Update Version 4.1.202604031457
Introduced the ability to block specific URLs and API calls within Web HTTP sessions. This option enables administrators to restrict access to defined areas of destination web portals based on command filters associated with users and assets.
For example, organizations can prevent users from generating API tokens in a web portal while still allowing access to the rest of the application. This provides granular control over user actions in the WEB browser without impacting overall usability.
Introduced the ability to record a full transcript of browser-to-portal communications during Web HTTP sessions, complementing existing video recording capabilities for enhanced visibility and auditing. This option captures all HTML traffic between the browser driver and the destination web portal, including requests, responses, and message bodies, and stores it as a searchable text transcript.
This capability enables organizations to support DLP policies and gain detailed visibility into user activity within management portals for auditing and investigation purposes.
Introduced a Split Knowledge option to display only a segment of a password when accessing credentials. This feature enforces dual control for sensitive accounts by dividing a credential into two independent segments and granting each user access to only one segment.
Users assigned to different segments must collaborate to reconstruct the full credential when required. This reduces the risk of misuse, supports segregation of duties, and helps meet regulatory requirements for shared control over highly privileged access.
This control is commonly used in high-security environments to prevent insider threats and ensure that critical actions require multiple authorized participants.
Introduced support for enforcing MFA on sessions established using native PowerShell clients. This ensures user identity is verified before access is granted to remote PowerShell sessions, strengthening security for privileged operations.
-
Improved MCP Server documentation and design to better guide AI agents in discovering authorized resources, requesting access, and securely obtaining credentials for network assets.
-
Added the option to request access to view or rotate the Break Glass Key, with optional MFA enforcement prior to executing the approved action.
-
Added out of the box Command Filter High-Risk Commands (Linux/Unix) as an example of command filters.
-
Added Windows Password Reconcile by Account Itself script for faster password reconciliation of local windows accounts.
-
Added Windows Password Reconcile by Shadow Account script for faster password reconciliation of local windows accounts.
-
Added support to report failed authentication and authorization events to the application event log.
- Updated application WEB framework to the latest version.
- Updated Informix driver to the latest version.
- Updated internal scripting language to the latest version.
- Updated server side logging component to the latest version.
- Updated REST API documentation component to the latest version.
- Updated context help rendering toolkit to the latest version.
- Updated Code Editor view component to the latest version.
- Updated application icons component to the latest version.
- Downgraded compilation language component to the latest version supported by the framework build.
- Updated Terminal Interaction toolkit to the latest version.
- Updated MariaDB Driver to the latest version.
Enhanced the out-of-the-box Web application configuration to improve security, performance, and observability:
- Disabled the ability to shut down the application via local port.
- Improved performance for handling small packet transfers.
- Disabled disclosure of Web container vendor, version, and related identifying details.
- Disabled automatic deployment of applications copied into the deployment directory.
- Added protection against Cross-Site Tracing (XST) attacks.
- Enabled suppression of stack traces, container version, and internal error details in responses.
- Added support for resolving real client IP addresses when accessed through a load balancer.
- Enhanced access logs to include real client IP (beyond the load balancer) and response time.
Improved the bootstrap system logger configuration for better stability and log management:
- Disabled automatic reloading of updated configuration files.
- Removed color coding from file-based logs.
- Increased log retention period to 90 days.
- Disabled reporting of code location in log entries.
Enhanced the Web application configuration to strengthen security and standardization:
- Disabled all default pages except the actively used index.html.
- Renamed the application internal name.
- Updated to the latest schema standards.
- Enforced HTTPS for all communication with the Web application.
- Added protection against clickjacking attacks (preventing embedding in iframes).
- Added protection against MIME sniffing attacks.
Enhanced the security of login and registration pages:
- Fixed an issue where error messages varied on the login page; now a consistent response is returned for all authentication failures.
- Added protection against cross-site attacks to the Web application login page.
- Added protection against cross-site attacks to the Web application registration page.
- Added integrity attributes to authentication pages stylesheets.
-
Fixed the issue with displaying escaped special sequences in the recording of the sessions established using native PowerShell clients.
-
Fixed the issue with displaying commands automatically generated by aliases in the recording of the sessions established using native PowerShell clients.
-
Fixed the issue with displaying session player progress bar on some client devices for the sessions established using native SSH or PowerShell clients.
-
Fixed the issue with the update availability message on the application dashboard to be visible for the auditors and administrators only.
-
Fixed the issue with the maximum password length on the default password requirement to be 64 characters.
-
Improved error message about the failure to connect to a peer node to include the node and endpoint URL.
-
Fixed the default file logger configuration to exclude line coloring in the log files and to increase log files retention to 90 days.
-
Fixed the issue with both client- and server-side input validation on user profile fields Mail, Last Name and First Name.
-
Fixed the issue with retrieving user context on the client side from the server with invalid asset parameters.
-
Fixed the issue with resolving issuer for system events, SAML and authentication tokens for the master users navigation from the base tenant to the asset one.
-
Fixed the issue with rotation and archiving of console logs on Linux platforms.
-
Fixed the issue with large exceptions were recorded in system logs in response to port scanning activity on the RDP proxy port.