Passwordstate 9 Change Log  (Version 8 Changelog)

Passwordstate 9.5 - Build 9531 (25th May 2022) 

Updated Features

  • Removed mcv version information from header responses in various modules
  • Made further changes to the execution of all PowerShell scripts to prevent logging in the Windows Event Log if detailed logging for PowerShell was enabled for the Event Log Category of 'Executing Pipeline'
  • Made changes to the renaming of Generic Fields so you could not accidently clear the name
Fixed
  • Fixed a bug with dragging and dropping host nodes under the Hosts tab, where it may have removed the same host from the view of a different folder
  • Updated the Import Passwords screen so users could not import into Password Lists that they do not have Modify or Admin rights to
  • Fixed a bug when restoring PowerShell validation scripts where HP switch scripts were not being restored
  • Fixed a possible bug on entering the Backup Settings screen where it was reporting a "Split" issue on a NULL value
  • Fixed a bug during importing into a Password List where a 'string or binary data would be truncated' error could occur, if you had the 'Enable for Password Resets' option checked on the Password List
  • Fixed a bug on the Add/Edit Password List settings page where it may not have copied permissions from another Password List if the advanced permissions model was being used
  • Fixed a possible bug where Guest Permissions may not have been added to upper-level folders, when individual permissions on password records where granted
  • Fixed a bug where a Security Group which had the option 'Hide Group in UI' enabled, was still showing on the User Accounts screen when adding users to local security groups
  • Fixed a 'Insertion index was out of range' exception when clicking on a SQL Server Host under the Hosts Navigation tree, when no Remote Session Credentials where configured for SQL Server

Passwordstate 9.5 - Build 9519 (2nd May 2022) Database Schema Updates in this Build

Updated Features

  • Added a feature for the Browser Based Gateway where you can select different options for RDP performance i.e., show wallpaper, etc
  • Added a feature for the Browser Based Gateway where you can specify the font size for SSH sessions
  • With Remote Session Management, both remote session credentials, and local login accounts, will now appear in the Linked Credentials drop down list if appropriate
  • Updated the Browser Based Gateway to build 1005
Fixed
  • Fixed a bug of 'No value given for one or more required parameters' on the Security Groups screen when trying to add groups, or synchronize membership
  • Fixed an issue where scheduled backups of the Passwordstate database would not occur if the customer had re-ordered the settings in the database connection string in the web.config file
  • Fixed an issue where the Client Based Remote Session Launcher may not have launched sessions for SQL Server

Passwordstate 9.5 - Build 9512 (26th April 2022) Database Schema Updates in this Build

Updated Features

  • Updated the client based remote session launcher to support connections through Microsoft's RDP gateway
  • Added the ability to search for privileged account credential permissions via the APIs
  • Changed the behaviour of password related permalinks so that it does not try and search for Password Lists or Folders in the Passwords navigation tree, if the user has Load On Demand enabled
  • Deprecated the System Setting feature to prevent concurrent logins
  • Updated the KeePass import process to better support Unicode characters
Fixed
  • Fixed an issue on the Request Access to Passwords page where navigating to the next set of records in the grid was clearing the contents of the grid
  • Fixed a possible DBNull to String error in both APIs when searching for privileged account credential records
  • The Standard API method for adding permissions to privileged account credentials was reporting the Address Book API key was wrong if the incorrect API key was used
  • Fixed an issue on the Import Passwords screen where the 'Export' button was showing after successfully performing an import
  • Fixed a general error on the screen if you refresh your browser after already viewing a permalink for a password record
  • Fixed an issue where Windows Server 2022 Datacenter operating systems may not have be discovered with the Host Discovery job
  • Fixed an issue when adding a new Authorised Web Server for the App Server, where the functional roles were not saved correctly

Passwordstate 9.5 - Build 9500 (10th April 2022)

Updated Features

  • Update the Import Password feature to show better rendering of the Import Errors grid, and provided an Export button to export the data if required
Fixed
  • Fixed an issue in the APIs where it may have returned zero results when searching for Password Lists or Folders when using the TreePath field
  • Fixed a bug in the Standard API where an exception was being raised when adding new Password Lists
  • Fixed a Server 500 error when trying to use the Import Password feature for third party solutions
  • Removed an additional space on one of the Auditing activities listed on various Auditing screens
  • Fixed an issue when trying to rotation encryption keys where it would redirect to a screen informing the user they did not have the required Security Administrator role
  • Fixed an issue during the upgrade of the database to build 9493 where a 'Alter Column' error occurred for customers who upgraded originally from the version 6 beta

Passwordstate 9.4 - Build 9493 (7th April 2022) Database Schema Updates in this Build

Updated Features

  • Passwordstate now supports storing Unicode characters in the database
  • All documents will now open as attachments in the browser, instead of trying to view certain document types in a new tab in the browser
  • When entering the System Settings screen, we re-query all System Settings in memory in case another Security Administrator has made a change whilst the user’s session was active
  • Updated the browser extensions to only refresh data once an hour
  • Updated the browser extensions to provide a menu option to refresh data manually if required, instead of waiting for the sync period, or the need to log in and out of the extension
  • Removed the onclick events for the main navigation icons on the left-hand side of the screen, requiring the sub menus to be used instead
  • Mobile App can now scan, view and retrieve one-time passwords, and has its own dedicated menu for the feature within the App
  • Mobile App can now add, update and delete password records
  • Increased the length of the Username field for the Mailbox settings for sending emails
  • Made various security improvements to the Password Reset Portal module
  • Moved the Mobile App default home page setting from the UI in Passwordstate, into the App itself
  • Deprecated the 'Disable Inheritance' setting on Password List Templates - it can only be used on Password Lists now
  • Renamed Backups and Upgrades menu in the Administration area to Backups, and moved some upgrade information to the main Administration page
  • The ability to copy the 'Disable Inheritance' Password List setting from other Password Lists, or Password List Templates, has been deprecated
  • Authorised Web Servers for the core product and the App Server can now have different functional roles enabled or disabled
  • Reduced the size of the AccessNotes field for ACL tables, and the Reason field when requesting access to passwords, to 1000 characters
Fixed
  • Fixed an issue with User Account Policies where the link shared password list to a template setting was not applying
  • Fixed an issue where searching for Host records from the top search bar was not filtering the hosts under the Hosts tab
  • Fixed an issue with account discovery jobs where some hosts may not have been queried for the job, if the Tag field for the host was null in the database
  • Fixed an issue with the Clone User Permissions feature where it was not moving any Private Password Lists for the source user
  • Fixed an issue with the Self Destruct Message web site where you could not browse to the root of the web site without the use of the Self Destruct Message ID being passed in the URL
  • Fixed an issue with the Outage Notification feature where it was not honouring the setting of sending via the email address of the mailbox specified on the System Settings screen

