In this article
About this release
On July 6, 2026, we released version 4.2.9 of Segura® Platform. This release includes 30 changes across 10 modules, focusing primarily on fixes (22), alongside 6 changes and 2 additions. Framework received the highest number of changes, with 7 items.
- Release date: 2026-07-08
- Patch: segura | v4.2.9-1
For information on how to update Segura® Platform, see Update Segura®.
Release highlights
Segura® Platform 4.2.9 expands Just-in-Time (JIT) privileged access across native remote access protocols while enhancing the Certificate Lifecycle Management user experience. This release strengthens privileged access governance by extending ephemeral access capabilities and simplifying certificate discovery management.
Just-in-Time Access Expansion: JIT for RDP and Terminal Proxy
Version 4.2.9 expands Just-in-Time (JIT) privileged access to both RDP Proxy and Terminal Proxy, enabling users to establish privileged sessions through native RDP and SSH clients using temporary credentials.
Previously, Just-in-Time access was available through Web Proxy sessions. With this enhancement, organizations can now extend the same JIT security model to native RDP and SSH clients, delivering a more seamless user experience while preserving the existing security controls and governance already provided by the platform.
What's new
- JIT access support for RDP Proxy.
- JIT access support for Terminal Proxy (SSH).
- Temporary account creation and automatic removal during the session lifecycle.
- Consistent JIT behavior across Web, RDP, and Terminal Proxy sessions.
- Existing session policies remain fully enforced across supported proxy types.
Customer impact
This enhancement extends the existing Just-in-Time experience to native RDP and SSH clients, allowing users to work with their preferred remote access tools without changing established workflows.
Organizations can now deliver the same ephemeral privileged access model across Web, RDP, and Terminal Proxy sessions, improving user adoption and operational flexibility while maintaining centralized governance, auditability, and Zero Trust security principles.
More information in How to configure a JIT credential.
Certificate Lifecycle Management: Redesigned Domain Discovery workflow
Version 4.2.9 introduces a redesigned Domain Discovery workflow that simplifies configuration, improves operational visibility, and provides administrators with a more intuitive experience for managing certificate discovery.
The updated workflow reduces configuration errors through guided validation while offering better insight into discovery execution and troubleshooting.
What's new
- New Executions screen for monitoring execution details.
- Token validation before creating a new discovery.
- Clear guidance for managing discovery tokens.
- Improved navigation, terminology, and menu iconography.
- Enhanced scheduling workflow for Domain Discovery operations.
Customer impact
These enhancements simplify certificate discovery management by making configuration more intuitive and providing greater visibility into discovery execution.
Administrators can now configure, schedule, and monitor discovery operations more efficiently, reducing operational errors and improving confidence in automated certificate discovery processes.
More information in How to discover certificates via domain discovery.

Changelog
API
Fixed
| Item | Description |
|---|---|
| SSGR-10944 | Fixed an issue where the Protected Information filter did not work when creating or editing an A2A authorization. The search field appeared to filter results but returned no matches, making it difficult to locate and add protected information in environments with a large number of records. The filter now returns the expected results. |
Certificate Manager
Changed
| Item | Description |
|---|---|
| SSGR-10267 | Improved the Domain discovery workflow with token validation, warnings, and logs. The system now validates the token when you create a discovery, and shows a warning if no token exists or is available. A new logs screen lets you monitor each discovery in detail. |
Fixed
| Item | Description |
|---|---|
| SSGR-10484 | Fixed an issue where the Organization field was empty when requesting a signature through the DigiCert CA. The field now lists the organizations associated with the CA. |
Cloud IAM
Fixed
| Item | Description |
|---|---|
| SSGR-10754 | Fixed an issue in Cloud IAM where credentials provisioned by the module did not display the Secret value when viewed in the interface. |
Discovery
Fixed
| Item | Description |
|---|---|
| SSGR-8239 | Fixed an issue where, during device discovery, the hostname was not displayed correctly on Solaris 5.10 operating systems. |
| SSGR-10973 | Fixed an issue where local users were not being discovered through device discovery. |
Domum Remote Access
Fixed
| Item | Description |
|---|---|
| SSGR-10390 | Fixed an issue where users with the Domum Operator role saw a generic error when creating a group of internal users. |
