Skip to content

2025

Release notes for the October 19, 2025 update

Update Version 4.1.202510172141

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated MS SQL Server Driver to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated context help management component to the latest version.

  • Updated database access component to the latest version.

  • Updated high-performance networking component to the latest version.

  • Updated PDF toolkit component to the latest version.

Extensions

  • Added a help button with a link to a documentation page on every screen of the WEB application next to the screen title.

  • Added duplicate Save and Cancel buttons at the bottom of each editing screen in the WEB application.

  • Added color indication for the password strength meter.

  • Added the option to search users by first and last name in addition to login when selecting users.

  • Added User Search property to LDAP configuration to support query selecting users by complex search criteria including first and last names.

  • Added Test Connection, Connect and Auto-populate and Verify Trust buttons after definition of parameters that are enough to connect on the LDAP editing form to emphasize the value of auto-population of configuration parameters.

Fixes

  • Fixed the issue with session event preview displayed in the site events report.

  • Fixed the issue with the unlock safe link button on the safe link editing screen sometimes generates an error.

  • Fixed the issue with Safe Link option available for the master users on the asset view screen.

  • Fixed the color of warning messages to more prominent orange.

Release notes for the October 12, 2025 update

Update Version 4.1.202510101641

New Features

Added support to mask passwords captured as keyboard session events.

The option improves security of Session Events report as well as sessions video recording playback in the situations when a user types passwords to 3rd party systems captured by the session event recording.

Safe link option allows to quickly share secret information with unauthenticated users using messaging applications in a secure way instead of sending sensitive information directly.

Safe links protect sensitive information from being pre-loaded by the messaging applications but require human interaction to access instead. Unique safe links expiration is based on time or number of views. Safe links management and access is audited. Sharing sensitive asset data using safe links could optionally require multi-level approval process.

Added the option to pin assets and containers for quick access.

The option improves asset database navigation by allowing users to select frequently used assets to view them in the designated Pinned Assets area.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated database access component to the latest version.

  • Updated build time project consistency checker to the latest version.

Extensions

  • Added the explicit logic of modifying secret fields on the asset editing screen for clear state designation to preserve the existing value, to edit and to clear the field.

  • Added support for TOTP MFA tokens bypassed to the remote applications.

  • Added remote application for AWS WEB Console using two authentication factors.

  • Added support to display authentication or authorization errors on the login screen in case of failed login.

Fixes

  • Fixed the issue with PuTTY remote app typing the password in the previously opened application.

  • Fixed the issue with bypassing custom asset fields to the remote application.

  • Fixed the issue with missing context help for RDP and HTTP Proxy configuration pages.

Release notes for the October 5, 2025 update

Update Version 4.1.202510031538

New Features

Added the option to filter and control commands executed in active sessions.

The option allows precise control over which shell or terminal commands are permitted or denied during a secure remote session. In addition, the option ensures that only trusted binaries from approved directories are executed.

Added the option to join active sessions.

The option allows asset managers to join active sessions in Monitoring (read only) or Participation (active) mode.

The shared sessions are useful in the multiple network administration scenarios:

  • To review and control the session real time.
  • To allow training or demonstrations.
  • To enable live session intervention capabilities during active security incidents
  • To facilitate immediate threat containment without waiting for session completion

Security

  • Updated application client side WEB framework to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated HTTP Communication component to the latest version.

  • Updated database access component to the latest version.

  • Updated WEB frontend builder component to the latest version.

  • Updated build time testing component to the latest version.

  • Updated Windows system tools component to the latest version.

Extensions

  • Added domain users and groups management MMC snippet remote application driver to enable zero trust management of domain administration.

  • Added account management support including credentials rotation and verification for database servers: Oracle RDBMS, MS SQL Server, IBM Informix DB, MySQL, MariaDB and PostgreSQL.

  • Added the option to manage and execute SQL scripts on the database servers.

Fixes

  • Improved event log message readability to display event parameters separated by comma.

  • Switched bootstrap logger configuration to information level.

Release notes for the September 28, 2025 update

Update Version 4.1.202509261730

New Features

Added session events references to the session recording player.

