Check below the new features, improvements, and errors fixed in this version of senhasegura.
⚙ Changelog per module
PAM - Credential Management
Bug fixes
Item
Description
67
Fixed the bug causing an issue when creating a segregated parameter where the platform reported that the devices were added to the list of devices. However, after saving and returning the configuration, the devices disappear.
69
Fixed issue where, when registering a credential policy with a timeframe for expiration superior of ‘30 days’ timeframe, for example, 45 days, the period was shown as 2 months or a decimal number like 1.5 months.
1539
Fixed a translation issue within the credential policies. Previously, when configuring the policy with an expiration time of 1 hour, it was displayed as 1 time.
1489
Fixed a bug that caused a problem with usernames and tags in Access Groups. The bug affected the use of the [#USERNAME#] tag, which forced the information to be lowercase. This issue was affecting the functionality to substitute the username of a logged-in user, which, in turn, was impacting credentials access.
866
Fixed a bug that caused a problem showing shortcuts to download files. The bug happened when starting a session using RDP and SSH proxy in credential details. The issue happened even when the credential did not have these connectors registered.
76
Fixed the bug where the option Enable remote application usage was set to No on the device, the user still had access to the remote applications.
1584
Fixed an error where, when registering a new policy and filling the field Reuse the same password for with a number, without filling in the measure unity, the system returned Error 500 - Internal Server Error.
81
The "Tags" field of the Credential Record now only allows the following special characters: "@#( ):/._-][". Any other character will be considered invalid.
Product Updates
Item
Description
1430
The credential inactivation functionality has been deactivated and replaced by the Just In Time process. As a result, old settings will no longer be taken into account and the Just In Time process must be configured for the credential.
815
Added a new functionality allowing the users to visualize reports of approvers by group.
126
Added new options in system parameters to enforce multi-factor authentication for starting sessions or viewing the credential password, even when the Trust this computer option is enabled. However, the Trust this computer setting will still apply to all other actions.
New Feature
Item
Description
114
Added a new functionality where the user can register a secret key in the credential register form that will be used to generate a TOTP (Time-based one-time password) to log in on social networks.
1042
Added a feature that allows the user to access the output of the executions performed to change the credential password. This new feature can be accessed in the credentials' password history.
159
A new feature has been added to the Devices section, allowing users to edit, view, clone, and inactivate a device directly from the devices list. Also, users can now add a credential from the Action column by clicking the three dots and selecting the + Add Credential option.
Translation Fix
Item
Descrição
747
Fixed a translation issue where the strings Settings and User were not translated correctly.
1539
Fixed a translation issue where the time for expiration in the credential policies isn't appropriately translated to Portuguese, showing 1 minute in both languages.
1539
Fixed a translation issue within the credential policies. Previously, when configuring the policy with an expiration time of 1 hour, it was displayed as 1 time.
1689
Fixed a translation issue where one of the cards from the Network Connector status dashboard was shown in a different language from the system.
PAM - Session Management
Bug fixes
Item
Description
744
Fixed the bug that automatically deactivates the ClearTextType option on the RDP Proxy sessions when there is network instability.
83
Fixed the Logs Export translation error from a remote session, which caused the report to be shown in Portuguese even though the language selected was different.
1097
Fixed the error that shows the global connection banner instead of the banner added in device segregation in a proxy session.
1352
Fixed the bug on Web Proxy SSH sessions with enabled SUDO automation, where the system returned two hash messages at the terminal and didn't conclude the process of the sudo su command.
130
Fixed the bug where an email indicating the generation of the session video was sent before the transfer of files between the instances had been completed.
Product Updates
Item
Description
626
Deleted the option 'Record RemoteApp of this session' from the Action icon on the Remote Sessions page since this option doesn't offer any functionality, and other available options on the platform offer this function.
New Feature
Item
Description
535
The Portugal keyboard layout option was included in the System Parameters on the Remote Sessions settings.
64
Added the "enable use of personal credential" option for segregated parameters by Group, Credentials, and Origin in a remote session.
Translation fix
Item
Description
77
Fixed the Russian and Polish translation bug when the user accessed the Access History from the Reports component, and the data wasn't shown, instead, it was an error message.
1219
Changed the string with the example on how must be the standard writing to request a command execution.
PAM - Settings
Bug fixes
Item
Description
75
Fixed an issue where, in certain instances, logging into senhasegura would result in the page refreshing and prompting for user and password input again, requiring a reattempt at login.
Product Updates
Item
Description
1208
Added ProID to the list of OpenID providers.
46
Fixed an issue where user groups managed through provisioning integrations (AD/SCIM) were experiencing member overwriting with each execution.
182
Improved the error message in LDAP authentication testing. This enhancement provides more specific and informative feedback, aiding in troubleshooting LDAP authentication.
569
Added a new command in Orbit-CLI to allow the removal of TOTP as the default MFA method in the tool.
New Feature
Item
Description
298
Implemented an integration enabling the use of AuthID as a Multi-Factor Authentication (MFA) method for Login, Password retrieval, and Session initiation.
