Skip to content

Release Notes

Release notes for the August 24, 2025 update

Update Version 4.1.202508221518

New Features

Added Credential Rotation Module for Account Management.

The Credential Rotation module is built to automate, secure, and enforce policies around privileged credentials, rotate passwords and SSH keys as well as enforce complex secret rotation workflows.

Key Features

  • Multiple supported OS and services
    Supported endpoints: Windows, Microsoft Active Directory, Unix, Linux, Oracle Solaris, IBM AIX, IBM i, MS Active Directory, Entra ID.

  • Self-service password rotation
    Self-service password reset for the accounts with known credentials.

  • Administrative password assignment
    Administrative password assignment by the shadow accounts without the knowledge of the account credentials. Support for Windows Domain gMSA, sMSA and LAPS accounts as shadow accounts. Support for sudo on Unix devices.

  • Windows service accounts rotation
    The option to update service, tasks and application pools dependencies after rotating passwords on Windows servers.

  • SSH private key rotation
    SSH private key rotation with public key update on the endpoint.

  • Verification Workflow
    The option to verify credentials on the endpoint after updating but before committing new credentials to the asset database.

  • Secret requirements management
    Configurable secret requirements to accommodate secret generation for wide variety of endpoints and policies:

    • Password strength specification: minimal and maximal length, number of uppercase, numerical, special characters, special characters list.
    • XKCD passwords
    • SSH key specification: packaging (PEM, OpenSSH, PuTTY, ssh.com), algorithm (RSA, EcDSA, Ed25519) including algorithm specific parameters, protection passphrase requirement.
    • Secret Requirements management defined for asset types with inheritance down the asset type hierarchy with the option to override.
    • Secret requirements management for assets inherited from the asset type with the option to override.

  • Scheduled secret rotation
    Scheduled secret rotation based on cron scheduler with visual schedule builder GUI.

  • Event driven secret rotation
    Event driven secret rotation supporting the following events:

    • After displaying credentials
    • After session completion
    • After creating asset
    • After updating asset

  • Agentless
    Credentials rotations performed from the server side by executing scripts over WinRM(s), SSH, Telnet, HTTPs, LDAPs protocols with no agents required on the remote endpoints.

  • Script Library
    Credentials rotations scripts managed in the script library with the following features.

    • Add new or edit existing scripts to support new classes of devices and accounts.
    • PowerShell scripts support
    • Shell scripts support
    • Type-response scripts support to read endpoint output and type input with the Groovy driver
    • Reusable script functions throught include mechanism
    • Access to asset fields from scripts

  • Peer nodes
    Delegation of script execution to the remote peer nodes that could be located in the isolated on-premises or virtual cloud networks or alternatively deployed to the same network to scale performance of scripts execution.

  • Native Integration with the Credentials Vault
    Includes support for authentication methods, permissions, workflows, multi-tenancy, hierarchical site and container structures, asset sharing and history, search, tagging, import, SSO authentication, REST API, and reporting.

  • Reporting
    Job report with the details of the script execution on the endpoints. Credentials history with the access to historical credentials.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated WEB Session Gateway to the latest version 1.6.0.

  • Updated MS SQL Server driver to the latest version.

  • Updated REST API documentation framework to the latest version.

Extensions

  • Added ID field to the list of asset metadata on the asset list and asset view screens with the option to copy it to the clipboard.

  • Added the option to specify user directory in native ssh and RDP clients authentication string.

  • Added the option to extend asset access requests to allow more time to continue with the session.

  • Added the option to request asset action request extension for the approval.

Fixes

  • Fixed the issue with recording data of the captured native ssh client command execution event based to the file transfer condition in the access profile.

  • Fixed the issue with the availability of license management screen in the base tenants.

  • Fixed the issue with ordering list of peer links on the peer node selection for the asset.

  • Fixed the issue with reporting WEB Sessions connections error in WebSockets tunnels

  • Fixed the issue with completing monitoring and connection collection jobs.

  • Fixed the issue with displaying member assets for the users with no site permissions.

