name or email display for active directory users members of local groups
  • Added several options to specify connection string for Oracle password reset strategy including the one with empty port or service, the service started with colon for SID (default) or slash for Service, and with the empty port and service allowing to specify full connection string in a Host field

Fixes

  • Fixed the issue with exporting session recording stored in the database
  • Added comments to VBScript system API example
  • Fixed the issue with occasional 401-Unauthorized errors during PowerShell password reset scripts executed on the remote Windows computers
  • Fixed the issue with making fields editable after removing referenced record on record edit screen
  • Fixed the issue with adding Active Directory users that contain command in the distinguished names to local directory groups
  • Fixed the issue with removing Active Directory users from local groups in case these users specified by user principal name instead of login names
  • Fixed the issue with updating local groups that contain Active Directory members specified by User Principal Names
  • Fixed the issue with sending workflow notifications to Active Directory members of local groups
  • Fixed the issue with frequent blanket error message in the system log about querying remote session participants
  • Fixed the issue with adding an Active Directory group to permissions, roles, groups or workflow configuration by group DN
  • Fixed the issue with adding Microsoft Active Directory group by unique legacy name to permissions, roles, groups or workflows configurations
  • Fixed the issue with selection list for record vaults covered by certain GUI elements of the page on the proximity groups editing in the application settings
  • Fixed the issue with selection list for shadow accounts covered certain GUI elements of the page on the task list editing
  • Fixed the issue with selection list for referenced records covered by certain GUI elements of the page on the record edit page

Labs

  • Internal: Added test driver for domain user password reset

back to top


Release 2.3.201810282228 (October 28, 2018)

Features

  • Added native clipboard (Ctrl-C/Ctrl-V) support for WEB sessions in Google Chrome browsers
  • Added support for MFA authentication with RSA one time password (OTP) during application login
  • Added support for MFA authentication using Radius protocol during application login
  • Added support to Connect without Recording permissions with the option to record session events

Extensions

  • Added the option to reset passwords for active directory accounts when the account is specified in domain or email notation for the integrations made with pure account names
  • Added support for WEB forms using JSON transport to login for high trust authentication during HTTPS sessions
  • Added VBScript example to generate new password and to create a record with this password in XTAM server using basic connection

Fixes

  • Fixed the issue with preserving multiple consecutive white-spaces in record type names on the record view screen
  • Fixed the issue with transferring large texts using WEB sessions clipboard
  • Fixed the issue with closing the PowerShell session on the remote Windows computer after executing remote commands
  • Fixed the issue with partial execution of password reset on Windows computers using PowerShell method during slow communications
  • Fixed the issue with detecting successful execution of password reset command on Windows computers using PowerShell method
  • Fixed the compatibility issues with PostgreSQL in the scripts, tasks, activation, session recording, discovery, favorites and workflow components
  • Fixed the issue with Remote Application shell auto-logout after connection timeout
  • Fixed the issue with reporting and using client IP address with the port at the end
  • Fixed the issue with displaying records with associated workflows bound to IP addresses when accessed from certain locations in deployments using load balancers reporting client IP including client IP port
  • Fixed the issue with reporting errors during password reset for MS Active Directory accounts in case of failed integration with AD or non-existing account
  • Fixed the issue with reporting of complimentary communications data during WinRM communications
  • Added system log messages to troubleshoot export of database stored session recordings
  • Fixed the issue with accessing partially initialized system
  • Fixed the issue with blanket error message in the system log file about detection of Federated Sign-In module deployment during applicaiton startup
  • Fixed the issue with missing user login names on the workflow bindings and workflow binding editing screens
  • Fixed the issue with users report failing to display completely when locked local users are present
  • Fixed the issue with reporting duplicated copies of the user name in the user report after certain operations

Labs

  • Internal: Updated session management libraries to version 0.9.14 in the WEB application
  • Internal: Added a driver implementation of Radius server to test XTAM/CAS MFA integration with Radius providers

back to top


Release 2.3.201810212225 (October 21, 2018)

Features

  • Added support for configurable session recording retention time

Extensions

  • Added support for recording client IP address to audit log for SSH Proxy
  • Added the option to use database as a storage for SSH Proxy session recordings made by native clients as an alternative to the file system
  • Added user login display to the list of users on the Global Roles screen
  • Added session ID to the session report as well as to session creation and completion audit log records
  • Added indication of a session protocol used to the record level and the system session report as well as to the audit log record about session creation
  • Added current database information section at the end of Administration / Settings / Database screen
  • Added the option to search for fields to populate based on the placeholder value in the browser extension

Fixes

  • Fixed the issue with using database as a storage for session recordings
  • Fixed the issue with creating or updating local users when local user directory password formula contains the rule for the user match
  • Fixed the issue with automatic restoring remote application host to the initial state after failed attempt to run remote application
  • Fixed the issue with automatic form validation when populating fields without id or name in the browser extension
  • Improved the logic of SSH Proxy authentication mechanism to offset mis-configured reversed proxy (load balancer) setups in the scenario of authentication using federated sigh-in module
  • Fixed the issue with reporting session completion events to the system user for SSH Proxy and HTTP proxy sessions in the audit log report
  • Fixed the issue with completing SSH Proxy sessions with recording properly
  • Fixed the issue when navigate to recording for in-browser session opened type-script player
  • Fixed the issue with import and export of discovery queries
  • Improved troubleshooting system log messages for session completion logic
  • Improved troubleshooting system log messages for SSH Proxy authentication logic
  • Improved troubleshooting system log messages for SSH and PowerShell discovery process
  • Fixed the issue of closing sessions in certain situations for the systems configured with PostgreSQL
  • Fixed the issue with completing SSH Proxy sessions
  • Improved log message for session completion with or without recording in the system and audit logs
  • Fixed the issue with the Windows discovery process not detecting connectivity successfully for the endpoints that contain many services
  • Fixed the issue with the Windows endpoints discovery detection of the non-standard services
  • Fixed the issue with the returning long responses from remote PowerShell commands
  • Fixed the issue with confirming dialog when deleting discovery queries
  • Fixed the issue with deleting discovery queries that collected some data
  • Fixed the issue with preventing application initialization page to appear with no active user logged in
  • Fixed the issue with authenticating HTTP Proxy sessions opened for the destination sites listening on a non-standard ports

Labs

  • Internal: Added a build script to make and upload offline package from the latest update
  • Internal: Added a portion of the activation code to product usage report
  • Internal: Added build command to compile CAS

back to top


Release 2.3.201810142210 (October 14, 2018)

Features

  • Added the option to lock and unlock local users
  • Added the support to specify the method of associating account with the auto-imported records from the discovery process including three options: a) Use the account successfully connected to a destination host during the discovery process; b) Use a referenced record to maintain the same account (such as domain Administrator) for several auto-imported records; c) Use specified account name to rely on password set logic defined on the record type task list
  • Added support for indexed session recording playback for native SSH clients enabling jumping to the playback position from the selected session event

Extensions

  • Added support to dynamically change playback position in session recording for native SSH clients
  • Added the option to display lock status for the local users
  • Added the option to bulk select and to bulk unselect local users
  • Added item ID to the list of items screen
  • Added user name / principal name to qualify user selection to the grant permission, add global role, add approver to workflow template and bind template screens
  • Added display of record ID on the record view screen
  • Added the option to control session heartbeat intervals for browser sessions (use Session Heartbeat Interval global parameter)

Fixes

  • Fixed the issue with TAB character recording in the event report for native SSH clients
  • Fixed the issue with Enable Mode for Cisco devices require Prologue field in the Cisco record
  • Added an option defined by system parameter xtam.saml.upn.adjust=true to automatically adjust UserPrincipalName returned from SAML providers to sAMAccountName in case sAMAccountName based authentication is used by the system while SAML IdP returns UserPrincipalName only
  • Fixed Shell and PowerShell examples for token based authentication REST API calls to pass token in the call header instead of the URL
  • Fixed the issue with duplicated system parameters

back to top


Release 2.3.201810072211 (October 7, 2018)

Features

  • Added session recording support for SSH Proxy connections using native clients with the option to playback session recordings in an Instant Player or download session recording in human-readable type-script format compatible with 3rd party players such as scriptreplay
  • Added the option to auto-import discovered hosts based on the specified policies defining destination import folder and record type for a discovery query

Extensions

  • Added the option to perform Active Directory discovery based on an LDAP AD Query
  • Added the option to specify the list of non-standard ports during host discovery for all types of queries
  • Added condition to use only one protocol for each discovery query
  • Added the option to display the port on the discovered host on the host details screen
  • Added context help and increased the size of the Filter field on the discovery query screen
  • Added the option to search folders in the application search string using folder: or folders: qualifier
  • Added the option to remove orphaned and custom node configurations on the Administration Settings screen
  • Added Edit button for node configurations on the administration settings screen to change node parameters
  • Added troubleshooting debug logging for the automatic application update

Fixes

  • Fixed the issue with disabled Sample button for Active Directory discovery queries
  • Fixed the issue with editing discovery queries that have no accounts defined
  • Fixed the issue with getting Samples report for AWS discovery query
  • Fixed the visualization issue with displaying sample results for Active Directory query with no OS retrieved from the query
  • Removed the action of editing the nodes on the administration settings screen by clicking at the row itself
  • Fixed the issue with the automatic application update after partially completed previous update leaving some artifact files in the temporary locations
  • Fixed the issue with language translations for error messages on the discovery query definition screen

Labs

  • Updated license reason field to display more rows in the License Manager WEB application
  • Fixed the issue with saving licenses that contain multi-byte Unicode characters in the reason field in the License Manager application

back to top


Release 2.3.201809302224 (September 30, 2018)

Features

  • Added the option to discover computers at Amazon AWS EC2 data centers
  • Added the option to discover Unix hosts accounts using SSH public key authentication

Extensions

  • Simplified configuration of multi-domain user authentication method by grouping all required properties in a single location
  • Added the option to import discovered hosts using SSH public key authentication to the application vault
  • Updated upload button when editing CSV-based discovery queries
  • Added the option to check connectivity to the remote directory service when setting up Local Directory Services replication
  • Optimized performance of the application GUI when operated by a user from slow performing Active Directory
  • Added the option to configure Group Cache TTL in minutes using system parameter Group Cache TTL
  • Added the option to force reset Group Cache TTL using Reset Cache button on the Administration / AD screen
  • Added the link to the system at the bottom of the workflow approval request notification

Fixes

  • Fixed the issue with re-starting Local Directory Service replication for accumulated changed after consecutive execution of ADReplicate command
  • Fixed the typo in connection status failed
  • Fixed the issue with loosing trailing and leading white spaces when specifying password for local users
  • Fixed the issue with Active Directory Query record type inheritance from the Active Directory User during application initialization
  • Fixed the issue with the missing browser toolbar for Firefox browsers when connecting to HTTPS sessions
  • Fixed the issue with clearing a group cache from all nodes on a multi-node setup after logout
  • Fixed the issue with clearing a group cache after changing local group membership

back to top


Release 2.3.201809232243 (September 23, 2018)

Features

  • Added Restrict Access workflow template type to implement operations removed from the application GUI and rejecting execution to disable or enable certain types of actions from configured locations or at the configured times
  • Added explicit Automatic Approval workflow template type to require users to enter business reason for access requests performed from specified locations or at the specified times
  • Added the option to search records by selected custom fields indicated as indexed in the record type definition

Extensions

  • Added workflow template type column to the workflow template list
  • Added the option to indicate a field in a record type as indexed to be used in the record search
  • Added FAQ link to record type field screen
  • Updated license expiration messages

Fixes

  • Fixed the issue with default HTTP session manager for WEB Portal records in new installations
  • Fixed the issue with displaying object name with object ID in the audit report (including report export) for deleted objects
  • Fixed the issue with the users report that contains Active Directory users after disabling Active Directory integration
  • Fixed the issue with AS/400 terminal size restriction and color scheme for SSH based sessions
  • Fixed the issue with default protocol for AS/400 record to be Telnet
  • Fixed the issue with the hidden personal folders appears in the shared with me area or in the permissions search
  • Fixed the issue with editing folder by the non-system administrator
  • Fixed the issue with downloading or quick playing a session recording by a non-system administrator
  • Fixed the issue when supervisor with viewer permissions was not able to edit command controls
  • Fixed the issue with the ability to reference Active Directory users by display name that incorrectly adds them to the system as groups
  • Fixed the issue with inconsistent results when removing multiple item or global permissions at ones
  • Fixed the issue with refreshing the list of item or global permissions after removing all permissions from the list
  • Added the option to select and un-select all permissions in the list on the item or global permissions page
  • Fixed the issue with the option to select individual permissions on the un-editable permission screen for permissions inherited from the parent item
  • Fixed the issue with trimming leading and trailing spaces when saving record passwords
  • Fixed the issue with displaying multi-byte Unicode custom fields values in records

back to top


Release 2.3.201809162212 (September 16, 2018)

Extensions

  • Added support for fixed size AS/400 terminal windows with 24×80 and 27×132 options controlled by a global parameter
  • Added green color scheme to direct AS/400 sessions
  • Added the option to specify a complete connection string to establish connection to Oracle database to use it as a backend application database

