|
An error message or a blank page is displayed when visiting the user interface the first time after an upgrade.
Due to an error, the previous versions of SPS redirected the users to the login page with a permanent redirect. Since the browsers remembered this information and the URL was not available anymore, SPS showed a blank page or an error message on the first visit of the user interface after an upgrade. This has been fixed and SPS now correctly redirects to the login page. |
PAM-16656 |
|
Copying files over the clipboard in RDP could cause all connections to terminate.
In some rare edge cases, copying files to or from an RDP session host using clipboard copy and paste could cause all RDP connections to terminate during the paste operation. In this case, a core file was generated. The issue was caused by an insufficient safety check, in case the RDP client or server requested an invalid file from the clipboard.
This has been fixed by correcting the safety check. In case of an invalid paste request, the message "Invalid file index in cliprdr file content request" will appear in the system log, and the request will be dropped properly in all cases. |
PAM-16569 |
|
Online player video share did not work.
Video share did not work when the other user was not logged into the SPS. This issue has been fixed. |
PAM-16519 |
|
Generated reports displayed session start and session end times only with month precision.
A previous patch for "Session history" and "Verdicts history by sessions" subchapters that fixed the resolution of charts for daily reports unfortunately had an unwanted side effect that caused other subchapters that displayed session start and session end times like "Top 10 longest sessions" or "Top 10 shortest sessions" to display session start and session end times only with month precision as opposed to second precision.
This has been fixed and reports generated now display session start and session end times with second precision. |
PAM-16485 |
|
SPS falsely displayed the "Play video" button and screenshot viewing possibilities for mssql sessions.
The features for playing video or displaying screenshots for mssql sessions have not yet been implemented. |
PAM-16461 |
|
If there is no license configured, then the firmware test denies the upgrade without displaying the reason.
When there was no license configured, and you clicked the Test firmware icon, or at Basic Settings/System/Firmwares you selected a different firmware to be active after the reboot, then the firmware test failed, but none of the test results indicated any problems. This issue has been fixed. |
PAM-16450 |
|
Audited connections, mostly RDP, could fail to write the audit trail and connection could be terminated.
In certain cases, auditing a connection could run into an issue when the audited traffic contained an overly large message. In this case, auditing failed, and the connection was terminated.
Also, the message "Failed to send request to audit writer service;" was added to the system log.
The issue mostly affected RDP clipboard transfers, for example when image data was copied between the RDP session host and the RDP client host.
This issue has been mitigated, by increasing the limit of single transfers to 128 megabytes, which allows copying uncompressed 4K 32bpp images in RDP. Also, logging has been improved to help determine if a connection closed due to this limit. |
PAM-16379 |
|
Setting a server certificate or private key in the last step of the Welcome Wizard fails with an error.
The web server's certificate and private key can be configured in the last step of the Welcome Wizard before finishing it, but due to an error, it was not possible to set a custom certificate and key pair, or to view the automatically generated one. This has been fixed. |
PAM-16282 |
|
LDAP connections can accumulate over a short time period in some cases.
Open LDAP connections could accumulate in several cases, for example when an anonymous bind was used. The reason for this was incorrect internal caching. This was fixed. |
PAM-16198 |
|
Health status information was not up-to-date on the API.
After upgrading to SPS 6.13.0, the {{/api/health-status}} information was not updated. This has been fixed. |
PAM-16197 |
|
SSH SFTP file transfer might fail from certain servers.
In some cases, transferring files from certain servers using the SFTP protocol failed due to a packet size limit. In this case, the message 'Invalid packet length;' was written to the system log.
The interoperability with these servers has been improved by increasing the packet size limit to match the server limit. |
PAM-16188 |
|
After upgrading from 5.0.11 to 6.0.12, SPS fails to boot, due to invalid nodeid.json.
Though the upgrade finishes successfully, SPS stops before starting up the system. The web UI gets stuck on "Firmware is starting up, please wait...", and the last message on the screen reads "Fatal error: could not start core firmware because makeworld has failed". This issue has been fixed. |
PAM-16172 |
|
The Login options page was visible for those as well who had no permission to change or view anything.
This issue has been fixed and now the Login options page is only visible for those who have permission to it, and read-only mode has been added. |
PAM-16125 |
|
When trying to visualize session data on the timeline on the Search page, if the start time attribute of a session that is to be included on the timeline is missing, the UI displays InternalError.
SPS Search UI provides a feature to visualize session metadata on a timeline chart within a set time range specified by the date filters on the search page.
In order to build the timeline, sessions that fall into the given time range specified by the date filters on the search page are collected. Unfortunately, there can be situations, when the start time property of a session is missing. In this case, if the session is included in the timeline, the UI displays InternalError.
In order to solve this problem, sessions for which the start time attribute is not specified, are not included in the timeline. |
PAM-16086 |
|
Gateway authentication, Four eyes and Active connections were not available on the web interface.
Due to an authorization error, the Gateway authentication, Four eyes and Active connections pages were not available on the web interface. This issue has been fixed. |
PAM-16029 |
|
The UI did not accept the ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 host key algorithms.
