Skip to main content
Version: 3.20

Changelog

The version 3.20.0​

The following items presented in this changelog have been introduced, improved and fixed in the 3.20.0 version of senhasegura.

caution

The changes presented are aligned with the version of the entire platform. Part Number segmentation is not considered in this document. Consult our commercial department, or your reseller, to acquire other functionalities

What’s new in this version​

For details on which features have been enhanced or corrected for each component, see the next chapter in each module section.

info

For details on how the new items or improvements were introduced to the solution, see our documentation.

Just-in-time credentials (JIT) for proxy sessions​

The credentials receive a JIT configuration tab. In this tab you can configure the behavior of the credential in two different dynamic provisioning situations:

Create and Delete: In this category, the registered credential will be used to create a new random credential on the target device, obeying the instructions of the creation and removal template configured by the administrator. So the operator user will always use a new credential to each access;

Enable and Diable: In this scenario, the credential itself will be the target of the activation and inactivation template configured by the administrator. The credential is perpetuated on the target device, but its state will be managed by senhasegura;

The Administrator may manage the creation of these credentials through a report dedicated to the operation of these credentials, accessible by the menu PAM ➞ Credential ➞ Just in time.

Exceptional access for credentials​

At the Credentials report, the credentials receive an exceptional access provisioning action. In this action the administrator can set a list of users and a period of time by which they can access the target credential. Users can receive individual permissions viewing the password or use it in proxy sessions.

With this feature, the administrator may grant additional access plus the access groups to which users are part. Bringing greater granularity and security in exception scenarios. Avoiding access groups to be constantly reviewed and fractioned.

A set of reports and screens support the administrator in the management and use of these accesses.

Emergency button​

In an exception scenario, the administrator can immediately interrupt all running proxy sessions.

This action demands the use of MFA Token, and its execution will be echoed through syslog message.

New Languages Support​

Support for Russian and Croatian keyboard layout.

Dynamic Profile Support Google Cloud Platform​

We incorporate the GCP SDK features to be possible to manage Projects and Roles to be provisioned to dynamically on a GCP account, through senhasegura Cloud.

Just-in-time access support (JIT) for AWS STS​

You can perform a monitored JIT access to AWS console through a JIT credential using a STS token.

Changelog​

senhasegura​

ItemDescription
New feature
581
You can now batch import protected information.
New feature
2803
Created just-in-time credential functionality (JIT) for senhasegura Web Proxy. Accounts can be created and removed, or enabled and enabled, dynamically.
New feature
2946
Possibility of allocating exceptional access to credentials for a given time without the need to modify access groups.
New feature
2794
Created the Emergency button. When used, all proxy sessions, and web sessions will be interrupted immediately.
New feature
2998
New papers permissions report.Accessible by menu Reports ➞ Permissions ➞ User management ➞ Permissions by role
New feature
2987
New executor plugin, based on selenium, for web password exchange.
New feature
3095
Created an action for immediate execution, into execution module operation report.
Improvement
2838
In privileged information, created the possibility of determining different expiration notification criteria for each user.
Improvement
2553
The computer MFA token trust period setting has been changed from days to hours.
Improvement
2943
Added Syslog message for e-mail report scheduling events:
- When the user creates a new schedule;
- When the user edits an existing schedule;
- When the user inactivate an existing schedule;
Improvement
3437
System default roles permission adjusted.
Improvement
3202
Change of term \mtq{Safety} to \mtq{Security} in the menu paths and screens names
Bugfix
2840
Fixed error in the batch import of devices and credentials that allowed to import a domain credential more than once using different devices.
Bugfix
2911
Report filter Credential Type fixed at Access Control History report.
Bugfix
2885
Fixed page redirection after SSH keys batch disabling.
Bugfix
2871
Correction in the history of password changes for SSH key.
Bugfix
2847
Fixed automatic password exchange after the start of a proxy session.
Bugfix
2968
Fixed automatic lock of a senhasegura user account who reach the audited command executions tries, when the audited command is configured to block the user account.
Bugfix
3049
Fixed system management for nonexistent URLs.
Bugfix
3426
Fixed credential password persistence where the password is composed by the characters & and ;
Bugfix
2739
Fixed SSH keys persistence for private keys at the automatic exchange process. Fixed public key publishing into authorized_keys file at target servers, in the automatic exchange process.
Bugfix
3439
Fixed database writing concurrency into large scale cluster environments, which causes access group processing failure.
Bugfix
2984
Fixed IP usage failure in SAML server configuration
Bugfix
3231
Fixed UTF-8 Cyrillic language support.
Security
3458
A new special configuration for external MFA solutions usage has been developed.
Security
3050
Default URL redirections was revised.