Fixes

  • Fixed the issue with establishing Telnet session connection to remote computer by names when using Linux distribution of session manager
  • Fixed the issue with Backspace button mapping for direct AS/400 terminal
  • Optimized performance of AD group membership permission check configuration in new and existing installations
  • Optimized GUI performance for AD users by caching user DN
  • Optimized record list GUI performance for AD users by sequential call of API functions to allow for short term caching of AD query results
  • Optimized GUI performance for AD users by utilizing initial cache when displaying navigation controls
  • Fixed the issue with overloading Windows RDP manager during initial connection to Windows servers in Reconnect resize mode
  • Fixed the issue with displaying error message when failing to perform automatic application activation suggesting to use manual one
  • Fixed the issue with utilizing the same SSH and Telnet fonts for Windows and Linux based session manager deployments
  • Fixed the issue with clearing group membership cache when logging out from the application

back to top


Release 2.3.201809092249 (September 9, 2018)

Features

  • Added support for management of LDAP compliant user directories such as Apache Directory Services, IBM Tivoli Directory Server, Novell eDirectory, etc including the option to reset password
  • Added the option to generate new password based on the configured complexity formula when creating new or editing existing records

Extensions

  • Added generic option for record referencing including all fields extending existing option to reference only User, Password and Cert fields
  • Added a context help referencing documentation or FAQ pages to majority of administration and reporting application screens
  • Added IBM onscreen keyboard layout with support for F13-F24 functional keys

Fixes

  • Fixed the issue with enforcing approval workflow limitations when joining active sessions
  • Fixed the issue with the respecting global roles when checking Connect permissions
  • Fixed the issue with deleting record types that have tasks with job history associated
  • Fixed the spelling for the error message finishing session reconnect attempts
  • Fixed the issue with saving task list with typed but not selected shadow account
  • Fixed the issue with functional and special keys handling during direct browser-based AS/400 sessions including support for F1-F24 function keys
  • Fixed the issue with post installation deployment of Federated Sign-In component
  • Added the option to optimize nested active directory queries

Labs

  • Added a mechanism to create links to FAQ articles from the application screens

back to top


Release 2.3.201809041336 (September 4, 2018)

Fixes

  • Fixed the issue with the respecting global roles when checking Connect permissions

back to top


Release 2.3.201809010855 (September 1, 2018)

Features

  • Added the option to define global user or group permissions applicable for all records down the folder hierarchy regardless of the unique permission inheritance
  • Added the option to copy unlocked password or secret to clipboard instead of displaying it on the screen

Extensions

  • Added the option to specify session manager proximity groups IP-range selection criteria in IPv6 notation
  • Added the option to specify approval workflow IP-range filter in IPv6 notation
  • Added the option to specify IP-range discovery scan in IPv6 notation
  • Added the option to remove discovery queries with related collected information
  • Updated context help popup for global roles

Fixes

  • Fixed the issue with connecting to computers using IPv6 addresses including bracket notation
  • Fixed the issue with connecting to remote computers with permissions precluding session events recording
  • Fixed the issue with limiting failed attempt to deliver alerts following the parameter Alert Notification Attempts

back to top


Release 2.3.201808262211 (August 26, 2018)

Extensions

  • Added last scan time field to the list of discovery queries
  • Added linked record information to the list of the discovered hosts
  • Added single download package for offline installation
  • Added un-install script for Linux installations

Fixes

  • Fixed the issue with the extra scroll bars on the SSH session screen
  • Fixed the issue with the extra scroll bars on the dynamically resized RDP session screen
  • Fixed the issue with looping session screen size change in certain situations
  • Fixed the issue with large size of the in-session virtual keyboard
  • Improved job error message when task is executed against record with no defined host
  • Fixed the issue with session window title for the sessions with dynamic credentials
  • Fixed the issue with session window title for the sessions with pass-through credentials
  • Fixed the issue with session window title for the sessions with blank credentials
  • Fixed the issue with publishing old branded installers along with the new ones
  • Fixed the issue with collecting the list of local administrators during Windows discovery process
  • Fixed the issue with executing PowerShell scripts that include double quotes
  • Fixed the issue with missing offline installation page for Windows installers
  • Fixed the issue with displaying the error message when attempting to install the application into read-only location
  • Fixed the issue with the session manager startup in the default installation in Windows 7 computers
  • Fixed the issue with Alerts report displaying alerts for legacy session events

back to top


Release 2.3.201808192232 (August 19, 2018)

Features

  • Added support for a Personal Vault for each system user for personal records management with sharing capability between system users
  • Added support for multi-domain forests for Active Directory users authentication and access

Extensions

  • Added the option to specify domain in pass-through credential configuration such as in the example of $login@domain.com
  • Added the option to delete API tokens from the system
  • Added pass-through and dynamic credential options to remote application credentials executed on the application hosts
  • Added token based authentication method for remote worker nodes
  • Added ADQuery command to command line utility to troubleshoot and test query active directory structure
  • Added audit log events about creating, disabling and enabling API tokens
  • Added token ID to the list of API tokens for easier token reference
  • Added expiration time display instead of expiration length on the token list screen with the indication of expired tokens

Fixes

  • Fixed the issue with audit log events recorded under Connect operation for connect options selection
  • Fixed the issue with highlighting current menu item when selecting Token management screen
  • Fixed the issue with refreshing the list of tokens after generating a new token
  • Fixed the issue with incorrect audit log message about disabling JWT tokens
  • Fixed the issue with referring to token authentication function in API token authentication example for PowerShell
  • Fixed the issue with POST and PUT REST API calls in PowerShell token based authentication function
  • Fixed the issue with the button to generate token located on the top of the screen
  • Fixed the issue with mail-based authentication and user access for Microsoft Active Directory
  • Fixed the issue with principal-based authentication and user access for Microsoft Active Directory
  • Fixed the issue with initial out-of-the-box support for MS SQL Server back end databases connection pool quick reconnect and connection to a replicated server
  • Fixed the issue with initial out-of-the-box support for MySQL and Maria DB back end databases connection pool quick reconnect and connection to a replicated server
  • Fixed the issue with initial out-of-the-box support for PostgreSQL back end databases connection pool quick reconnect and connection to a replicated server
  • Fixed the issue with the incorrect status report for scheduled downloads and updates during updating multi-node farms

back to top


Release 2.3.201808122223 (August 12, 2018)

Features

  • Added Credential Pass-Through option to use credentials of the currently logged in user to initiate GUI in-browser sessions to remote computers
  • Added Dynamic Credential option to use parametric search criteria to find credentials in the Vault to initiate GUI in-browser sessions to remote computers
  • Added the option for token based authentication to access system API

Extensions

  • Added Unix shell and PowerShell examples to access the system API using JWT tokens. Note that Federated Sign-In (CAS) module is required for token authentication
  • Added a screen to manage API Authentication Tokens with the options to review or disable existing tokens and generate new ones

Fixes

  • Fixed the issue with respecting Active Directory sub-groups when resolving user permissions to system objects
  • Fixed the issue with searching records by connection type for case insensitive session manager names such as Telnet or RemoteApp

Labs

  • Internal: Added a mechanism of storing large files such as keys and certificates in the system database to simplify high availability configuration
  • Internal: Added mechanism of updating local application configuration to simplify updates of various application components
  • Internal: Added mechanism of maintaining service registry of Federated Sign-In (CAS) component in the application database to simplify high-availability deployments
  • Internal: Fixed the issue with including tenant configuration, internal certificate storage and authentication tokens to export and import routines

back to top


Release 2.3.201808052230 (August 5, 2018)

Features

  • Added the option to rotate SSH keys for Unix accounts on-demand, periodically or following the account access workflow

Extensions

  • Added the option to type database password in the response to the command prompt when setting up connection to the external database in the command line instead of specifying the password in the command line
  • Improved default external database connection pool configuration to validate connections in the pool
  • Added configuration template to enable Federated Sign-In module logging for default Windows and Unix installations

Fixes

  • Fixed the issue with the availability of the Install button after downloading new version of the software
  • Fixed the issue with enabling Active Directory configuration for the container authentication when performing AD integration using the application GUI
  • Fixed the issue with SSH Proxy authentication using native clients for the systems configured with Federated Sign-In module on non-standard HTTPS port
  • Fixed the issue with executing scripts for the records without password formula defined
  • Fixed the issue with executing scripts for the records with certificate that has no password
  • Fixed the issue with executing scripts for Unix accounts using SSH key access
  • Fixed the issue with ambiguous column names and long database constraint names compatibility with Oracle back end DB
  • Fixed the issue with initial out-of-the-box support for Oracle RAC back end databases
  • Fixed the spelling mistake in Application Initialization screen title
  • Fixed the issue with overloading back end Oracle database with the cached queries in the default system setup
  • Fixed the issue with updating record with empty content

back to top


Release 2.3.201807292306 (July 29, 2018)

Features

  • Added support for native applications (such as mysql client) launched on the Unix application hosts with workflow-controlled permission-based access, high-trust login, session and session events recordings and video playback using browser based experience
  • Added support for native applications (such as mysql client) launched on the Unix application hosts with workflow-controlled permission-based access, high-trust login and session events recordings using local SSH clients experience

Extensions

  • Added “verbose” option to the command line utility for better feedback about errors

Fixes

  • Fixed the spelling error when reporting failed executions of the tasks queue
  • Fixed the issue with detection of successful script execution on network devices in certain situations
  • Improved error reporting about script execution errors
  • Improved handling of the task executions not involving password resets
  • Fixed the issue with locking user and group search in organizational unit of the service manager when connecting to Active Directory directly without Global Catalog
  • Fixed the issue with processing results from the job execution for the records of record types with all fields inherited from the parent record
  • Increased timeout when waiting for the response from network devices when executing scripts

Labs

  • Labs: Added support for multiple tenant access each with the unique URL and unique Database

back to top


Release 2.3.201807222250 (July 22, 2018)

Features

  • Added support for multi-tenant configuration with the isolated groups of assets, reporting, permissions, workflows, computer access and task execution managed for every individual client using distributed client deployed nodes and system vaults
  • Added the option to login to Windows computers using RDP protocol with microsoft.com accounts

Extensions

  • Added the option for a user to interact with Windows login banner screen when launching applications on the remote application host
  • Added REST API function /unlock/{id}/{field} to retrieve a single string value of specified field from the specified record
  • Improved the user experience for Navigate to Parent Folder control to implement it as a single button instead of drop-down choice in cases of a single parent available
  • Added progress report when importing assets to the system
  • Improved performance of the process of importing assets from RDP manager (rdg) and PuTTY (reg) files
  • Improved timeout handling when connecting to remote computers and devices
  • Improved re-connect behavior in cases of disconnection when connecting to remote computers and devices
  • Updated copyright year in presented EULA during Linux installations
  • Added field validation logic to the Session Managers Proximity Groups editing and creation screens

Fixes

  • Fixed the issue with navigation from import log to record type instead of a record
  • Fixed the issue with the option to create vaults available in the non-root folder accessed through certain navigation paths
  • Fixed the issue with blanket error message in the client side browser console about number of pages calculations on the list of records screen
  • Fixed the issue with handling timeouts when executing slow running sequence-based scripts such as password reset or status check in network devices such as Juniper, Palo Alto, Cisco, VMWare vCenter or ESXi, or McAfee IPS
  • Fixed the issue with consistent selection of a processor role when downloading and installing new application version on the nodes with multiple roles such as GUI and Worker
  • Fixed the issue with service start from setup script on Ubuntu OS
  • Fixed the issue with lost value of proximity group selector control after creating a new group

back to top


Release 2.3.201807152234 (July 15, 2018)

Features

  • Added SSH Proxy support for local port forwarding with high-trust login option
  • Added SSH Proxy support for SOCKS proxy with high-trust login option
  • Added the option to update current user profile for local users including self-service password reset
  • Added support for IBM Informix database with the options to check database connections status and reset password for the database account
  • Added support for workflow controlled access to Google Chrome WEB applications using remote application host with high-trust login without revealing password, session and in-session events recording

Extensions

  • Added pagination support when displaying a large list of records in folders or during search to improve GUI performance
  • Improved performance of the process of importing from CSV spreadsheet
  • Improved performance of creating and copying records
  • Improved user experience of the Group Edit and Delete screen to prevent accidental group deletion
  • Added the option to manage record vaults to simplify multi-tenant configurations

Fixes

  • Fixed the issue with submitting browser extensions to the Google Chrome and Mozilla Firefox stores by simplifying the code base and removing unused files from the package
  • Improved system logging to troubleshoot video rendering of session recordings
  • Improved system logging to troubleshoot execution of SQL-related strategies and password reset routines
  • Fixed the issue with connecting to computers defined by records with removed or undefined during import vital connection values (such as port) that require using default values instead
  • Fixed the issue with connecting to records of the record type with all fields inherited from the parent type
  • Fixed the issue with deleting local group generated incorrect audit log message about deleting a user
  • Fixed the issue with the re-creating a local group or a user with the same name after deleting

back to top


Release 2.3.201807082224 (July 8, 2018)