173
Added a parameter in the AD server registration to determine whether the domain to be used will be based on the authentication credential or the Account domain field.
Translation Fixes
Item
Description
84
Fixed a translation issue for the following terms in the French version: "SSH keys", "New application", Approval workflow", and "Lifecycle state".
612
The string Provider user has been replaced by two new strings for the screens of editing and creating Authentication Providers.
Orbit
Bug fixes
Item
Description
571
Fixed the issue causing the senhasegura Orbit not to display the Application backup logs when a backup was created using Orbit-CLI.
652
senhasegura logs no longer include a "Server not found" error message when a user skips registering a backup server for the application.
1389
Fixed an issue where, after creating a cluster using the CLI and accessing the web interface, the option "External Cluster" was selected instead of "Cluster." This fix ensures that the correct option, "Cluster," is displayed as expected.
1680
Fixed an issue where the cluster was consistently mounted in external mode, despite selecting or typing to mount it in normal mode.
640
Fixed an issue where the integration with ITSM GLPI allowed closed GLPI tickets to be accepted as justifications in the senhasegura approval workflow.
1331
Fixed an issue where deactivated SMTP accounts with the default account setting enabled were causing interference with email delivery.
Product Updates
Item
Description
140
Updated the justification screen for a Workflow Approval to set the "Start Access" field to the current time by default and set the default for the "Access end" field to be 30 minutes after the current time.
1079
The "PAM Approver" role in User Management no longer has permission to view session details.
553
On the Application Licenses screen, the Provisioning column has been removed as this product is no longer offered.
94
Added the information about the number of available CPUs for the server in the "General Information" section of the Orbit > Server > Information menu.
95
When selecting a module, its screen will automatically load. This will happen by default when switching modules.
134
Added a new parameter in "System Parameters > Security" to enable integration with Hardware Security Modules (HSM).
169
Added an option in the Orbit application settings for Syslog messages not to use the Network Connector.
1743
Added permissions "System.Common.List" and "System.Common.Write" to the "PAM Administrator" role, enabling the ability to view the list of devices when creating/editing a credential..
New Feature
Item
Description
792
Implemented Audit Tracking for User Groups. This enhancement ensures that when creating or editing a user group, corresponding events will be generated in the syslog.
145
Added a monitoring dashboard for Network Connector accessible through the menu "Devices > Settings > Network Connector > Monitoring".
Translation fix
Item
Description
1518
Fixed an issue where English terms were displayed in the Notifications settings screen when the user's system language was set to Portuguese. All terms and labels are now presented in the correct language.
1505
Fixed an issue in the Server Information menu where the "I18N" string is no longer displayed next to the CPU text field.
Task Manager
Bug fixes
Item
Description
779
Fixed the bug that was preventing the creation of cloned groups with the same permissions as the original group. Now, whenever a new group is created using the Clone feature, all the permissions selected from the original group will be replicated.
Product Updates
Item
Description
1362
The 'View details' feature no longer appears in the Operations screen's Action column when a user tries to change a password with non-existent credentials. Given that these credentials don't trigger the password change process, there are no details to showcase.
New Feature
Item
Description
162
Added the action to activate/deactivate tasks registered in the component.
Behavior
Bug fixes
Item
Description
157
Adjusted the names of reports to match their corresponding menus.
157
Fixed the inconsistency that displayed a divergent number of sessions/events when clicking on View event log. This inconsistency caused the number of records to differ from those displayed in the previous report.
Product Updates
Item
Description
147
Organized the user filter alphabetically in the User posture graph.
147
Renamed the session Days logged to Total logins in the User posture graph.
147
Added a pop-up feature that displays all of the user's locations when clicking Locations in the Behavior session of the User posture graph. This report can also be found in PANEL > Reports > Access to the system > Access by location.
147
Added a pop-up feature that displays a Remote sessions report when clicking on the pie charts of the session's Device type, Device criticality, and Credential criticality.
147
Added a session Score column in the High-risk session.
147
Added a View more button to open a report that contains all of the users' sessions with risk. This report can also be accessed in Behavior > Behavior Analysis > Sessions with risk.
148
Behavior log files have been separated from syslog files. The new log file is called notify.log
149
Renamed some of the columns in the Excessive views report. The new names are Device, Credential, Credential Type, Additional information, Views, Average risk, and Action > Details.
149
Renamed the column Username to Credential in the reports Views on unusual time, Unusual credential views, Views with unusual origin, and Unusual views.
150
Refactored the Access by unusual origin report format to align with the standard template. Columns now include Origin, User, Sessions, and Average risk and Action.
150
Added an Action column in the Access by unusual origin, Accesses at unusual time, Accesses with unusual average length, and Unusual accesses reports. In this column, users can access the log and the video of the selected session.
157
Reorganized the menus of the Behavior component and applied icons to each menu.
157
Added a new path inside Behavior to access Audited commands. Click Behavior > Settings > Audited commands.
