Skip to content

Release Notes

Release notes for the November 2, 2025 update

Update Version 4.1.202510311431

New Features

Added support to prompt for MFA when connecting to Windows servers using desktop or mobile RDP clients.

The new feature allows the access broker to interrupt the network traffic to perform interactive authentication step before resuming the session with the remote Windows server. Users interact with the access broker to provide second authentication factor within the RDP client streaming prior to switching the stream to the destination endpoint.

Besides native RDP client there are no agents or WEB Browser required to run on both client and server devices.

The access broker supports the following MFA providers:

  • Entra ID push with number matching
  • Entra ID OTP
  • Google or Microsoft Authenticator TOTP
  • Yubikey HOTP
  • RADIUS compatible providers such as RSA/SecureID
  • Cisco Duo Security push or OTP
  • OTP delivered through email

Extensions

  • Added weekly Sessions Summary widget to the application home screen.

  • Added the option to verify trust with the Duo Security server endpoint.

  • Added remote application for MS SQL Server Studio.

  • Added number matching MFA enforcement for Entra ID users logging in directly to the WEB application.

  • Added the option to configure workflow parameters such as weekends, holidays and working hours using Workflow Forms / Configuration screen.

  • Added the option to test Peer node proxy connection.

  • Added Weekly Sessions count to the top bars statistics on the home screen dashboard.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application builder component to the latest version.

  • Updated database access component to the latest version.

  • Updated scheduler component to the latest version.

  • Updated Oracle RDBMS driver to the latest version.

  • Updated MySQL driver to the latest version.

  • Updated server side REST API documentation component to the latest version.

  • Updated data conversion component to the latest version.

Fixes

  • Fixed the issue with duplicating search results in the list of users when selecting local users.

  • Fixed the issue with displaying peer node proxy token on the Peer Node editing screen.

  • Fixed the issue with ambiguous name of the Proxy Token field on the peer node editing screen.

  • Fixed the issue with disabling Login button on the WEB application login form during authentication process.

  • Fixed the issue with event columns label in the event report for archive, backup and password requirements messages.

  • Fixed the issue with displaying weekly login statistics on the home page.

  • Fixed the issue with supporting wildcard certificates when establishing trusts with the external servers.

  • Fixed the issue with Entra Id MFA on the WEB session launcher screen to use Transit Credentials when the password is not specified.

  • Fixed the issue with displaying the warning when navigating out of Grant Permissions screen after the user is selected.

Release notes for the October 26, 2025 update

Update Version 4.1.202510242138

Extensions

Improved the option to transfer files in the WEB Sessions.

  • Added an indicator to a session control box displaying a progress of file upload in a WEB session. The progress indicator as well as the file upload happens in the background allowing a user to continue interacting with the session. The progress indicator supports displaying or multiple uploaded files. File Download progress is monitored by the native browser download facility.

  • Added support for large files upload using drag and drop mechanism to the WEB Session screen as oppose to using in-session File Manager.

  • Added support for large files download using native WEB Session tools such as Linux utility or Windows shared drive Downloads folder as oppose to using in-session File Manager.

Added session and session events metadata to the exported video recording.

  • Added the option to embed session metadata (including asset, user and session start and completion times) at the beginning of the exported video recording.

  • Added the option to embed session events at the event time location (including event type such as keyboard or file upload, and event preview) to the exported video recording.

Improved multi-language and multi-region support

  • Added support to export reports to PDF and CSV formats using the language selected by user in the WEB GUI.

  • Fixed the issue with the exported reports font to match the application font.

  • Fixed the issue with rendering Cyrillic and Japanese GUI and exported reports using the application font.

  • Fixed the issue with rendering dates in the exported reports and video recordings in the format of the selected user language.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated internal scripting language component to the latest version.

Fixes

  • Fixed the issue with searching local users by their last names.

  • Fixed the issue with enabling Save buttons on the Access Profile asset association screen when selecting a user or modifying the access profile selection.

  • Fixed the issue with blanket information messages in the application log file about terminating IP resolution pool.

  • Added URL information in the error message in the application log file about authentication failures.