Passwordstate 9.4 - Build 9471 (8th March 2022) Database Schema Updates in this Build

Updated Features

  • Provided additional filtering options for discovery jobs, where values can be separated by semicolon characters
  • Added additional permissions checks on postback for menu items in the List Administrator Actions dropdown list
  • Within the Hosts tab, provided further permission checks on all pages to ensure the user has been given access to the Hosts tab
  • In addition to checking if a user's session is still active when browsing to a new page, we also check now on all Postback events
  • Added a new System Setting to prevent users adding themselves to Local Security Groups, and prevent them from adding new or existing User Accounts to Local Security Groups on the User Accounts screen
  • Added a new System Setting option to prevent concurrent logins using the same account
  • Update the Dell iDrac PowerShell script to support newer versions of firmware 4.40 and above
  • When a Password List is nested in a folder configure for the Advanced Permission model, you can now manage permissions for Mobile Access on those nested Password Lists
  • Updated the Yubikey authentication screens so it would not log any exceptions if certain special characters were used as part of the authentication process
  • Updated all pages within the Administrator area to also check Security Administrator roles on postback events
  • Added additional permission checks on Add Password screen when entering the screen, and on postpack
  • Updated the API(s) so the password strength policy compliance is only checked for the parent password record, if updating a password record which is linked to one or more other password records
Fixed
  • Fixed an issue where the Active Users screen in the Administration area may not have shown any active users
  • Fixed an issue for the Browser Extension where a user's Private Password List was meant to be selected as the default Password List, if they had not already specified one themselves
  • Fixed an issue where the Auditing Graphs menu in the Administration area for Password Reset Portal required the Security Administrator role from the other Auditing Graphs screen
  • Fixed an issue where you could browse to the initial Setup page after the initial setup had been completed

Passwordstate 9.4 - Build 9455 (22nd February 2022) Database Schema Updates in this Build

Updated Features

  • The Restricted Feature for converting private password lists to shared lists has now been deprecated
  • Custom Logos for Passwordstate will now show on the Permalink Loading screen
  • Made further performance improvements to the screen Reports -> Auditing
  • Improved the performance of the Import Passwords screen when the user had access to thousands of Password Lists
  • Added all Activity types to the screen Reports -> Auditing
  • Made changes to the Clone Permissions feature to ensure no SQL deadlocks were experienced during the cloning process
  • Updated the clone user permissions feature to also clone favourite Password Lists
  • Updated the Account Discovery feature to better capture exceptions when using multi-threaded execution against multiple hosts
  • On Auditing screens, clicking on the various Platforms will no longer filter the different Activity types
  • You can now export a list of Private Password Lists as well from the screen Administration -> Password Lists
  • Introduced a new Feature Access to restrict which users are allowed to convert the permission models on folders. By default, no users have access, and access needs to be granted on the screen Administration -> Feature Access -> Folder Options tab
  • Added new SQL Index to improve performance of displaying the 'Password Statistics' chart on Passwords Home
  • If navigating to the Request Access to Passwords screen from a Password List you do not have access to, then appropriate records for this Password List will be displayed on the request access screen
Fixed
  • Fixed a bug with the 'Add Hosts to Folder' screen under the Hosts tab where the paging in the grid would not navigate past the second page
  • Fixed an issue on the screen Reports -> Auditing, where the grid paging was not progressing to additional pages
  • Fixed an issue with the High Availability Polling feature where it was polling as a passive server, when it should have been polling as on active server
  • Fix and issue where the Report Loading popup window would not close when executing the Expiring Passwords report
  • Fixed a bug where the Passphrase for the Self Destruct Message feature was not allowing certain HTML type characters as part of the Passphrase
  • Fixed an issue where the link provided in emails for Pending Access Requests, was not taking you to the Pending Access Requests screen if you were already logged into Passwordstate when clicking on the link
  • Fixed an issue adding Host records via the API(s), or via importing from a csv file, where the Remote Connection Type of Telnet was not being set correctly

Passwordstate 9.4 - Build 9435 (8th February 2022) Database Schema Updates in this Build

Updated Features

  • The two based forms of Authentication in Passwordstate (AD and Forms) have now been consolidated into one version
  • Deprecated the "Separate Password" authentication option which could only be used with Active Directory Single sign-on
  • Made performance improvements to the Add/Edit Password List screens when customers have thousands for Password Lists
  • Made performance improvements to the 'Request Access to Passwords' screen by limiting the number of records returned when searching, and also not returning all data when opening the screen
  • Made performance improvements to the Passwords Home screen open first entering the screen
  • Made performance improvements by adding various SQL Server indexes
  • Made performance improvements to Auditing screens by providing searching functionality for selecting Password Lists as opposed to listing all Password Lists in a dropdown
  • Made performance improvements to the loading of data on the Reports -> Auditing screen
  • Updated the new Import process, to ensure the default Password Strength Policy does not interfere with imports - by temporarily turning off the 'Compliance is Mandatory' setting
  • Updated the API's to ensure certain data could not exceed the field size in the database
  • Improved brute force detection for Passphrases for Self Destruct Messages to retain login attempt counts when restarting your browser
  • Updated Telerik ASP.NET Controls to version 2022.1.119
  • On the View Failed Reset History screen, removed generic fields from the screen as they are not relevant to retrieving the value of the password used during the password reset attempt
  • For the Privileged Account Credential system setting of "only allow the user to manage credentials they have been explicitly given access to", the radiobutton to view all credentials will be disabled if this option is set to yes
Fixed
  • Fixed a bug with the KeepAlive functionality for Load Balancers where the page was reporting a precompiled page message
  • On the View Failed Reset History screen, fixed the issue where the Account Type images were oversized
  • Fixed an issue with Self Destruct Message feature where it was possible to bypass the passphrase authentication, if the correct URL and MessageID could be guessed
  • Fixed an issue where the new 'Import' Powershell scripts may not have been added if customers installed or upgraded to build 9400 specifically
  • Fixed an issue with the Load On Demand feature for the Passwords tab, where Passwords Home was not selected when you first navigated to this tab
  • Fixed an error of "Conversion from string to type Double is not valid" when trying to open a password record from the Expiring Passwords Calendar screen, where the password record has a URL specified
  • Fixed an issue where the 'Copy Permissions from Password List' feature on the add Password List screen was not working