Displaying session events such as user keystrokes, clipboard or file transfers allows the viewer to evaluate the context of the video recording, to quickly scroll the playback on the important timeline position or to review the session activities while watching the recording.

Added the option to launch desktop applications in Zero Trust session on the RDS jump host.

The option enables development of Zero Trust Access with full session recording capabilities for a wide range of desktop applications ("fat clients") published via Remote Desktop Services (RDS) as Remote Applications.

The option is applicable to multiple use cases such as:

  • Database development.
  • Data analysis.
  • System administration.
  • Shared Web portal access.
  • Digital marketing.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application build component to the latest version.

  • Updated bill of materials management component to the latest version.

  • Updated HTTP client component to the latest version.

  • Updated logging component to the latest version.

  • Updated encryption utility component to the latest version.

  • Updated operating system interface component to the latest version.

  • Updated mail implementation component to the latest version.

  • Updated XML runtime component to the latest version.

  • Updated common utility component to the latest version.

Extensions

  • Added the option to interactively update transit credentials for SSO logins.

  • Added reporting of Enter key in the keyboard session events.

  • Added the option to search session events by event preview.

  • Added the option to filter session events by clipboard upload or download events at the same time.

  • Added the option to filter session events by file listing, upload or download events at the same time.

  • Added the option to open a session player from the sessions event report and jump to the event position in the report.

  • Added IBM PC5250 terminal remote application driver to enable zero trust connections to IBM i servers.

  • Added Mocha TN5250 terminal remote application driver to enable zero trust connections to IBM i servers.

  • Added Microsoft Remote Desktop Client (mstsc) remote application driver to enable zero trust connections to Windows Hosts through RDS jump server.

  • Added PuTTY remote application driver to enable zero trust connections to Unix Hosts through RDS jump server.

  • Added account management support for network devices: Cisco, Cisco Nexus, Brokade, F5 BIG-IP, Fortigate, Juniper, NetApp, Netscaler, Palo Alto.

Fixes

  • Fixed the issue with the keyboard shortcut help on the session player to focus on important options.

  • Fixed the issue with the font color of the read only properties on the Profile / Account screen.

  • Fixed the issue with empty credentials type selection on the gateway launcher screen in the situation when the previous launch made for the selection that is not present for the current asset.

  • Fixed the issue with accessing Entra ID group members on the Access report.

  • Fixed the issue with the blanket error message when disconnecting from some sessions.

Release notes for the September 21, 2025 update

Update Version 4.1.202509191445

New Features

Added the option to Discover privileged accounts on Windows devices.

Privileged Account Discovery is designed to automatically detect privileged accounts on Windows devices and optionally import them into the Credential Vault. This feature supports both reporting and importing modes, allowing organizations to identify accounts used for administrative tasks, services, scheduled tasks, and application pools.

The discovery process identifies both local and domain accounts used in the following roles on Windows devices:

  • Members of the Administrators group
  • Service logon accounts
  • Scheduled tasks ("Run As") accounts
  • Application pool identity accounts
Added Session Intelligence option for the analysis and control of user behavior during the active access to remote devices.

Session Intelligence feature is a configurable algorithm designed to provide real-time visibility, risk analysis, and enforcement during active remote access sessions.

Session Intelligence enable a range of advanced capabilities from real-time monitoring and behavioral analysis to dynamic risk-based controls, that enhance visibility and security during active sessions.

  • Live Session Monitoring and Intervention including pause and terminate sessions.

  • In-Session Threat Analytics

  • Intelligent Alerting and Risk-Based Decisions
  • User and Entity Behavioral Analytics (UEBA)
  • Real-Time Anomaly Detection
  • Context-Aware Dynamic Access Control
  • Progressive Threat Response

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated REST API data management component to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated client side REST API Documentation browser to the latest version.

  • Updated context help management component to the latest version.

  • Updated mail transport component to the latest version.

  • Updated Maria DB driver component to the latest version.

  • Updated PostgreSQL driver to the latest version.

Extensions

  • Added the option to bulk import service accounts from MS Active Directory.

