Passwordstate 9 Change Log
(Version 8 Changelog)
Passwordstate 9.0 - Build 9000 (11th January 2021) - Beta 1 
- New native Mobile App available for iOS and Android
- New Passwordstate App Server available for use with the Mobile App, Browser Extensions, and Self Destruct Site, for use when users are out of the office
- Added a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups
- You can now Copy/Link/Move passwords via the API(s)
- Added the ability to delete password record dependencies via the API(s)
- One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
- Added methods to both APIs for retrieving all Password Strength and Password Generator Policies
- Browser Extension icon in the toolbar will now turn blue if the current web site has been added to the Ignored URL list
- Browser Extension can now update passwords in Passwordstate when you change them on web sites
- Password Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid
- Bad Passwords and Have I been Pwned password checks can now be used in conjunction with each other on the Add/Edit Password screens
- Browser based remote session gateway can now be configured to record and play back session recordings from a network share
- You can now add in your own "Managed" account types, and configured password resets which are not related to a Host or Active Directory
- Failed Brute Force login attempts will now be locked out via IP Address, requiring the block to be removed manually from the Administration screen
- Folder and Password Lists can be configured to block inheritance of permissions from parent objects
- Manual folder permissions on password folders has been deprecated and replaced by a combination of propagation, and blocking of inheritance
- Provided search functionality on various screens in the Administration area to help quickly find various settings
- Added SAML Authentication support as a Verification Policy for the Password Reset Portal
- The Password Reset Schedule for records now have options for adding the number of Days or Months to the Expiry Date field after the reset has occurred
- The 'Default Password Reset Schedule' setting on Password Lists can now be randomized between two time slots
- Added multi-threaded support for Account and Windows Dependency Discovery Jobs
- Added a "Keep Alive" page to allow for monitoring website and database availability
- Ability to delete empty password lists in bulk can now be found under Administration -> Password Lists -> Perform Bulk Processing
- Session recordings in the browser based launcher will now be marked as complete if the user either closes their tab or browser
- Added more Operating Systems for account discovery, password resets and remote sessions
- Backups have been improved where file and database backups can be stored in different locations, and backups zip files can be password protected
- Browser Extension Fixes and Updates
- Updated VNCViewer for the client based remote session launcher to version 1.2.4.0
- Updated PuTTY for the client based remote session launcher to version 0.74
- Added better error reporting if an OU for a Host Discovery Job no longer exists in Active Directory
- Updated Telerik ASP.NET Ajax Controls to version 2020.3.1021.45
- Added 256bit AES encryption option to password protected zip files for exports
- The Mobile Client Web site has now been deprecated and replaced by the new Native App
- Made improvements to session variable handling when using multiple tabs to access Passwordstate
- Made performance improvements to the In-Place High Availability upgrade feature
- SSH public/private key authentication now works with the Browser Based Gateway, when the gateway is installed separately from Passwordstate
- Browser Extension Default Password Lists now show an option of --Please Select-- if a List has not yet been selected
- Browser Extension will now show a new Ignored URL menu, where you can delete any personal Ignored URLs
- Removed various words from the Word Dictionary for the Password Generator Policies
- Host Properties section under the Host Dashboard now includes the "Tag" field data for the Host
- Made improvements to the search feature to return better results if the search terms had a "_" in them
- When using an active/active configuration for Passwordstate, the Windows Service on the 'Primary Server' will also now check on a schedule if any images/logos need to be written to disk, instead of just when the Windows Service starts
- On the SAML screen which informs you the account does not exist in Passwordstate, a Logout button will be presented to allow you to log out of your SAML Provider - as long as a Logout URL has been configured in Passwordstate
- An Exit button will always be visible now when using the Password Reset Portal, and redirect you to a screen instructing the user how to close their browser
- The email sent for Email Temporary Pin Code can now be customized - both for core product and Password Reset Portal
- Safenet and AuthAnvil Authentication options have been deprecated - use SAML Authentication for these providers instead
- Added a check on the database upgrade screen to ensure the read-only Passive Node instance of Passwordstate could not attempt to upgrade the database
- Updated all icons to a new look and feel
- Background color branding has now been deprecated due to readability issues
- Updated Standard API so API Keys can be used consistently across all API Methods
- Self Destruct Message Web Site has been re-designed to work with active/active high availability setups, and can also be used with new Passwordstate App Server
- Updated HtmlSanitizer assembly to version 5.0.319
- Upgraded Passwordstate and all modules to use .NET Framework 4.7.2
- The PassiveNode key in web.config files has been deprecated, and the 'roles' of your the Passwordstate web servers are now managed on the screen Administration -> Authorized Web Servers
- With the option to disable user's accounts when they are no longer members of any AD Security Groups, this setting will no longer be overridden by any other enabled/disabled setting
- Made improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen
- The option to nest Folders and Password Lists beneath other Password Lists has now been deprecated
- The Restricted Feature for allowing the use of Multiple Open Tabs has now been deprecated
- Consolidated High Availability Nodes menu in Administration area into Authorised Web Servers
- Made some UI improvements to the main navigation menus and tabs
- Updated to the latest SQLite DLLs for each appropriate module
- Made some changes to PowerShell script for discovering Local Administrator accounts on Windows to improve performance
- If a password is check-out for exclusive use in the UI, it will only be available in the browser extensions for use by the person who has checked it out
- Now digitally signing core DLLs, in additional to various Windows Services already signed
- Added additional Content Security header policies
- With the update to .NET Framework 4.7.2, the combination of SAML Authentication and Permalinks now work again
- Fixed a bug editing a User Account Policy if there was a System Setting set to hide Inbuilt Password List Templates
- Fixed some issues when using the Passive High Availability instance of Passwordstate where some controls where enabled on the screen when they should have been disabled
- Fixed an issue with expanding/collapsing navigation tree nodes if the user preference was set to collapse nodes by default
- SSH Private Key authentication for the Browser Based Gateway was not working when launching a session directly from a password record
- On the System Settings page for Password Reset Portal, the Exit Button URL was leaving a https:// value behind when trying to clear the field
- In the browser extension, the Default Password List may not be selected correctly when navigating around the menus in the extension
- Fixed an issue with the Local Admin account discovery job where it could return a null user if a Security Group name was specified which did not exist