Passwordstate 9.4 - Build 9414 (14th January 2022)

Updated Features

  • Made performance issues to various reports in Passwordstate, and change method of exporting to csv file format, to also improve performance of exporting
  • Made performance improvements when exporting data from the Auditing screen
  • Added Self Destruct Message auditing events to the Auditing screen under the Reports menu
  • Added additional debugging if any exceptions occurred withing the Password Reset Portal when sending emails for the Temporary Pin Code verification policy
  • Update HTML attributes of Password fields so that build in password managers in browsers will not form fill those password fields
  • Updated all Backup PowerShell scripts to indicate an error where the backup account could be locked out, or disabled
Fixed
  • Fixed an issue in the Password Reset Portal where the Bad Password option of using both the Custom Database and Have I Been Pwned database was not working
  • Fixed a case sensitivity issue with the Have I Been Pwned check in the main UI
  • Fixed an issue on the Bad Password screens for the Password Reset Portal, where changing the type of Bad Password check was not being saved
  • Fixed an issue with the Browser Based Gateway for the Remote Site Locations module where the Gateway Windows Service would not start after upgrading to build 9381 or 9400
  • Fixed an issue where it was possible Account Discovery Jobs were showing as "In Progress" even though the job had completed.
  • Fixed an issue when exporting from Administration -> Password Folders, when the folder had no nested Password Lists which had passwords stored in them
  • Removed some debugging when running the Enumerated Permissions Report
  • Fixed and issue with the Check In Time on a password record could have changed, when editing the record when the password was checked out

Passwordstate 9.4 - Build 9400 (23rd December 2021) Database Schema Updates in this Build

Updated Features

  • Provided a new consolidated Import Passwords feature for importing via CSV files, or from other products
  • Removed synchronization timeout setting for Mobile App when synchronizing data from the App Server
  • Updated ImageFileName field in PasswordLists and PasswordListTemplates table to match size of field in UserAccounts table
  • Provided a better warning message when the Passwordstate web server was blocking outgoing connections to the Have I Been Pwned API URL for Bad Password checks
  • Updated the Actice Directory synchronization process so user accounts are no longer deleted as part of this process. Instead, a purge option has been provided to delete disabled accounts after a set period of time
  • Provided a new setting to automatically purge password records in the Recycle Bin after a set period of time
  • The feature to clone user permissions will now no longer remove permissions on Private Password Lists for the destination user, even if this option is selected - it will still remove permissions for shared lists
  • When exporting passwords from a Password List, individual auditing records for 'Password Viewed' will no longer be added, as it can trigger the Excessive Activity Auditing report
  • The API Key fields on the Add/Edit Password Lists screen is now enabled, if you've been given permission to create/change API Keys
  • In the Mobile App, the Tree Path field for long Folder names will be displayed in their entirety now, instead of being truncated on the screen
Fixed
  • Fixed a crash in iOS Mobile App when clicking the X symbol if not text was specified in the search bar
  • Fixed an issue in the Standard API when querying a Password List's details, where the API Key was only being considered if it was included in the Header or Querystring - not the Body of the request
  • Fixed and issue with the Password Reset Portal where the client IP Address being reported to the Duo Admin Portal, was of the Password Reset Portal Server, and not the client itself
  • Fixed an issue where the Browser Extensions were not updating the Last Updated field for password records, when the extension updated the password
  • Fixed the description on the Passwords Exported email template, to indicate the email is sent to Security Administrators with the Password Lists role
  • Fixed a threading error with the Windows Local Admin Accounts discovery job, which was preventing the discovery job completing for all hosts
  • Fixed a bug with the manual synchronization of security groups in the main UI where it may not have detected an AD account being deleted from Active Directory
  • Fixed a 'UnlockComponent' error on the Edit Password screen when using the Heartbeat icon for hosts they require SSH connectivity
  • Fixed an issue where the 'Guide' was not being copied from a Password List Template when using the standard Add Password List screen

Passwordstate 9.3 - Build 9381 (29th November 2021) Database Schema Updates in this Build

Updated Features

  • Auditing screen under Reports navigation menu will now only load data when the Search button is clicked
  • Made changes to Bad Password check in the core product where it no longer performs the check via the Standard API
  • Mobile App will now honour the enabled status on user accounts when authenticating to the Mobile App
  • Exact match searching for passwords now includes the Account Type field
  • Updated Telerik ASP.NET Controls to build 2021.3.1111
  • Made changes to the scheduled account heartbeat process to resolve occasional SQL locks some customers are experiencing
  • Added additional error capturing to the Windows Local Administrator Discovery script
  • Added additional error capturing for failures with the SSH Templates password reset scripts
  • Updated RDP functionality for Browser Based Gateway so it no longer logs an error in the Error Console when connecting to a host more than once with the same login credentials
  • Removed the password validation check which occurs 4 times per day for the privileged account credential being used with the Password Reset Portal module
Fixed
  • Fixed a search issue for Password List/Folders in the Passwords navigation tree, when using the search icon and thousands of Password Lists
  • Fixed some issues for the URL field where HTML Encoding of data could have malformed the value of the URL when opening the sites in new tabs in the browser
  • Fixed a bug in the Standard API where calls could not be made to Private Password Lists - introduced bug in build 9350
  • Fixed a bug with the Mobile App where it was not taking the 'Mobile Access' permissions on Password Lists into consideration
  • Fixed the Email Template 'User Account Impersonation' as line breaks where not rendering in email clients
  • Fixed a documentation error for the API(s) for the retrieving of security groups
  • Fixed a General Error screen bug after successfully performing a Bulk Update of passwords in a Password List
  • Fixed an issue where the Disable Inheritance setting on Password List templates was not being applied to any linked Password Lists
  • Fixed an issue with the SSH Templates password reset script feature where the value of variables where not being updated during execute of the scripts
  • Fixed a potential issue where is was not possible to use the 'Bulk Delete Empty Password Lists' feature if one of the Password Lists was selected in a Scheduled Report
  • Fixed a bug on the Edit Password List screen where it was possible the incorrect Password Generator Policy was being selected

