Skip to content

Release notes for the August 24, 2025 update

Update Version 4.1.202508221518

New Features

Added Credential Rotation Module for Account Management.

The Credential Rotation module is built to automate, secure, and enforce policies around privileged credentials, rotate passwords and SSH keys as well as enforce complex secret rotation workflows.

Key Features

  • Multiple supported OS and services
    Supported endpoints: Windows, Microsoft Active Directory, Unix, Linux, Oracle Solaris, IBM AIX, IBM i, MS Active Directory, Entra ID.

  • Self-service password rotation
    Self-service password reset for the accounts with known credentials.

  • Administrative password assignment
    Administrative password assignment by the shadow accounts without the knowledge of the account credentials. Support for Windows Domain gMSA, sMSA and LAPS accounts as shadow accounts. Support for sudo on Unix devices.

  • Windows service accounts rotation
    The option to update service, tasks and application pools dependencies after rotating passwords on Windows servers.

  • SSH private key rotation
    SSH private key rotation with public key update on the endpoint.

  • Verification Workflow
    The option to verify credentials on the endpoint after updating but before committing new credentials to the asset database.

  • Secret requirements management
    Configurable secret requirements to accommodate secret generation for wide variety of endpoints and policies:

    • Password strength specification: minimal and maximal length, number of uppercase, numerical, special characters, special characters list.
    • XKCD passwords
    • SSH key specification: packaging (PEM, OpenSSH, PuTTY, ssh.com), algorithm (RSA, EcDSA, Ed25519) including algorithm specific parameters, protection passphrase requirement.
    • Secret Requirements management defined for asset types with inheritance down the asset type hierarchy with the option to override.
    • Secret requirements management for assets inherited from the asset type with the option to override.

  • Scheduled secret rotation
    Scheduled secret rotation based on cron scheduler with visual schedule builder GUI.

  • Event driven secret rotation
    Event driven secret rotation supporting the following events:

    • After displaying credentials
    • After session completion
    • After creating asset
    • After updating asset

  • Agentless
    Credentials rotations performed from the server side by executing scripts over WinRM(s), SSH, Telnet, HTTPs, LDAPs protocols with no agents required on the remote endpoints.

  • Script Library
    Credentials rotations scripts managed in the script library with the following features.

    • Add new or edit existing scripts to support new classes of devices and accounts.
    • PowerShell scripts support
    • Shell scripts support
    • Type-response scripts support to read endpoint output and type input with the Groovy driver
    • Reusable script functions throught include mechanism
    • Access to asset fields from scripts

  • Peer nodes
    Delegation of script execution to the remote peer nodes that could be located in the isolated on-premises or virtual cloud networks or alternatively deployed to the same network to scale performance of scripts execution.

  • Native Integration with the Credentials Vault
    Includes support for authentication methods, permissions, workflows, multi-tenancy, hierarchical site and container structures, asset sharing and history, search, tagging, import, SSO authentication, REST API, and reporting.

  • Reporting
    Job report with the details of the script execution on the endpoints. Credentials history with the access to historical credentials.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated WEB Session Gateway to the latest version 1.6.0.

  • Updated MS SQL Server driver to the latest version.

  • Updated REST API documentation framework to the latest version.

Extensions

  • Added ID field to the list of asset metadata on the asset list and asset view screens with the option to copy it to the clipboard.

  • Added the option to specify user directory in native ssh and RDP clients authentication string.

  • Added the option to extend asset access requests to allow more time to continue with the session.

  • Added the option to request asset action request extension for the approval.

Fixes

  • Fixed the issue with recording data of the captured native ssh client command execution event based to the file transfer condition in the access profile.

  • Fixed the issue with the availability of license management screen in the base tenants.

  • Fixed the issue with ordering list of peer links on the peer node selection for the asset.

  • Fixed the issue with reporting WEB Sessions connections error in WebSockets tunnels

  • Fixed the issue with completing monitoring and connection collection jobs.

  • Fixed the issue with displaying member assets for the users with no site permissions.

  • Fixed the issue with site nomenclature in the form filler browser extensions and add ons.

  • Fixed the issue with local user directory authentication when establishing sessions from certain native RDP clients without specifying user directory in the connection string.

  • Fixed the issue with RDP Proxy session completion for the not started sessions.

  • Fixed the issue with blanket errors when closing non-existing sessions.

  • Fixed the issue with errors during trace logging of RDP Proxy operation.

  • Added heartbeat during WEB Sessions to maintain authentication continuity.

  • Improved WEB session termination logic.

  • Fixed the issue with native RDP client connection to the domain joined devices using domain users in domain\user or user@domain notation.

  • Fixed the issue with enforcing access request approval when connecting to remote asset endpoints using SSH or RDP native clients.

  • Fixed the issue with error reporting about asset identification, authentication, access request approval and others when connecting to assets using native SSH clients.