Passwordstate 9 Change Log  (Version 8 Changelog)

Passwordstate 9.0 - Build 9000 (11th January 2021) - Beta 1 Database Schema Updates in this Build

New Features

  • New native Mobile App available for iOS and Android
  • New Passwordstate App Server available for use with the Mobile App, Browser Extensions, and Self Destruct Site, for use when users are out of the office
  • Added a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups
  • You can now Copy/Link/Move passwords via the API(s)
  • Added the ability to delete password record dependencies via the API(s)
  • One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
  • Added methods to both APIs for retrieving all Password Strength and Password Generator Policies
  • Browser Extension icon in the toolbar will now turn blue if the current web site has been added to the Ignored URL list
  • Browser Extension can now update passwords in Passwordstate when you change them on web sites
  • Password Lists which have the One-Time Password feature enabled, will now have the OTP progress and copy to clipboard functionality visible in the Password List grid
  • Bad Passwords and Have I been Pwned password checks can now be used in conjunction with each other on the Add/Edit Password screens
  • Browser based remote session gateway can now be configured to record and play back session recordings from a network share
  • You can now add in your own "Managed" account types, and configured password resets which are not related to a Host or Active Directory
  • Failed Brute Force login attempts will now be locked out via IP Address, requiring the block to be removed manually from the Administration screen
  • Folder and Password Lists can be configured to block inheritance of permissions from parent objects
  • Manual folder permissions on password folders has been deprecated and replaced by a combination of propagation, and blocking of inheritance
  • Provided search functionality on various screens in the Administration area to help quickly find various settings
  • Added SAML Authentication support as a Verification Policy for the Password Reset Portal
  • The Password Reset Schedule for records now have options for adding the number of Days or Months to the Expiry Date field after the reset has occurred
  • The 'Default Password Reset Schedule' setting on Password Lists can now be randomized between two time slots
  • Added multi-threaded support for Account and Windows Dependency Discovery Jobs
  • Added a "Keep Alive" page to allow for monitoring website and database availability
Updated Features
  • Ability to delete empty password lists in bulk can now be found under Administration -> Password Lists -> Perform Bulk Processing
  • Session recordings in the browser based launcher will now be marked as complete if the user either closes their tab or browser
  • Added more Operating Systems for account discovery, password resets and remote sessions
  • Backups have been improved where file and database backups can be stored in different locations, and backups zip files can be password protected
  • Browser Extension Fixes and Updates
  • Updated VNCViewer for the client based remote session launcher to version 1.2.4.0
  • Updated PuTTY for the client based remote session launcher to version 0.74
  • Added better error reporting if an OU for a Host Discovery Job no longer exists in Active Directory
  • Updated Telerik ASP.NET Ajax Controls to version 2020.3.1021.45
  • Added 256bit AES encryption option to password protected zip files for exports
  • The Mobile Client Web site has now been deprecated and replaced by the new Native App
  • Made improvements to session variable handling when using multiple tabs to access Passwordstate
  • Made performance improvements to the In-Place High Availability upgrade feature
  • SSH public/private key authentication now works with the Browser Based Gateway, when the gateway is installed separately from Passwordstate
  • Browser Extension Default Password Lists now show an option of --Please Select-- if a List has not yet been selected
  • Browser Extension will now show a new Ignored URL menu, where you can delete any personal Ignored URLs
  • Removed various words from the Word Dictionary for the Password Generator Policies
  • Host Properties section under the Host Dashboard now includes the "Tag" field data for the Host
  • Made improvements to the search feature to return better results if the search terms had a "_" in them
  • When using an active/active configuration for Passwordstate, the Windows Service on the 'Primary Server' will also now check on a schedule if any images/logos need to be written to disk, instead of just when the Windows Service starts
  • On the SAML screen which informs you the account does not exist in Passwordstate, a Logout button will be presented to allow you to log out of your SAML Provider - as long as a Logout URL has been configured in Passwordstate
  • An Exit button will always be visible now when using the Password Reset Portal, and redirect you to a screen instructing the user how to close their browser
  • The email sent for Email Temporary Pin Code can now be customized - both for core product and Password Reset Portal
  • Safenet and AuthAnvil Authentication options have been deprecated - use SAML Authentication for these providers instead
  • Added a check on the database upgrade screen to ensure the read-only Passive Node instance of Passwordstate could not attempt to upgrade the database
  • Updated all icons to a new look and feel
  • Background color branding has now been deprecated due to readability issues
  • Updated Standard API so API Keys can be used consistently across all API Methods
  • Self Destruct Message Web Site has been re-designed to work with active/active high availability setups, and can also be used with new Passwordstate App Server
  • Updated HtmlSanitizer assembly to version 5.0.319
  • Upgraded Passwordstate and all modules to use .NET Framework 4.7.2
  • The PassiveNode key in web.config files has been deprecated, and the 'roles' of your the Passwordstate web servers are now managed on the screen Administration -> Authorized Web Servers
  • With the option to disable user's accounts when they are no longer members of any AD Security Groups, this setting will no longer be overridden by any other enabled/disabled setting
  • Made improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen
  • The option to nest Folders and Password Lists beneath other Password Lists has now been deprecated
  • The Restricted Feature for allowing the use of Multiple Open Tabs has now been deprecated
  • Consolidated High Availability Nodes menu in Administration area into Authorised Web Servers
  • Made some UI improvements to the main navigation menus and tabs
  • Updated to the latest SQLite DLLs for each appropriate module
  • Made some changes to PowerShell script for discovering Local Administrator accounts on Windows to improve performance
  • If a password is check-out for exclusive use in the UI, it will only be available in the browser extensions for use by the person who has checked it out
  • Now digitally signing core DLLs, in additional to various Windows Services already signed
  • Added additional Content Security header policies
Fixed
  • With the update to .NET Framework 4.7.2, the combination of SAML Authentication and Permalinks now work again
  • Fixed a bug editing a User Account Policy if there was a System Setting set to hide Inbuilt Password List Templates
  • Fixed some issues when using the Passive High Availability instance of Passwordstate where some controls where enabled on the screen when they should have been disabled
  • Fixed an issue with expanding/collapsing navigation tree nodes if the user preference was set to collapse nodes by default
  • SSH Private Key authentication for the Browser Based Gateway was not working when launching a session directly from a password record
  • On the System Settings page for Password Reset Portal, the Exit Button URL was leaving a https:// value behind when trying to clear the field
  • In the browser extension, the Default Password List may not be selected correctly when navigating around the menus in the extension
  • Fixed an issue with the Local Admin account discovery job where it could return a null user if a Security Group name was specified which did not exist