Passwordstate 9.3 - Build 9360 (27th October 2021)

Updated Features

  • Host discovery jobs will no longer duplicate hosts records, if a newly discovery host in an Active Directory OU has been previously manually added to Passwordstate
  • Removed the 'Your Position' button when performing SSH sessions with Browser Based Gateway
  • Added extra steps to the Database Upgrade screen in Passwordstate to ensure relevant session variables are set before an upgrade can proceed
Fixed
  • For the new Server 2022 operating systems, removed the reference to Standard
  • Fixed an issue where High Availability servers were not polling back to the primary server
  • Fixed a bug introduced in build 9350 for the Standard API where API Keys were not being accepted in the Body of the request for password related calls - only in the header
  • Fixed an issue in the API where the new "Search Remote Site Locations" method was returning all sites, and not the specific sites matching the search term
  • Fixed an issue on the Delete Remote Site Locations and Delete Host screens, where the disabled Delete button still had an actionable OnClick event handler
  • Fixed a potential issue where a Password Folder and all nested Folders and Password Lists, might not have been deleted from the Administration area
  • Fixed an issue introduced in build 9350 where it was not possible to add or save password records if the Password field was not selected on the Password List

Passwordstate 9.3 - Build 9350 (18th October 2021) Database Schema Updates in this Build

New Features

  • Added new methods to the API for managing Active Directory Domains
  • Added new methods to the API for managing Privileged Account Credentials
  • Added new methods to the API for managing Remote Site Locations
  • Added new options to both APIs where a 2FA one time password must be specified during the initial authentication process
Updated Features
  • Deleting Host records via the API will now also delete any associated password records for the host
  • Added options in the APIs to also delete Host records via their HostID value
  • Added support for Windows 11 and Windows Server 2022 Operating Systems
  • Redesigned initial setup wizard of Passwordstate to not write to the web.config file until the initial setup is complete
  • On Add/Edit password screens, the Bad Password Check icon will now be visible for any of the selected Bad Password options
  • Made performance improvements by only checking for Bad Passwords at the time of making changes to password records when clicking the Save button
  • Made some changes to the Duo login screens to re-query session variables if they do not exist
  • It is now possible to nest Private Password Lists under a folder structure configured with the Advanced Permission Model
  • Updated the Remote Session Gateway to fix a display issue with Aruba switches
  • Updated Telerik ASP.NET Controls to build 2021.3.914
  • Added new auditing records for when permissions are added and removed from the Feature Access screen
  • Added a new notification to the Notification Centre, to remind Security Administrators of the best practice recommendation for generating updated encryption keys and re-encrypting all data
  • Added a feature where you can swap encryption method type during the encryption key rotation process - either AES or FIPS encryption
  • Added new functionality to the SAML Logout process, to force users to re-authenticate to the SAML provider/Passwordstate each time they wish to access Passwordstate
  • Added new Auditing records for the creation, deletion, and updating of Remote Site Location records
  • It is now possible to delete Remote Site Location records, and all associated records, from within the UI in Passwordstate
  • Updated the email sent for failed SAML Logins to report the returned value of the SAML ID sent back to Passwordstate
  • Removed legacy SAML code which was replace in Build 8488
  • Made memory optimizations to encryption/decryption functionality, for all modules
  • Deleting Host records in bulk will now also you to also delete all associated password records
  • Updated Browser Based Remote Session Gateway to automatically check back in authenticating password records when the session is ended - this relates to the 'Password Requires Check Out' feature
  • Added additional auditing records for Brute Force Lockout for the Password Reset Portal - on the second verification screen
  • With the Host Name filtering on Remote Session Credentials, spaces will automatically be removed if added
  • Host discovery jobs now have an option to delete Host records when the host has password records associated with the host
  • Added progress indication animation when uploading documents
  • Added further checks to Active Directory password reset and validation scripts to ensure sAMAccountName format is being used in the Username field
  • Added additional debug logging for the Password Reset Portal for the password expiry reminder emails
  • Added an option for the Active Directory synchronization process to immediately disable User Accounts as they are added into Passwordstate
  • Updated the Self Destruct Message feature to wrap long values on the screen
  • Fixed a foreign key constraint error when trying to add a new user account and adding to a local security group at the same time
Fixed
  • Fixed an issue in the browser based launcher where certain characters for the password field were preventing authentication
  • Fixed 'Failed to execute insertRule' JavaScript error on Edit Passwords screen when performing certain postback events
  • Fixed a bug in the standard API where the Delete Permissions from Folder method was not accepting the API Key in the header
  • Fixed an issue with the scheduled backup where the Secret3 field value was blank in the backup
  • Fixed an issue in the Passwords Navigation Tree where some right-click context menus might have been disabled when duplicate permissions were applied to the folder - specific Guest access
  • Fixed the PowerShell Test Script screen for Active Directory accounts, as it was not showing the Domain FQDN field on the screen
  • Fixed an issue with Account Discovery Jobs for the Remote Site Locations agent where the job would not be marked as completed, if there were no hosts to query for the job
  • Fixed an issue where the Emergency Access login password would not update if it contained an asterisks character
  • Fixed an issue in the Auditing for the Password Reset Portal where the IP Address of the portal web server was being reported in the Description field
  • Fixed an issue with Password Reset Portal and Duo Authentication where it was not reporting the user's IP Address back to the Duo portal
  • Fixed an issue with the Remote Site Locations agent where the Chilkat assembly DLL was missing from the file system, which is used for SSH connections
  • Fixed an issue where under certain conditions the Update functionality in the browser extensions could have updated other non related password records
  • Fixed an issue where it would appear the High Availability Server was not polling back on the Authorised Web Servers screen, if the Passwordstate App Server was installed on the same host
  • Fixed an issue with the encryption key rotation feature where it was not re-encrypting data for the AppTokens table for the Mobile Apps
  • Fixed an issue where global security header attributes added into IIS, could have conflicted with entries added to the web.config file
  • Fixed an issue where under certain conditions an incorrect Password List was selected on the screen after navigating away from the main navigation menus