  • Fixed the issue with the WEB application does not auto-logout after inactivity timeout happening during host computer hibernation.

Release notes for the October 19, 2025 update

Update Version 4.1.202510172141

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated MS SQL Server Driver to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated context help management component to the latest version.

  • Updated database access component to the latest version.

  • Updated high-performance networking component to the latest version.

  • Updated PDF toolkit component to the latest version.

Extensions

  • Added a help button with a link to a documentation page on every screen of the WEB application next to the screen title.

  • Added duplicate Save and Cancel buttons at the bottom of each editing screen in the WEB application.

  • Added color indication for the password strength meter.

  • Added the option to search users by first and last name in addition to login when selecting users.

  • Added User Search property to LDAP configuration to support query selecting users by complex search criteria including first and last names.

  • Added Test Connection, Connect and Auto-populate and Verify Trust buttons after definition of parameters that are enough to connect on the LDAP editing form to emphasize the value of auto-population of configuration parameters.

Fixes

  • Fixed the issue with session event preview displayed in the site events report.

  • Fixed the issue with the unlock safe link button on the safe link editing screen sometimes generates an error.

  • Fixed the issue with Safe Link option available for the master users on the asset view screen.

  • Fixed the color of warning messages to more prominent orange.

Release notes for the October 12, 2025 update

Update Version 4.1.202510101641

New Features

Added support to mask passwords captured as keyboard session events.

The option improves security of Session Events report as well as sessions video recording playback in the situations when a user types passwords to 3rd party systems captured by the session event recording.

Safe link option allows to quickly share secret information with unauthenticated users using messaging applications in a secure way instead of sending sensitive information directly.

Safe links protect sensitive information from being pre-loaded by the messaging applications but require human interaction to access instead. Unique safe links expiration is based on time or number of views. Safe links management and access is audited. Sharing sensitive asset data using safe links could optionally require multi-level approval process.

Added the option to pin assets and containers for quick access.

The option improves asset database navigation by allowing users to select frequently used assets to view them in the designated Pinned Assets area.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated database access component to the latest version.

  • Updated build time project consistency checker to the latest version.

Extensions

  • Added the explicit logic of modifying secret fields on the asset editing screen for clear state designation to preserve the existing value, to edit and to clear the field.

  • Added support for TOTP MFA tokens bypassed to the remote applications.

  • Added remote application for AWS WEB Console using two authentication factors.

  • Added support to display authentication or authorization errors on the login screen in case of failed login.

Fixes

  • Fixed the issue with PuTTY remote app typing the password in the previously opened application.

  • Fixed the issue with bypassing custom asset fields to the remote application.

  • Fixed the issue with missing context help for RDP and HTTP Proxy configuration pages.

Release notes for the October 5, 2025 update

Update Version 4.1.202510031538

New Features

Added the option to filter and control commands executed in active sessions.

The option allows precise control over which shell or terminal commands are permitted or denied during a secure remote session. In addition, the option ensures that only trusted binaries from approved directories are executed.

Added the option to join active sessions.

The option allows asset managers to join active sessions in Monitoring (read only) or Participation (active) mode.

The shared sessions are useful in the multiple network administration scenarios:

  • To review and control the session real time.
  • To allow training or demonstrations.
  • To enable live session intervention capabilities during active security incidents
  • To facilitate immediate threat containment without waiting for session completion

Security

  • Updated application client side WEB framework to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated HTTP Communication component to the latest version.

  • Updated database access component to the latest version.

  • Updated WEB frontend builder component to the latest version.

  • Updated build time testing component to the latest version.

  • Updated Windows system tools component to the latest version.

Extensions

  • Added domain users and groups management MMC snippet remote application driver to enable zero trust management of domain administration.

  • Added account management support including credentials rotation and verification for database servers: Oracle RDBMS, MS SQL Server, IBM Informix DB, MySQL, MariaDB and PostgreSQL.

  • Added the option to manage and execute SQL scripts on the database servers.

Fixes

  • Improved event log message readability to display event parameters separated by comma.

  • Switched bootstrap logger configuration to information level.

