Safeguard for Privileged Sessions On Demand Product Notification

These release notes provide information about the 29 April 2022 Safeguard for Privileged Sessions On Demand release. Please refer to the release notes for details on current and previous enhancements, new features and resolved issues.

The following is a list of new features resolved issues in this release of Safeguard for Privileged Sessions On Demand:

New Features:

• For encrypted audit trails, you no longer need to upload the PEM-encoded X.509 certificate in addition to the private keys. Now only the RSA private key is needed. Navigate to Basic Settings > Local Services > Indexer service.  
• From SPS version 6.13.1, Internet Explorer 11 (IE11) is not supported anymore. SPS version 6.12.0 and previous versions continue to support IE11.
• If you have joined an SPP to SPS, you can share specific SPS functions with SPP. Currently, SPS supports sharing RDP and SSH connection policies with SPP. To use the Share connection policy with SPP option under Functions shared with SPP, navigate to:  RDP Contol > Connections, SSH Contol > Connections
• SPS supports enhanced networking capabilities through the Elastic Network Adapter (ENA) on AWS.
• Changes and improvements in SPS REST API Reference Guide

Resolved Issues:

• Audit trail writer error can cause all connections to terminate. When auditing was enabled for a connection, but an error occurred during audit trail writing, incorrect error handling could cause all connections of the same protocol to terminate. In this case, the error message "Failed to write record with audit trail writer service;" was written to the system log. The error handling has been fixed: the audit failure now only causes the affected connection to terminate, as intended.
• Health status information is not up to date on the API. After upgrading to SPS 6.13.0, the {{/api/health-status}} information was never updated. This has been fixed.
• Encrypted sudo-iolog sessions can be replayed without decryption keys. Though users had no decryption keys for encrypted sudo-iolog sessions, screenshots and videos were available for inspection. This issue has been fixed. Encrypted sudo-iolog sessions now cannot be replayed without decryption keys.
• Despite there is no video to play, the 'Play video from this event' button does not disappear. If there is no video, the 'Play video from this event' button is not displayed
• Unable to configure some Trust Stores for AD/LDAP It was not possible to configure Trust Stores with "leaf" or "full" certificate revocation checking for Active Directory or LDAP by using the web user interface, although it was possible over the REST API. This was fixed.
• The verbosity level of the traffic at the HTTP, ICA, MSSQL, RDP, SSH, TELNET and VNC Control > Global Options page could not be changed on a search-master SPS cluster node.
• The search-master SPS cluster node does not handle proxy traffic, therefore the change of the global verbosity level failed because of the unavailable proxy service. With this fix SPS does not trigger log level change for the proxy service on a search-master SPS cluster node, so the configuration change can be applied
• UI cannot handle identical names for trust stores. This issue has been fixed. When the user enters a name for the trust store which is not unique, the "Name must be unique" error message is shown next to the name field on the side sheet, and the Save button is disabled.
• Improperly formatted X.509 certificates. When SPS displayed a certificate on the REST API or in an error message, it used a custom formatting for the subject or issuer. This could include unnecessary fields with "None" values and some fields could be missing, which could make the task of identifying the certificate cumbersome. SPS now uses a more standard formatting when displaying certificate subjects or issuers.
• Resolved Common Vulnerabilities and Exposures (CVE) in release 6.13.0.