In this article
About this release
On April 15, 2026, we released version 4.2.3 of Segura® Platform. The release includes 26 changes across 10 modules.
- Release date: 2026-04-15
For information on how to update Segura® Platform, see Update Segura®.
Release highlights
Integration for Certificate-Based Authentication
Version 4.2.3 introduces integration between Certificate Manager (CLM) and PAM Core credentials, enabling centralized management and usage of certificates in privileged sessions.
What's new
- Association of managed certificates with PAM credentials.
- New Certificate section in credential configuration (Session Settings).
- Automatic synchronization when certificates are renewed in CLM.
- Full audit logging of certificate usage during sessions.
Security & Governance Enhancements
- Centralized certificate lifecycle management.
- Granular access control for certificate usage.
- Full traceability of certificate-based authentication.
- Secure and encrypted communication between PAM and CLM.
Customer impact
This integration eliminates manual certificate handling and enables organizations to centralize governance over certificate-based authentication. It improves security, visibility, and compliance while simplifying user experience and ensuring full lifecycle control of certificates used in privileged access.
See the documentation:
Password Change Shortcut
This release introduces a new usability enhancement that allows administrators to request password rotation directly from the credentials list.
What's new
- New action: Request Password Change available inside credential lists.
- Permission and eligibility-based visibility.
- Action available only for eligible credentials with a rotation policy configured.
- Disabled state when execution is already in progress.
- No disruption to list filters or pagination.
Customer impact
This feature reduces operational friction by enabling faster execution of password rotations. It improves efficiency, usability, and responsiveness, allowing administrators to act quickly on credential security tasks without unnecessary navigation.
See the documentation:
Changelog
A2A
Changed
| Item | Description |
|---|---|
| SSGR-7923 | Added the new Credentials API v2 (/api/v2/pam/credentials) to provide a consistent, predictable, and comprehensive way to retrieve credential information. This new version resolves previous inconsistencies between the list and detail endpoints. See the documentation:- GET | List all credentials. - GET | List a credential by [id]. |
Certificate Manager
Fixed
| Item | Description |
|---|---|
| SSGR-10317 | Fixed an issue where the amount of certificates found by a device discovery wasn't being displayed properly throughout reports. |
| SSGR-9945 | Fixed an issue where the /api/certificate/request endpoint wasn't accepting the justification and reason parameters. |
Cloud IAM
Fixed
| Item | Description |
|---|---|
| SSGR-3305 | Fixed an issue where, when trying to add an Azure account with valid credentials, an error about invalid credentials was displayed. |
| SSGR-10217 | Fixed an issue where, when trying to add an Azure account, an error 500 was displayed. |
DevOps Secret Manager
Changed
| Item | Description |
|---|---|
| SSGR-5170 | Added support for environment and tags optional parameters in the Secret creation and update endpoint, allowing environments and tags to be assigned to Secrets directly via API without requiring manual configuration through the UI. |
Discovery
Fixed
| Item | Description |
|---|---|
| SSGR-10181 | Fixed an issue where certificate search via Discovery was not executed in some SaaS environments. |
| SSGR-10181 | Fixed an issue where certificate discovery via IP range scanning did not run in some environments. |
Domum Remote Access
Fixed
| Item | Description |
|---|---|
| SSGR-10126 | Fixed an issue where tags weren't being substituted for the proper data in emails related to the approval workflow. |
| SSGR-10129 | Fixed an issue in remote sessions on Domum Remote Access, where credentials were displayed in random order on the access panel each time you refreshed the page or interacted with pagination. Now the list is ordered based on access ID, device, and credential. |
Executions
Changed
| Item | Description |
|---|---|
| SSGR-8790 | Added the Request password change option to the actions menu of the PAM Core > Credentials > All credentials report, so that administrators can trigger a password change directly from the credentials list, reducing unnecessary navigation. See the documentation: - How to request a password change from the credentials list. - All credentials. |
Fixed
| Item | Description |
|---|---|
| SSGR-10177 | Fixed an issue in Kerberos password changes with Network Connector that required manual environment adjustment for the process to complete correctly. |
Segura Framework
Fixed
| Item | Description |
|---|---|
| SSGR-10218 | Fixed an issue in SSL MFA authentication where the application returned a 500 error during the authentication process, even when the CA and certificate were correctly configured. |
| SSGR-10294 | Fixed the DUO authentication flow in the Segura® Platform, by adding support for Verified DUO Push in the web authentication module when the feature is enabled in the DUO environment policies. |
PAM Core
Added
| Item | Description |
|---|---|
| SSGR-8640 | Added the integration between Certificate Manager (CLM) and PAM Core, allowing credentials to use personal certificates. With this integration, certificates can now be centralized in CLM, enabling expiration notifications, access control, full lifecycle auditing, and automatic updates for renewed certificates. See the documentation: - How to set up a credential. - Credentials registration. |
Fixed
| Item | Description |
|---|---|
| SSGR-10339 | Fixed an issue in Web Proxy where newly started remote sessions could be incorrectly terminated by the internal session handling process. |
| SSGR-9886 | Fixed a display issue on the user details screen in Users review and certification, where some fields in the Roles and Access policies tabs were shown incorrectly after attributes were removed during the review. |
| SSGR-10110 | Fixed the Microsoft SQL Server proxy service initialization to prevent unnecessary alerts. |
| SSGR-10100 | Fixed an issue on the PAM Core > Credentials > SSH Keys > SSH Keys screen, where the system returned a 500 error when trying to edit a previously saved key. The error occurred if the key was configured with an authentication credential and a RemoteApp, but without an authentication device. |
| SSGR-9908 | Fixed an issue where the date and time of the last access were displayed incorrectly for users with DUO MFA enabled. |
| SSGR-10178 | Fixed an issue in the Just-in-Time (JIT) flow where credential creation failures did not stop session provisioning and caused the system to recreate execution tasks repeatedly. |
| SSGR-10180 | Fixed an issue in the Just-in-Time (JIT) user creation and deletion session flow where an abrupt connection termination during provisioning could leave the session in an inconsistent active state. |
| SSGR-10227 | Fixed a handshake error in remote SSH sessions that prevented connections to older Linux servers in specific scenarios. |
| SSGR-8547 | Fixed an intermittent issue in RDP Proxy where sessions started through Remote Desktop Manager with automatic username and password input could become stuck on a black screen after the connection started. |
| SSGR-10271 | Fixed an issue during system upgrades from versions prior to 3.32 to 4.2, where the senhasegura user was incorrectly deleted, making the appliance inaccessible. |
Proxy
Fixed
| Item | Description |
|---|---|
| SSGR-9915 | Fixed an issue where terminal content was displayed incorrectly when using VI and VIM editors in Linux sessions via Web Proxy. |