Passwordstate 9.3 - Build 9300 (2nd August 2021) Database Schema Updates in this Build

Updated Features

  • Introduced a new Common Software Installation Process (CSIP) with published checksums for validation
  • Increased code obfuscation across all Click Studios software assemblies
  • Implemented strict calling process validation for all critical processes
  • Remove the dependency on the file Moserware.SecretSplitter.dll
  • Subdomain naming standard enforced for the Click Studios Content Delivery Network servicing downloads of the Common Software Installation Process
  • Deprecated In-Place Upgrade capability and blocked from working on all existing builds. Replaced by CSIP in build 9300
  • Added a One-Time Password feature for the Emergency Access Login account
  • Updated Telerik ASP.NET Controls to version 2021.2.511
  • Updated Telerik ASP.NET Controls to use the digitally signed versions
  • Remote Site Locations Agent will now upgrade directly from your instance of Passwordstate
  • Added an option on the screen Administration -> Remote Site Locations to export all agent installer instructions to a csv file
  • Increased the Description field length in the database for Security Groups from 255 to 1000 characters
  • Provided a setting on security groups to prevent the security group from showing in the UI when applying permissions to credentials, features, etc
  • Oracle validation script has been updated to support SYS accounts
  • Updated iDrac password reset script to support iDrac firmware version 9
  • PowerShell scripts no longer exist within the Passwordstate folder after the initial installation is complete
  • Added additional HMAC Hashing checks to various fields in the SystemSettings table
  • Updated backup functionality so administrative rights on the Passwordstate web server are no longer required
  • Browser Extensions have now been updated so the 'Update Dialog' does not display when updating an account password on a web site, if the user only has 'View' permissions to the credential in Passwordstate
  • Updated the Client Based Remote Session Launcher so 'AdditionalParameters' in included in the Public/Private Key sessions as well
  • Updated VNCViewer for the Client Based Remote Session Launcher to version 1.3.2.0
  • Updated PuTTY for the Client Based Remote Session Launcher to version 0.75
  • Renamed the methods in the APIs which triggers a synchronization of AD Security Groups and User Accounts to GetADSync
  • Made some changes to the 'Password Retrieved' auditing events in the API's to make the description more consistent with the core UI auditing
  • If the user has not been given the 'Feature Access' for the Mobile App, then the QR Code will no longer be visible on their Preferences screen for scanning
  • The Build Number will now be added to exceptions for the core product, and Passwordstate Windows Service
  • Additional additional content validation to various URL fields and document name fields on relevant screens
  • Updated to latest build of Remote Session Gateway to resolve Chrome 89 issue where mouse scrolling was not working
  • Made changes to Mobile Apps to better support formatting of the Notes field
  • Updated Remote Session Gateway installer scripts to use OpenJDK 16.0.1
  • The RADIUS sectet field on the System Settings screen is now masked like a normal password field
Fixed
  • Fixed an issue in the API's where it would not send Self Destruct Messages correctly when using the Push/Pull instance of the Self Destruct message feature
  • Fixed an issue in the API's when sending Self Destruct Messages where it was not honouring the System Setting as to which email address the message was meant to be sent from
  • Fixed an issue where scheduled account heartbeats could still have executed, when the Password Lists has been modified to disable the 'Enable for Resets' option
  • Fixed an error of 'The remote certificate is invalid according to the validation procedure' if TLS was selected for the mail settings, and older TLS protocols were disabled on the email server
  • Fixed the SonicWall account discovery script as it had an invalid path to the Passwordstate bin folder
  • Fixed a bug where a password record was getting checked out for exclusive use immediately (Password Requires Check Out) when enabling the option for the first time
  • Fixed a bug where it was attempting to link a Password List to a Template (based on a System Setting) when it should not have been, which was causing a FOREIGN KEY constraint exception
  • Fixed an issue where two menus under the Help menu were not hidden, when permissions were removed from them from the Administration -> Feature Access screen
  • Fixed an issue deleting a domain from the Password Reset Portal administration area where it was reporting the domain was in use for password records
  • Fixed a bug where the PG_CapitalizeWordPhrases session variable was not set when logging in via emergency causing some page load errors
  • Fixed a false positive with Active Directory heartbeat check on the Add Password screen where the list is new and never had any password records assigned
  • Fixed an issue with the Browser Based Launcher where authentication would fail if the password contained a & character
  • Fixed an Internal Server 500 error for the Password Reset Portal when using SecurID authentication
  • Fixed a bug in the Password Reset Portal when using SAML Authentication where it would error with 'user not successfully authenticated' when trying to change the user's password
  • Fixed an issue with new installs where the Twitch icon for the Account Type was incorrect
  • Fixed an issue where the Self Destruct Manual link in Passwordstate was giving a Page Not Found error
  • Fixed an issue in the API when adding a Host record where it could have errored with "index was outside the bounds of the array"
  • Fixed a potential issue with the Remote Site Locations agent where a discovery job may not have completed if no 'dependencies' were found for a host
  • Fixed a bug where it was not possible to view Permissions of a Host Discovery Job under the Hosts menu
  • Fixed an issue where some customers where reporting the App Server could not be installed on the same web server as the core Passwordstate install
  • Fixed an issue here some environments might not have had their browser based launcher gateway configured to use http posts for the websockets connections
  • Fixed an issue on the Add/Edit Passwords screen, where it was trying to use the proxy server settings in System Settings, when it should not have been
  • Fixed an issue where the Username button at the top right-hand side of the screen still had a click event on it, when the user had their access removed from the Preferences screen - resulting in a 404 page not found error

Passwordstate 9.1 - Build 9117 (20th April 2021) Database Schema Updates in this Build

Updated Features

  • Added an option for SQL Server backups to not perform a DNS Lookup on the database server name if not required
Fixed
  • Fixed an issue where the 'active' node for High Availability could have duplicated some processing by the Passwordstate Windows Service
  • Fixed an exception of 'Cannot bind argument to parameter String because it is an empty string' with the Remote Site Locaiton agent, for the Discovery Jobs
  • Fixed an issue where the URL icon on the Edit Password screen may have been unresponsive to a click
  • Fixed an issue where a notification might have been added for records in the Password Reset Queue, stating an active maintenance contract was required