  • Fixed the issue with site nomenclature in the form filler browser extensions and add ons.

  • Fixed the issue with local user directory authentication when establishing sessions from certain native RDP clients without specifying user directory in the connection string.

  • Fixed the issue with RDP Proxy session completion for the not started sessions.

  • Fixed the issue with blanket errors when closing non-existing sessions.

  • Fixed the issue with errors during trace logging of RDP Proxy operation.

  • Added heartbeat during WEB Sessions to maintain authentication continuity.

  • Improved WEB session termination logic.

  • Fixed the issue with native RDP client connection to the domain joined devices using domain users in domain\user or user@domain notation.

  • Fixed the issue with enforcing access request approval when connecting to remote asset endpoints using SSH or RDP native clients.

  • Fixed the issue with error reporting about asset identification, authentication, access request approval and others when connecting to assets using native SSH clients.

Release notes for the August 17, 2025 update

Update Version 4.1.202508151808

New Features

Added Remote Access Module for Zero Trust Connections

The Remote Access module enables secure, zero trust connections to remote devices. It is designed to control and monitor access through agentless session management, including recording, approval workflows, and support for both web and native protocols.

Key Features

  • Zero Trust Session Access
    Establish secure sessions with credential injection for remote devices using supported protocols such as SSH, RDP, VNC, Telnet, SFTP, and SCP.

  • Agentless Connection
    Use a web browser or a native application (e.g., PuTTY, Remote Desktop Client, MobaXTerm, WinSCP) to initiate sessions without deploying agents on the client or destination device.

  • Zero Trust HTTP Sessions
    Access web portals securely using a browser-based driver to communicate directly with the target web server including credentials injections into the login forms.

  • Zero Trust SSH Tunnel Support
    Create SSH tunnels with credentials injection for secure access to databases, network devices, medical equipment, SCADA systems, or process automation devices via a distributed network of relay nodes.

  • Zero Trust SSH Exec Support
    Enable command execution over SSH protocol with credentials injection for job automation and itegration tools (e.g., Ansible) to connect to target endpoints with the option to record the execution event with the command, command output and errors.

  • Multi-Language On-Screen Keyboard
    Available during web sessions for enhanced accessibility.

  • Flexible Credential Injection
    Inject session credentials into the protocol stream on the server side from the main asset, a related member or shadow asset, or by bypassing the currently logged-in user's credentials without exposing them to the user or transferring credentials to the client device.

  • Session Recording
    Record sessions as video streams for instant playback or export to standard formats (AVI, MOV, MP4).

  • Session Event Permissions
    Granular permissions for the session activity such as keyboard input, file transfers, and clipboard transfers to and from the asset endpoint granted to users or groups.

  • Session Event Tracking Capture and log events such as keyboard input, file transfers, and clipboard activity between client and endpoint including capturing content of transferred files, clipboard or executed commands.

  • Multi-Factor Authentication (MFA) Require MFA confirmation before establishing sessions.

  • Granular Access Permissions
    Assign session access rights to specific users or groups for individual assets or asset groups.

  • Approval Workflows
    Support multi-step or automatic access request approval processes.

  • Remote Gateway Peer Nodes
    Enable access to assets in isolated data centers or virtual private networks reachable only via peer nodes.

  • SSH Shell Interface
    Navigate the asset vault container structure using terminal interface and initiate connections directly to selected assets following single authentication process.

  • Comprehensive Session Reporting
    Generate detailed reports on session times, users, assets, protocols, events, transferred files, clipboard content, and executed commands.

  • Native Integration with the Credentials Vault
    Includes support for authentication methods, permissions, workflows, multi-tenancy, hierarchical site and container structures, asset sharing, search, tagging, import, SSO authentication, REST API, and reporting.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated MariaDB driver to the latest version.

Extensions

  • Added a warning message to the login screen of the base tenant that only master administrators can login here.

  • Added tenant name to the login screen to identify the destination tenant.

  • Added support for protected private keys in ssh.com packaging.

  • Added support to execute scripts on the devices with private keys protected with weak passwords.