Features

  • Added HTTPS-Proxy based WEB Access Broker that enables access to WEB Portals without revealing credentials to the end users
  • Added support for workflow controlled access to Internet Explorer WEB applications using remote application host with high-trust login without revealing password, session and in-session events recording
  • Added XTAM Broker Browser Extension that automatically configures browser proxy to support XTAM WEB Access Broker for Chrome and Firefox browsers

Extensions

  • Added support for SFTP protocol file transfer events logging in SSH Proxy
  • Added support for SCP protocol file transfer events logging in SSH Proxy
  • Added the option to enable or disable session events recording
  • Added support for SSH Proxy connection using native clients by record or host name

Labs

  • Labs: Added quick launch option from the list of records screen for HTTP sessions
  • Labs: Fixed the issue with the recording option available when establishing HTTP sessions on the record view screen

back to top


Release 2.3.201807012215 (July 1, 2018)

Features

  • Added support for Microsoft Remote Desktop as a native application executed, recorded and monitored on the remote application hosts to implement double-jump scenario to access computers in remote isolated networks through the jump-server located in DMZ
  • Added support for folder-level reporting facility for system administrators and auditors to generate system reports for objects located inside selected folder and its sub-folders

Extensions

  • Added the option for system administrators to purge session events
  • Added folder level audit log report for supervisors and auditors to display audit log for objects inside the selected folder and its sub-folders
  • Added folder level Inventory report for supervisors and auditors to display inventory report inside the selected folder and its sub-folders
  • Added folder level Job History report for supervisors and auditors to display job history report for the objects inside the selected folder and its sub-folders
  • Added folder level Sessions report for supervisors and auditors to display Sessions for the objects inside the selected folder and its sub-folders
  • Added folder level Session Events report for supervisors and auditors to display Session Events for the objects inside the selected folder and its sub-folders
  • Added folder level Requests report for supervisors and auditors to display access requests for the objects inside the selected folder and its sub-folders
  • Added folder level Workflows report for supervisors and auditors to display configured workflows for the objects inside the selected folder and its sub-folders

Fixes

  • Fixed the issue with Add New Record list with record types on the list view screen moved out of the right side of the screen on some screen resolutions
  • Fixed the issue with installing session manager on Windows Server 2008 or 2008R2

back to top


Release 2.3.201806242148 (June 24, 2018)

Features

  • Added support for TSplus RDS as an option for a remote application host to launch in-browser native windows applications
  • Added support for PuTTY as a native application executed and monitored on the remote application hosts including high-trust login without revealing password, session and in-session events recording
  • Added the option for system administrators to terminate workflows after they have been approved

Extensions

  • Changed Active Directory User record type name for new installations
  • Added support for automatic enable mode switch for Cisco devices when accessed using native applications through the system SSH Proxy
  • Added support for Prologue sequence sent into the remote device at the start of the connection when using native applications through the system SSH Proxy

Fixes

  • Fixed the issue with editing folders
  • Improved troubleshooting logging for the remote applications
  • Fixed the issue with Grant and manage drop down menu appear below the edge of the screen by switching them to drop-up menus
  • Improved the background procedure to auto-complete approved access requests after the expiration of the requested time
  • Fixed the issue with workflow Approve / Reject dropdown menu come out of the right edge of the screen in certain situations on the Requests for Approval screen
  • Fixed the issue with workflow details dropdown menu come out of the right edge of the screen in certain situations on the My Requests screen
  • Fixed the issue with selecting an appropriate workflow from the list of workflows with mixed restrictions for users and for location
  • Fixed the issue with the visual display of the duration-bound selected workflow on the incomplete request form requesting access for the specified date range

back to top


Release 2.3.201806172250 (June 17, 2018)

Features

  • Added the option to the system command line service utility to export local user directory including users with optionally encrypted passwords and groups with membership information
  • Added the option to import local users and groups into the directory services using command line service utility

Extensions

  • Added support to include export of local user directory to general system export including users with optionally encrypted passwords and groups with membership information
  • Added the support to import local users and groups into the system user directory as a part of general database import process
  • Added support for terminating SSH Proxy sessions on-demand and after workflow expiration

Fixes

  • Fixed the error reporting when using unrecognized key format for SSH protocol connecting through SSH Proxy
  • Fixed the issue with requirement for a user to have connect permission to a application host record in order to connect to the remote application itself using this host record
  • Fixed the issue with the improper position of Notification and Favorites buttons on the record view screen for a user with view-only permission to the record
  • Fixed the issue with respecting record checkout status for SSH sessions brokered by SSH Proxy
  • Fixed the issue with reporting non-printable key sequences for SSH sessions brokered by SSH Proxy
  • Fixed the issue with using certain keys in certain environments for SSH sessions brokered by SSH Proxy
  • Fixed the issue when user can connect to the checked out record by direct URL in the browser
  • Fixed the issue with terminating related active sessions when checking-in a record
  • Fixed the issue with importing data into the system database that includes historical session data to purge
  • Added system log message about starting an import process

Labs

  • Labs: Added XTAM Broker Browser Extension that automatically configures browser proxy to support XTAM HTTPS broker for Chrome and Firefox browsers

back to top


Release 2.3.201806102238 (June 10, 2018)

Features

  • Added support for native client side applications (such as ssh, scp, sftp, Putty, Secure CRT, WinSCP, PC5250, etc) using SSH, scp, sftp protocols when directly connecting to remote Unix hosts or network devices including password- and key-based high-trust login tracking the use of shared privileged accounts to personal accounts, session events recording, audit logging, session timeout, switch user support as well as permissions, time, location and workflow controlled access

Extensions

  • Added the list of application hosts serving a remote application record to the record view
  • Added a warning message on the remote application record view about absence of enabled application hosts to launch this application
  • Added support for automatic setup of trust between various application components such as SSH Proxy, XTAM and Federated Sign-In Service in the default installation based on the generated certificate

Fixes

  • Fixed the issue with adding permissions to the new principals
  • Fixed the issue with the long blanket error message in the system log about accessing latest application version
  • Fixed the issue with resetting password for domain user on Windows machine by the same user executed from Windows-deployed server
  • Improved feedback reporting about troubleshooting remote application connectivity by adding system log error when remote application host not found
  • Fixed the issue with using disabled application hosts when launching native application using Remote App technology
  • Fixed the issue with locked classes in some cases of the application update
  • Fixed the issue with MS SQL Studio remote application session closed on new query action
  • Fixed the issue with adding a script for Quest Toad Oracle remote application with command line parameters during the application initialization
  • Fixed the issue with importing certain database export data into the newly initialized system database
  • Fixed the issue with blanket error message in the system log about mismatched internal user state

Labs

  • Labs: Added the option to configure HTTP Proxy port as well as managed domains using the application GUI
  • Labs: Added the option to auto-configure proxy settings for HTTP Broker configuration in Chrome browsers
  • Labs: Added the option to auto-populate fields on the WEB page handled by the HTTP Proxy with the HTTP Proxy placeholder
  • Labs: Added initial implementation of proxy configuration to FireFox Add-On

back to top


Release 2.3.201806032159 (June 3, 2018)

Features

  • Added the option for system administrators, auditors and record owners to review sessions using star-rating system
  • Added support for Quest Toad / Oracle native application launch using command line parameters with the ability for high-trust login with session and session events recording including indexed playback

Extensions

  • Added the option to configure integration with Active Directory using application WEB GUI
  • Added the option to configure integration with Syslog server using application WEB GUI
  • Added the option to configure integration with Active Directory based on the complete distinguished name of the service account
  • Added audit log event about updates in Active Directory configuration
  • Added audit log event about updates in Syslog configuration

Fixes

  • Fixed the issue with collecting aggregated summary for statistics report
  • Fixed the issue with the bread-crumbs navigation on the application settings screen

Labs

  • Added system parameter to enable HTTP Proxy server during the application startup instead of using properties file configuration
  • Added context help for HTTP Proxy User and Password parameters

back to top

Release 2.3.201805272220 (May 27, 2018)

Features

  • Added support for workflow controlled access to Oracle SQL Developer Remote Application with high-trust login without revealing password, session and in-session events recording

Extensions

  • Added embedded support for root password change as an automatic option during regular user password change on Unix computers
  • Added component version information to the audit log (and system log) record about starting both GUI and Worker components on the node
  • Added the option to execute tasks by Oracle RDBMS driver for records referencing server connections by host, port and SID
  • Improved performance of the application WEB GUI loading

Fixes

  • Fixed the issue with mismatching suggested port for VNC records and default port used during connections
  • Fixed the issue with availability of workflow binding management controls for users not-system administrators
  • Fixed the issue with the feedback about successful root password reset on Unix devices
  • Fixed the issue with the feedback about successful password reset on Red Hat based operating systems
  • Fixed the issue with the application installation on Windows computers with configured SOCKS proxy
  • Fixed the issue with resetting passwords for Unix accounts with shadow records
  • Fixed the issue with executing tasks by Oracle RDBMS driver for records referencing server connections by connection string

Labs

  • Labs: Added the option to configure user and password placeholders for high-trust HTTP login
  • Labs: Fixed the issue with auto-populating non-credential fields with the credential information in HTTP proxy
  • Labs: Added the option to configure auto-populated field names using Plugin Filed parameters for high-trust login using HTTP Proxy

back to top


Release 2.3.201805212018 (May 21, 2018)

Extensions

  • Optimized application performance when logged in using a user from remote user directory
  • Optimized performance of file transfer operations between local and remote computers
  • Added the script to the script library to reset root password on the Unix computers using SSH connector
  • Added the option to interactively execute the queued job by the GUI WEB application before it is executed by the background job process
  • Added support to use system proxy configuration for application updates on Windows and Gnome 2.x systems if the proxy server is not configured in the system
  • Added the option to configure proxy server for application updates

Fixes

  • Fixed the issue with establishing session connection to remote computer by names when using system session manager installed on the latest versions of CentOS
  • Fixed the issue with the error message about failed attempt to send a test email to test mail server configuration with the suggestion to save mail server configuration before testing
  • Fixed the issue with enabled button to test mail server configuration during the attempt to send the test email
  • Fixed the issue with the incorrect detection of the successful connection to the remote computer in the slow networks
  • Fixed the issue with incorrect handling of the reconnect operation to a disconnected session
  • Improved system logging message to troubleshoot the job queue operation
  • Fixed the issue with executing commands on the remote Unix computer using switch user operation
  • Fixed the issue with the timeout mechanism to automatically terminate remote SSH command execution sequence in case of unresponsiveness of job execution script
  • Fixed the issue with recovering from the unsuccessful software update to avoid software restart to continue the update process
  • Fixed the issue with the establishing sessions using switch user operation in certain network situations
  • Fixed the issue with Password Reset Remote Palo Alto Networks script description
  • Fixed the issue with loosing certain file transfer events from the event logging
  • Fixed the issue with the enabled debug level in the default user directory integration
  • Fixed the issue with deleting a record that has associated sessions

Labs

  • Internal: Added the option to generate master password for CAS sensitive properties encryption (such as AD password) during the software installation

back to top


Release 2.3.201805132211 (May 13, 2018)

Features

  • Added support for NetIQ eDirectory as a system user repository

Extensions

  • Added a count-down screen on a reconnect to a disconnected session
  • Improved performance of the application WEB GUI loading

Fixes

  • Fixed the issue with connecting to and operating with user directories with empty root entry name
  • Fixed the issue with connecting to LDAPS user directories with TLS security layer enabled
  • Fixed the issue with updating configuration for additional integrated user directories
  • Fixed the issue with executing scripts on Unix computers using SSH strategy
  • Fixed the issue with missing task name in task execution start and error audit log messages
  • Fixed the issue with loosing keyboard and mouse control when reconnecting to remote application sessions accessing native applications
  • Fixed the issue with reporting missing dependencies in the Linux installation script run on certain operating systems (such as CentOS)

Labs

  • Labs: Fixed the issue with HTTP Proxy login with the password that contains special characters that need to be encoded
  • Labs: Fixed the issue with HTTP proxy login with the user given with the email domain qualifier where the user login is expected
  • Labs: Fixed the issue with HTTP Proxy operation with the remote WEB Portals preventing script injections
  • Labs: Fixed the appearance of the visual indicator of the HTTP Session in the browser
  • Labs: Fixed the issue with accessing pages that include multi-byte Unicode characters in HTTP sessions

back to top


Release 2.3.201805062226 (May 6, 2018)

Features

  • Added multi-node high availability option for Federated Sign-In Service
  • Added support for TLS 1.2 security layer when connecting to RDP sessions

Extensions

  • Added the option for integration with SAML-based identity providers
  • Added the option to enable Federated Sign-In service system logging after installation for troubleshooting purposes
  • Added authentication persistence option for Federated Sign-In service preserving user login during the application restart
  • Added command line utility to simplify management of the application security keys and certificates