Release notes for the September 28, 2025 update

Update Version 4.1.202509261730

New Features

Added session events references to the session recording player.

Displaying session events such as user keystrokes, clipboard or file transfers allows the viewer to evaluate the context of the video recording, to quickly scroll the playback on the important timeline position or to review the session activities while watching the recording.

Added the option to launch desktop applications in Zero Trust session on the RDS jump host.

The option enables development of Zero Trust Access with full session recording capabilities for a wide range of desktop applications ("fat clients") published via Remote Desktop Services (RDS) as Remote Applications.

The option is applicable to multiple use cases such as:

  • Database development.
  • Data analysis.
  • System administration.
  • Shared Web portal access.
  • Digital marketing.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application build component to the latest version.

  • Updated bill of materials management component to the latest version.

  • Updated HTTP client component to the latest version.

  • Updated logging component to the latest version.

  • Updated encryption utility component to the latest version.

  • Updated operating system interface component to the latest version.

  • Updated mail implementation component to the latest version.

  • Updated XML runtime component to the latest version.

  • Updated common utility component to the latest version.

Extensions

  • Added the option to interactively update transit credentials for SSO logins.

  • Added reporting of Enter key in the keyboard session events.

  • Added the option to search session events by event preview.

  • Added the option to filter session events by clipboard upload or download events at the same time.

  • Added the option to filter session events by file listing, upload or download events at the same time.

  • Added the option to open a session player from the sessions event report and jump to the event position in the report.

  • Added IBM PC5250 terminal remote application driver to enable zero trust connections to IBM i servers.

  • Added Mocha TN5250 terminal remote application driver to enable zero trust connections to IBM i servers.

  • Added Microsoft Remote Desktop Client (mstsc) remote application driver to enable zero trust connections to Windows Hosts through RDS jump server.

  • Added PuTTY remote application driver to enable zero trust connections to Unix Hosts through RDS jump server.

  • Added account management support for network devices: Cisco, Cisco Nexus, Brokade, F5 BIG-IP, Fortigate, Juniper, NetApp, Netscaler, Palo Alto.

Fixes

  • Fixed the issue with the keyboard shortcut help on the session player to focus on important options.

  • Fixed the issue with the font color of the read only properties on the Profile / Account screen.

  • Fixed the issue with empty credentials type selection on the gateway launcher screen in the situation when the previous launch made for the selection that is not present for the current asset.

  • Fixed the issue with accessing Entra ID group members on the Access report.

  • Fixed the issue with the blanket error message when disconnecting from some sessions.

Release notes for the September 21, 2025 update

Update Version 4.1.202509191445

New Features

Added the option to Discover privileged accounts on Windows devices.

Privileged Account Discovery is designed to automatically detect privileged accounts on Windows devices and optionally import them into the Credential Vault. This feature supports both reporting and importing modes, allowing organizations to identify accounts used for administrative tasks, services, scheduled tasks, and application pools.

The discovery process identifies both local and domain accounts used in the following roles on Windows devices:

  • Members of the Administrators group
  • Service logon accounts
  • Scheduled tasks ("Run As") accounts
  • Application pool identity accounts
Added Session Intelligence option for the analysis and control of user behavior during the active access to remote devices.

Session Intelligence feature is a configurable algorithm designed to provide real-time visibility, risk analysis, and enforcement during active remote access sessions.

Session Intelligence enable a range of advanced capabilities from real-time monitoring and behavioral analysis to dynamic risk-based controls, that enhance visibility and security during active sessions.

  • Live Session Monitoring and Intervention including pause and terminate sessions.

  • In-Session Threat Analytics

  • Intelligent Alerting and Risk-Based Decisions
  • User and Entity Behavioral Analytics (UEBA)
  • Real-Time Anomaly Detection
  • Context-Aware Dynamic Access Control
  • Progressive Threat Response

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated REST API data management component to the latest version.

  • Updated REST API Documentation component to the latest version.

  • Updated client side REST API Documentation browser to the latest version.

  • Updated context help management component to the latest version.

  • Updated mail transport component to the latest version.

  • Updated Maria DB driver component to the latest version.