Fixes

  • Fixed the issue with script execution using SSH connection based on the private key without the password.

  • Reduced the size of the error reporting about re-authentication when switching windows context on the GUI.

  • Fixed the issue with executing asset jobs after the license expiration.

  • Fixed the issue with using protected private key to execute jobs.

Release notes for the August 10, 2025 update

Update Version 4.1.202508081909

New Features

Added Credentials Vault module to store, access and share secrets.

Credentials vault is designed to share secret information, passwords, keys, tokens, TOTP codes with users in an auditable secure way.

The vault includes the following features:

  • Multi-tenancy allows to host multiple clients or departments in the single application deployment.

  • Site / subsite hierarchy allows to delegate and centralize management of various aspects of organizational structures.

  • Information organization in assets grouped into hierarchical containers structure.

  • Asset configuration with the hierarchy of asset types defining the asset properties:

    • Field types: String, Checkbox, Choice, Date, File, Number, Taxonomy, Text, Address, TOTP.

    • Behavior: Secured, hidden, required, multi-valued fields, default values, placeholders, context help.

    • Visual representation including icons and colors.

  • FIPS 140-3 approved encryption module to enforce strong encryption for data, tokens and keys.

  • Role based access to site, container and asset functions granted to users or groups with central configuration inherited from site and container hierarchy down to the assets and secret fields.

  • Multi-level multi-user request approval workflows for the critical application actions such as change of permissions or displaying values of the secret fields. Support for restricting and auto-approval workflows as well as the event logging of the approval process.

  • The option to display the value of the secret fields to users based on their permissions we well as interactive access approval. Secure handling of data decryption following role based permissions and request approval workflow while producing a detailed event log about the request.

  • The option to tag assets with terms from hierarchical taxonomy for search and policies management purposes. Mass tagging and auto-tagging support that assigns tags to the assets based on various criteria.

  • Assets management: copy, cut, paste, delete, link assets in the container hierarchy, mass management.

  • Search center to find assets by search criteria or tags from taxonomy hierarchy.

  • Assets import and discovery from the following sources: CSV, MS Active Directory, AWS, VMWare, LDAP. Applying auto-tagging rules during import process.

  • Event logging about every configuration and user activity. The options to search events using interactive events report, archive events in the compressed files, send email notifications about system events or stream events real time to Syslog (SIEM) servers.

  • WEB GUI, REST API interfaces.

  • Reporting. Filters, sorting, search, interactive or export to CSV or PDF formats.

  • Support for local users and groups as well as the users or groups from MS Active Directory, Entra ID and LDAP. Support for 3rd party user directory user or groups as members of the local groups.

  • Integration with various identity providers such as: MS Active Directory, LDAP, Entra ID, SSO (SAML), TOTP, RADIUS, HOTP (Yubikey), Duo Security, Mail MFA (SMTP, Office 365).

  • WEB browser password filler extension (Chrome and Edge), and browser add-on (Firefox).

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated REST API handler component to the latest version.

Extensions

  • Added Windows Status Check script and an out of the box Windows Host task to check basic connectivity to Windows hosts.

  • Added out of the box tagging rules for Windows and Linux tags based on the asset types of the created assets.

  • Added an out of the box policy to open RDP port on Windows assets to the management server IP List.

Fixes

  • Reduced number of database related log messages in the default log configuration.

  • Reduced number of log messages for the internal object lock mechanism.

  • Updated application WEB framework to the latest version.

  • Removed the options to select Every Second and Every Minute from the visual schedule builder to reduce configuration mistakes.

  • Moved the option to select Random Second, Minute, Hour, Day and Month to the top of the screen on the visual schedule builder to reduce configuration mistakes.

  • Fixed the issue with removing old parent asset type fields after switching parent asset type when creating new asset type.

Release notes for the August 3, 2025 update

Update Version 4.1.202508011800

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated Oracle RDBMS driver to the latest version.

  • Updated MySQL driver to the latest version.

  • Updated CSV processing component to the latest version.