Fixes

  • Fixed the issue with the incorrect naming of foreign keys on the access profile link database table.

  • Fixed the issue with the asset view screen to open by the application with expired license.

  • Fixed the issue with the component displaying the list of dictionary terms on various application forms.

  • Fixed the issue with the context help for the name field on the access profile screen.

Release notes for the September 14, 2025 update

Update Version 4.1.202509121602

New Features

Added public key authentication support for native SSH clients to access the application.

The update enables native SSH client access using public key authentication of the application user to the SSH Proxy as an alternative to the password authentication.

Public key authentication to SSH Proxy brings the following benefits:

  • Increase Security. When using private keys to authenticate, there is no need to transmit passwords over the network. And because the private key is kept on your local machine, it is less vulnerable to interception or attack.

  • Better Access Control. SSH keys can control access to the application server by restricting access only to authorized users with the corresponding private key with the option to disable the access for the selected keys.

  • Convenience. SSH keys can be more convenient and increase users’ productivity. The recommended practice is to encrypt keys with a unique passphrase.

  • Automation. SSH keys can be used in scripts and automation tools to automate tasks that require logging into a remote server. This can make managing and maintaining servers and applications easier and reduces the risk of a password being exposed.

Public key authentication supports both direct connections to the specified assets and command line shell interface access.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated network streaming component to the latest version.

  • Updated command line processor component to the latest version.

  • Updated outgoing e-mail processor component to the latest version.

  • Updated internal scripting language component to the latest version.

  • Updated interchange data JSON processor component to the latest version.

Extensions

  • Added support to display detailed privileged access errors in the sessions established by the native RDP clients caused by the lack of the access approval or inability to find the requested asset.

  • Added progress timeline to the sessions player.

  • Added site permissions information into the Asset Access report.

  • Added Assets Access report to the list of container and asset view reports.

  • Added Asset ID to the Asset Access report and its export.

  • Added initially hidden VNC Host asset type with VNC protocol for access.

  • Added support to display host, account and shadow account in the job results.

  • Added the option to manage authorized keys for SSH Proxy public key authentication.

  • Added support to overriding too small screen resolution provided by the native RDP client.

  • Added Windows Discover Privileged Accounts script to report local administrators, Logon As users in the services, run as user in tasks or application pools.

Fixes

  • Optimized performance of the group membership collection for large number of ACLs.

  • Fixed the issue with the Windows Password Set by Shadow Account script to work with the account given in the domain\user notation.

  • Improved the troubleshooting logging for the sessions established by the native RDP clients.

  • Fixed the issue with the Backspace label on the session report.

  • Fixed the issue with the access profile action label to Allow and Record access.

  • Fixed the issue with API documentation for the API Tokens REST API.

  • Fixed the issue with the language translations for the API Token management events.

Release notes for the September 7, 2025 update

Update Version 4.1.202509051825

New Features

Added password rotation support for domain service accounts.

The option updates password of dependent services, tasks and application pools run as Active Directory account on multiple domain computers after rotating password of the domain account.

The option allows to manage Windows domain accounts while maintaining consistency with the accounts dependencies across the network.

Added support for WEB sessions to use user linked mirror accounts.

Mirror account option enables a user to access a remote asset endpoint using the privileged credentials related to the original account unique for each user instead of sharing the same privileged credentials.

The option enables support for the endpoint to track access for individual users while maintaining least privileges for the main user account. The option also enables support for Microsoft Enhanced Security Admin Environment (ESAE, red forest, admin forest).

Added Access report to display assets with granted permissions.

The access report allows to cross reference assets, list of users with permissions to this asset and the chain og groups memberships that allow these users to receive each specific grant.

This report is one of the main tools for the system owners to show auditors who exactly can access what in their network with what exact permissions and how. It also simplifies identity governance management in the organization to identify unnecessary access often granted through the chain of nested user groups.

Security

  • Updated application framework for Linux x64, Linux arm, Windows x64 and Windows arm platforms to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated application client side WEB framework to the latest version.

  • Updated network streaming component to the latest version.