  • Updated PostgreSQL driver to the latest version.

Extensions

  • Added the option to bulk import service accounts from MS Active Directory.

Fixes

  • Fixed the issue with the incorrect naming of foreign keys on the access profile link database table.

  • Fixed the issue with the asset view screen to open by the application with expired license.

  • Fixed the issue with the component displaying the list of dictionary terms on various application forms.

  • Fixed the issue with the context help for the name field on the access profile screen.

Release notes for the September 14, 2025 update

Update Version 4.1.202509121602

New Features

Added public key authentication support for native SSH clients to access the application.

The update enables native SSH client access using public key authentication of the application user to the SSH Proxy as an alternative to the password authentication.

Public key authentication to SSH Proxy brings the following benefits:

  • Increase Security. When using private keys to authenticate, there is no need to transmit passwords over the network. And because the private key is kept on your local machine, it is less vulnerable to interception or attack.

  • Better Access Control. SSH keys can control access to the application server by restricting access only to authorized users with the corresponding private key with the option to disable the access for the selected keys.

  • Convenience. SSH keys can be more convenient and increase users’ productivity. The recommended practice is to encrypt keys with a unique passphrase.

  • Automation. SSH keys can be used in scripts and automation tools to automate tasks that require logging into a remote server. This can make managing and maintaining servers and applications easier and reduces the risk of a password being exposed.

Public key authentication supports both direct connections to the specified assets and command line shell interface access.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated network streaming component to the latest version.

  • Updated command line processor component to the latest version.

  • Updated outgoing e-mail processor component to the latest version.

  • Updated internal scripting language component to the latest version.

  • Updated interchange data JSON processor component to the latest version.

Extensions

  • Added support to display detailed privileged access errors in the sessions established by the native RDP clients caused by the lack of the access approval or inability to find the requested asset.

  • Added progress timeline to the sessions player.

  • Added site permissions information into the Asset Access report.

  • Added Assets Access report to the list of container and asset view reports.

  • Added Asset ID to the Asset Access report and its export.

  • Added initially hidden VNC Host asset type with VNC protocol for access.

  • Added support to display host, account and shadow account in the job results.

  • Added the option to manage authorized keys for SSH Proxy public key authentication.

  • Added support to overriding too small screen resolution provided by the native RDP client.

  • Added Windows Discover Privileged Accounts script to report local administrators, Logon As users in the services, run as user in tasks or application pools.

Fixes

  • Optimized performance of the group membership collection for large number of ACLs.

  • Fixed the issue with the Windows Password Set by Shadow Account script to work with the account given in the domain\user notation.

  • Improved the troubleshooting logging for the sessions established by the native RDP clients.

  • Fixed the issue with the Backspace label on the session report.

  • Fixed the issue with the access profile action label to Allow and Record access.

  • Fixed the issue with API documentation for the API Tokens REST API.

  • Fixed the issue with the language translations for the API Token management events.

Release notes for the September 7, 2025 update

Update Version 4.1.202509051825

New Features

Added password rotation support for domain service accounts.

The option updates password of dependent services, tasks and application pools run as Active Directory account on multiple domain computers after rotating password of the domain account.

The option allows to manage Windows domain accounts while maintaining consistency with the accounts dependencies across the network.

Added support for WEB sessions to use user linked mirror accounts.

Mirror account option enables a user to access a remote asset endpoint using the privileged credentials related to the original account unique for each user instead of sharing the same privileged credentials.

The option enables support for the endpoint to track access for individual users while maintaining least privileges for the main user account. The option also enables support for Microsoft Enhanced Security Admin Environment (ESAE, red forest, admin forest).

Added Access report to display assets with granted permissions.

The access report allows to cross reference assets, list of users with permissions to this asset and the chain og groups memberships that allow these users to receive each specific grant.

This report is one of the main tools for the system owners to show auditors who exactly can access what in their network with what exact permissions and how. It also simplifies identity governance management in the organization to identify unnecessary access often granted through the chain of nested user groups.

Security

  • Updated application framework for Linux x64, Linux arm, Windows x64 and Windows arm platforms to the latest version.