Passwordstate 9.1 - Build 9112 (14th April 2021) Database Schema Updates in this Build

Updated Features

  • Added back the Push/Pull version of the Self Destruct Message web site as an option
  • Brute Force Login detection will now also be tracked against the UserID field for the user for the main Passwordstate UI
  • Added an option where Brute Force login can be temporarily disabled whilst troubleshooting X-Forwarded support on network devices
  • Added a configurable database setting for backups to change the impersonation method used for the backup account if required
  • Made some changes to Browser extensions to increase performance when clicking on the Browser Extension icon, and also fixed where on occasion more than one click was required on a record within the browser extension
  • When browsing to the web site for the App Server, it will now give you a 200 Status Okay page, instead of the previous 404 Page Not Found
  • Added additional checks to the backup "Test Permissions" process to ensure the linked password record was configured correctly
Fixed
  • Fixed some issues on the Passwords Home screen, where 3 'Actions' menus for Search Passwords and Recent Passwords was causing an exception, or message about insufficient permissions
  • Fixed an issue where an automated clean-up process could have removed permissions from a folder that was configured with the Advanced Permission Model when it should not have
  • Fixed an issue with new installs of version 9 where a different Verification Policy could be used, when it was not selected
  • Fixed an error with the High Availbility In-Place upgrade feature where it may have raised an exception about the \upgrades\passwordstate\haupgrades folder not existing
  • Fixed an issue where password resets where not being processed in the queue when using the free version of Passwordstate

Passwordstate 9.1 - Build 9100 (29th March 2021)

Updated Features

  • Updated the PowerShell scripts for SQL Server backups to support SQL Aliases
  • Made further improvements to Browser Extensions for performance, and Save dialogs appearing when they should not have been
  • Added additional checks to ensure subsequent upgrades are not performed if a previously failure was detected
  • When uploading new images for Account Types, we now check to confirm the file name is not already in use
  • Added some additional debugging to the Backup Settings screen during testing of permissions, as well as the In-Place Upgrade screen for downloading new builds
  • Made some improvements to the backup setting screen when trying to search fo your backup account - it will now also search on your Domain, or Host Name
  • Added additional debugging if the test for sending of emails on the System Settings screen fails
  • Made improvements to the Oracle Password Reset script when not using a Privileged Account Credential to perform the reset
  • Updated the feature where the browser extensions could automatically clear the clipboard so the event is now triggered based on using the 'Copy to Clipboard' buttons
Fixed
  • Fixed a bug upgrading to build 9000 where an exception of 'Subquery returned more than 1 value' if there where duplicate Account Types with the same name
  • Fixed an issue with new installs of Passwordstate where the SAML Verification Policy for the Password Reset Portal did not have auto-enrolment enabled
  • Fixed an issue with setting permissions when creating Password Lists under folders with Advanced Permissions model, where settings and permissions were based off a Template via a User Account Policy
  • Fixed an issue with the backups to import the SQLSERVER module rather than the SQLPS module
  • Fixed an issue with the Dependencies Discovery Job where it could have reported exceptions for "System.Threading.Tasks" when a Host could not be queried
  • Fixed an issue when applying individual permissions to a password record, where permissions to upper-level folders maybe have been added, when they were not meant to be
  • Fixed an issue where it was not possible to use the In-Place Upgrade feature for High Availability instances
  • Fixed an issue in the WinAPI when generating random passwords where it may have raised an exception for the phrase CapitalizedWordPhrases
  • Fixed an issue upgrading to version 9, if your High Availability Nodes were recorded in NetBIOS format, instead of FQDN
  • Fixed an issue where auditing records for the Mobile App may not have shown in the Recent Activity grid under the Passwords grid
  • Fixed an issue with the WinAPI where adding and updating password records would result in a 'No HTTP resource' error
  • Fixed an issue when creating Password Lists via API where it could set a Password List to block inheritance when it should not have been
  • Fixed an issue with the Test Permissions process for backups where it was checking if a Local Account, and remote SQL Server were being used, when the option to back up the database was deselected
  • Fixed an issue where an exception of converting varchar to datetime could have happened for the Self Destruct Message feature - both adding and deleting messages
  • Fixed an issue where the number of Discovery Threads on the System Settings page was not displaying the value saved in the database
  • Fixed issues with Oracle PowerShell scripts where an exception was raised about the Oracle components not being found
  • Fixed an issue with the browser extensions, which was allowing users to view a Password when they should not have been allowed to, based on the Hide Password settings for a Password List
  • Fixed In-Place Upgrades for App Server if it was installed on the same servers as Passwordstate

Passwordstate 9.0 - Build 9073 (11th March 2021)

Updated Features

  • Extended the expiry date, and number of views, for the Self Destruct Message feature
  • Improved error reporting on Mobile Apps for any issues pairing the App, or Logging into the App
Fixed
  • Fixed a bug upgrading to version 9 where an exception of 'Subquery returned more than 1 value' if there where duplicate Account Types with the same name
  • Fixed an unhandled exception in the Mobile Apps when trying to authenticate if the offline cache days for the App was set to 30 days
  • Fixed an issue when backup of SQL Server database where it could have reported the requirement to 'Import-Module SQLPS'
  • Fixed issues for future upgrades where performing a backup just prior to upgrading was resulting in the ChilkatDotNet45.dll file not be able to be overwritten
  • Fixed a 'System.IndexOutOfRangeException' exception in the Windows Integrated API when trying to manage permissions on a Password List
  • Fixed an issue with scheduled and manual backups where it may have errored under certain conditions when trying to delete old backups

Passwordstate 9.0 - Build 9065 (10th March 2021) Database Schema Updates in this Build