  • Updated software Bill of Materials maintenance component to the latest version.

Extensions

  • Added SSH tunnel destination IP forwarding restrictions based on the asset fields Tunnel Host and Tunnel Port. The option allows asset owners to restrict the destination services users can build tunnels to through the zero trust session.

  • Added the option for request approver to review the list of the legacy approved requests in addition to the requests to approve.

  • Added account qualification such as Main, Transit or Mirror to the account column in the session report.

  • Added binary hashes for offline installation, distributed gateway and WEB HTTP driver binaries to verify integrity of the downloaded packages.

Fixes

  • Fixed the issue with the blanket error message in the system log about during job pool recovery.

  • Fixed the issue with archiving jobs with attached schedules.

  • Added warning messages to the application log about failing to send request approval notifications because of no enabled SMTP servers found or no email on the user profile to better troubleshoot notification issues.

  • Fixed the issue with logout from the WEB GUI in some cases of completing the WEB Session.

  • Fixed the issue with security verification of the starting the WEB Session with the member assets as a credentials provider.

  • Fixed the issue with error messages displayed in the WEB Session console when establishing WEB Session using the user from the master tenant user directory.

  • Fixed the issue with the About screen title translation after refreshing the screen.

  • Fixed the issue with the Windows Password Reset by Account Itself script to work with the account given in the domain\user notation.

  • Fixed the issue with displaying login of Active Directory users without User Principal Name defined.

Release notes for the August 31, 2025 update

Update Version 4.1.202508291811

New Features

Added email notifications to action request approval process.

The update adds email notifications sent to request approvers when they need to approve new request. The update also adds email notification to the user initiating the action request about the request has been approved or rejected. Email notifications include details about the request.

Email notifications improve user awareness about request approval process.

Added peer tunnel option.

Added the Peer Tunnel option for the peer node to expose its services for the main node through the reversed tunnel from behind the closed perimeter with blocked inbound traffic.

The peer tunnel option allows the application deployed outside of the network perimeter to use WEB or native clients sessions or execute scripts on the assets endpoints as well as integrate with MS Active Directory inside the network perimeter in the situations when inbond connections to the network are blocked.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated SSH Server and SSH client components to the latest version.

  • Updated internal server side scripting language to the latest version.

  • Updated mail management component to the latest version.

  • Updated XML and JSON data processing component to the latest version.

  • Updated HTTP client component to the latest version.

Extensions

  • Added support for SSH server side public key verification using the asset field Server Key with the Verify button.

  • Added the option for the same user to approve the same action request on two different approval levels.

Fixes

  • Fixed the issue with completing RDP sessions accessed using native clients.

  • Fixed the issue with updating job started time when executing jobs.

  • Fixed the issue with authentication to remote domain joined RDP server with the asset user defined without domain when accessing the asset using native RDP client.

  • Fixed the issue with displaying old rejected requests to the workflow approver.

  • Fixed the issue with the error message about failure to find user directory object.

  • Fixed the issue with the blanket errors in the log file during workflows approval cycle when there is no smtp service configured.

  • Fixed the issue with the quality of sessions playback for the sessions accessed using native RDP clients.

  • Fixed the issue with ignoring not integrated user directory for user authentication by the clients that send client side domain.

  • Fixed the issue with enforcing MFA for non-interactive SSH channels: scp, sftp, exec.

  • Fixed the issue with enforcing access requests for non-interactive SSH channels: scp, sftp, exec.

  • Fixed the issue with detailed error messages returned for non-interactive ssh sessions.

  • Fixed the issue with SSO integration with Identity Providers that include question mark in IdP URLs.

  • Fixed the issue with the application update on Linux platform then the update procedure is executed by the account with lack of required permissions in the deployment location.

  • Fixed the issue with the blanket error message in the application logs about processing transit credentials when logging in to the WEB application using SSO integrated provider.

  • Fixed the issue with reusing the same job record for consecutive scheduled job executions.

Release notes for the August 24, 2025 update

Update Version 4.1.202508221518

New Features

Added Credential Rotation Module for Account Management.