  • Updated application WEB Container to the latest version.

  • Updated application client side WEB framework to the latest version.

  • Updated network streaming component to the latest version.

  • Updated software Bill of Materials maintenance component to the latest version.

Extensions

  • Added SSH tunnel destination IP forwarding restrictions based on the asset fields Tunnel Host and Tunnel Port. The option allows asset owners to restrict the destination services users can build tunnels to through the zero trust session.

  • Added the option for request approver to review the list of the legacy approved requests in addition to the requests to approve.

  • Added account qualification such as Main, Transit or Mirror to the account column in the session report.

  • Added binary hashes for offline installation, distributed gateway and WEB HTTP driver binaries to verify integrity of the downloaded packages.

Fixes

  • Fixed the issue with the blanket error message in the system log about during job pool recovery.

  • Fixed the issue with archiving jobs with attached schedules.

  • Added warning messages to the application log about failing to send request approval notifications because of no enabled SMTP servers found or no email on the user profile to better troubleshoot notification issues.

  • Fixed the issue with logout from the WEB GUI in some cases of completing the WEB Session.

  • Fixed the issue with security verification of the starting the WEB Session with the member assets as a credentials provider.

  • Fixed the issue with error messages displayed in the WEB Session console when establishing WEB Session using the user from the master tenant user directory.

  • Fixed the issue with the About screen title translation after refreshing the screen.

  • Fixed the issue with the Windows Password Reset by Account Itself script to work with the account given in the domain\user notation.

  • Fixed the issue with displaying login of Active Directory users without User Principal Name defined.

Release notes for the August 31, 2025 update

Update Version 4.1.202508291811

New Features

Added email notifications to action request approval process.

The update adds email notifications sent to request approvers when they need to approve new request. The update also adds email notification to the user initiating the action request about the request has been approved or rejected. Email notifications include details about the request.

Email notifications improve user awareness about request approval process.

Added peer tunnel option.

Added the Peer Tunnel option for the peer node to expose its services for the main node through the reversed tunnel from behind the closed perimeter with blocked inbound traffic.

The peer tunnel option allows the application deployed outside of the network perimeter to use WEB or native clients sessions or execute scripts on the assets endpoints as well as integrate with MS Active Directory inside the network perimeter in the situations when inbond connections to the network are blocked.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated SSH Server and SSH client components to the latest version.

  • Updated internal server side scripting language to the latest version.

  • Updated mail management component to the latest version.

  • Updated XML and JSON data processing component to the latest version.

  • Updated HTTP client component to the latest version.

Extensions

  • Added support for SSH server side public key verification using the asset field Server Key with the Verify button.

  • Added the option for the same user to approve the same action request on two different approval levels.

Fixes

  • Fixed the issue with completing RDP sessions accessed using native clients.

  • Fixed the issue with updating job started time when executing jobs.

  • Fixed the issue with authentication to remote domain joined RDP server with the asset user defined without domain when accessing the asset using native RDP client.

  • Fixed the issue with displaying old rejected requests to the workflow approver.

  • Fixed the issue with the error message about failure to find user directory object.

  • Fixed the issue with the blanket errors in the log file during workflows approval cycle when there is no smtp service configured.

  • Fixed the issue with the quality of sessions playback for the sessions accessed using native RDP clients.

  • Fixed the issue with ignoring not integrated user directory for user authentication by the clients that send client side domain.

  • Fixed the issue with enforcing MFA for non-interactive SSH channels: scp, sftp, exec.

  • Fixed the issue with enforcing access requests for non-interactive SSH channels: scp, sftp, exec.

  • Fixed the issue with detailed error messages returned for non-interactive ssh sessions.

  • Fixed the issue with SSO integration with Identity Providers that include question mark in IdP URLs.

  • Fixed the issue with the application update on Linux platform then the update procedure is executed by the account with lack of required permissions in the deployment location.

  • Fixed the issue with the blanket error message in the application logs about processing transit credentials when logging in to the WEB application using SSO integrated provider.

  • Fixed the issue with reusing the same job record for consecutive scheduled job executions.