EPM Windows
Changed
| Item | Description |
|---|---|
| SSGR-9284 | Added a feedback link to the EPM Windows client. Users can now submit suggestions through the Segura® feedback form. |
Fixed
| Item | Description |
|---|---|
| SSGR-10057 | Fixed an issue in EPM Windows that caused failures when running EPM and RemoteApp automations. |
| SSGR-10640 | Fixed an issue in the EPM Windows installation via CMD/MSIEXEC that caused a timeout during the registration step. The command-line installation now completes correctly. |
| SSGR-10969 | Fixed an issue in EPM Windows that prevented the correct application of regex rules during command validation. |
| SSGR-11034 | Fixed an issue where the EPM Windows client caused intermittent slow performance on the endpoint. |
Framework
Changed
| Item | Description |
|---|---|
| SSGR-10279 | Cluster configuration is now managed exclusively through Orbit CLI, with the new commands orbit cluster configure, orbit cluster apply, and orbit cluster status. The new flow is idempotent, executed per node, and ensures the correct order of operations. |
| SSGR-10841 | The configuration interface in Orbit Server Manager > Replication > Settings has been removed. Cluster configuration is now performed exclusively through Orbit CLI. Status and replica view pages remain available. |
| SSGR-10957 | Added configuration for the Comparison attribute in the SAML AuthnRequest RequestedAuthnContext per provider. The default value has been changed to exact, ensuring compatibility with Microsoft Entra ID and other providers. Administrators can select between exact, minimum, maximum, and better in the provider form at Settings > Authentication > SAML > Providers. |
Fixed
| Item | Description |
|---|---|
| SSGR-9895 | Fixed an issue where the access policy synchronization trigger was not automatically fired after user provisioning via SCIM, causing credentials to not be visible on the user's first login. |
| SSGR-10843 | Fixed an issue where the replication status indicator in the Orbit Server Manager footer showed "Replication: Disabled" on secondary nodes. The indicator now reflects the real status when replication is configured and working. |
| SSGR-11026 | Fixed an issue where the CSRF token could expire before the expected period while forms remained open, preventing information from being saved correctly. |
| SSGR-11039 | Fixed an issue where the "Callback URL for SSO" field did not appear after enabling external authentication. This prevented SSO configuration for Domum Remote Access. |
Orbit
Fixed
| Item | Description |
|---|---|
| SSGR-10681 | Fixed an issue in Orbit where standalone instances incorrectly displayed the Non-Primary status on the dashboard. The node status is now correctly shown as Primary in environments without a configured cluster. |
| SSGR-11132 | Fixed an issue in Orbit that displayed the critical "Cluster member ports unreachable" alert in cluster environments even when communication between nodes was working correctly. Monitoring now considers only ports that remain active during normal operation, preventing false positives on the dashboard. |
| SSGR-11170 | Fixed a false positive in the Orbit memory check, which reported RAM below the recommended level in environments provisioned with 16 GB. |
PAM Core
Added
| Item | Description |
|---|---|
| SSGR-9922 | Added support for JIT sessions via RDP Proxy, enabling users to connect with temporary privileges using native clients. |
| SSGR-10680 | Added support for JIT sessions via Terminal Proxy, enabling users to connect with temporary privileges using native clients. |
Changed
| Item | Description |
|---|---|
| SSGR-10588 | Improved the proxy authentication flow for SSO users without a local password. These users can now access Terminal Proxy, RDP Proxy, and Database Proxy with a temporary token, without registering a local password on the Segura® Platform. |
Fixed
| Item | Description |
|---|---|
| SSGR-10535 | Fixed an issue where user sessions via Terminal Proxy remained active even after the execution of audited commands configured to block and disable users. |
| SSGR-10968 | Fixed an issue where the PAM Core > Credentials > SSH Keys > Remote access screen loaded slowly and returned server errors. The problem occurred when a large number of SSH keys were linked to multiple devices. |
| SSGR-11114 | Fixed an issue where asynchronous tasks did not run automatically in PAM Core (for example, sending emails, processing policies, and rotating credentials). Scheduled tasks now run on time, without manual intervention. |
Proxy
Fixed
| Item | Description |
|---|---|
| SSGR-10796 | Fixed an issue where sessions established via Terminal Proxy and RDP Proxy ignored the configured idle timeout. The system now ends these sessions when the idle timeout expires. |
| SSGR-10972 | Fixed an issue in Web Proxy where additional tabs opened by a web application were automatically closed when returning to the original tab and performing any interaction. |