Fixes

  • Fixed the issue with populating fields inherited from parent records types when using the Import function
  • Fixed the issue with errors in the system log caused by the undefined SMTP server in the mail server configuration
  • Fixed the issue with configuring integration with Active Directory first time after the installation
  • Fixed the issue with connecting to RDP sessions to Windows computers with certain configurations
  • Fixed the issue with incorrect Record Edit button labels during workflow operation
  • Fixed the issue with reliability populating values in Remote Applications controls on the remote application hosts

back to top


Release 2.3.201804292325 (April 29, 2018)

Features

  • Added Spanish on-screen keyboard layout for active sessions
  • Added the option to configure local user directory replication option using command line control utility

Extensions

  • Added password prompt option when connecting to local directory services using command line control utility
  • Changed software trial time for un-activated software to 14 days
  • Improved performance of loading record change history report

Fixes

  • Fixed the issue with joined sessions remained active after the session owner terminates the session
  • Fixed the issue with a record Editor accessing session information for the record
  • Fixed the issue with masking last values of secret fields in the record change history report
  • Fixed the issue with starting authentication services (CAS) in the default configuration setup connected to external database other than the embedded one
  • Fixed the issue with the specific message to the session participants about the owner leaving session
  • Fixed the issue with receiving alerts and notifications about in-session events for the subscription scheduled for all categories
  • Fixed the issue with reporting all-categories subscriptions when displaying the list of subscriptions
  • Fixed the issue with interpreting certain characters in the session events report
  • Fixed the issue with updating CSV-based discovery queries

Labs

  • Labs: Fixed the issue with concurrent context access in HTTP Proxy filters
  • Labs: Added the option to use HTTP Proxy sessions for WEB sites with distributed federated authentication involving browser redirects

back to top


Release 2.3.201804222226 (April 22, 2018)

Features

  • Added support to display users (with the access IP address) joined an active session in the session control panel
  • Added the option to notify session owners about users joining or leaving the session
  • Added support for multiple disconnected Active Directory forests or non-Active Directory LDAP users sources

Extensions

  • Added support to display session events about users (with access IP addresses) joined or left the session in the session events report
  • Added the option to add users or groups from external user directories (including primary or disconnected Active Directories) as members of the local groups to simplify management of permissions, global roles and workflow configurations
  • Added command line configuration utility options to configure or remove additional LDAP user directories such as isolated Active Directory forests or other LDAP user sources
  • Added the option to display the user directory of a principal when displaying members of a local group on the local group management screen
  • Updated copyright year for the Windows installer

Fixes

  • Fixed the issue when importing records into the system using Internet Explorer 11 browser
  • Fixed the issue with displaying initial application screen to the authenticated user not found in the current user directory
  • Fixed the issue with blanket messages in the system log related to authenticating a user not found in the current user directory
  • Fixed the issue with the blanket error in the system log about impossibility to lock the object for processing by multi-thread pool
  • Fixed the issue with integration with Active Directory user sources using the account that has comma in the distinguished name
  • Fixed the issue with terminating file transfer process based on the remote session idle timeout
  • Fixed the issue with language translations for session idle message dialog
  • Fixed the issue with detection of idle sessions with active file transfer in progress
  • Fixed the issue with bread-crumbs navigation from inside a folder to the Home and Records Root locations
  • Fixing the issue with releasing old thread pool locks when starting up the application
  • Improved a procedure of recovering from the long locked operations
  • Fixed the issue with a confirmation message about removing local group members
  • Fixed the issue with incorrect reporting of the successful connectivity to the remote user directory during Windows installation

back to top


Release 2.3.201804152246 (April 15, 2018)

Features

  • Added support for the approval based permission elevation option on the remote Windows end points
  • Added support for Okta Authentication services

Extensions

  • Added support for auto-start configuration when installing the application on systemd init based operating systems
  • Added support for secure communication traffic to the local user directory during the default installation
  • Updated default system password formula for local users directory to 24 characters in the default installation
  • Updated default password formula for Unix, Windows, AS400 and Database destinations to increase maximum characters in the default installation
  • Added the option to configure integration with Active Directory servers using fully qualified user distinguished name
  • Added the option to grant permissions to Active Directory users and groups using fully qualified distinguished name
  • Updated default log file format to include thread number to track sequence of related events
  • Added factory default for Windows Local Administrators Group Cleanup script
  • Added factory default for Windows Remote Reset with Dependencies script

Fixes

  • Improved error reporting about resolving Active Directory group membership
  • Fixed the issue with resolving Active Directory groups with members distinguished names including certain special characters
  • Fixed the issue with sending alerts about session events
  • Fixed the issue with resolving permissions and group membership given to users with commas in the distinguished names through Active Directory groups
  • Fixed the issue with overloading Windows session manager when accessing RDP sessions using Internet Explorer browser connecting to the system with IIS load balancer
  • Fixed the issue with displaying global service accounts on the users report
  • Fixed the issue with timeout when configuring integration with Active Directory server as well as with remote system user directory
  • Fixed the issue with Federated Sign-On component integration in the default installation SSL setup

back to top


Release 2.3.201804082221 (April 8, 2018)

Features

  • Added support for Juniper Networks devices with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs
  • Added support for Palo Alto Networks devices with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs
  • Added support for Oracle RDBMS with the event- or time-based password verification and reset automation jobs
  • Added support for Toad / Oracle native application with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password verification and reset automation jobs using native Oracle RDBMS connection
  • Added support for IBM PC5250 terminal emulator native application with the ability for high-trust login with session and session events recording including indexed playback as well as event- or time-based password reset automation jobs using native AS/400 connection

Extensions

  • Added HTTPS access option for the newly installed application using generated self-signed certificate
  • Added the option to automatically configure Active Directory connection to AD Global Catalog referencing a root of the AD forest in case a connection to AD Global Catalog could be established
  • Added the option to reset a local user password using XTAM control utility
  • Added script placeholder parameter {{PAMLOGIN}} to designate the login of the user executing the job on-demand
  • Added an indicator of an enabled or hidden record type to the record types list
  • Added the option to mass enable or disable multiple selected record types
  • Added the option to select / unselect all record types

Fixes

  • Fixed the issue with prompting for credential and host for non RDP or SSH records that do not include these fields in the record types
  • Fixed the issue with a bread-crumb navigation to the list of command control policies on the command control editing screen
  • Fixed the issue with a Cancel button on a record type editing page
  • Fixed the issue with the early expiration time of self-signed certificates for the internal component communications
  • Fixed the issue with displaying the usage information of the XTAM control tool if run without parameters
  • Fixed the issue with on-demand execution of password reset and script with parameters with factory default scripts
  • Fixed the issue with the attempt to run XTAM GUI as a remote process
  • Fixed the issue with MS SQL Server record type name and description for new software installations
  • Fixed the issue with excessive internal message reporting in the system log in the default installation
  • Improved performance of remote application launcher on the remote applications host
  • Added an interactive option to provide a secret to encrypt to the XTAM control utility
  • Fixed the issue with saving video recordings and also system exports to Windows shares configured with UNC path
  • Fixed the issue with reporting errors and completing sessions when failure to save session recording
  • Added a confirmation message after saving or creating a record type
  • Fixed the issue with better error message when deleting a script which is in use

back to top


Release 2.3.201804012143 (April 1, 2018)

Features

  • Added support for workflow controlled access to Cicso devices with high-trust login (without revealing password), automatic high-trust switch to enable mode, session and in-session events recording as well as heart-beat monitoring and password change option for users

Extensions

  • Improved performance of launching high-trust sessions with native applications on the remote application hosts

Fixes

  • Fixed the issue with using the configured user for remote XTAM node operation
  • Fixed the issue with refreshing password formula screen by clicking on the last bread-crumbs navigation item
  • Fixed the issue with the blanket error message on the JS console when saving scripts
  • Fixed the issue with recording system related information to keystroke recording report when performing high-trust login with switch user for Unix destinations, AS/400 and Cisco enable mode
  • Improved error reporting about failed notification process
  • Fixed the issue with the availability of user controls during launching sessions with native application on remote application host
  • Improved support to connect to remote Windows computers using remote PowerShell method
  • Fixed the issue with loading default script from the factory supplied template when executing scripts on remote devices in both local and remote XTAM node execution scenarios
  • Fixed the issue with bread-crumbs navigation to the records list from the record editing screen

back to top


Release 2.3.201803252244 (March 25, 2018)

Features

  • Added support for workflow controlled high-trust login (without revealing password) to IBM AS/400 computers with the session recording and session events recording options
  • Added support for workflow controlled access to MySQL Workbench Remote Application with high-trust login without revealing password, session and in-session events recording
  • Added support for file transfer events recording for files upload and download during active sessions to remote computers
  • Added support for remote XTAM job execution node securely communicating with the central XTAM Vault to support scenarios with cloud hosted XTAM Vault serving on-premises network or centrally located XTAM Vault serving several remotely isolated networks for password reset, password reconciliation, heart-beat, local administrators management and elevated script execution activities

Extensions

  • Added a confirmation dialog when saving record types

Fixes

  • Fixed the issue with the message on the confirmation dialog when deleting a record type
  • Fixed the issue with selecting MS SQL Server authentication when logging in using MS SQL Server Remote Application high trust login
  • Fixed the issue with bread-crumb navigation back to the list of queries from the discovery query editing screen
  • Fixed the issue with Local Groups list displaying the number of found objects
  • Fixed the issue with Discovery Queries list displaying the number of found objects
  • Fixed the issue with the menu label for the Instant Video Playback option on the Sessions report
  • Fixed the issue with reporting successful execution result about successful heart-beat check for Unix records
  • Fixed the issue with host and credentials popup screen appear for records other than SSH or RDP records
  • Fixed the issue with enabling Active Directory integration during installations on Linux servers
  • Fixed the issue with default system administrator login name created during installations on Linux servers

Labs

  • Labs: Added a configurable option to HTTP Proxy port using system parameter http.proxy.port=xxxxx

back to top


Release 2.3.201803182321 (March 18, 2018)

Features

  • Added support for native applications launched on the application host farm with high-trust login, session and session events recordings and the load balancing support for multi-host server application farms
  • Added support for MS SQL Studio Remote Application with high-trust login without revealing password, session and in-session events recording

Extensions

  • Added the option to scale the session video playback in the Quick Player to the size of the player with the option to dynamically resize the playback with the player size
  • Added the option to supply factory default scripts that could be updated with the application update with the option to restore a script to factory default
  • Added application expiration warning when the application is activated but expired

Fixes

  • Fixed the issue with incorrect Session Timeout message
  • Fixed the issue with the user that has an Auditor global role accessing record and system sessions, session events reports as well as sessions playback
  • Fixed the issue with connecting to VNC hosts without asking for host and credential information
  • Fixed the issue with the confirmation message for the system import
  • Fixed the issue with encrypting imported data
  • Fixed the issue with script execution for blank records expecting user entry for user or password
  • Fixed the issue with closing stale sessions
  • Fixed the issue with enabling ADS security for the existing old deployments

back to top


Release 2.3.201803112233 (March 11, 2018)

Features

  • Added support for command line file transfer from remote Unix server to the local computer during active session using XTAM tool (xtam -d FILE)
  • Added support for quick file transfer from remote Windows server to the local computer by copying (drag-and-drop) file to Downloads folder of the XTAM Drive on the remote server that triggers file download in the session browser
  • Added support for file upload to a remote server using drag-and-drop operation to the session screen. For Windows remote server the file uploads to the root of the XTAM drive. For Unix remote computers the file uploads to the root of the current users home directory unless the destination changed using XTAM tool (xtam -s DIRECTORY)
  • Added the option to subscribe for in-session key stroke events to receive alerts and email notifications when certain key sequence typed during sessions

Extensions

  • Added support to display large lists of discovered hosts with the options to search the list and export the list into CSV and PDF formats
  • Added the option to import host records referencing other records either by name (use Reference column in the import file) or by ID (use ReferenceId column in the import file)
  • Added support to deploy the XTAM tool to a remote Unix server using in-session toolbar button. Use XTAM tool to initial file download to a local computer using command line (xtam -d FILE) or to configure a default directory for drag-and-drop file uploads (xtam -s DIRECTORY)
  • Added the option to edit a set of special characters that could be used in a password formula

Fixes

  • Fixed the issue with the audit log of long messages
  • Fixed the issue with the task execution of the scripts that return long results
  • Fixed the issue with Discovery Query types displaying out of the right screen border when creating new discovery query
  • Fixed the issue with more clear GUI controls for Checkout Required and Checkout Disabled options on the access request screen including context help
  • Fixed the issue with the wrong label for the Back button on the session event detail page
  • Fixed the issue with the Thursday label on the script execution policy configuration screen
  • Fixed the issue with bread-crumbs navigation for the discovery / query / hosts / host hierarchy
  • Improved the application update process including graceful shutdown of internal services before update
  • Fixed the issue with incorrect total count of sessions on the sessions report
  • Fixed the issue with the error message about white- and black-listing of commands
  • Fixed the issue with the error message when deleting a record that is in use as a reference record
  • Fixed the issue with error reporting when mass deleting objects from the system
  • Fixed the issue with screen title for mass delete log screen