On the SSH options page, setting the host key algorithms field to ecdsa-sha2-nistp384 or ecdsa-sha2-nistp521 was not possible on the client and server side. This issue has been fixed. |
PAM-15959 |
|
The Quick Connection Setup configuration could not be finished if a commit log was required, but its dialog was canceled.
This issue has been fixed: canceling the commit log takes you to the Review page of the Quick Connection Setup configuration. |
PAM-15913 |
|
Encrypted sudo-iolog sessions can be replayed without decryption keys.
Even though users had no decryption keys for encrypted sudo-iolog sessions, screenshots and videos were available for inspection. This issue has been fixed. Now, encrypted sudo-iolog sessions cannot be replayed without decryption keys. |
PAM-15862 |
|
Some of the Mssql connections fail if TLS is configured.
Mssql connections from clients running on either Windows or Linux could fail when TLS was configured.
On Windows, the connections could fail because the Microsoft command line tool could not parse TDS messages sent in multiple fragments due to a timing related issue.
On Linux, connections could fail if OpenSSL 1.1.1 or later was installed, because the Microsoft command line tool falsely advertised support for TLS v1.3. Currently this TLS version cannot be used due to limitations in the TDS protocol.
Both issues have been fixed. Negotiating TLS v1.3 has been temporarily disabled until proper support is implemented in the TDS protocol.
Furthermore, the initial packet size has been raised during the TLS handshake. |
PAM-15839 |
|
Vault details information box width was too small to read.
The information box width is corrected, it can be read easily. |
PAM-15825 |
|
Users could not upload all supported certifications to trust stores.
Some of the certifications were not visible and the user could not upload those to trust stores. This issue is fixed. |
PAM-15822 |
|
Disk fill-up prevention does not stop active connections.
Due to an error, the active connections were not stopped after the disk fill-up prevention threshold was reached. This has been corrected. |
PAM-15785 |
|
"Accepted" verdict of RDP session could incorrectly turn to "Rejected".
In some rare cases, when the RDP session was established using multiple TCP connections, then failing intermediate connection, 'Rejected' status was displayed in UI search page for the session, even if a subsequent connection in the same session was accepted. This was fixed by correctly displaying the final session verdict. |
PAM-15616 |
|
SPS does not support openssh 8.5 and later clients using pubkey auth.
After openssh 8.5 there were some changes related to the pubkey sign algorithm; therefore, the client waits for a message from the server containing the supported server sign algorithms. If this message was missing, the client closed the connection.
This has been fixed, SPS now supports pubkey auth with openssh 8.5 and later clients. |
PAM-15596 |
|
On editing the Error Templates, we changed the logo. After that, we changed the logo again, and canceled this change, and the loading got stuck.
This issue has been fixed and now the loading is displayed only if a file is selected. |
PAM-15588 |
|
Configuration lock isn't released when used app switcher
When the user used the app switcher while holding the configuration lock, is it not released and another user wasn't able to configure the SPS. |
PAM-15562 |
|
tsadaemon tracebacks after reboot.
There is a known bug in the openssl-ts tool, which can corrupt its serial file if it is terminated during a timestamping request. The fix prevents this situation and handles the serial file in a failsafe mode. |
PAM-15401 |
|
Disk space fill-up prevention can be triggered after an upgrade.
In SPS 6.10.0, a change was introduced in disk space fill-up prevention, requiring +3 GB of free disk space in addition to the configured disk space fill-up prevention value. The pre-check before the upgrade did not use the new rules and this could lead to a situation where the pre-check is successful but after the upgrade and the reboot, the disk fill-up prevention is triggered. To avoid this situation, the pre-check was modified to verify the disk space with the new rules. |
PAM-15005 |
|
For iolog sessions, the Terminate button has been removed from Safeguard Desktop Player.
In some cases, the Safeguard Desktop Player showed a non-functioning Terminate button, while playing iolog sessions. This issue has been fixed. As terminating iolog sessions is not supported, the Terminate button was removed for iolog sessions. |
PAM-14611 |
|
Deleting a failed report without a generated pdf may cause an internal server error.
It can happen that there is an error during the pdf creation of a report. If you tried to delete such a report on the Reporting > Download Reports page, it resulted in an internal server error, because SPS tried to delete a pdf that did not exist.
This issue has been fixed and now you can delete the failed reports. |
PAM-13632 |
|
On the SPS Search UI, in the Advanced search filter, for the deprecated 'psm.index_status' field, there was no valid option to search for sessions with INDEXING_ABORTED index status.
When a new index status called INDEXING_ABORTED was introduced for the 'recording.index_status' field, there was no option provided for its deprecated field, 'psm.index_status' to search for sessions with INDEXING_ABORTED index status. As a result, sessions with INDEXING_ABORTED status could not be searched by the psm.index_status field.
This has been fixed by adding the value '7' to the psm.index_status field as a valid option, which is mapped to the value of the INDEXING_ABORTED status of the recording.index_status field. |
PAM-12584 |