The Credential Rotation module is built to automate, secure, and enforce policies around privileged credentials, rotate passwords and SSH keys as well as enforce complex secret rotation workflows.

Key Features

  • Multiple supported OS and services
    Supported endpoints: Windows, Microsoft Active Directory, Unix, Linux, Oracle Solaris, IBM AIX, IBM i, MS Active Directory, Entra ID.

  • Self-service password rotation
    Self-service password reset for the accounts with known credentials.

  • Administrative password assignment
    Administrative password assignment by the shadow accounts without the knowledge of the account credentials. Support for Windows Domain gMSA, sMSA and LAPS accounts as shadow accounts. Support for sudo on Unix devices.

  • Windows service accounts rotation
    The option to update service, tasks and application pools dependencies after rotating passwords on Windows servers.

  • SSH private key rotation
    SSH private key rotation with public key update on the endpoint.

  • Verification Workflow
    The option to verify credentials on the endpoint after updating but before committing new credentials to the asset database.

  • Secret requirements management
    Configurable secret requirements to accommodate secret generation for wide variety of endpoints and policies:

    • Password strength specification: minimal and maximal length, number of uppercase, numerical, special characters, special characters list.
    • XKCD passwords
    • SSH key specification: packaging (PEM, OpenSSH, PuTTY, ssh.com), algorithm (RSA, EcDSA, Ed25519) including algorithm specific parameters, protection passphrase requirement.
    • Secret Requirements management defined for asset types with inheritance down the asset type hierarchy with the option to override.
    • Secret requirements management for assets inherited from the asset type with the option to override.

  • Scheduled secret rotation
    Scheduled secret rotation based on cron scheduler with visual schedule builder GUI.

  • Event driven secret rotation
    Event driven secret rotation supporting the following events:

    • After displaying credentials
    • After session completion
    • After creating asset
    • After updating asset

  • Agentless
    Credentials rotations performed from the server side by executing scripts over WinRM(s), SSH, Telnet, HTTPs, LDAPs protocols with no agents required on the remote endpoints.

  • Script Library
    Credentials rotations scripts managed in the script library with the following features.

    • Add new or edit existing scripts to support new classes of devices and accounts.
    • PowerShell scripts support
    • Shell scripts support
    • Type-response scripts support to read endpoint output and type input with the Groovy driver
    • Reusable script functions throught include mechanism
    • Access to asset fields from scripts

  • Peer nodes
    Delegation of script execution to the remote peer nodes that could be located in the isolated on-premises or virtual cloud networks or alternatively deployed to the same network to scale performance of scripts execution.

  • Native Integration with the Credentials Vault
    Includes support for authentication methods, permissions, workflows, multi-tenancy, hierarchical site and container structures, asset sharing and history, search, tagging, import, SSO authentication, REST API, and reporting.

  • Reporting
    Job report with the details of the script execution on the endpoints. Credentials history with the access to historical credentials.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated WEB Session Gateway to the latest version 1.6.0.

  • Updated MS SQL Server driver to the latest version.

  • Updated REST API documentation framework to the latest version.

Extensions

  • Added ID field to the list of asset metadata on the asset list and asset view screens with the option to copy it to the clipboard.

  • Added the option to specify user directory in native ssh and RDP clients authentication string.

  • Added the option to extend asset access requests to allow more time to continue with the session.

  • Added the option to request asset action request extension for the approval.

Fixes

  • Fixed the issue with recording data of the captured native ssh client command execution event based to the file transfer condition in the access profile.

  • Fixed the issue with the availability of license management screen in the base tenants.

  • Fixed the issue with ordering list of peer links on the peer node selection for the asset.

  • Fixed the issue with reporting WEB Sessions connections error in WebSockets tunnels

  • Fixed the issue with completing monitoring and connection collection jobs.

  • Fixed the issue with displaying member assets for the users with no site permissions.

  • Fixed the issue with site nomenclature in the form filler browser extensions and add ons.

  • Fixed the issue with local user directory authentication when establishing sessions from certain native RDP clients without specifying user directory in the connection string.

  • Fixed the issue with RDP Proxy session completion for the not started sessions.