Labs

  • Labs: fixed the issue with shutting down HTTP Proxy server during the application update before deploying and starting up the new version
  • Labs: Added support to complete HTTP sessions based on the heart-beat sync traffic
  • Internal: Added the script injection into the download page that controls heart-beat sync as well as screen decoration and recording in the future
  • Labs: Added information panel to the HTTP session

back to top


Release 2.3.201803042208 (March 4, 2018)

Features

  • Added the option to checkout records for an exclusive access with the support of check-in, checkout timeout, emergency override and one-time password use
  • Added the option to change record type when editing a record inheriting tasks, command control and scheduling policies as well as password formula configurations but preserving audit log and history of the original record

Extensions

  • Added the option to display the list of active sessions by user on the record view
  • Improved the time display on the quick player for session recordings
  • Improved the animation style of the quick player for session recordings to prevent scroll-bar appearance on fade out
  • Added support to display currently selected workflow template when submitting access request
  • Added request originator for grant requests to the access request detail screen
  • Added checkout expiration time to the record view for checked out records
  • Added task execution (and password reset) policy trigger for record check-in event

Fixes

  • Fixed compatibility issues with Internet Explorer browser
  • Fixed the issue with displaying other user requests when they are submitted but not yet approved
  • Fixed the issue with filtering session report by session type (Active, Completed)
  • Fixed the issue with screen labels on the grant operation log screen
  • Fixed the issue with incorrect color coding of successful connect operation on the record view screen
  • Fixed the issue with resetting password on Windows computers with certain communication speed
  • Fixed the issue with display labels of job types on the Job History, Audit Log reports as well as on the Record View screen
  • Fixed the issue with overloading Windows session manager when accessing RDP sessions using the system with IIS load balancer
  • Fixed the issue with updating local users created before switching to ID based user identification

Labs

  • Fixed the issue with high-trust login to a WEB Portal through the HTTP Proxy in case of subdomain-based authentication (such as Hubspot.com)

back to top


Release 2.3.201802261457 (February 26, 2018)

Features

  • Added the option to display video recording of a key sequence, clipboard transfer of other session event in the session player
  • Added the option to mass execute scripts for multiple hosts based on Active Directory query without the need to import hosts to the system vault
  • Added the option to export Audit Log, Inventory, Job History, Job Summary, Requests, Sessions, Session Events, Users, Workflows and Alerts reports to PDF format that includes records from all pages of the report

Extensions

  • Added a modern visual appearance and user experience for the session recording player
  • Added the option to delete local users and groups from the local directory
  • Added task name to the audit log records about script execution
  • Added host, task and result to the job details screen
  • Added the option to display job numbers instead of the actual jobs on the record view screen for large number of scheduled jobs

Fixes

  • Fixed the issue with starting up background services responsible to software heart-beat, download, update, export and import triggering
  • Fixed the issue with Cancel button on the Create New Record screen navigates to the parent folder instead of the root folder
  • Fixed the issue with exporting all pages of Session Events report to CSV and PDF formats
  • Fixed the issue with exporting all pages of Requests report to CSV and PDF formats
  • Fixed the issue with exporting all pages of Alerts report to CSV and PDF formats
  • Fixed the issue with exporting all pages of Record level Audit Log report to CSV and PDF formats
  • Fixed the issue with creating a record of a record type that does not have fields but its parent record type does
  • Fixed the issue with the discovery script to list local administrators to work for both old and new PowerShell COM implementations
  • Fixed the issue with executing PowerShell commands on slow remote computers
  • Fixed the issue with reporting queue status as a number instead of the label in the audit log records about script executions
  • Fixed the issue with rudimentary Export to Excel, Print and Copy options for system reports
  • Fixed the issue with error reporting when accessing session recordings
  • Fixed the issue with incorrect screen title for adding a user to a group dialog
  • Fixed the issue with preventing a local group to be added to itself
  • Fixed the issue with creating a local group by an Active Directory user
  • Fixed the issue with deleting record types that have associated tasks

Labs

  • Fixed the issue with HTTP Proxy accepting connections from remote computers
  • Fixed the issue with transferring extra data when querying sessions using application API

back to top


Release 2.3.201802191023 (February 19, 2018)

Features

  • Added support for managing membership of a local Administrator group on multiple remote Windows end points
  • Added support for password reconciliation for local accounts on remote Windows end points
  • Added Jobs Summary report displaying summary of job executions per day with the counts by tasks, execution status and result with the search and export options as well as the options to drill down to the individual job details and display the aggregated results in a graphical trend chart
  • Added Session Events report displaying system wide sessions events such as key sequences, file and clipboard transfers across all sessions with the search and export capabilities

Extensions

  • Added support to display relative time of event according to session create time in the Session Events reports
  • Added Windows Local Administrators Group Cleanup script to the script library
  • Added the Windows password set script to the script library that does not require old password to set a new one. This script requires account with Administrator rights to execute.
  • Added context help for Language preference setting as well as for Language global parameter
  • Added mass select and unselect actions to the discovery screen displaying the list of discovered hosts
  • Added Cancel button to the On-Demand password change screen

Fixes

  • Fixed the issue with ordering task lists in the execute action on the record view
  • Updated server side message translations for some languages
  • Fixed the issue with sorting Manage actions on the folder and record level as well as Grant actions on the record view screen
  • Fixed the issue with double connect audit record in the situation of failed first connect with the consequent successful connection repeat
  • Fixed the issue with secure date field displaying null on the record view screen
  • Fixed the issue with secure date field displaying raw unformatted date string after unlock
  • Fixed the issue with formatting when copying to the clipboard unlocked secured date fields
  • Fixed the issue with unclear record description when searching for shadow records
  • Fixed the issue with shadow record selection dropdown is covered by the application status bar at the bottom of the screen
  • Fixed the issue with deleting records that contain recorded session events
  • Fixed the issue with incorrect confirmation message when deleting records and folders (reversed ones for records and folders)
  • Fixed the issue with the incorrect error message when deleting a record which is a shadow record for some other record
  • Fixed the issue with using a proper task name in the confirmation message for the schedule action on the on-demand password change screen
  • Fixed the issue with resetting Windows passwords that contain hash character
  • Fixed the issue with executing remote task in case when not all fields are defined in the record
  • Fixed the issue with the incorrect Select button name on the mass task execution screen as well as on the command control restriction definition screen

Labs

  • INTERNAL: Added the option to download auto-generated HTTP Proxy certificate
  • INTERNAL: Added system property option to auto-start HTTP Proxy server. Added HTTP session manager to experiment with HTTP sessions. Added the option to launch an HTTP session from the records with associated session manager

back to top


Release 2.3.201802112225 (February 11, 2018)

Features

  • Added the option to switch application language for the whole application or individually for a user in preferences

Extensions

  • Added the option to define formula for any record type that does not have a formula yet
  • Updated Copyright year on the application About screen

Fixes

  • Fixed the issue with session join operation opening a new session to a remote computer
  • Fixed the issue with resetting passwords for domain users on Windows computers using remote PowerShell method
  • Improved the permissions logic of My Sessions report to include only sessions that a current user initiated or the sessions started for records the user owns
  • Fixed the issue with displaying action menu items for the users without permissions to use them in the My Sessions report
  • Fixed the issue with displaying Events, Join, Terminate, Download and Convert actions for administrators and record owners only even if the record displays in the session report because the current user is the session originator
  • Fixed the issue with attaching a formula from the parent record type when creating new record type.
  • Fixed the issue with defining helper placeholder for number fields
  • Updated right-side dropdown menu for the objects in the record list to open on the left side of the button to have more space
  • Fixed the issue with enabled Go to Parents button on the root folder
  • Fixed the issue with drop down actions menu on the workflow bindings list moving out of the right border of the browser

back to top


Release 2.3.201802042258 (February 4, 2018)

Features

  • Added the option to reset a password for a Windows account including update of dependent services
  • Added Request Approval Matrix (Workflows) report displaying all workflow bindings with high level objects associated with these bindings, binding details and workflow template approval steps with actors and ranks with the option to export the report to CSV spreadsheet
  • Added support for Choice field in the record types with the option to secure the field
  • Added support for multi-line Text field in the record types with the option to secure the field
  • Added support for Date field in the record types with the option to secure the field

Extensions

  • Added support for automatic restart of dropped connections to remote computers for all supported protocols to improve stability of remote sessions
  • Added the option to copy unlocked secret to the clipboard using a button
  • Added the option for auditors to review scripts in the scripts library
  • Added support to show a warning badge in a session window when connection is lost
  • Added the option for a script to communicate execution feedback back to the XTAM framework display in the Result column of the report
  • Added managed.path, item.id and request.id placeholder for alerts notifications
  • Added Description field to scripts definitions
  • Added the option to sync Active Directory group with the Active Directory
  • Added default script descriptions for out of the box scripts for initial software installations

Fixes

  • Fixed the issue with re-sizing RDP session during initial connect to fit the screen by opening the new session with the right size right away
  • Fixed the issue with granting access to records based on workfow bindings associated with groups from user directories different than the one where the currently logged in user belongs
  • Fixed the issue with displaying Windows specific commands (such as Start PowerShell) in the Command Control prompt in non-Windows sessions
  • Fixed the issue with searching Job History report by task and user
  • Fixed the issue with detecting the script failure for Remote PowerShell execution strategy
  • Fixed the issue with detecting password reset failure for Remote PowerShell method of resetting password
  • Improved error reporting from Remote PowerShell password reset script
  • Fixed the issue with exporting Job History report to CSV spreadsheet
  • Fixed the issue with ordering field type selection when creating or editing fields
  • Fixed the issue with defaulting field type selection for new fields to String
  • Fixed the issue with messages about license expiration
  • Fixed the issue with displaying error message when deleting a script in use
  • Fixed the issue with incorrectly positioned Schedule button on the On Demand password change screen
  • Fixed the issue with executing custom password reset scripts for Windows computers
  • Fixed the issue with triggering on-demand password reset option for script with old and new styles of password placeholders
  • Updated the refresh icon on the script editor and script listing screens
  • Fixed the issue with the sort order on the local users and local groups lists
  • Fixed the issue with importing previously exported data into the system
  • Fixed the issue with system initialization during the installation
  • Added Importing Complete message at the end of the importing process
  • Fixed the issue with the availability of a Helper option for the non-String fields

back to top


Release 2.3.201801282245 (January 28, 2018)

Features

  • Added Users Report displaying information about local and Active Directory users and groups accessing the system with last activity time and location, groups they belong to, global roles, MFA tokens, and count of accessible objects and associated audit events with the option to review accessible objects, audit log events, reset MFA token, and clean or sync cached data
  • Added Inventory report displaying all objects with name, reference number, type, author, editor, created and modified dates, last successful and attempted connectivity actions with a time stamp, permission inheritance status and the list of permissions with the option to review associated object audit events and navigate to an object
  • Added the option to grant one time access to connect, unlock or execute operations to specified users with the option to request approval from other stakeholders

Extensions

  • Added support for recording and reporting last user location
  • Added a Session report to a Report section for an auditor access with the option to review sessions and session events
  • Added a Requests report to a Report section for an auditor access
  • Added the option to enter active directory password from the console when performing integration with Active Directory using command line utility
  • Added the option to exclude commands, arguments and pipe redirections from a white- or black-list Command Control policy definitions
  • Added the option to bind workflow templates to everybody from everywhere by not specifying either principals or IP filter
  • Added in-session Command Control macros /cmd_admin and /ps_admin to start privileges command line and PowerShell prompts on Windows computers accessed with command control restrictions
  • Added in-session Command Control tooltips for helper toolbar buttons
  • Added in-session Command Control dropdowns to command input toolbar to run privileged command line shell and PowerShell prompts
  • Added support for for separate logout action for Windows and Unix hosts in in-session command control prompt
  • Added support for for /ctrl-c command for Unix sessions in in-session command control prompt

Fixes

  • Improved stability of session connection to remote computers by implementing automatic server side keep-alive process
  • Fixed the issue with CSV export generating reports for all records on all pages for Audit Log, Job History, Users, Inventory and Session reports
  • Fixed the issue with reporting user, notification and subscription details when failing to send alert email notification
  • Added the option to auto-unsubscribe from all notifications and clearing up an alert cache when removing a user from the system cache on Users Report
  • Fixed the issue with importing Workflow Template Actors from the system export files
  • Fixed the issue with session recording status shows as In Progress for sessions not being recorded on the Sessions report
  • Fixed the issue with prompting for destination host and credentials in case none of it is defined in a record
  • Fixed the issue with creating password verification job for an incomplete records without host or user information
  • Fixed the issue with locking the in-session command control prompt when executing a command
  • Fixed the issue with handling timeout in the in-session command control prompt when executing a command
  • Fixed the issue with loosing all tasks but one when making task manager unique for a record
  • Fixed the issue with the Statistics report title

back to top


Release 2.3.201801212136 (January 21, 2018)