senhasegura.go​

ItemDescription
New feature
2806
New report for Application Malware Analysis. The analysis are executed by senhasegura.go using the VirusTotal1 service, and its results are forwarded to the senhasegura server. Configured users will be notified about analysis results.
New feature
2949
Regular expression can be used to configure allowed commands for senhasegura.go for Windows.
New feature
2950
You can now configure a new application policy using a record from execution event report.
New feature
2957
New workstation logins and activity monitoring service and report. The registered events will be available into a report in the senhasegura server.
Improvement
3322
Added support for automation binary arguments.
Improvement
3434
Improvement into server communication with client, when sending a session macro.
Improvement
3435
The application access lists are now based on it hash. The list setup will display the application hash over the application name.
Removed
3438
The Default action without allowlist option will be removed from the senhasegura.go global definitions.

senhasegura.go for Linux​

ItemDescription
New feature
2932
Created monitoring of logins and execution of commands performed on stations with senhasegura.go Linux. Data can be accessed by a report on the senhasegura server.
Improvement
3459
The senhasegura.go for Linux configuration file will be overwritten with each installation.
Bugfix
3460
Fixed the persistance of allowed events for senhasegura.go for Linux.
Bugfix
3464
Correction in the default configuration of audited applications in environments that use senhasegura.go for Linux.

senhasegura.go for Windows​

ItemDescription
New feature
3317
Created an action to immediately synchronize the credentials. This action is available from the system tray context menu.
New feature
3318
Created an action to immediately synchronize the policies. This action is available from the system tray context menu.
New feature
3360
Created support for automation audit recording.
New feature
1836
A new rule for unknown file executions.
Improvement
3234
Expansion of the application execution block policies. The senhasegura.go will now monitoring and block applications which was started outside it control, no matter which privilege the target application credential is using.
Improvement
3450
If the malware analysis is enabled, the target application will be executed only if it was analised once. If the workstation is offline, the target application will not be executed.
Bugfix
3449
Fixed error into the malware analysis which causes the execution block without considering the analysis result.
Bugfix
3432
The user's default credential was not selected when the client start.
Bugfix
3430
Fixed the Just-In-Time User Provisioning (JIT) for domain users.
Bugfix
3436
Fixed the interaction block while automation is running.
Removed
3375
Removed support to Microsoft Internet Explorer in automation.

WebService A2A​

ItemDescription
Bugfix
2852
Fix in A2A endpoint response for device registration with non-existent domain. Previously returned an HTTP 500 error with the message Unexpected error. Now returns an HTTP 400 error with exception code 1029 and the message It is not possible to enter a domain that has not been previously registered.

senhasegura Proxy​

ItemDescription
Improvement
2868
Improved argument handling for sudo automation in Terminal and Web SSH proxies.
Bugfix
2983
Fixed bug in sudo automation for target servers with high communication latency.

senhasegura Web Proxy​

ItemDescription
New feature
3377
Added keyboard layout support for UTF-8 Cyrillic and Croatian keyboard layout.
Bugfix
2886
imezone settings were not being replicated in the embedded browser that supports HTTP web proxy sessions.
Bugfix
3093
Fixed use of SSH key for senhasegura Web Proxy X11 sessions.
Security
3164
Changed configuration of the embedded browser that allowed saving the password of the website accessed.

senhasegura Cloud​

ItemDescription
New feature
1461
Support for dynamic profile provisioning using Google Cloud Platform (GCP)2
New feature
2240
Just-in-time (JIT) account support for AWS STS platform3.
Security
2945
The ***Secret Access Key} field is no longer displayed on the Cloud IAM account update form.

Scan & Discovery​

ItemDescription
Bugfix
2857
Fixed discovery for self-signed certificates on Microsoft IIS servers.
Bugfix
3461
Fixed the display of Devices services, View logs and Last debugs reports from a discovery result.

senhasegura Domum​

ItemDescription
Improvement
2743
Added changes to Domum parameters in audit reports. Changes will also be notified via SYSLOG.
Improvement
2809
Adjust screen size for third-party access creation.
Improvement
2810
Added Third-Party User photo to Third-Party User registration change form.
Improvement
2733
Added changes to Domum Employee Groups to audit reports. Changes will also be notified via SYSLOG.
Improvement
2734
Added changes to the records of Domum Suppliers and Third Parties in the audit reports. Changes will also be notified via SYSLOG.
Improvement
2775
In the Suppliers register, the Users tab was removed at the time of creation. Upon change, it will be made available for read only.
In the registration of Third Parties, the Accesses tab was removed at the time of creation. Upon change, it will be made available for read only.
The screen Remote Access - Partner User has been renamed to Access Request - Third Party User.
When requesting new access, the start date field will be populated with the current date.
Improvement
2906
For Domum users that are configured with login via SSO, access to Domum will only be possible using the username and password.
Improvement
3396
Improved photo upload validation for Third-Party User registration.
Bugfix
3425
Fixed validation failure in inactivating Suppliers action.
Bugfix
3394
Fixed Third Party User filter crash on Third Party User dashboard.
Bugfix
3395
Fixed inactivation of Suppliers. Vendor inactivation will also inactivate related Third Party Users.
Bugfix
3409
Fixed joint usage of Domum with AD services where syncing with AD disables Domum accounts.