  • Updated REST API documentation component to the latest version.

  • Updated e-mail processing component to the latest version.

  • Updated context help markdown processing component to the latest version.

Extensions

  • Added the option to move confirmation, information and warning dialogues on the screen to reveal information they cover.

  • Added search center for the users without site level permissions.

  • Added the option to lock local user account to prevent this account to access the application.

  • Added support for a quick test of endpoint availability before attempting to execute a script on the endpioint for SSH and WinRM protocols to optimize performance of the script executions on the unreachable assets.

  • Removed script icon from the script list to allow more space for the longer script names.

  • Changed terminology for Reason field on the action request screen.

  • Added the request reason to the event log message about creating or updating the action request.

Fixes

  • Fixed the issue with asset viewer accessing access profiles list for the asset.

  • Added extended logging about job creation to troubleshoot job scheduling process.

  • Fixed the issue with leaving the jobs in the queue after failing to schedule them for the job pool execution.

  • Fixed the issue with increase in number of jobs and firewall rules on the asset with slow jobs execution when applying microsegmentation policies.

  • Optimized application performance of the data collection from the asset endpoints by splitting long data update transaction that locks the database table to many short transactions reducing the load on the database tables during data collection.

  • Optimized the frequency of policy applications to limit the trigger to the detected rules only.

  • Fixed the issue with using API to access asset in a sub-site using the parent or root site URL.

  • Fixed the asset search returning assets from the subsites.

  • Fixed the issue with deleting assets with associated source firewall rules.

  • Fixed the issue with sorting site network reports by asset.

  • Fixed the issue with unnecessary dependency of the job information in site level network reports.

  • Fixed the issue with using peer node scripts instead of the local ones when executing out of the box scripts through the peer node.

  • Fixed the issue with the notification message about copying REST API token to the clipboard.

  • Fixed the issue with compressing rotated archived system log files in the default file logger configuration.

  • Fixed the issue with clearing the locks in asset tenants during application startup.

  • Fixed the issue with displaying selected peer node on the peer link editing screen for an asset.

  • Fixed the issue with displaying unsorted peer nodes on the peer node selection screen.

Release notes for the July 27, 2025 update

Update Version 4.1.202507251511

New Features

Added Job Execution Pool to improve script execution performance.

Job execution pool allows to control memory and CPU use on the application host with many jobs run on various asset endpoints including those that are currently unreachable. The pool queues jobs run on the same asset for sequential execution through the same reused connection to the endpoint. The pool uses fixed number of threads to run jobs on different assets at the same time queueing assets when necessary. The pool eliminates Delayed jobs and inter-node asset locks.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated REST API data processing component to the latest version.

  • Updated application test framework to the latest version.

  • Updated icons provider GUI component to the latest version.

  • Updated GUI charts component to the latest version.

  • Updated GUI table pagination component to the latest version.

  • Updated database access component to the latest version.

  • Updated internal scripting language component to the latest version.

Extensions

  • Added confirmation message when closing or exiting Retention Policy configuration screen that contains unsaved changes.

  • Added information level logging to the logic adding firewall rule with details about the asset, policy, service request and the rule.

  • Changed terminology for Workflow Form, Workflow Selector and Approver categories.

  • Changed terminology for Site category including Sub-sites, Site Role and Site hierarchy.

  • Reorganized Management menu to bring Site Roles, MFA Rules and Sites management closer to the top level.

Fixes

  • Fixed the issue with using peer nodes without enabled job runner for script execution.

  • Fixed the issue with the Container Role on the asset permission screen is changed only when the selection for container roles is changed when selecting asset viewer and supervisor roles.

Release notes for the July 20, 2025 update

Update Version 4.1.202507181918

New Features

Added the option to archive historical application data.

The option allows to manage database and file system space as well as data expiration compliance requirements by purging the data accumulated over time from the application storage. The option currently supports historical Event Logs and Jobs records.

Before purging historical data from the database, data archiving process first extracts data to the compressed exported reports in CSV or PDF format to the file system storage. The process also deletes historical archives from the file system when they expire based on the Retention Policy.