Features

  • Added support for Command Control associated with active RDP and SSH sessions that allows to restrict commands (and parameters) entered by an operator based on configured white- or black-lists
  • Added Split View option allowing to display part of a password for different groups of users for two-person (segregation of duty) access to sensitive information
  • Added support for location based access to managed servers and devices
  • Added the option to require request approval based on user location for remote access, remote script execution and unlock of sensitive information
  • Added the option to prompt for the target host while using credentials on record when connecting to remote computers and devices
  • Added the option to prompt for the target credentials while using host on record when connecting to remote computers and devices
  • Added the option to validate record credentials after record creation or update as well as on schedule or on-demand in bulk for multiple selected records

Extensions

  • Added the option to define more complex password formula including minimum number of upper and lower case characters, numbers, special characters or white spaces as well as maximum and minimum password length boundaries and whether a password can contain a user name as a subset
  • Added the option to display all rows in Job History, Audit, Workflow Instances, Alerts and Session reports for export purposes
  • Added the option to filter session report by custom time range
  • Added the option to subscribe to alert notifications based on the audit log message in addition to a folder, a record, a category, a level and an event
  • Added Reports section in the navigation area including Audit Log, Job History, Sessions and Statistics reports
  • Added the function to record the last time when a user accessed the system

Fixes

  • Fixed the issue with managing multiple unrelated global roles for the same user
  • Fixed the issue with breadcrumb navigation from workflow binding configuration to the host record or folder
  • Fixed the issue with the icon for the refresh workflow binding action
  • Fixed the issue with data formatting when exporting Session report
  • Fixed the issue with for refresh button on Audit, Job History, Sessions and Workflow reports
  • Fixed the issue with row count on the session report
  • Fixed the issue with displaying task name on the Job Queue section of the record view
  • Fixed the issue with displaying queue status on the record view Job Queue section
  • Fixed the issue with export and import support for workflow, command control, session event recording, data update and item relationship modules as well as with importing audit log, job history records
  • Fixed the issue with importing system data when some of the records have errors during import
  • Changed the name of Management / My Sessions report
  • Fixed the issue with the title of the Audit Log report
  • Fixed the issue with including mouse movement in session recording

Labs

  • INTERNAL: Added track-able named data patch system
  • INTERNAL: Added shortcut commands and quick access buttons for Command Control window to open command line and PowerShell prompts on Windows computers as well as to switch windows, logout, exit shell, show desktop
  • INTERNAL: Added command history support using Up- and Down-Arrows for command entry window for the sessions with Command Control enabled

back to top


Release 2.3.201801142228 (January 14, 2018)

Features

  • Added the option to define request workflow configurations for individual folders and records with the nested folder inheritance option down from nested folders to records for group configuration
  • Added support for collecting and displaying information about a status of a last time login to a remote computer whether caused by a session connect or a task execution
  • Added the option to capture client side IP address, display it in the audit log report with the search by IP option and stream to syslog servers

Extensions

  • Added Manage option for folders and records to combine managing functions for Permissions, Formulas, Workflows and Tasks
  • Added confirmation message for the task execution
  • Added the option to mass select and mass unselect workflow bindings
  • Added the option to mass delete selected workflow bindings
  • Added the option to mass select and mass unselect requests for approval to approve or to reject them
  • Added the option to reveal attempted password to the global administrators in cases when the password reset successfully on the remote device but failed to update the record in the system

Fixes

  • Fixed the issue with enhanced security of local user directory component in the default software installation
  • Changed Refresh button for folders to the icon-based button
  • Fixed the issue with generating alerts for folder structure with cyclic nesting folders
  • Fixed the issue with excessive amount of log records about the queue scan for event generation even when there is nothing scheduled
  • Fixed the issue with consistent date format for created and modified dates on the record view
  • Fixed the issue with the Scripts page title
  • Fixed the issue with the page name for workflow bindings
  • Fixed the issue with navigating to the parent folder using breadcrumb navigation from permissions, workflow binding and formula definition pages
  • Fixed the issue with duplicated scheduled exports
  • Fixed the issue with removing task from the record type task list in case the task has associated jobs run for some records of this record type
  • Fixed the issue with checking request workflow requirements for a user not included to any group
  • Fixed the issue with password reset functionality initiated for records with attached workflows
  • Improved system logging to troubleshoot password reset functionality
  • Added application version information to the system log to simplify application troubleshooting
  • Fixed the issue with the excessive error reporting in the system log about accessibility of XTAM update server from environments without Internet access
  • Fixed Copyright year to 2018 in the application footer
  • Fixed the issue with some cases of attempted password to reset transferred over the network and stored unnecessary
  • Fixed the issue with adding new probe accounts to the discovery query that does not have saved accounts yet
  • Fixed the issue with sampling domain controller that includes joined computer without some date parameters defined when creating discovery queries

Labs

  • Added the option to white-list and blacklist commands that a user can execute during an active session
  • Added the option to configure session command policy to white-list or blacklist in-session commands for selected record types, records and users with configuration inheritance from record types to individual records

back to top


Release 2.3.201801072216 (January 7, 2018)

Features

  • Added the option to request approval for remote task execution
  • Added the option to mass schedule on-demand execution of multiple tasks for several selected records and to request approval for executing remote scripts for multiple selected records as well
  • Added the option for break-glass recovery of sensitive information from encrypted system export using administration utility
  • Added the option to bulk copy, cut, paste and delete multiple selected records and folders

Extensions

  • Added the option to list records by matching name, description and host name in the export file using administration utility to support break-glass recovery
  • Added the option to extract sensitive information from the encrypted export file using administration utility provided the export file, record name or record ID and the master password to support break glass scenario
  • Added the option to schedule periodic export of system data
  • Added the option to request approval for the record Edit operation
  • Added support for auto-rejecting expired access requests
  • Added the option to specify custom time range to query Audit Log data
  • Added the option to specify custom time range to query Job History data
  • Added the option to specify custom time range to query Alerts
  • Added the option to specify custom time range to query Workflow Instances
  • Added bulk operations to mass copy, cut and delete records and folders for global administrators
  • Added the option to mass select and unselect records and folders in Bulk Actions menu
  • Added the option to mass request task execution approval

Fixes

  • Fixed the issue with executing commands using remote PowerShell on remote Windows computers first time after remote computer restart
  • Fixed the issue with executing commands on remote Windows computers using remote PowerShell during several minutes after initial failure to execute commands because of the network or OS issues
  • Improved feedback message about errors executing remote PowerShell commands
  • Fixed the issue with Warning message when terminating sessions
  • Fixed the issue with editing a record as well as establishing high-trust connection to a record with empty unlock task execution policy
  • Fixed the issue with displaying total count for job history report
  • Fixed the issue with displaying total count for Workflow Instances report
  • Fixed the issue with creating duplicate users in the local user directory
  • Fixed the issue with creating duplicate groups in the local user directory

back to top


Release 2.3.201712311800 (December 31, 2017)

Features

  • Added the option to trigger an emergency workflows for short requested durations
  • Added the option to schedule password reset after connection made to a remote device (reset is triggered based on the Unlock policy)
  • Added the option to request access for multiple selected records
  • Added the option to mass approve or mass reject access requests

Extensions

  • Added support for masking entered sensitive secret fields when editing records
  • Added support for masking new password field on the Change Password On-Demand screen
  • Added the option to display Session Report for sessions related to selected access request
  • Added the option to display access request that enabled a selected session in the Session Report
  • Added the option to display Request ID for cross-reference purposes on the list of requests, on the request information screen and on the list of My Requests and Requests for Approval
  • Added the option to search Requests by Request ID
  • Updated Audit Log report to include Request ID to request related messages
  • Added the option to select multiple records on the record list screen to perform mass operations involving multiple records
  • Added the option to display execution log about executing mass operations involving multiple records
  • Added the option to define tasks with specific password change routine different from the out-of-the-box implementation

Fixes

  • Fixed the issue with mis-configured SSO authentication in the default setup of the software with the load balancer
  • Fixed the issue with enabling SSO authentication in the default setup of the software on Linux OS
  • Fixed the issue with Save and Return option when creating a new record returning to the root folder by returning to the record view screen for a newly created record like Save and Return works for updating the existing record
  • Fixed the issue with renaming a group or a user in the local user directory reflects on the user or the group reference on permissions, workflows and navigation screens
  • Fixed the issue with refreshing the permission list after revoking permissions
  • Fixed the issue with saving scripts with names that contain special characters such as slash
  • Fixed the issue with failure to change password using Remote SSH strategy still updated the attempted password in a record
  • Fixed the issue with attempt to define workflow biding order as a decimal fraction
  • Fixed the issue with failed initial startup of the application on some operating systems that required forced re-deployment of the system WEB applications
  • Fixed the issue with browser extension connecting to XTAM server in some environments
  • Fixed the issue with browser extension populating form fields of wrong types (buttons, checkboxes, etc)
  • Fixed the issue with clearing the error message when refreshing Workflow Templates, Workflow Bindings and Workflow Instances views
  • Fixed the issue with deleting workflow templates that have associated instances
  • Improved error reporting when deleting workflow templates that have associated bindings
  • Fixed the issue with audit log message about deleting workflow templates
  • Improved detection of the successful password change for Remote SSH strategy by utilizing error code from the password change command and passing it to XTAM job engine (xtam passwd error code: N)
  • Fixed the issue with the ability to create or update a record type with the same name as already existing record type
  • Fixed the issue with cutting off long task names in the Execute action on the Record View screen when using the narrow browsers
  • Fixed the issue with cutting off long parent folder names in the Go to Parent action on the Record List and Record View screens
  • Fixed the issue with cutting off Connect options on the Record View screen when using the narrow browsers


Release 2.3.201712242255 (December 24, 2017)

Features

  • Added the option to continue active sessions even after requested access expiration (use ‘Session Request Enforcement’ global parameter with Continue option)
  • Added list view option to the file transfer browser for active RDP and SSH sessions
  • Added progress bar information during file transfer to remote computers

Extensions

  • Added current path bread-crumb navigation in the file transfer browser for active RDP and SSH sessions
  • Added refresh option to the file transfer browser for active RDP and SSH sessions initiated on-demand of when accessing the browser
  • Added the option to hide record types from the list when adding records
  • Added the option to search specifically for user groups when granting object permissions or global roles by using group:name syntax in the Add Principal search bar
  • Added support for masking current password in the record change history

Fixes

  • Optimized performance of integration with Microsoft Active Directory for large user directories

back to top


Release 2.3.201712172320 (December 17, 2017)

Features

  • Added support for time-limited sessions to remote computers with automatic session termination after time expiration
  • Added support for auto-populating WEB form fields in the browser extension when accessed by users with limited privileges

Extensions

  • Added Shift-Esc hot-key to display session information panel in the active session screen
  • Added support to automatically terminate a session started under opened request upon request expiration
  • Added the option to the browser extension to populate fields by their names in addition to IDs
  • Added the option for a browser extension to populate WEB form fields for records with Viewer permissions only
  • Added the option to display time to session expiration in the session window title bar for the sessions with approved access requests
  • Added the option to display the remaining time left for the session in the session control panel for the sessions with approved access requests
  • Added the option to display host and port information in the session control panel

Fixes

  • Fixed the issue with browser extension operations when XTAM URL is entered with the slash at the end
  • Fixed the issue with alphabetical display of ‘Parent Type’ dropdown when creating new record type
  • Fixed the issue with alphabetical display of ‘Go To Parent’ dropdown when viewing record
  • Fixed the issue with Create New Record Type form duplicated empty options for ‘Session Manager’ and ‘Parent Record Type’ dropdowns
  • Added support for an encrypted credentials transfer to a browser extension in case the Viewer option is enabled for the extension unlock process
  • Fixed the issue with the browser extension populating credential fields defined inside WEB page frames
  • Fixed the issue with the browser extension populating credential fields in case when multiple fields satisfy credential fields search criteria
  • Fixed the issue with the browser extension populating credential fields when hidden fields found by the field search criteria
  • Fixed the issue with the browser extension populating credential fields when multiples fields are found of the WEB page found by different criteria
  • Added XTAM page access method to the system debug logging
  • Fixed the issue with filtering audit log report by Workflow events
  • Fixed the issue with subscribing to system and item level Workflow events
  • Fixed the issue with displaying system alerts in the alert notification dropdown
  • Fixed the issue with downloading empty or corrupted files as well as the files with undetected types from record file fields
  • Fixed the issue with displaying an appropriate error message when deleting a record type in use
  • Changed Permission audit event to include the actual permissions that were changed in the message
  • Removed Event filtering selection from the audit report leaving the option to filter by events in the search box
  • Added confirmation screens for saving workflow templates and bindings
  • Fixed the issue with manual session termination
  • Fixed the issue with accessing information about currently approved requests by the user who did not request them
  • Fixed the issue with Session Manager labels in the audit log
  • Fixed the issue with the new user experience for the Join Session operation
  • Fixed the issue when keystrokes recording for joined sessions

back to top


Release 2.3.201712102225 (December 10, 2017)

Features

  • Added support for recording and reporting key sequences (including key modifiers) and clipboard transfer events that happen during active sessions to a remote computer
  • Added the option to setup request approval process for remote access operation for RDP, SSH, VNC and Telnet protocols to connect to Windows and Unix devices
  • Added the option to setup request approval process for password unlock operation.
  • Added the option to define custom checkbox fields in record types

