Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

Changelog and Upgrade Notes are now Release Notes. We've unified both so you can find everything about each version in one place.

Segura® Platform v4.2.5

Prev Next

In this article


About this release

On May 13, 2026, we released version 4.2.5 of Segura® Platform. The release includes 18 changes across 6 modules.

  • Release date: 2026-05-13
  • Patch: segura | v4.2.5-1

For information on how to update Segura® Platform, see Update Segura®.


Release highlights

Simultaneous JIT Access

Version 4.2.5 introduces support for simultaneous Just-in-Time (JIT) access executions.

Previously, only one active JIT session per credential was allowed at a time, creating operational limitations in environments requiring concurrent privileged access.

What's new

  • Multiple users can now request JIT access simultaneously using the same base credential.
  • Independent ephemeral account creation per request.
  • Configurable limit for concurrent sessions.
  • Dedicated audit reporting for each JIT grant.

How it works

Image

To provide flexibility for different operational scenarios, a configurable system parameter now controls the maximum number of simultaneous JIT sessions per credential.

How session limits work

  • The platform administrator can define the maximum number of concurrent JIT sessions allowed for a credential.
  • The limit applies only to credentials configured in Creation/deletion mode.
  • Each active grant counts as an independent concurrent session.

Creation/deletion mode

  • Each requester receives a unique ephemeral account.
  • Sessions operate independently.
  • Each access maintains:
    • Individual expiration.
    • Approval flow.
    • Audit trail.

Customer impact

This enhancement eliminates the need to duplicate credentials for parallel operations and significantly improves operational scalability.

Organizations can now support scenarios such as:

  • Incident response.
  • Parallel support operations.
  • Critical maintenance windows.
  • Simultaneous administrative activities.

While maintaining full auditability and access isolation.

DB Proxy Expansion: SSL/TLS Support for Cloud PostgreSQL

Version 4.2.5 expands PostgreSQL DB Proxy capabilities, adding support for per-device SSL/TLS certificate configuration in Cloud database environments.

This enhancement enables compatibility with managed PostgreSQL environments hosted by providers such as:

  • AWS.
  • Microsoft Azure.
  • Oracle Cloud Infrastructure (OCI).

What's new

  • New Certificate section in device connectivity settings.
  • Upload of certificate and private key per device.
  • Secure and encrypted storage for certificates and private keys.

Customer impact

This enhancement expands DB Proxy compatibility with Cloud-managed PostgreSQL services, allowing organizations to adopt modern architectures without sacrificing centralized privileged access control.

Benefits include

  • Support for SSL/TLS requirements enforced by Cloud providers.
  • Greater compatibility with managed PostgreSQL environments.
  • Better alignment with hybrid and multi-cloud architectures.

Changelog

API

Fixed

Item Description
SSGR-8466 Fixed an issue in A2A that prevented the correct display of the credential ID in the application authorization view.
SSGR-10389 Fixed an issue where the /api/pam/credential endpoint did not return personal credentials in search results, even when the query was performed by the same API user that created them.

DevOps Secret Manager

Fixed

Item Description
SSGR-5843 Fixed an issue where the API failed to return the environment parameter when it contained special characters.
SSGR-10323 Fixed an issue where the error 500 was displayed when accessing the Secrets Management dashboard.

Executions

Fixed

Item Description
SSGR-10242 Fixed an intermittent issue in PostgreSQL credential password changes that caused random failures during the initial connection to the database. The password rotation process now completes correctly even in scenarios involving transient connection failures.
SSGR-10573 Fixed an issue where a cURL template used to rotate passwords across two Segura® Platform clusters was not executed correctly, preventing both cluster passwords from being rotated.

Framework

Changed

Item Description
SSGR-8502 Improved the flexibility in controlling MFA policies, so that administrators can manage the Authenticator Apps (TOTP) method as a configurable provider on the Settings > MFA > Providers screen. Administrators can now enable or disable the method to centralize policy enforcement, with protection mechanisms that prevent system lockup. See the documentation:
- How to manage a multi-factor authentication (MFA) provider.
- How to register authenticator applications for multi-factor authentication.
- MFA providers.

Fixed

Item Description
SSGR-9911 Fixed an issue in the web interface authentication flow where configuring an invalid value in the minutes to expire session field under Settings > Security policies and network > Authentication security > User accounts maintenance caused login failures with an HTTP 500 response.
SSGR-10563 Fixed an issue where the Segura® Platform task executor would stop processing asynchronous tasks, leaving them pending and requiring manual restart of the service to resume the operation.

PAM Core

Added

Item Description
SSGR-9857 Added a new Certificate section under the Connectivities tab on the Add/Edit Device screen, allowing administrators to upload a certificate and private key to enable TLS/SSL authentication for DB Proxy connections to PostgreSQL databases.

Changed

Item Description
SSGR-9891 Added support for simultaneous JIT access for the same credential in the Credential creation and deletion mode. With this enhancement, multiple users can use the same base credential in parallel, each receiving their own independent ephemeral account, with session isolation, individual auditing, and a separate expiration time per user. See the documentation: How to provision JIT local Windows accounts with Kerberos via Ansible.

Fixed

Item Description
SSGR-10049 Fixed an issue in the PAM Core > Dashboards > Threat radar screen where clicking on an open session would not correctly display the livestream, showing squares in the upper-left corner.
SSGR-10211 Fixed an issue where access policies reprocessing was not executed correctly after the first run.
SSGR-10276 Fixed an issue in VNC sessions that affected rendering and interaction with the remote device.
SSGR-10562 Fixed an issue where, for invalid credentials, rotation requests generated two executions with the same ID (one marked as successful and the other as an error), resulting in a false positive success in logs.
SSGR-8260 Corrected the translation for the import log message on the PAM Core > Devices > Batch import > Batch import details screen when importing a spreadsheet with an empty field. Now, the message is displayed according to the language selected by the user.

Proxy

Fixed

Item Description
SSGR-10382 Fixed a compatibility issue in the Proxy on SaaS Multitenant environments that prevented SSH connections to devices requiring legacy key exchange algorithms, ensuring that connections are established correctly through Web Proxy and Terminal Proxy.
SSGR-10430 Fixed an issue where sessions could take longer than expected to start.