Retention policy governs the times the historical data remain in the database and the historical archives remain on the file system as well as the format of the export. The application allows to schedule archival process for periodic execution or to run the process interactively.

Added break glass recovery for tenant administrators.

The option allows a base tenant managers to grant themselves administrator permissions to the managed tenant to recover lost access to the content tenant.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated logging component to the latest version.

  • Updated application bill of material verification component to the latest version.

  • Updated network streaming component to the latest version.

Extensions

  • • Added the option to schedule backup process for periodic execution.

  • Added top level Integration menu to manage integrations with external services.

  • Added support to include job results into exported report.

  • Added password length requirements with minimum of 12 characters when resetting administrator password using break glass procedure.

  • Added schedule transcription to the import and task management screens.

  • Added context help to the backup management screen.

Fixes

  • Fixed the issue with the auditor accessing Management / Policy and Management / Space Permissions screens.

  • Fixed the issue with enabling save buttons on the forms with the scheduler when clearing the scheduler value.

  • Fixed the issue with backup and restore actions visibility for the auditors.

Release notes for the July 13, 2025 update

Update Version 4.1.202507111740

New Features

Added the option to import assets from Microsoft Entra ID Service.

Entra ID import option allows to load assets into the asset database from Microsoft Entra ID (former Azure AD) Service while applying intelligent tagging rules to classify the imported assets and to apply microsegmentation policies.

The import function simplifies system adoption by reusing existing network infrastructure and collected data to start system activities.

Added break glass recovery option

The Break Glass option allows to retrieve sensitive data from the tenant backup files even when the server is not running, tenant database or WEB GUI is not accessible, or the original deployment is not available.

For this option to work, tenant administrators need to schedule periodic backup and save tenant break glass key to use in in cases of emergency to access important sensitive data to keep their business running.

Security

  • Updated application WEB container to the latest version.

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated application test framework to the latest version.

  • Updated data processing utility component to the latest version.

Extensions

  • Added full breadcrumb path to the parent container on the asset creation screen.

  • Added the option to sort by Violation column in the connection reports.

  • Added the option for space administrators and space taxonomy managers to add new terms to the currently selected list from the term selection dialogue.

  • Added case-insensitive search support for services on the network service list screen and when selecting services on the policy screen.

  • Added case-insensitive search support for policies on the policies list screen.

  • Added support for case-insensitive search for assets when selecting assets for base, member assets as well as containers for new asset parents.

  • Added support for case-insensitive asset search using search center.

  • Added the option to obtain tenant break glass key that could be used to recover sensitive data or to perform un-managed operations.

  • Added the option to reset password of the deployment administrator in the emergency break glass scenario.

Fixes

  • Fixed the issue with the blanket error message on the browser developer console when displaying Network Flow Chart.

  • Fixed the issue with sorting policies by name on the policies list screen.

  • Fixed the issue with enabling loopback connections when enforcing policies on Linux devices with iptables firewall.

Release notes for the July 6, 2025 update

Update Version 4.1.202507032033

New Features

Added multi-interface assets support on the network flow chart.

The option simplifies asset-centric view of the network by displaying fewer nodes with multiple network interfaces on the network flow chart.

The feature includes the following improvements:

  • Added the option to display asset with several network interfaces in the IP level connectionsflow chart merging the graphical nodes related to different interfaces of the same asset to the same node.

  • Added the option to display several IP addresses to the text popup for the chart node.

  • Added name resolution for the connection nodes inbound to and outbound from the secondary interfaces.

  • Added support for the search of nodes related to multiple interfaces of the same asset.

Added support for script execution on legacy Windows devices.

The option allows to build and to execute scripts on the Windows devices with WS-Management version below 2.3 including Windows 7 and Windows Server 2008 R2.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated MariaDB driver to the latest version.

  • Updated application Bill of Materials management component to the latest version.

Extensions

  • Added click-able link on the policy name to edit the editable policy on the policy list screen.

  • Unified REST API naming conventions across all functions exposed by the application server.