Extensions

  • Added the user preference option to open RDP sessions in fixed user defined resolution instead of dynamic one that depends on the browser size
  • Added the option to connect to RDP console session in case a record has (checkbox) Console field set to true
  • Added the option to configure multi-steps approval workflows with sequential and parallel approval steps with local and Active Directory managed users and groups to support access request scenarios
  • Added the option to associate request approval workflows with system users in effect during the selected time (work hours, after hours, weekends or holidays) and operations protected by request approval process
  • Added the option to request protected operations for the specified time or for the specified time range in the future
  • Added the option to approve workflow steps, review the status of requests as well as alert and notify users about approving and completing access requests
  • Added the option to use user login, old and new passwords as place-holders ({{LOGIN}}, {{OLDPWD}}, {{NEWPWD}}) in custom password reset and task execution scripts

Fixes

  • Fixed the issue with creating certain records in the system setup with PostgreSQL database

back to top


Release 2.3.201712032239 (December 3, 2017)

Features

  • Added support for Telnet protocol including connect without disclosing account credentials, session recording and password unlock options

Extensions

  • Added script samples to query application API from PowerShell or Shell scripts using SSO / Federation authentication scheme

Labs

  • Labs: Added workflow template management screen to create, delete, update and publish workflow templates including multiple sequential steps and multiple ranked users / groups in each step.
  • Labs: Added workflow binding management screen to create, update and delete workflow association with users, selection times and activities.
  • Labs: Added the option to request Connect operation for users with the associated approval workflow from the record view screen including the indication of the status of the request approval process for GUI and API operations
  • Labs: Added the option to display Task List and My Requests under Management / My Workflows section
  • Labs: Added the option to approve or reject access requests
  • Labs: Added the option to display requests initiated by the current user
  • Labs: Added the option for administrators to see all workflow instances report in a paginated search-able export-able view (Administration / Workflows / Instances)
  • Labs: Added the option to display workflow instance status with the current approval stage on a separate screen
  • Labs: Added the option to see the current approval workflow state by the requester

Fixes

  • Fixed the issue with navigating to favorites area in certain situations
  • Fixed the issue with the visual artifact appearing when adding a new record using large Add Record button on the middle of the empty folder screen

back to top


Release 2.3.201711262226 (November 26, 2017)

Features

  • Added an instant player of recorded sessions that plays sessions recordings in the native format without the need to convert recordings to videos
  • Added display of a session host, port and account information to the session screen title
  • Added a full screen mode option for RDP, SSH and VNC sessions

Extensions

  • Updated SSO service to enable authentication made from external scripts calling the application API
  • Added Connecting… indicator for the session window title when connection to the destination device is not yet established
  • Added API examples to create, update, retrieve, search and share records as well as to create, list and share folders for basic authentication scenario
  • Added the user profile option to define individual user preferences based on the personalized global parameters
  • Added the global parameter as well as the preference to define session startup mode as to start in a regular window or in the full screen mode

Fixes

  • Fixed the issue with duplicated session records created by the servers with problematic web-sockets connectivity
  • Fixed the issue with blinking Shared with Me folder in the navigation menu for administrators and auditors
  • Fixed the issue with the visual artifact appearing on the software registration screen

Labs

  • 1
  • 2
  • 3

back to top


Release 2.3.201711192305 (November 19, 2017)

Features

  • Added support for file transfer to- and from- remote Windows systems through RDP connection channel using the current active browser session
  • Added the option to reset passwords as well as to execute scripts for “Unix Switch User” accounts performed after second login
  • Added support for new Office 365 login experience for the browser extension

Extensions

  • Added the option to configure and enforce password formula for the local users
  • Added support to hide the current screen after logging out from the application configured with the basic authentication
  • Added detailed message with the root cause of the issue when reporting details about the failed tasks or password reset commands
  • Added a link to an FAQ explaining common errors during tasks or password reset routine execution to a job detail page for failed jobs
  • Added daily rotating schedule for the application system log

Fixes

  • Fixed the issue with cleaning failed session recording rendering jobs
  • Fixed the issue with executing a task or a password reset routine for a Windows record with the local non-domain user defined with the domain notation
  • Fixed the issue with executing a task or a password reset routine for a Windows record using a Shadow Account with the local non-domain user defined with the domain notation
  • Fixed the issue with using slash and backslash in the search criteria when searching for records
  • Fixed the issue with failing the job in case of failure to access its code execution driver
  • Fixed the issue with Azure code execution driver
  • Fixed the issue with console execution drivers preventing execution of console-based tasks
  • Fixed the issue with the ability to save formula with too short length to match the selected options
  • Fixed the issue with deleting favorite records
  • Fixed the issue with Delete option available in the favorites area
  • Fixed the issue with Session Manager setup made it available for external access
  • Fixed the issue with the blanket “null” reference in every PowerShell error output
  • Fixed the issue with clean removing of Session Manager service from Windows computers
  • Fixed the issue with executing commands including double quotes on Unix computers using SSH remote strategy
  • Fixed the issue with automatic switch user option inside Websockets session
  • Added a system logging message to troubleshoot details of session traffic

back to top


Release 2.3.201711122302 (November 12, 2017)

Features

  • Added support for file transfer to- and from- remote Unix systems through SSH connection channel using the current active browser session
  • Added support for remote Unix system file explorer through SSH connection channel using the current active browser session
  • Added the option to reset password for AS400 server accounts
  • Added the option to reset password for Azure AD accounts
  • Added the option to add individual records to favorites
  • Added the option to show Favorite folders and records in a special section of the record navigator
  • Added a permission level for task execution activities with the ability to grant or revoke Execute, Review and Manage record tasks as well as to enforce granted permissions when executing, reviewing and managing record tasks
  • Added support for background rendering of session recordings to video files that allows users to leave the session report page while converting recordings to videos

Extensions

  • Updated labels on the Task Management screen for more consistent presentation
  • Added AS400 script execution and password reset driver
  • Added Azure AD script execution and password reset driver
  • Added out of the box record type for AS400 account information
  • Added out of the box record type for Azure AD account information
  • Added the option to search for favorites using item search
  • Changed Connect Control permission levels to become None, Connect (Always Recording), Connect (Optionally Recording)
  • Added Add/Remove from Favorites menu item to both left and right context menus in the record navigator
  • Added reference to the user initiated the task to the job history report
  • Changed labels for a Record, Session and Task Controls permission levels on the Permissions and Grant Permission screen
  • Added rendering service to the Worker process with a configurable thread pool for each application node
  • Changed labels of the thread pool configuration page to fit configuration for rendering service
  • Added the automatic auto-start configuration during the installation to Red Hat, Fedora and Centos Linux distributions

Fixes

  • Fixed the issue with enabled Save button when the create / edit script form is not completed yet
  • Fixed the issue with error message on the Create New script form
  • Fixed the issue with enabled refresh button on the Create New script form
  • Fixed the issue with the system logging configuration on some of the Linux installations
  • Fixed the issue with record type list appeared under the application status bar when selecting a record type to create a new record
  • Fixed the issue with enabled Save button and visual editing options for non administrators when reviewing scripts
  • Fixed the issue with removing In-Progress indicator when canceling the operation of canceling a scheduled job
  • Fixed the issue with deleting old video files rendered from the session recordings for review
  • Fixed the issue with installing the application to some Linux systems using un-privileged account

back to top


Release 2.3.201711052219 (November 5, 2017)

Features

  • Added support for the centralized management of Shell, PowerShell, VBScript and SQL scripts reusable for records and record types
  • Added support to configure and execute multiple tasks for the same record and record type

Extensions

  • Added support to manage task lists for record types with the option to schedule script execution time and triggers
  • Added support to manage task list for records with the options to schedule task execution time and trigger and to inherit task lists from record types or to make task lists unique
  • Added a reference to tasks into the Job History report
  • Added context help for the shadow account configuration
  • Added context help for Principal, Role, Global Role and Session Control on the grant permissions screen as well as to add a member to a local group and add a global role screen

Fixes

  • Fixed the issue with enabling session recordings
  • Fixed the issue with Save button enabled even when no user is selected on the permission grant screen as well as on adding users to global roles and adding users to local groups
  • Fixed the issue with Job History report export to Excel, CSV and PDF files as well as with printing to include object name and detailed message for all exported records
  • Fixed the issue with Download new version button is available for the up-to-date version of the application

back to top


Release 2.3.201710292221 (October 29, 2017)

Features

  • Added a Firefox browser extension to auto-fill login forms with credential information stored in XTAM Identity Vault
  • Added a Google Chrome browser extension to auto-fill login forms with credential information stored in XTAM Identity Vault

Extensions

  • Improved performance of interactive sessions to remote computers by utilizing faster communication protocol between a client browser and the XTAM server with fall back to the slower protocol in case the faster one cannot be used
  • Improved performance of interactive sessions to remote computers by leveraging a client side mouse pointer display instead of transferring excessive mouse events

Fixes

  • Fixed the issue with mismatched password generation and password validation routines
  • Fixed the issue with semi-columns in the password generation
  • Fixed the issue when numeric fields were failed to display in record view
  • Fixed the issue with password reset configuration for Windows record types
  • Fixed the issue with closing the idle session modal dialog before logout
  • Fixed the issue with executing PowerShell scripts that include double quotes
  • Added a global parameter for XTAM browser plugin custom field names for user and password
  • Fixed the issue with reused job strategy for Windows and Unix record types
  • Fixed the issue with editing password formula on record type level
  • Fixed the issue with reporting the object when updating a record or a record type password formula and job execution strategy
  • Fixed the issue with API permissions when updating formula or strategy on record or record type level
  • Fixed the issue with redirecting to login page after application logout when using SSO authentication server

back to top


Release 2.3.201710222229 (October 22, 2017)

Features

  • Added the option to reset passwords for MS SQL Server database accounts
  • Added the option to execute SQL statements as policy based or on-demand scripts for MS SQL Server databases
  • Added the option to reference a record from another record with the purpose to reuse the account information in multiple records
  • Added the option to define, schedule on-demand and execute scripts with parameters
  • Added the option to automatically logout user from the application after inactivity timeout controlled by a global parameter

Extensions

  • Added a framework for dynamically loaded job execution strategies
  • Added a Database record type with database host, port, user and password fields
  • Added an audit log event for change history access

Fixes

  • Fixed the issue with enabling URL navigation for secure fields
  • Fixed the issue with syntax highlighting in the strategy script editor
  • Fixed the issue with indexing WEB Portal record URL field
  • Fixed the issue with disabling a script editor when displaying a strategy inherited from its record type
  • Fixed the issue with editing record type job execution strategy
  • Fixed the issue with deleting a record with attached job history
  • Fixed the issue with logout option dynamically detecting basic and SSO authentication mechanism in both toolbar and user drop down menu choices
  • Fixed the issue with refreshing job history report after canceling one of the jobs
  • Fixed the issue with listing strategy drivers on the strategy screen in alphabetical order
  • Fixed the issue with logout function for various browsers in both basic and SSO authentication modes
  • Fixed the issue with navigating circularly nested folders
  • Fixed the issue with displaced Connect and Execute / Reset buttons for some browser dimensions in the record view toolbar
  • Fixed the issue with accessing global parameters by the user with little permissions (specifically, inactivity timeout)
  • Changed trial time to 30 days
  • Fixed the issue with displaying Job History button for the records with no strategy
  • Fixed the issue with creating records by non-supervisors in the folders they can create records in
  • Fixed the issue with Audit Log button (but not the log itself) available for the record non-owners
  • Fixed the issue with selecting Shared With Me menu sometimes switched to All Records
  • Fixed the issue with recording an object in the audit log record about updating a policy

back to top


Release 2.3.201710152245 (October 15, 2017)

Features

  • Added the option to automatically terminate an active session after inactivity timeout
  • Added touch support for session screen on mobile devices with the drag-and-drop option
  • Added an out-of-the-box record type for WEB Portal with clickable URL, User and Password fields
  • Added new English layout keyboard without page controls and arrow keys

Extensions

  • Added the option to display clickable URLs in name, description as well as in custom string fields
  • Added the confirmation message about saving a script execution strategy
  • Added the option to display Shared With Me content to the navigation menu for the users without global roles like system admin or auditor

Fixes

  • Fixed the issue with displaying time with seconds on both system and record level session report
  • Fixed the issue with confirmation messages display in Internet Explorer browsers on the application GUI
  • Fixed the issue with displaying record types in the alphabetical order in Add Record dropdowns as well as on the record type editing screen
  • Fixed the issue with sharing records with users name found using wildcard character

back to top

Release 2.3.201710082246 (October 8, 2017)

Features

  • Added the option to display on-screen keyboard during active RDP, SSH or VNC session to remote computers
  • Added the option to transfer clipboard content to and from remote devices during active RDP, SSH or VNC session to remote computers
  • Added the option to display session control panel diring active RDP, SSH or VNC session to remote computers including the keyboard and clipboard controls as well as information messages and indicators