  • Fixed the issue with blanket errors when closing non-existing sessions.

  • Fixed the issue with errors during trace logging of RDP Proxy operation.

  • Added heartbeat during WEB Sessions to maintain authentication continuity.

  • Improved WEB session termination logic.

  • Fixed the issue with native RDP client connection to the domain joined devices using domain users in domain\user or user@domain notation.

  • Fixed the issue with enforcing access request approval when connecting to remote asset endpoints using SSH or RDP native clients.

  • Fixed the issue with error reporting about asset identification, authentication, access request approval and others when connecting to assets using native SSH clients.

Release notes for the August 17, 2025 update

Update Version 4.1.202508151808

New Features

Added Remote Access Module for Zero Trust Connections

The Remote Access module enables secure, zero trust connections to remote devices. It is designed to control and monitor access through agentless session management, including recording, approval workflows, and support for both web and native protocols.

Key Features

  • Zero Trust Session Access
    Establish secure sessions with credential injection for remote devices using supported protocols such as SSH, RDP, VNC, Telnet, SFTP, and SCP.

  • Agentless Connection
    Use a web browser or a native application (e.g., PuTTY, Remote Desktop Client, MobaXTerm, WinSCP) to initiate sessions without deploying agents on the client or destination device.

  • Zero Trust HTTP Sessions
    Access web portals securely using a browser-based driver to communicate directly with the target web server including credentials injections into the login forms.

  • Zero Trust SSH Tunnel Support
    Create SSH tunnels with credentials injection for secure access to databases, network devices, medical equipment, SCADA systems, or process automation devices via a distributed network of relay nodes.

  • Zero Trust SSH Exec Support
    Enable command execution over SSH protocol with credentials injection for job automation and itegration tools (e.g., Ansible) to connect to target endpoints with the option to record the execution event with the command, command output and errors.

  • Multi-Language On-Screen Keyboard
    Available during web sessions for enhanced accessibility.

  • Flexible Credential Injection
    Inject session credentials into the protocol stream on the server side from the main asset, a related member or shadow asset, or by bypassing the currently logged-in user's credentials without exposing them to the user or transferring credentials to the client device.

  • Session Recording
    Record sessions as video streams for instant playback or export to standard formats (AVI, MOV, MP4).

  • Session Event Permissions
    Granular permissions for the session activity such as keyboard input, file transfers, and clipboard transfers to and from the asset endpoint granted to users or groups.

  • Session Event Tracking Capture and log events such as keyboard input, file transfers, and clipboard activity between client and endpoint including capturing content of transferred files, clipboard or executed commands.

  • Multi-Factor Authentication (MFA) Require MFA confirmation before establishing sessions.

  • Granular Access Permissions
    Assign session access rights to specific users or groups for individual assets or asset groups.

  • Approval Workflows
    Support multi-step or automatic access request approval processes.

  • Remote Gateway Peer Nodes
    Enable access to assets in isolated data centers or virtual private networks reachable only via peer nodes.

  • SSH Shell Interface
    Navigate the asset vault container structure using terminal interface and initiate connections directly to selected assets following single authentication process.

  • Comprehensive Session Reporting
    Generate detailed reports on session times, users, assets, protocols, events, transferred files, clipboard content, and executed commands.

  • Native Integration with the Credentials Vault
    Includes support for authentication methods, permissions, workflows, multi-tenancy, hierarchical site and container structures, asset sharing, search, tagging, import, SSO authentication, REST API, and reporting.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated MariaDB driver to the latest version.

Extensions

  • Added a warning message to the login screen of the base tenant that only master administrators can login here.

  • Added tenant name to the login screen to identify the destination tenant.

  • Added support for protected private keys in ssh.com packaging.

  • Added support to execute scripts on the devices with private keys protected with weak passwords.

Fixes

  • Fixed the issue with script execution using SSH connection based on the private key without the password.

  • Reduced the size of the error reporting about re-authentication when switching windows context on the GUI.

  • Fixed the issue with executing asset jobs after the license expiration.

  • Fixed the issue with using protected private key to execute jobs.