  • Signed Windows install and update scripts with new code signing certificate.

Fixes

  • Fixed the issue with the blanket error on the browser log console when adding or editing Mail MFA configuration.

  • Fixed the misspelling issue in the API token context help.

  • Fixed the issue with aggregating batch script results in the job log report when aborting the batch.

  • Fixed the issue with displaying page breadcrumbs in full width of the screen.

Release notes for the June 29, 2025 update

Update Version 4.1.202506271557

New Features

Added microsegmentation support for IBM AIX platform.

The support allows to manage services hosted by IBM AIX 7.2 servers in the network microsegmentation policies using native IPsec firewall feature.

The platform support is enabled through the initially hidden IBM AIX Host asset type with pre-configured fields for connection purposes and pre-configured tasks for network monitoring and policy enforcements.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access framework to the latest version.

  • Updated database pool component to the latest version.

  • Updated MS SQL Server driver to the last version.

  • Updated application testing framework to the latest version.

Extensions

  • Added pagination, filter by name, type and destination, export to PDF or CSV formats options to the Parsers library to allow management of large number of parsers.

  • Added specific job results error message about failure to retrieve MSA or LAPS passwords from the Active Directory to simplify connection troubleshooting.

  • Added AIX and Solaris component servers to the out of the box LECA Segmentation taxonomy.

  • Unified REST API for script and parser libraries, and for asset types and assets task management.

  • Unified REST API for space and asset permissions management.

Fixes

  • Fixed the issue with breaking the application update on Linux servers when update runs as root for the deployments made by other users.

  • Fixed the issue with the linux update script artifacts when the setup script is updated.

  • Fixed the issue with out of the box taxonomy to not include empty synonyms.

  • Fixed the issue with 0 synonym repeated for both ICMP and all terms in the out of the box taxonomy.

  • Fixed the spelling mistake for traffic directions issue with out of the box taxonomy.

  • Added permit synonym to the firewall action allow in the out of the box taxonomy.

  • Fixed the issue with the context help about API Token description.

  • Fixed the issue with rudimentary Create Type option on the tenant update screen causing issues when selecting wrong update type.

  • Fixed the issue with creating asset import from CSV file.

  • Fixed the issue with preserving delay property for interactive tasks.

  • Fixed the issue with negative values in the task delay property.

Release notes for the June 22, 2025 update

Update Version 4.1.202506202141

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application server side WEB framework to the latest version.

  • Updated structured data processing component to the latest version.

  • Updated logging and log streaming component to the latest version.

  • Updated REST API documentation component to the latest version.

  • Updated context help rendering component to the latest version.

Extensions

  • Added asset level Network Interfaces report accessible from the asset view screen.

  • Added IBM AIX script and parser to monitor network interfaces.

  • Added IBM AIX script and parser to monitor endpoint workloads.

  • Added IBM AIX script and parser to monitor active connections on the endpoint.

  • Added IBM AIX script and parser to monitor network connections on the endpoint using firewall logs.

  • Added IBM AIX scripts to enable and to disable firewall connections logging.

  • Added IBM AIX script and parser to monitor Fireall Rules on the endpoint

  • Added IBM AIX script to add firewall rule to the endpoint.

  • Added IBM AIX script to delete firewall rule from the endpoint.

  • Added the option to parse alternative ports specification for outbound firewall rules.

  • Added support for displaying the generated firewall rule key in the Firewall Rules report.

Fixes

  • Fixed the issue with reading IPv6 addresses what parsing network interfaces.

  • Fixed the issue with detecting connection violations under current policy set for monitoring or published policies for the assets not enforced for microsegmentation.

  • Fixed the issue with the Asset Workloads chart displaying interfaces with no attached workloads.

  • Fixed the issue in REST API name to access asset firewal rules list.

  • Fixed the issue with displaying policy name for the policies that have no descriptions on the asset firewall rules report.

  • Fixed the issue with using gMSA or LAPS accounts when they specified for the Active Directory configuration with the space in the LDAP configuration name.