Updated Features

  • Made the App Server's SSL Certificate Public Key for visible on the System Settings screen
  • Made some changes to the InPlace Upgrade feature to better validate a Windows Account it one was being used for the Backup and Upgrades account
  • Added additional upgrade logging to final process on the Upgrade Notification screen
  • Added additional checks to confirm the App Server installation instructions have been followed for configuring the web.config file
  • Added a check to ensure the Health Check Utility was run after upgrading to version 9
  • Made various improvements to the backup process, with additional error capturing
  • When using the free version of Passwordstate, it will no longer be possible to scan the QR Code to configure your phone for the Mobile App
  • Made some changes to resolve intermittent issues with query Active Users in Passwordstate
Fixed
  • Emails for backups was not reporting the file names correctly
  • Fixed an issue upgrading to version 9 when using FIPS Encryption - error was "You must provide at least one secret share" when trying to join split secrets
  • Fixed an issue with the new SAML option for Password Reset Portal where it could not communicate back to the API after SAML authentication completed
  • Fixed and issue with the Move password record method in the API where a 'declare the scalar' exception was being raised
  • Fixed an issue with the App Server not polling correctly into the main User Interface, if the App Server web.config file was encrypted
  • Made changes to the Self Destruct Message web site so it would pick up branding changes immediately when made on the System Settings page
  • Fixed search functionality in Browser extension when users had more than 10 passwords saved for a website

Passwordstate 9.0 - Build 9050 (1st March 2021) Database Schema Updates in this Build

Updated Features

  • Updated the Host icons within the Hosts tab to provide per connection type icons
  • Deprecated the 'Reset to All Records' options for Grids in Passwordstate for how many records can be displayed at any one time, and limited the option when clicking on the Screen Options button
  • For features which send emails via the API's, we re-query email server settings prior to emails being sent
  • Added a new notification to Notification Centre to detect if Adblockers were enabled for the site - which can affect performance and functionality
  • Added new methods to the API's for adding Local Security Groups, and for adding/removing members from those security groups
  • Added new methods to the API's for adding User Accounts into Passwordstate
  • Added new methods to the API's returning and searching Security Groups
  • Renamed Operating System and Account Type of VMware ESX to VMware ESXi
  • Improved the scanning of OTP QR Codes to better detect invalid QR Codes
  • Improved the Brute Force IP Address lockout feature for the Mobile Apps
  • Updated Telerik UI for Xamarin to version 2021.1.119.1 for Mobile Apps
  • Updated Browser Extensions to use jQuery version 3.5.1
  • Made significant performance improvements to the re-encryption feature
  • Matches changes to the Browser Extension password update feature to better match on differences in URL values for the login URL, and the URL for the page where passwords are updated
  • Made changes to browser extensions to provide additional protection against HTML Injection attacks
  • Introduced additional time-based token access control mechanism for Native Mobile Apps
  • Made some changes to support the inverted question mark character in encrypted fields
  • Added a new notification to the Notification Centre, if the primary server's Windows Service did not poll back in the expected time frame
  • Renamed "All Passwords Report" to "Export all Passwords" on List Administrator Actions menu.
  • For the creation of the Passwordstate database, we now set the default collation to case insensitive
  • Updated Telerik ASP.NET Ajax Controls to version 2021.1.119
  • Added an email alert for Remote Site Locations to report if a site has not polled back in the specified time
  • Made some improvements to login screens to better handle sessions ending on the web server during the page sitting idle
  • Made changes to the execution of all PowerShell scripts to prevent logging in the Windows Event Log if detailed logging for PowerShell was enabled at the operating system level
  • Added additional options to the Password Generator Policies
  • Added functionality for In-Place Upgrade feature for the new Passwordstate App Server
  • Updated the Host icons within the Hosts tab to provide per connection type icons
  • Added a new System Setting to hide the menu 'Convert to Shared Password List' for Private Password Lists
  • Rename the label for the System Wide API Key to make it more obvious it is the System Wide key
Fixed
  • Fixed an issue with the Add Password List Wizard where the password value for the Separate Password authentication may not have been copied from a template
  • Fixed an issue where a 404 page was displayed after using the Add Password List Wizard, where an authentication option was specified for the Password List
  • Fixed an issue where the Password List Guide was being copied from a Template or Password List, when selecting the Copy Settings options on the Edit Password List screen
  • Fixed an issue with the Linux Password Validation script where it was raising an exception about 'file not found' due to incorrect Chilkat assembly reference
  • Fix the error 'The application passed an empty string or NULL to UnlockComponent' when testing SSH based PowerShell scripts from the screen Administration -> PowerShell Scripts
  • Fixed an issue for the 'Adding Hosts into Folder' for Host Folders, where it was possible incorrect Hosts were automatically being added into folders
  • When adding a new password record, this was to be used for One-Time Passwords, the progress indicator was not showing on the screen after the QR Code was scanned
  • When editing the properties of a Password List, the options to copy permissions from a Template or Password List was disabled when the 'Disable Inheritance' option was selected
  • Fixed issue with the 'Save and Add Another' button for adding password records, where a One Time Password QR code was being added to the secondary password record when not explicitly specified
  • When adding members to a local security group, clicking on the Cancel button was giving you a page not found error
  • Incorrect error message displayed when adding in a "Windows" account into a password record, if no Privileged Account was assigned
  • Fixed a case sensitive matching issue on the Feature Access screen in the Admin area, which resulted in certain Add Folder/Password Lists menus being disabled
  • Fixed an issue where you could not create folders in the root of Passwords Home, when you had been given access to do so
  • Fixed an issue on the Feature Access screen where you may not have been returned to the correct tab after modifying permissions for a feature
  • Fixed an issue with the re-encryption process where it would get stuck re-encrypting the PasswordDocuments table
  • Propagating Permissions arrow was not showing on Host folders
  • Fixed an issue in the new API methods where blank API keys could have been used for retrieving Password Strength and Password Generator Policy data
  • Fixed and issue where Permalinks were not working unless you were first authenticated
  • Fixed an issue where user's need to also be given the Email Templates Security Admin role in order to get access to the Email Notification Groups menu in the Admin area
  • Fixed an issue where UI elements would disappear on the Add/Edit folder screen when clicking on the setting 'Disable Inheritance of any permissions from upper-level folders'
  • Fixed an issue with the Self Destruct web.config file which wasn't included in the Passwordstate Upgrade file

Passwordstate 9.0 - Build 9000 (11th January 2021) - Beta 1 Database Schema Updates in this Build