Removed
Item
Description
157
Removed the column Privileged of the menus inside Behavior Analysis.
A2A
Bug Fixes
Item
Description
68
Fixed an issue related to updating certain credentials using the API endpoint /iso/pam/credential. This problem led to the device associated with the credential being overwritten, potentially resulting in alterations to access group permissions linked to Device type, Vendor, and Site.
Product Updates
Item
Description
102
Implemented the possibility to activate devices and credentials in our APIs. This has been done by adding the Enable field in the update method.
500
Added the possibility to configure the following sessions in the A2A-APIs when creating or updating credentials: Execution settings, Session settings, Additional settings, and JIT settings .
Translation Fixes
Item
Description
1687
Fixed the success message in the API activation response for a credential.
Discovery
Product Updates
Item
Description
171
Improved the device import process following manual imports via discovery. Previously, devices added manually in a discovery process took a long time to be listed.
New Feature
Item
Description
161
Added the capability to include tags for imported devices in the configuration of Discovery glossaries, both through glossary definitions and manual entries.
PEDM - Linux / AD Bridge
No changes.
PEDM - AD Bridge
No changes.
PEDM - Windows
No changes.
PEDM - MacOs
No changes.
DSM (DevOps Secret Manager)
No changes.
Cloud IAM
Bug fixes
Item
Description
564
Fixed an issue that prevented users from editing and updating an AWS account in Cloud IAM.
Product Updates
Item
Description
565
Updated the Cloud IAM to reprocess information from registered Cloud Service Providers every 1 hour to ensure the reports are consistently up-to-date. Also, the 'Reprocess accounts' button was added, so users can update the reports manually whenever necessary.
Executions
Bug fixes
Item
Description
1072
Fixed the bug where the $ sign wasn't accepted as a username value when the Tk Expect plugin made a password change.
MySafe
Bug fixes
Item
Description
79
Fixed the issue where the layout of home cards in MySafe would break when displaying long information. A maximum size limit for all fields was implemented, ensuring that lengthy content is now truncated with ellipses when necessary.
1606
Fixed the issue that returned an error with the message "An error occurred while encrypting the text" when creating a note in MySafe with 255 characters or more and configuring the API for encrypted (GET) request of the same note. The new limit is 982 characters.
1363
Fixed an issue related to system slowness in the MySafe module. This correction addresses the overall system slowness, improving the performance of the MySafe module.
Product Updates
Item
Description
105
Implemented users' ability to store API keys in MySafe.
125
Added a column and a filter field for the URL on the Passwords screen.
125
Added a URL column in the password import template spreadsheet for sharing passwords.
125
The Name or URL field has been split into two separate fields: one for the Name and one for the URL. Now, when importing your passwords from LastPass or Keeper into MySafe, the name and URL information will go into their respective fields. The information entered previous to this change will remain in the Name field.
125
Added a URL field in the password details of the Password screen.
125
Added the optional URL field for creating and editing passwords on the Password screen.
125
Added a search by URL through the Find an item field of the MySafe homepage.
125
Added a URL parameter for getting, creating, and updating passwords in the APIs of MySafe.
1100
Changed the password strength level displayed on MySafe's Admin panel to match the categories on the screen. The available categories are Poor, Bad, Good, Best, and Undefined.
New Feature
Item
Description
655
Released new MySafe browser extension.
Domum
Bug fixes
Item
Description
80
Fixed the bug not displaying the correct IP addresses of devices that are members of a domain server on the domum access screen.
1353
Fixed the bug that was causing new users from LDAP synchronization not to receive the correct roles.
Product Updates
Item
Description
318
The term Employee has been renamed to Internal user throughout the component.
1232
Added a parameter to configure the first access token's minimum and maximum expiration time. The parameter value must be within 1 to 30 minutes to ensure successful login.
New Feature
Item
Description
689
Added a new feature that enables the provisioning of internal users using SCIM tools.
677
Added a provisioning configuration in Domum where the system sends an internal user's access link when adding them to a group.
109
Domum's internal users can now log in using SSO with SAML. senhasegura homologated these protocols with Okta.
Certificate Manager
Bug fixes
Item
Description
779
Fixed the bug that was preventing the creation of cloned groups with the same permissions as the original group. Now, whenever a new group is created using the Clone feature, all the permissions selected from the original group will be replicated.
1354
Fixed the bug that ignored the approval workflow and enabled unauthorized users to view passwords.
Product Updates
Item
Description
133
The Certificate Information icon has been standardized throughout the component. It will be represented by the ID card and visible in the Action column.
138
Added the option to save passwords registered during certificate import, without having to import the certificate key along with it.
174
The Save button has been renamed to Publish on the certificate publishing screen.
New Feature
Item
Description
144
Added new notifications that inform the expiration of certificates in a consolidated manner. The notifications are sent once a day, gathering all certificates that will expire within the selected period.
188
Added the possibility of generating multiple random certificates from a Common Name.