Extensions

  • Improved error logging when importing records from external sources
  • Added search by event in the audit log report
  • Added the option to close the session window automatically after successful completion of the session
  • Improved error reporting about the password change on Unix hosts in the Job History view
  • Added confirmation screens for saving password formula

Fixes

  • Fixed the issue with multi-protocol discovery query updating already discovered and connected host with the information related to different different protocol
  • Fixed the issue with the ability to create custom fields with spaces in the field name
  • Fixed the issue with resetting unix passords using SSH or SSH with Shadow Account strategies
  • Fixed the issue with resetting unix password using the strategy involving shadow account
  • Fixed the issue with handling errors in resetting password on Unix hosts

back to top

Release 2.3.201710012244 (October 1, 2017)

Features

  • Added global role for Auditors with the ability to view all folders and records, record and system wide audit log, job history and session reports but without options to create, modify or unlock records or manage system configuration

Extensions

  • Updated the visual appearance of the Initialize button when the application initialization is in progress
  • Updated audit logging to send more information when streaming logging activity to syslog server
  • Added example configuration for syslog integration
  • Added extended error processing about duplicate or too long object names and existence of parent folder when importing records using CSV spreadsheet
  • Added the option to assign global application wide roles with currently implemented System Administrator and Auditor roles
  • Added the option to filter discovered hosts report by hosts with opened ports or by successfully connected hosts
  • Added the option to view details of the discovered host by clicking on the View button instead of clicking on the host record in the host list

Fixes

  • Fixed the issue with creating a local group with empty group description
  • Fixed the issue with double system initialization when clicking several times on Initialize button during application setup
  • Fixed the issue with using passwords that contain special characters during installation when creating new local administrator, connecting to external database or directory services and when connecting to LDAP (Active Directory)
  • Fixed the issue with spelling messages during import from CSV spreadsheet process
  • Fixed the issue with reporting secret fields in the error log during import operation
  • Fixed the issue with displaying latest alerts in the notification window popup in the top navigation bar
  • Fixed the issue with displaying session report button for records without session manager defined
  • Fixed the issue with users without Connect permissions joining the session using the sessions report
  • Fixed the issue with non-record owners capable to terminate active sessions
  • Fixed the issue with non-global admin with appropriate permissions accessing job history details
  • Fixed the issue with a user other than a record owner with full connection permissions copying or cutting objects with a potential to paste them into the locations with elevated privileges

back to top

Release 2.3.201709261609 (September 26, 2017)

Features

  • Added the option to mass import records from CSV spreadsheet

Extensions

  • Optimized both Windows and Unix installers to use smart wait to connect to Directory Services

Fixes

  • Fixed the branding issues with Linux installer
  • Fixed the issue with too much information printed during Windows installation
  • Fixed the issue with connecting to external databases during Windows setup
  • Fixed the issue with executing maintenance commands from linux installation command linke administration tool
  • Fixed the issue with updating a record with the empty custom data
  • Fixed the issue with strategy script and job queue message operations compatibility with MS SQL Server (or any other back-end RDBMS that does not support CLOB data types)

back to top

Release 2.3.201709242244 (September 24, 2017)

Features

  • Added the option to reset password or execute script jobs based on the Check-In policy after creating or updating a record as well as importing a record from discovery query results

Extensions

  • Added the option to connect to remote computers from the record view list using a shortcut
  • Added the option to share folders and records from the record view list using a shortcut
  • Added script functions to simplify access to the store API from PowerShell scripts
  • Added default application properties to enable deployment of federated authentication service with embedded Google Authenticator with JPA as well as Duo Security providers
  • Added the option to check status of Directory Service to the command line administration tool

Fixes

  • Updated job execution queue report to display scheduled time of execution instead of time of creation
  • Updated job execution queue on the record view to display scheduled time of execution instead of time of creation.

back to top

Release 2.3.201709172238 (September 17, 2017)

Features

  • Added the option to search for uniquely permissioned items (folders or records) using permissions:unique, acl:unique or a:unique search query
  • Added the option to search for items with unique policy configuration by using policy:unique or p:unique search query
  • Added the option to search for records with unique password formula using formula:unique or f:unique search query
  • Added the option to search for records with unique job execution strategy using strategy:unique or s:unique search query
  • Added the option to search for records by session manager using session:rdp, session:vnc, session: or sm:, sm:ssh, etc search query
  • Added the option to search for records by record type using type:RecordType or t:RecordType search query
  • Added the option to search for records and folders accessible by a given user or group by using permissions:User, acl:User or a:User search query
  • Added the option to import records from PuTTY SSH and telnet client for Windows

Extensions

  • Added visual indication for mandatory folder name field on the screen that creates or updates folders
  • Updated file upload button for file type fields (such as on the Certificate records)
  • Added the option to store Google Authentication configuration in the system database as an alternative to the file on the file system
  • Added example configuration to use Duo Security as a two-factor authentication provider
  • Added a mechanism to update system data after application update based on the information whether the data not updated yet during previous updates
  • Added application data update that adds VNC session manager as well as default VNC record type for the deployments implemented before VNC connection was introduced
  • Added script samples to query application API from PowerShell or Shell scripts using basic authentication scheme

Fixes

  • Fixed the issue with periodic jobs running out of schedule in case of failed execution
  • Fixed the issue with records and folders count when searching records
  • Fixed the issue with screen resize when displaying sessions

back to top

Release 2.3.201709102209 (September 10, 2017)

Features

  • Added the option to import records from Windows Remote Desktop Connection Manager

Extensions

  • Improved creation of records by making record name a mandatory field on the record creation screen
  • Improved creation of folders by making folder name a mandatory field on the folder creation screen

Fixes

  • Fixed the issue with periodic execution of script execution jobs
  • Fixed the issue with connection screen resize on the retina displays

back to top

Release 2.3.201709032322 (September 3, 2017)

Extensions

  • Added highlighted initial actions area for empty folders and empty root folder to emphasize Create Folder and Create Records as first logical actions to take in an empty folder
  • Improved visual appearance of the Actions button on the records list
  • Removed five records limitation from un-activated software

Fixes

  • Fixed the issue with executing daily password reset policy after the first execution
  • Fixed the issue with receiving INFO email alerts when subscription is set to Error only
  • Fixed the issue with displaying error message when pasting or linking records
  • Fixed the issue with importing discovered record that contains special characters in one of its properties
  • Fixed the issue with deleting records that have associated notification subscriptions
  • Fixed the issue with legacy labels for job execution policies in the Job Execution and Audit Log reports
  • Fixed the issue with the column sorting on Job History report
  • Fixed the issue with the ability to edit inherited policy, formula and strategy information on the GUI screen
  • Fixed the issue with the ability to edit inherited individual ACL permission entry

back to top

Release 2.3.201708272334 (August 27, 2017)

Features

  • Added the option to configure multi-factor authentication to login to the system

Extensions

  • Added the option to configure detailed troubleshooting logging for authentication process
  • Added the option to display user thumbnail in the application navigator when available
  • Improved performance of system and record level Job History report by implementing server side pagination and search

Fixes

  • Fixed the issue with configuring SSO authentication service during initial installation on Windows computers
  • Fixed the issue with MAC OS artifacts appeared in the installation folder after SSO module deployment.
  • Updated the message about unactivated software limitations with the suggestion to download the license
  • Fixed the issue with using domain notation when adding system administrators
  • Fixed the issue with GUI artifacts when reporting active sessions
  • Fixed the issue with initial column sizes for audit log, job history and session reports
  • Fixed the issue with navigation to a record using breadcrumb from Job History view

back to top

Release 2.3.201708202206 (August 20, 2017)

Features

  • Increased trial time to 60 days

Extensions

  • Optimized performance of GUI operations involving records by minimizing amount of information interchanged between server and the desktop
  • Improved performance of system and record level Audit Log report by implementing server side pagination and search
  • Improved performance of system and record level Sessions report by implementing server side pagination and search
  • Improved performance of Alerts report by implementing server side pagination and search

Fixes

  • Fixed the issue with placeholder resolution in email templates
  • Fixed XTAM rebranding in email templates
  • Fixed the issue with date formats in email notifications
  • Fixed the issue with resizing Audit Log report to match the width of the browser
  • Fixed the issue with caching screen templates after updating the application
  • Fixed the issue with using explamation mark in admin password during Windows installation
  • Fixed the issue with breadcrumbs navigation in the Sessions report for records
  • Fixed the issue with unlocking a field that was created in an unsecured record type field that was made secured later

back to top

Release 2.3.201708132222 (August 13, 2017)

Features

  • Added the option for a record owner to terminate an active session
  • Added the option to join existing active session for RDP, VNC and SSH sessions

Extensions

  • Added Edit button to session managers proximity groups configuration instead of editing a group by clicking on the group record.
  • Added alphabetical order the list of session managers in the proximity groups editing screen
  • Added enforcement of alert subscriptions based on user permissions
  • Added limitation to subscribe to record events to record owners only
  • Added limitation to subscribe to system wide events to system administrators only

Fixes

  • Fixed the issue with removing and adding a session manager in a proximity group on a setting page simultaneously in one operation
  • Fixed the issue with reinstalling single Session Manager component to a different directory on a Linux computer
  • Fixed the issue with resetting password for a domain account on a Windows computer joining the same domain
  • Fixed the issue with caching certain application GUI areas after live update the application
  • Fixed the issue with updating correct discovery query when discovering qualifying hosts in case the host had been already discovered in the other query
  • Fixed the issue with collecting aggregate summary for the Discovery chart

back to top

Release 2.3.201708062210 (August 6, 2017)

Extensions

  • Added automated load balancer configuration for Windows installations

Fixes

  • Fixed the issue with deleting records with associated recordings

back to top

Release 2.3.201707302217 (July 30, 2017)

Features

  • Added support for VNC sessions to Windows and Unix remote computers

Extensions

  • Application rebranded as XTAM (Xton Access Manager) in setup, GUI and naming conventions
  • Added confirmation checkbox requesting saving initial configuration options after Windows installation

Fixes

  • Fixed the issue with saving certificates (or any other file based custom field) using IE browser on Windows computers

back to top

Release 2.3.201707211645 (July 21, 2017)

Features

  • Added initial support for Database for Secrets including the following options:
    • Browse folders and records based on users permissions
    • Create, edit, view and delete as well as copy, paste and link folders and records
    • Manage objects and records ACLs including roles and ACL inheritance down the nested folder hierarchy as well as manage system administrators
    • Unlock and lock secret fields when displaying records based on user permissions
    • Manage record types defining record properties with pre-built record types for Secret, Certificate, Windows, Unix hosts, Unix host with Certificate and Unix host with Switch User
    • Manage favorite folders
    • Manage local users and groups
    • Integration with Microsoft Active directory using LDAP protocol
    • Maintain, query and export system audit trail log about system events
    • Subscribe to system events and receive alerts and notifications
    • Display system status reports
  • Added initial support for Session Management including the following options
    • Establish sessions to Unix and Windows computers with RDP and SSH protocols using HTML5 browser on the client computers
    • Support for RDP and SSH protocols
    • Support for agent-less remote desktop display for Unix shell and Windows desktop in a browser
    • Support automatic switch user for configured unix computers
    • Optionally record sessions
    • Browse sessions report
    • Display session recordings in AVI or MOV video formats
  • Added initial support for automated password reset including the following options
    • Support resetting passwords on Windows computers including domain or standalone computers as well as local and domain users
    • Support resetting passwords on Unix computers
    • Support resetting passwords in LDAP user directories including Microsoft Active Directory
    • Support for direct remote PowerShell (Windows), remote shell (Unix) as well as console (session manager based) VB Script  (Windows) and shell (Unix) password reset strategies
    • Manage password formulas including inheritance from record types to individual records
    • Manage password reset strategies including inheritance from record types to individual records
    • Manage password reset policies defining when the password should be reset including inheritance down the nested folder hierarchy to the individual records
    • Browse and export password reset queue
  • Added initial support for job execution including the following options
    • Support for direct remote PowerShell (Windows), remote shell (Unix) as well as console (session manager based) VB Script  (Windows) and shell (Unix) job execution strategies
    • Manage job execution policies defining when jobs should be executed including inheritance down the nested folder hierarchy to the individual records
    • Browse and export job execution queue
  • Added initial support for account discovery including the following options
    • Manage IP-Range discovery queries
    • Manage Microsoft Active Directory queries
    • Manage CSV-based queries
    • Support for multiple accounts discovery scan
    • Import discovered accounts into managed records space
  • Added initial support for setting up the application including the following options
    • Role based software installation on Windows and Linux computers
    • Support for internal database deployed during the software installation
    • Support for external RDBMS: Oracle, MS SQL Server, MySQL and PostgreSQL
    • Optional configuration of IIS load balancer on Windows platforms
    • Optional installation of federated sign-in server
    • Support for multi-node farm setup with the distributed load for WEB Front Ends and Job Execution processes
    • Manage software registration
    • Manage system load configuration per node
    • Manage configuration for Session Managers
    • Support database export and import
    • Manage global system parameters
    • Manage mail server configuration

back to top

 

Copyright © 2019 Xton Technologies, LLC. All rights reserved.