New Features

  • New native Mobile App available for iOS and Android
  • New Passwordstate App Server available for use with the Mobile App, Browser Extensions, and Self Destruct Site, for use when users are out of the office
  • Added a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups
  • You can now Copy/Link/Move passwords via the API(s)
  • Added the ability to delete password record dependencies via the API(s)
  • One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
  • Added methods to both APIs for retrieving all Password Strength and Password Generator Policies
  • Browser Extension icon in the toolbar will now turn blue if the current web site has been added to the Ignored URL list
  • Browser Extension can now update passwords in Passwordstate when you change them on web sites
  • Password Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid
  • Bad Passwords and Have I been Pwned password checks can now be used in conjunction with each other on the Add/Edit Password screens
  • Browser based remote session gateway can now be configured to record and play back session recordings from a network share
  • You can now add in your own "Managed" account types, and configured password resets which are not related to a Host or Active Directory
  • Failed Brute Force login attempts will now be locked out via IP Address, requiring the block to be removed manually from the Administration screen
  • Folder and Password Lists can be configured to block inheritance of permissions from parent objects
  • Manual folder permissions on password folders has been deprecated and replaced by a combination of propagation, and blocking of inheritance
  • Provided search functionality on various screens in the Administration area to help quickly find various settings
  • Added SAML Authentication support as a Verification Policy for the Password Reset Portal
  • The Password Reset Schedule for records now have options for adding the number of Days or Months to the Expiry Date field after the reset has occurred
  • The 'Default Password Reset Schedule' setting on Password Lists can now be randomized between two time slots
  • Added multi-threaded support for Account and Windows Dependency Discovery Jobs
  • Added a "Keep Alive" page to allow for monitoring website and database availability
Updated Features
  • Ability to delete empty password lists in bulk can now be found under Administration -> Password Lists -> Perform Bulk Processing
  • Session recordings in the browser based launcher will now be marked as complete if the user either closes their tab or browser
  • Added more Operating Systems for account discovery, password resets and remote sessions
  • Backups have been improved where file and database backups can be stored in different locations, and backups zip files can be password protected
  • Browser Extension Fixes and Updates
  • Updated VNCViewer for the client based remote session launcher to version 1.2.4.0
  • Updated PuTTY for the client based remote session launcher to version 0.74
  • Added better error reporting if an OU for a Host Discovery Job no longer exists in Active Directory
  • Updated Telerik ASP.NET Ajax Controls to version 2020.3.1021.45
  • Added 256bit AES encryption option to password protected zip files for exports
  • The Mobile Client Web site has now been deprecated and replaced by the new Native App
  • Made improvements to session variable handling when using multiple tabs to access Passwordstate
  • Made performance improvements to the In-Place High Availability upgrade feature
  • SSH public/private key authentication now works with the Browser Based Gateway, when the gateway is installed separately from Passwordstate
  • Browser Extension Default Password Lists now show an option of --Please Select-- if a List has not yet been selected
  • Browser Extension will now show a new Ignored URL menu, where you can delete any personal Ignored URLs
  • Removed various words from the Word Dictionary for the Password Generator Policies
  • Host Properties section under the Host Dashboard now includes the "Tag" field data for the Host
  • Made improvements to the search feature to return better results if the search terms had a "_" in them
  • When using an active/active configuration for Passwordstate, the Windows Service on the 'Primary Server' will also now check on a schedule if any images/logos need to be written to disk, instead of just when the Windows Service starts
  • On the SAML screen which informs you the account does not exist in Passwordstate, a Logout button will be presented to allow you to log out of your SAML Provider - as long as a Logout URL has been configured in Passwordstate
  • An Exit button will always be visible now when using the Password Reset Portal, and redirect you to a screen instructing the user how to close their browser
  • The email sent for Email Temporary Pin Code can now be customized - both for core product and Password Reset Portal
  • Safenet and AuthAnvil Authentication options have been deprecated - use SAML Authentication for these providers instead
  • Added a check on the database upgrade screen to ensure the read-only Passive Node instance of Passwordstate could not attempt to upgrade the database
  • Updated all icons to a new look and feel
  • Background color branding has now been deprecated due to readability issues
  • Updated Standard API so API Keys can be used consistently across all API Methods
  • Self Destruct Message Web Site has been re-designed to work with active/active high availability setups, and can also be used with new Passwordstate App Server
  • Updated HtmlSanitizer assembly to version 5.0.319
  • Upgraded Passwordstate and all modules to use .NET Framework 4.7.2
  • The PassiveNode key in web.config files has been deprecated, and the 'roles' of your the Passwordstate web servers are now managed on the screen Administration -> Authorized Web Servers
  • With the option to disable user's accounts when they are no longer members of any AD Security Groups, this setting will no longer be overridden by any other enabled/disabled setting
  • Made improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen
  • The option to nest Folders and Password Lists beneath other Password Lists has now been deprecated
  • The Restricted Feature for allowing the use of Multiple Open Tabs has now been deprecated
  • Consolidated High Availability Nodes menu in Administration area into Authorised Web Servers
  • Made some UI improvements to the main navigation menus and tabs
  • Updated to the latest SQLite DLLs for each appropriate module
  • Made some changes to PowerShell script for discovering Local Administrator accounts on Windows to improve performance
  • If a password is check-out for exclusive use in the UI, it will only be available in the browser extensions for use by the person who has checked it out
  • Now digitally signing core DLLs, in additional to various Windows Services already signed
  • Added additional Content Security header policies
Fixed
  • With the update to .NET Framework 4.7.2, the combination of SAML Authentication and Permalinks now work again
  • Fixed a bug editing a User Account Policy if there was a System Setting set to hide Inbuilt Password List Templates
  • Fixed some issues when using the Passive High Availability instance of Passwordstate where some controls where enabled on the screen when they should have been disabled
  • Fixed an issue with expanding/collapsing navigation tree nodes if the user preference was set to collapse nodes by default
  • SSH Private Key authentication for the Browser Based Gateway was not working when launching a session directly from a password record
  • On the System Settings page for Password Reset Portal, the Exit Button URL was leaving a https:// value behind when trying to clear the field
  • In the browser extension, the Default Password List may not be selected correctly when navigating around the menus in the extension
  • Fixed an issue with the Local Admin account discovery job where it could return a null user if a Security Group name was specified which did not exist